From 77ffb7118e1d6de21db85339465f4d71cfdedc88 Mon Sep 17 00:00:00 2001 From: Joost Naaijen Date: Thu, 7 Nov 2024 19:42:12 +0100 Subject: [PATCH 01/47] Docs: fix incorrect namespace mention (#4563) * Update metadata.md The namespace is incorrect Signed-off-by: Joost Naaijen * Update metadata.md Signed-off-by: Joost Naaijen * Update metadata.md Signed-off-by: Joost Naaijen --------- Signed-off-by: Joost Naaijen --- .../en/contributions/design/metadata.md | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/site/content/en/contributions/design/metadata.md b/site/content/en/contributions/design/metadata.md index 143f5b2797d..f6564f3ccd5 100644 --- a/site/content/en/contributions/design/metadata.md +++ b/site/content/en/contributions/design/metadata.md @@ -25,7 +25,27 @@ Future enhancements may include: ## Translation -Envoy Gateway uses the following namespace for envoy resource metadata: `io.envoyproxy.gateway.metadata`. For example, an envoy [route][] resource may have the following metadata structure: +Envoy Gateway uses the following namespace for envoy resource metadata: `gateway.envoyproxy.io/`. For example, an envoy [route][] resource may have the following metadata structure: + +Kubernetes resource: + +```yaml +kind: HTTPRoute +apiVersion: gateway.networking.k8s.io/v1 +metadata: + annotations: + gateway.envoyproxy.io/foo: bar + name: myroute + namespace: gateway-conformance-infra +spec: + rules: + matches: + - path: + type: PathPrefix + value: /mypath +``` + +Metadata structure: ```yaml name: httproute/gateway-conformance-infra/myroute/rule/0/match/0/* From a9636c824ee2246ea393ed5427e10bc790fa9517 Mon Sep 17 00:00:00 2001 From: Ido Itzkovich Date: Thu, 7 Nov 2024 21:34:10 +0200 Subject: [PATCH 02/47] Feat: add HTTPRoute-rule name to envoy route metadata (#4561) * add route-rule name to envoy route metadata Signed-off-by: Ido Itzkovich * add rule name to metadata even when no matchers exist Signed-off-by: Ido Itzkovich Co-authored-by: Guy Daich --- internal/gatewayapi/route.go | 16 ++++++--- .../testdata/grpcroute-with-backend.in.yaml | 1 + .../testdata/grpcroute-with-backend.out.yaml | 3 ++ .../testdata/httproute-with-metadata.in.yaml | 11 +++++- .../testdata/httproute-with-metadata.out.yaml | 34 +++++++++++++++++++ 5 files changed, 59 insertions(+), 6 deletions(-) diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index e51947411d8..26627a07285 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -302,6 +302,7 @@ func (t *Translator) processHTTPRouteRule(httpRoute *HTTPRouteContext, ruleIdx i irRoute := &ir.HTTPRoute{ Name: irRouteName(httpRoute, ruleIdx, -1), } + irRoute.Metadata = buildRouteMetadata(httpRoute, rule.Name) processRouteTimeout(irRoute, rule) applyHTTPFiltersContextToIRRoute(httpFiltersContext, irRoute) ruleRoutes = append(ruleRoutes, irRoute) @@ -362,6 +363,7 @@ func (t *Translator) processHTTPRouteRule(httpRoute *HTTPRouteContext, ruleIdx i Name: irRouteName(httpRoute, ruleIdx, matchIdx), SessionPersistence: sessionPersistence, } + irRoute.Metadata = buildRouteMetadata(httpRoute, rule.Name) processRouteTimeout(irRoute, rule) if match.Path != nil { @@ -595,6 +597,7 @@ func (t *Translator) processGRPCRouteRule(grpcRoute *GRPCRouteContext, ruleIdx i irRoute := &ir.HTTPRoute{ Name: irRouteName(grpcRoute, ruleIdx, -1), } + irRoute.Metadata = buildRouteMetadata(grpcRoute, rule.Name) applyHTTPFiltersContextToIRRoute(httpFiltersContext, irRoute) ruleRoutes = append(ruleRoutes, irRoute) } @@ -606,7 +609,7 @@ func (t *Translator) processGRPCRouteRule(grpcRoute *GRPCRouteContext, ruleIdx i irRoute := &ir.HTTPRoute{ Name: irRouteName(grpcRoute, ruleIdx, matchIdx), } - + irRoute.Metadata = buildRouteMetadata(grpcRoute, rule.Name) for _, headerMatch := range match.Headers { switch GRPCHeaderMatchTypeDerefOr(headerMatch.Type, gwapiv1.GRPCHeaderMatchExact) { case gwapiv1.GRPCHeaderMatchExact: @@ -696,7 +699,6 @@ func (t *Translator) processHTTPRouteParentRefListener(route RouteContext, route continue } hasHostnameIntersection = true - routeMetadata := buildRouteMetadata(route) var perHostRoutes []*ir.HTTPRoute for _, host := range hosts { @@ -723,7 +725,7 @@ func (t *Translator) processHTTPRouteParentRefListener(route RouteContext, route underscoredHost := strings.ReplaceAll(host, ".", "_") hostRoute := &ir.HTTPRoute{ Name: fmt.Sprintf("%s/%s", routeRoute.Name, underscoredHost), - Metadata: routeMetadata, + Metadata: routeRoute.Metadata, Hostname: host, PathMatch: routeRoute.PathMatch, HeaderMatches: routeRoute.HeaderMatches, @@ -764,13 +766,17 @@ func (t *Translator) processHTTPRouteParentRefListener(route RouteContext, route return hasHostnameIntersection } -func buildRouteMetadata(route RouteContext) *ir.ResourceMetadata { - return &ir.ResourceMetadata{ +func buildRouteMetadata(route RouteContext, sectionName *gwapiv1.SectionName) *ir.ResourceMetadata { + metadata := &ir.ResourceMetadata{ Kind: route.GetObjectKind().GroupVersionKind().Kind, Name: route.GetName(), Namespace: route.GetNamespace(), Annotations: filterEGPrefix(route.GetAnnotations()), } + if sectionName != nil { + metadata.SectionName = string(*sectionName) + } + return metadata } func filterEGPrefix(in map[string]string) map[string]string { diff --git a/internal/gatewayapi/testdata/grpcroute-with-backend.in.yaml b/internal/gatewayapi/testdata/grpcroute-with-backend.in.yaml index a02496321ec..d4fec0ea572 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-backend.in.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-backend.in.yaml @@ -36,6 +36,7 @@ grpcRoutes: - group: gateway.envoyproxy.io kind: Backend name: backend-ip + name: grpcrule-1 backends: - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: Backend diff --git a/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml index ba9f13c3136..8981d87b085 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml @@ -82,6 +82,7 @@ grpcRoutes: - method: service: com.[A-Z]+ type: RegularExpression + name: grpcrule-1 status: parents: - conditions: @@ -150,6 +151,7 @@ xdsIR: kind: GRPCRoute name: grpcroute-1 namespace: default + sectionName: grpcrule-1 name: grpcroute/default/grpcroute-1/rule/0/match/1/* pathMatch: distinct: false @@ -167,6 +169,7 @@ xdsIR: kind: GRPCRoute name: grpcroute-1 namespace: default + sectionName: grpcrule-1 name: grpcroute/default/grpcroute-1/rule/0/match/0/* pathMatch: distinct: false diff --git a/internal/gatewayapi/testdata/httproute-with-metadata.in.yaml b/internal/gatewayapi/testdata/httproute-with-metadata.in.yaml index 24f9fa568ad..c215c01004c 100644 --- a/internal/gatewayapi/testdata/httproute-with-metadata.in.yaml +++ b/internal/gatewayapi/testdata/httproute-with-metadata.in.yaml @@ -31,4 +31,13 @@ httpRoutes: - backendRefs: - name: service-1 port: 8080 - + name: rule-1 + - backendRefs: + - name: service-1 + port: 8080 + matches: + - headers: + - type: Exact + name: foo + value: bar + name: rule-2 diff --git a/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml b/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml index 8d86bec237a..9049ebe41de 100644 --- a/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml @@ -58,6 +58,16 @@ httpRoutes: - backendRefs: - name: service-1 port: 8080 + name: rule-1 + - backendRefs: + - name: service-1 + port: 8080 + matches: + - headers: + - name: foo + type: Exact + value: bar + name: rule-2 status: parents: - conditions: @@ -113,6 +123,29 @@ xdsIR: mergeSlashes: true port: 10080 routes: + - destination: + name: httproute/default/httproute-1/rule/1 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + headerMatches: + - distinct: false + exact: bar + name: foo + hostname: '*' + isHTTP2: false + metadata: + annotations: + foo: bar + kind: HTTPRoute + name: httproute-1 + namespace: default + sectionName: rule-2 + name: httproute/default/httproute-1/rule/1/match/0/* - destination: name: httproute/default/httproute-1/rule/0 settings: @@ -130,4 +163,5 @@ xdsIR: kind: HTTPRoute name: httproute-1 namespace: default + sectionName: rule-1 name: httproute/default/httproute-1/rule/0/match/-1/* From b82b26be64f856462818816cc2f514019d0cbc30 Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Fri, 8 Nov 2024 05:33:29 +0800 Subject: [PATCH 03/47] update the lastVersionTag of the upgrade test (#4666) Signed-off-by: Huabing Zhao --- test/e2e/tests/eg_upgrade.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/tests/eg_upgrade.go b/test/e2e/tests/eg_upgrade.go index 721b22d4c9c..75bd3fb2a42 100644 --- a/test/e2e/tests/eg_upgrade.go +++ b/test/e2e/tests/eg_upgrade.go @@ -52,7 +52,7 @@ var EGUpgradeTest = suite.ConformanceTest{ chartPath := "../../../charts/gateway-helm" relName := "eg" depNS := "envoy-gateway-system" - lastVersionTag := "v1.1.2" // Default version tag if not specified + lastVersionTag := "v1.2.1" // the latest prior release t.Logf("Upgrading from version: %s", lastVersionTag) From 001704378d2131827307b22b765f4eff5c30ecd0 Mon Sep 17 00:00:00 2001 From: Rudrakh Panigrahi Date: Fri, 8 Nov 2024 03:15:49 +0530 Subject: [PATCH 04/47] api: support setting trusted CIDRs (#4500) support setting trusted CIDRs Signed-off-by: Rudrakh Panigrahi --- api/v1alpha1/clienttrafficpolicy_types.go | 19 ++++- api/v1alpha1/zz_generated.deepcopy.go | 5 ++ ...y.envoyproxy.io_clienttrafficpolicies.yaml | 25 +++++- release-notes/current.yaml | 2 +- site/content/en/latest/api/extension_types.md | 5 +- site/content/zh/latest/api/extension_types.md | 5 +- .../clienttrafficpolicy_test.go | 83 +++++++++++++++++++ 7 files changed, 137 insertions(+), 7 deletions(-) diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go index 63b2c91fb2e..6c7129da060 100644 --- a/api/v1alpha1/clienttrafficpolicy_types.go +++ b/api/v1alpha1/clienttrafficpolicy_types.go @@ -237,14 +237,29 @@ type ClientIPDetectionSettings struct { } // XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address. +// Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for +// for more details. +// +kubebuilder:validation:XValidation:rule="(has(self.numTrustedHops) && !has(self.trustedCIDRs)) || (!has(self.numTrustedHops) && has(self.trustedCIDRs))", message="only one of numTrustedHops or trustedCIDRs must be set" type XForwardedForSettings struct { // NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP // headers to trust when determining the origin client's IP address. - // Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for - // for more details. + // Only one of NumTrustedHops and TrustedCIDRs must be set. // // +optional NumTrustedHops *uint32 `json:"numTrustedHops,omitempty"` + + // TrustedCIDRs is a list of CIDR ranges to trust when evaluating + // the remote IP address to determine the original client’s IP address. + // When the remote IP address matches a trusted CIDR and the x-forwarded-for header was sent, + // each entry in the x-forwarded-for header is evaluated from right to left + // and the first public non-trusted address is used as the original client address. + // If all addresses in x-forwarded-for are within the trusted list, the first (leftmost) entry is used. + // Only one of NumTrustedHops and TrustedCIDRs must be set. + // + // +optional + // +kubebuilder:validation:MinItems=1 + // +notImplementedHide + TrustedCIDRs []CIDR `json:"trustedCIDRs,omitempty"` } // CustomHeaderExtensionSettings provides configuration for determining the client IP address for a request based on diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 321a143df9c..3368e73dd70 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -5579,6 +5579,11 @@ func (in *XForwardedForSettings) DeepCopyInto(out *XForwardedForSettings) { *out = new(uint32) **out = **in } + if in.TrustedCIDRs != nil { + in, out := &in.TrustedCIDRs, &out.TrustedCIDRs + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XForwardedForSettings. diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml index 3e626f3f88a..ad17b8101d2 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml @@ -85,11 +85,32 @@ spec: description: |- NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP headers to trust when determining the origin client's IP address. - Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for - for more details. + Only one of NumTrustedHops and TrustedCIDRs must be set. format: int32 type: integer + trustedCIDRs: + description: |- + TrustedCIDRs is a list of CIDR ranges to trust when evaluating + the remote IP address to determine the original client’s IP address. + When the remote IP address matches a trusted CIDR and the x-forwarded-for header was sent, + each entry in the x-forwarded-for header is evaluated from right to left + and the first public non-trusted address is used as the original client address. + If all addresses in x-forwarded-for are within the trusted list, the first (leftmost) entry is used. + Only one of NumTrustedHops and TrustedCIDRs must be set. + items: + description: |- + CIDR defines a CIDR Address range. + A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address range such as "2001:0db8:11a3:09d7::/64". + pattern: ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]+))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\/([0-9]+)) + type: string + minItems: 1 + type: array type: object + x-kubernetes-validations: + - message: only one of numTrustedHops or trustedCIDRs must be + set + rule: (has(self.numTrustedHops) && !has(self.trustedCIDRs)) + || (!has(self.numTrustedHops) && has(self.trustedCIDRs)) type: object x-kubernetes-validations: - message: customHeader cannot be used in conjunction with xForwardedFor diff --git a/release-notes/current.yaml b/release-notes/current.yaml index bfc711148bd..39e8a900c47 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -10,7 +10,7 @@ security updates: | # New features or capabilities added in this release. new features: | - Add a new feature here + - Added support for trusted CIDRs in the ClientIPDetectionSettings API # Fixes for bugs identified in previous versions. bug fixes: | diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 8ab8f50c81f..fcbba2ca40a 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -484,6 +484,7 @@ A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address _Appears in:_ - [Principal](#principal) +- [XForwardedForSettings](#xforwardedforsettings) @@ -4142,13 +4143,15 @@ _Appears in:_ XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address. +Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for +for more details. _Appears in:_ - [ClientIPDetectionSettings](#clientipdetectionsettings) | Field | Type | Required | Description | | --- | --- | --- | --- | -| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details. | +| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Only one of NumTrustedHops and TrustedCIDRs must be set. | #### ZipkinTracingProvider diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md index 8ab8f50c81f..fcbba2ca40a 100644 --- a/site/content/zh/latest/api/extension_types.md +++ b/site/content/zh/latest/api/extension_types.md @@ -484,6 +484,7 @@ A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address _Appears in:_ - [Principal](#principal) +- [XForwardedForSettings](#xforwardedforsettings) @@ -4142,13 +4143,15 @@ _Appears in:_ XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address. +Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for +for more details. _Appears in:_ - [ClientIPDetectionSettings](#clientipdetectionsettings) | Field | Type | Required | Description | | --- | --- | --- | --- | -| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details. | +| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Only one of NumTrustedHops and TrustedCIDRs must be set. | #### ZipkinTracingProvider diff --git a/test/cel-validation/clienttrafficpolicy_test.go b/test/cel-validation/clienttrafficpolicy_test.go index 3558d1848f9..942afea1646 100644 --- a/test/cel-validation/clienttrafficpolicy_test.go +++ b/test/cel-validation/clienttrafficpolicy_test.go @@ -221,6 +221,89 @@ func TestClientTrafficPolicyTarget(t *testing.T) { "spec.clientIPDetection: Invalid value: \"object\": customHeader cannot be used in conjunction with xForwardedFor", }, }, + { + desc: "clientIPDetection numTrustedHops and trustedCIDRs", + mutate: func(ctp *egv1a1.ClientTrafficPolicy) { + ctp.Spec = egv1a1.ClientTrafficPolicySpec{ + PolicyTargetReferences: egv1a1.PolicyTargetReferences{ + TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{ + LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{ + Group: gwapiv1a2.Group("gateway.networking.k8s.io"), + Kind: gwapiv1a2.Kind("Gateway"), + Name: gwapiv1a2.ObjectName("eg"), + }, + }, + }, + ClientIPDetection: &egv1a1.ClientIPDetectionSettings{ + XForwardedFor: &egv1a1.XForwardedForSettings{ + NumTrustedHops: ptr.To(uint32(1)), + TrustedCIDRs: []egv1a1.CIDR{ + "192.168.1.0/24", + "10.0.0.0/16", + "172.16.0.0/12", + }, + }, + }, + } + }, + wantErrors: []string{ + "spec.clientIPDetection.xForwardedFor: Invalid value: \"object\": only one of numTrustedHops or trustedCIDRs must be set", + }, + }, + { + desc: "clientIPDetection invalid trustedCIDRs", + mutate: func(ctp *egv1a1.ClientTrafficPolicy) { + ctp.Spec = egv1a1.ClientTrafficPolicySpec{ + PolicyTargetReferences: egv1a1.PolicyTargetReferences{ + TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{ + LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{ + Group: gwapiv1a2.Group("gateway.networking.k8s.io"), + Kind: gwapiv1a2.Kind("Gateway"), + Name: gwapiv1a2.ObjectName("eg"), + }, + }, + }, + ClientIPDetection: &egv1a1.ClientIPDetectionSettings{ + XForwardedFor: &egv1a1.XForwardedForSettings{ + TrustedCIDRs: []egv1a1.CIDR{ + "192.0124.1.0/24", + "10.0.0.0/1645", + "17212.16.0.0/123", + }, + }, + }, + } + }, + wantErrors: []string{ + "spec.clientIPDetection.xForwardedFor.trustedCIDRs[0]: Invalid value: \"192.0124.1.0/24\": spec.clientIPDetection.xForwardedFor.trustedCIDRs[0] in body should match '((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]+))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\\/([0-9]+))'", + }, + }, + { + desc: "clientIPDetection valid trustedCIDRs", + mutate: func(ctp *egv1a1.ClientTrafficPolicy) { + ctp.Spec = egv1a1.ClientTrafficPolicySpec{ + PolicyTargetReferences: egv1a1.PolicyTargetReferences{ + TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{ + LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{ + Group: gwapiv1a2.Group("gateway.networking.k8s.io"), + Kind: gwapiv1a2.Kind("Gateway"), + Name: gwapiv1a2.ObjectName("eg"), + }, + }, + }, + ClientIPDetection: &egv1a1.ClientIPDetectionSettings{ + XForwardedFor: &egv1a1.XForwardedForSettings{ + TrustedCIDRs: []egv1a1.CIDR{ + "192.168.1.0/24", + "10.0.0.0/16", + "172.16.0.0/12", + }, + }, + }, + } + }, + wantErrors: []string{}, + }, { desc: "http3 enabled and ALPN protocols not set with other TLS parameters set", mutate: func(ctp *egv1a1.ClientTrafficPolicy) { From 697b9255d35710685e2437385e06971c649a4a37 Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Thu, 7 Nov 2024 16:25:36 -0800 Subject: [PATCH 05/47] add link to install EG in release news (#4674) * add link to install EG in release news Lesser steps for a user to install Envoy Gateway Signed-off-by: Arko Dasgupta * make it a relative link Signed-off-by: Arko Dasgupta --------- Signed-off-by: Arko Dasgupta --- site/content/en/news/releases/v1.2.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site/content/en/news/releases/v1.2.md b/site/content/en/news/releases/v1.2.md index ea39fe44262..4c04b1dfcac 100644 --- a/site/content/en/news/releases/v1.2.md +++ b/site/content/en/news/releases/v1.2.md @@ -14,7 +14,7 @@ This release represents a significant achievement, and we extend our heartfelt g Thank you for being an integral part of this journey. We are excited to see how Envoy Gateway v1.2.0 will empower your operations and look forward to continuing our work together to drive the future of Cloud Native API Gateway. -| [Release Notes][] | [Docs][docs] | [Compatibility Matrix][matrix] | [Download][] | +| [Release Notes][] | [Docs][docs] | [Compatibility Matrix][matrix] | [Install][] | |-------------------|--------------|--------------------------------|--------------| ## What's New @@ -92,4 +92,4 @@ The release adds a ton of features and functionality. Here are some highlights: [Release Notes]: ./notes/v1.2.0 [matrix]: ./matrix [docs]: /v1.2/ -[Download]: https://github.com/envoyproxy/gateway/releases/tag/v1.2.0 +[Install]: /v1.2/install From 3c5f27a03d755cd122b3fcc6660317946841c306 Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Fri, 8 Nov 2024 09:16:05 +0800 Subject: [PATCH 06/47] docs: unhide jwt claim authz (#4676) unhide jwt claim authz Signed-off-by: Huabing Zhao --- api/v1alpha1/authorization_types.go | 1 - site/content/en/docs/api/extension_types.md | 6 +++++- site/content/en/latest/api/extension_types.md | 1 + site/content/en/v1.2/api/extension_types.md | 6 +++++- site/content/zh/latest/api/extension_types.md | 1 + 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/api/v1alpha1/authorization_types.go b/api/v1alpha1/authorization_types.go index 56e8d44e1b3..5a99b4401a4 100644 --- a/api/v1alpha1/authorization_types.go +++ b/api/v1alpha1/authorization_types.go @@ -71,7 +71,6 @@ type Principal struct { // Note: in order to use JWT claims for authorization, you must configure the // JWT authentication in the same `SecurityPolicy`. // +optional - // +notImplementedHide JWT *JWTPrincipal `json:"jwt,omitempty"` } diff --git a/site/content/en/docs/api/extension_types.md b/site/content/en/docs/api/extension_types.md index 8ab8f50c81f..6855d7a0ded 100644 --- a/site/content/en/docs/api/extension_types.md +++ b/site/content/en/docs/api/extension_types.md @@ -484,6 +484,7 @@ A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address _Appears in:_ - [Principal](#principal) +- [XForwardedForSettings](#xforwardedforsettings) @@ -2836,6 +2837,7 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | | `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.
Valid examples are "192.168.1.0/24" or "2001:db8::/64"

If multiple CIDR ranges are specified, one of the CIDR ranges must match
the client IP for the rule to match.

The client IP is inferred from the X-Forwarded-For header, a custom header,
or the proxy protocol.
You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in
the `ClientTrafficPolicy` to configure how the client IP is detected. | +| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.
Note: in order to use JWT claims for authorization, you must configure the
JWT authentication in the same `SecurityPolicy`. | #### ProcessingModeOptions @@ -4142,13 +4144,15 @@ _Appears in:_ XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address. +Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for +for more details. _Appears in:_ - [ClientIPDetectionSettings](#clientipdetectionsettings) | Field | Type | Required | Description | | --- | --- | --- | --- | -| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details. | +| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Only one of NumTrustedHops and TrustedCIDRs must be set. | #### ZipkinTracingProvider diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index fcbba2ca40a..6855d7a0ded 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -2837,6 +2837,7 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | | `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.
Valid examples are "192.168.1.0/24" or "2001:db8::/64"

If multiple CIDR ranges are specified, one of the CIDR ranges must match
the client IP for the rule to match.

The client IP is inferred from the X-Forwarded-For header, a custom header,
or the proxy protocol.
You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in
the `ClientTrafficPolicy` to configure how the client IP is detected. | +| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.
Note: in order to use JWT claims for authorization, you must configure the
JWT authentication in the same `SecurityPolicy`. | #### ProcessingModeOptions diff --git a/site/content/en/v1.2/api/extension_types.md b/site/content/en/v1.2/api/extension_types.md index 8ab8f50c81f..6855d7a0ded 100644 --- a/site/content/en/v1.2/api/extension_types.md +++ b/site/content/en/v1.2/api/extension_types.md @@ -484,6 +484,7 @@ A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address _Appears in:_ - [Principal](#principal) +- [XForwardedForSettings](#xforwardedforsettings) @@ -2836,6 +2837,7 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | | `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.
Valid examples are "192.168.1.0/24" or "2001:db8::/64"

If multiple CIDR ranges are specified, one of the CIDR ranges must match
the client IP for the rule to match.

The client IP is inferred from the X-Forwarded-For header, a custom header,
or the proxy protocol.
You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in
the `ClientTrafficPolicy` to configure how the client IP is detected. | +| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.
Note: in order to use JWT claims for authorization, you must configure the
JWT authentication in the same `SecurityPolicy`. | #### ProcessingModeOptions @@ -4142,13 +4144,15 @@ _Appears in:_ XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address. +Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for +for more details. _Appears in:_ - [ClientIPDetectionSettings](#clientipdetectionsettings) | Field | Type | Required | Description | | --- | --- | --- | --- | -| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details. | +| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Only one of NumTrustedHops and TrustedCIDRs must be set. | #### ZipkinTracingProvider diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md index fcbba2ca40a..6855d7a0ded 100644 --- a/site/content/zh/latest/api/extension_types.md +++ b/site/content/zh/latest/api/extension_types.md @@ -2837,6 +2837,7 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | | `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.
Valid examples are "192.168.1.0/24" or "2001:db8::/64"

If multiple CIDR ranges are specified, one of the CIDR ranges must match
the client IP for the rule to match.

The client IP is inferred from the X-Forwarded-For header, a custom header,
or the proxy protocol.
You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in
the `ClientTrafficPolicy` to configure how the client IP is detected. | +| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.
Note: in order to use JWT claims for authorization, you must configure the
JWT authentication in the same `SecurityPolicy`. | #### ProcessingModeOptions From 5d3df775812de3b87d8c2c95d14a19fc5dce1a16 Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Thu, 7 Nov 2024 17:49:35 -0800 Subject: [PATCH 07/47] docs: add a note of helm not updating CRDs in the upgrade section (#4675) * add a note of helm not updating CRDs in the upgrade section Signed-off-by: Arko Dasgupta * fix link Signed-off-by: Arko Dasgupta --------- Signed-off-by: Arko Dasgupta --- site/content/en/docs/install/install-helm.md | 4 +++- site/content/en/latest/install/install-helm.md | 4 +++- site/content/en/v1.2/install/install-helm.md | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/site/content/en/docs/install/install-helm.md b/site/content/en/docs/install/install-helm.md index b9768eca129..16975efc84d 100644 --- a/site/content/en/docs/install/install-helm.md +++ b/site/content/en/docs/install/install-helm.md @@ -61,7 +61,9 @@ consideration when debugging. ## Upgrading from a previous version -Follow the steps outlined in [this](./install-yaml.md#upgrading-from-v1.1) section if you're upgrading from a previous version. +[Helm](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) does not update CRDs +that live in the `/crds` folder in the Helm Chart. So you will manually need to update the CRDs. +Follow the steps outlined in [this](./install-yaml/#upgrading-from-v1.1) section if you're upgrading from a previous version. ## Helm chart customizations diff --git a/site/content/en/latest/install/install-helm.md b/site/content/en/latest/install/install-helm.md index b9768eca129..16975efc84d 100644 --- a/site/content/en/latest/install/install-helm.md +++ b/site/content/en/latest/install/install-helm.md @@ -61,7 +61,9 @@ consideration when debugging. ## Upgrading from a previous version -Follow the steps outlined in [this](./install-yaml.md#upgrading-from-v1.1) section if you're upgrading from a previous version. +[Helm](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) does not update CRDs +that live in the `/crds` folder in the Helm Chart. So you will manually need to update the CRDs. +Follow the steps outlined in [this](./install-yaml/#upgrading-from-v1.1) section if you're upgrading from a previous version. ## Helm chart customizations diff --git a/site/content/en/v1.2/install/install-helm.md b/site/content/en/v1.2/install/install-helm.md index b9768eca129..16975efc84d 100644 --- a/site/content/en/v1.2/install/install-helm.md +++ b/site/content/en/v1.2/install/install-helm.md @@ -61,7 +61,9 @@ consideration when debugging. ## Upgrading from a previous version -Follow the steps outlined in [this](./install-yaml.md#upgrading-from-v1.1) section if you're upgrading from a previous version. +[Helm](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) does not update CRDs +that live in the `/crds` folder in the Helm Chart. So you will manually need to update the CRDs. +Follow the steps outlined in [this](./install-yaml/#upgrading-from-v1.1) section if you're upgrading from a previous version. ## Helm chart customizations From 52ccf65fde6c17125bf48a702443f642d62501da Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Fri, 8 Nov 2024 18:18:28 +0800 Subject: [PATCH 08/47] docs: response override (#4668) * docs for response override Signed-off-by: Huabing Zhao * add docs to v1.2 Signed-off-by: Huabing Zhao --------- Signed-off-by: Huabing Zhao --- .../docs/tasks/traffic/response-override.md | 157 ++++++++++++++++++ .../latest/tasks/traffic/response-override.md | 157 ++++++++++++++++++ .../v1.2/tasks/traffic/response-override.md | 157 ++++++++++++++++++ 3 files changed, 471 insertions(+) create mode 100644 site/content/en/docs/tasks/traffic/response-override.md create mode 100644 site/content/en/latest/tasks/traffic/response-override.md create mode 100644 site/content/en/v1.2/tasks/traffic/response-override.md diff --git a/site/content/en/docs/tasks/traffic/response-override.md b/site/content/en/docs/tasks/traffic/response-override.md new file mode 100644 index 00000000000..ea8121bfe89 --- /dev/null +++ b/site/content/en/docs/tasks/traffic/response-override.md @@ -0,0 +1,157 @@ +--- +title: "Response Override" +--- + +Response Override allows you to override the response from the backend with a custom one. This can be useful for scenarios such as returning a custom 404 page when the requested resource is not found or a custom 500 error message when the backend is failing. + +## Installation + +Follow the steps from the [Quickstart](../../quickstart) to install Envoy Gateway and the example manifest. +Before proceeding, you should be able to query the example backend using HTTP. + +## Testing Response Override + +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} + +```shell +cat <}} + +```shell +curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/404 +``` + +```console +* Trying 127.0.0.1:80... +* Connected to 172.18.0.200 (172.18.0.200) port 80 +> GET /status/404 HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/8.5.0 +> Accept: */* +> +< HTTP/1.1 404 Not Found +< content-type: text/plain +< content-length: 32 +< date: Thu, 07 Nov 2024 09:22:29 GMT +< +* Connection #0 to host 172.18.0.200 left intact +Oops! Your request is not found. +``` + +```shell +curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/500 +``` + +```console +* Trying 127.0.0.1:80... +* Connected to 172.18.0.200 (172.18.0.200) port 80 +> GET /status/500 HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/8.5.0 +> Accept: */* +> +< HTTP/1.1 500 Internal Server Error +< content-type: application/json +< content-length: 34 +< date: Thu, 07 Nov 2024 09:23:02 GMT +< +* Connection #0 to host 172.18.0.200 left intact +{"error": "Internal Server Error"} +``` \ No newline at end of file diff --git a/site/content/en/latest/tasks/traffic/response-override.md b/site/content/en/latest/tasks/traffic/response-override.md new file mode 100644 index 00000000000..ea8121bfe89 --- /dev/null +++ b/site/content/en/latest/tasks/traffic/response-override.md @@ -0,0 +1,157 @@ +--- +title: "Response Override" +--- + +Response Override allows you to override the response from the backend with a custom one. This can be useful for scenarios such as returning a custom 404 page when the requested resource is not found or a custom 500 error message when the backend is failing. + +## Installation + +Follow the steps from the [Quickstart](../../quickstart) to install Envoy Gateway and the example manifest. +Before proceeding, you should be able to query the example backend using HTTP. + +## Testing Response Override + +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} + +```shell +cat <}} + +```shell +curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/404 +``` + +```console +* Trying 127.0.0.1:80... +* Connected to 172.18.0.200 (172.18.0.200) port 80 +> GET /status/404 HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/8.5.0 +> Accept: */* +> +< HTTP/1.1 404 Not Found +< content-type: text/plain +< content-length: 32 +< date: Thu, 07 Nov 2024 09:22:29 GMT +< +* Connection #0 to host 172.18.0.200 left intact +Oops! Your request is not found. +``` + +```shell +curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/500 +``` + +```console +* Trying 127.0.0.1:80... +* Connected to 172.18.0.200 (172.18.0.200) port 80 +> GET /status/500 HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/8.5.0 +> Accept: */* +> +< HTTP/1.1 500 Internal Server Error +< content-type: application/json +< content-length: 34 +< date: Thu, 07 Nov 2024 09:23:02 GMT +< +* Connection #0 to host 172.18.0.200 left intact +{"error": "Internal Server Error"} +``` \ No newline at end of file diff --git a/site/content/en/v1.2/tasks/traffic/response-override.md b/site/content/en/v1.2/tasks/traffic/response-override.md new file mode 100644 index 00000000000..ea8121bfe89 --- /dev/null +++ b/site/content/en/v1.2/tasks/traffic/response-override.md @@ -0,0 +1,157 @@ +--- +title: "Response Override" +--- + +Response Override allows you to override the response from the backend with a custom one. This can be useful for scenarios such as returning a custom 404 page when the requested resource is not found or a custom 500 error message when the backend is failing. + +## Installation + +Follow the steps from the [Quickstart](../../quickstart) to install Envoy Gateway and the example manifest. +Before proceeding, you should be able to query the example backend using HTTP. + +## Testing Response Override + +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} + +```shell +cat <}} + +```shell +curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/404 +``` + +```console +* Trying 127.0.0.1:80... +* Connected to 172.18.0.200 (172.18.0.200) port 80 +> GET /status/404 HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/8.5.0 +> Accept: */* +> +< HTTP/1.1 404 Not Found +< content-type: text/plain +< content-length: 32 +< date: Thu, 07 Nov 2024 09:22:29 GMT +< +* Connection #0 to host 172.18.0.200 left intact +Oops! Your request is not found. +``` + +```shell +curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/500 +``` + +```console +* Trying 127.0.0.1:80... +* Connected to 172.18.0.200 (172.18.0.200) port 80 +> GET /status/500 HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/8.5.0 +> Accept: */* +> +< HTTP/1.1 500 Internal Server Error +< content-type: application/json +< content-length: 34 +< date: Thu, 07 Nov 2024 09:23:02 GMT +< +* Connection #0 to host 172.18.0.200 left intact +{"error": "Internal Server Error"} +``` \ No newline at end of file From 2c986175211df64a269e19111b9ed480646c285a Mon Sep 17 00:00:00 2001 From: Evan Anderson Date: Fri, 8 Nov 2024 15:16:06 -0800 Subject: [PATCH 09/47] Use custom marshaller to clarify redactions (#4506) --- ...nttrafficpolicy-for-tcp-listeners.out.yaml | 4 +- .../clienttrafficpolicy-http3.out.yaml | 2 +- ...icpolicy-mtls-client-verification.out.yaml | 4 +- ...s-forward-client-cert-custom-data.out.yaml | 10 +- ...icpolicy-mtls-forward-client-cert.out.yaml | 10 +- .../clienttrafficpolicy-mtls.out.yaml | 4 +- .../clienttrafficpolicy-tls-settings.out.yaml | 2 +- .../testdata/custom-filter-order.out.yaml | 2 +- ...nvoyproxy-tls-settings-invalid-ns.out.yaml | 6 +- .../envoyproxy-tls-settings-invalid.out.yaml | 6 +- .../testdata/envoyproxy-tls-settings.out.yaml | 10 +- .../testdata/gateway-infrastructure.out.yaml | 2 +- ...her-namespace-allowed-by-refgrant.out.yaml | 2 +- ...ith-tls-terminate-and-passthrough.out.yaml | 2 +- ...ith-same-algorithm-different-fqdn.out.yaml | 4 +- ...-valid-multiple-tls-configuration.out.yaml | 4 +- ...ener-with-valid-tls-configuration.out.yaml | 2 +- ...teway-with-stale-status-condition.out.yaml | 2 +- ...wo-listeners-with-different-ports.out.yaml | 2 +- .../securitypolicy-with-basic-auth.out.yaml | 6 +- ...typolicy-with-oidc-backendcluster.out.yaml | 4 +- ...typolicy-with-oidc-custom-cookies.out.yaml | 4 +- .../securitypolicy-with-oidc.out.yaml | 8 +- ...teway-with-listener-tls-terminate.out.yaml | 8 +- internal/gatewayapi/translator_test.go | 43 +++++++++ internal/ir/xds.go | 91 +++++++++++-------- internal/ir/xds_test.go | 61 ++++++++++++- internal/ir/zz_generated.deepcopy.go | 8 +- 28 files changed, 210 insertions(+), 103 deletions(-) diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml index efd290c9b1a..bb695decae7 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml @@ -210,7 +210,7 @@ xdsIR: - h2 certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= ciphers: - cipher1 @@ -234,7 +234,7 @@ xdsIR: - h2 certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= ciphers: - cipher1 diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml index 814335baf87..c946f22c841 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml @@ -172,7 +172,7 @@ xdsIR: alpnProtocols: null certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= maxVersion: "1.3" minVersion: "1.2" diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml index 4cac0b62d34..22692261be3 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml @@ -253,7 +253,7 @@ xdsIR: name: envoy-gateway/target-gateway-1/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" @@ -298,7 +298,7 @@ xdsIR: name: envoy-gateway/target-gateway-2/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml index 6e47f653078..285a35daf25 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml @@ -569,7 +569,7 @@ xdsIR: name: envoy-gateway/target-gateway-1/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" @@ -622,7 +622,7 @@ xdsIR: name: envoy-gateway/target-gateway-2/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" @@ -659,7 +659,7 @@ xdsIR: name: envoy-gateway/target-gateway-3/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" @@ -698,7 +698,7 @@ xdsIR: name: envoy-gateway/target-gateway-4/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" @@ -739,7 +739,7 @@ xdsIR: name: envoy-gateway/target-gateway-5/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml index 8d84753bcea..85042934396 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml @@ -556,7 +556,7 @@ xdsIR: name: envoy-gateway/target-gateway-1/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" @@ -609,7 +609,7 @@ xdsIR: name: envoy-gateway/target-gateway-2/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" @@ -644,7 +644,7 @@ xdsIR: name: envoy-gateway/target-gateway-3/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" @@ -679,7 +679,7 @@ xdsIR: name: envoy-gateway/target-gateway-4/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" @@ -714,7 +714,7 @@ xdsIR: name: envoy-gateway/target-gateway-5/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml index 0ee4643dab6..08dcf5bef70 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml @@ -252,7 +252,7 @@ xdsIR: name: envoy-gateway/target-gateway-1/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" @@ -297,7 +297,7 @@ xdsIR: name: envoy-gateway/target-gateway-2/ca.crt certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= maxVersion: "1.3" minVersion: "1.2" diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml index ed684f328b4..ad3ed484f56 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml @@ -166,7 +166,7 @@ xdsIR: - h2 certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= ciphers: - cipher1 diff --git a/internal/gatewayapi/testdata/custom-filter-order.out.yaml b/internal/gatewayapi/testdata/custom-filter-order.out.yaml index 043eeab1543..a8c4413a399 100644 --- a/internal/gatewayapi/testdata/custom-filter-order.out.yaml +++ b/internal/gatewayapi/testdata/custom-filter-order.out.yaml @@ -284,7 +284,7 @@ xdsIR: security: basicAuth: name: securitypolicy/envoy-gateway/policy-for-gateway - users: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo= + users: '[redacted]' cors: allowMethods: - GET diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml index b70ae56fce4..7e86495fc41 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml @@ -279,7 +279,7 @@ xdsIR: alpnProtocols: null certificates: - name: envoy-gateway/default-cert - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tcp: - address: 0.0.0.0 @@ -318,11 +318,11 @@ xdsIR: alpnProtocols: [] certificates: - name: envoy-gateway/default-cert - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls: alpnProtocols: [] certificates: - name: envoy-gateway/default-cert - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml index 80c15494330..868620d8d74 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml @@ -278,7 +278,7 @@ xdsIR: alpnProtocols: null certificates: - name: envoy-gateway/default-cert - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tcp: - address: 0.0.0.0 @@ -317,11 +317,11 @@ xdsIR: alpnProtocols: [] certificates: - name: envoy-gateway/default-cert - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls: alpnProtocols: [] certificates: - name: envoy-gateway/default-cert - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml index 137941240af..e65df0254f4 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml @@ -257,7 +257,7 @@ xdsIR: - ECDHE-ECDSA-AES256-GCM-SHA384 clientCertificates: - name: envoy-gateway-system/client-auth - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= ecdhCurves: - ECDHE-RSA-AES128-GCM-SHA256 @@ -281,7 +281,7 @@ xdsIR: alpnProtocols: null certificates: - name: envoy-gateway/default-cert - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tcp: - address: 0.0.0.0 @@ -305,7 +305,7 @@ xdsIR: - ECDHE-ECDSA-AES256-GCM-SHA384 clientCertificates: - name: envoy-gateway-system/client-auth - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= ecdhCurves: - ECDHE-RSA-AES128-GCM-SHA256 @@ -324,11 +324,11 @@ xdsIR: alpnProtocols: [] certificates: - name: envoy-gateway/default-cert - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls: alpnProtocols: [] certificates: - name: envoy-gateway/default-cert - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= diff --git a/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml b/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml index 7616aff3b9e..0b38b962b89 100644 --- a/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml +++ b/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml @@ -153,5 +153,5 @@ xdsIR: alpnProtocols: null certificates: - name: default/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml index 649a4555722..6e35700c58e 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml @@ -142,5 +142,5 @@ xdsIR: alpnProtocols: null certificates: - name: default/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml index 9d4d0a7528e..9e2db8004e5 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml @@ -211,7 +211,7 @@ xdsIR: alpnProtocols: null certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= tcp: - address: 0.0.0.0 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml index cb443c09c8b..a9939722a0d 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml @@ -144,8 +144,8 @@ xdsIR: alpnProtocols: null certificates: - name: envoy-gateway/tls-secret-ecdsa-1 - privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUxEbnZNM1RKM3NHYm9EeTF4T3dqSVppVFNWeWZXVWF5YVExcWdrdUdacEtvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFSDVWdHJjenJQS091alV5RTMyaDU2UnVrdHUzSVhTVnJJMkNibXh5UUpqcEY3di9rNVNqTQpSVXZjUnBCdmpnQWROaGhUNGNUMXV4YW1TMFlmQ2JXMVhRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJnVENDQVNlZ0F3SUJBZ0lVRm1sOExCRzBvL1FLNFErWjdrODI0c0MyaUZ3d0NnWUlLb1pJemowRUF3SXcKRmpFVU1CSUdBMVVFQXd3TFptOXZMbUpoY2k1amIyMHdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVdNUlF3RWdZRFZRUUREQXRtYjI4dVltRnlMbU52YlRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJMYVl2cUt1VlZveERvNTJlV3p2WUI1anc3RU1GODZybXlvaTVadWF5emRNdnBnNHpCcjgKUktCak5zK1QxakI4T0t1Y1MvN1JVRHgwcHorOTc2ek0zaU9qVXpCUk1CMEdBMVVkRGdRV0JCVE82K2NnMFIwZAp3dHJ6SlFQRzZnNzZoQkJVelRBZkJnTlZIU01FR0RBV2dCVE82K2NnMFIwZHd0cnpKUVBHNmc3NmhCQlV6VEFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSVFDMlhwUFFnUXpXYWUzYjVwWnQKR2N1TWZESjBjME9QS2NuZWdrWFoyQzRCM2dJZ1Uvc1Jrd0lwTFFOUlYrRWFZdzRQNVQ1Z1BFNlkrVnBtQzk4aApvVmpaL3pRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t - name: envoy-gateway/tls-secret-ecdsa-2 - privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRDUUE5VWo0SkR5c0Q0MlJIMGI2cjU5NTlXTmlXU2ZKZlMxK2RvTjk0TzZCUGdaQUJiUTI4eTIKUTZsM3pZdklLeFNnQndZRks0RUVBQ0toWkFOaUFBUjR5MGNMZUVoNnJaQ3gyUzFLTDlrMUg4d28xcTlLYmNjMgpmdTBhaUIrcHFxZndCS0FjaHJ2SlJUNzQreWdNUHFSLzc0Sjd1NngzU1pBN1ZLZDFnaGFQWkF1SWpQUTFrZndICjlDdmlMc25RZ3JDeENWU2U2ZG1xL2twajFNdEJyU2M9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJ5RENDQVU2Z0F3SUJBZ0lVUWltVUFlSExNdHo0dEdSdG5oNG9qWHRhVXpzd0NnWUlLb1pJemowRUF3SXcKR3pFWk1CY0dBMVVFQXd3UWRHVnpkQzVsZUdGdGNHeGxMbU52YlRBZUZ3MHlOREExTWpVd09URXhNemRhRncwegpOREExTWpNd09URXhNemRhTUJzeEdUQVhCZ05WQkFNTUVIUmxjM1F1WlhoaGJYQnNaUzVqYjIwd2RqQVFCZ2NxCmhrak9QUUlCQmdVcmdRUUFJZ05pQUFSNHkwY0xlRWg2clpDeDJTMUtMOWsxSDh3bzFxOUtiY2MyZnUwYWlCK3AKcXFmd0JLQWNocnZKUlQ3NCt5Z01QcVIvNzRKN3U2eDNTWkE3VktkMWdoYVBaQXVJalBRMWtmd0g5Q3ZpTHNuUQpnckN4Q1ZTZTZkbXEva3BqMU10QnJTZWpVekJSTUIwR0ExVWREZ1FXQkJUYVNlb1RtY3JlRU5Kd0t5ZmlZS3JnCjlIdnFVREFmQmdOVkhTTUVHREFXZ0JUYVNlb1RtY3JlRU5Kd0t5ZmlZS3JnOUh2cVVEQVBCZ05WSFJNQkFmOEUKQlRBREFRSC9NQW9HQ0NxR1NNNDlCQU1DQTJnQU1HVUNNRzFPSlUrRTlEaCt4TjdJMFZVTXIwdmt3S0h6V2Q3NwpTQXFXQjJVcG4vNThQTzd3eWNvWHZNMjlwREU0SkUvRzVRSXhBT2FhemxKZ1M3Z081eU50aW1tZ0llWFJ1K2pwCkNXb3kxb3hZU2ZSMmh1YkJ1Q1RUUkFqNkhPODBjTUVrZHFrMWp3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml index 754923d89fe..6fdbe779e25 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml @@ -144,8 +144,8 @@ xdsIR: alpnProtocols: null certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= - name: envoy-gateway/tls-secret-ecdsa-1 - privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUxEbnZNM1RKM3NHYm9EeTF4T3dqSVppVFNWeWZXVWF5YVExcWdrdUdacEtvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFSDVWdHJjenJQS091alV5RTMyaDU2UnVrdHUzSVhTVnJJMkNibXh5UUpqcEY3di9rNVNqTQpSVXZjUnBCdmpnQWROaGhUNGNUMXV4YW1TMFlmQ2JXMVhRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJnVENDQVNlZ0F3SUJBZ0lVRm1sOExCRzBvL1FLNFErWjdrODI0c0MyaUZ3d0NnWUlLb1pJemowRUF3SXcKRmpFVU1CSUdBMVVFQXd3TFptOXZMbUpoY2k1amIyMHdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVdNUlF3RWdZRFZRUUREQXRtYjI4dVltRnlMbU52YlRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJMYVl2cUt1VlZveERvNTJlV3p2WUI1anc3RU1GODZybXlvaTVadWF5emRNdnBnNHpCcjgKUktCak5zK1QxakI4T0t1Y1MvN1JVRHgwcHorOTc2ek0zaU9qVXpCUk1CMEdBMVVkRGdRV0JCVE82K2NnMFIwZAp3dHJ6SlFQRzZnNzZoQkJVelRBZkJnTlZIU01FR0RBV2dCVE82K2NnMFIwZHd0cnpKUVBHNmc3NmhCQlV6VEFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSVFDMlhwUFFnUXpXYWUzYjVwWnQKR2N1TWZESjBjME9QS2NuZWdrWFoyQzRCM2dJZ1Uvc1Jrd0lwTFFOUlYrRWFZdzRQNVQ1Z1BFNlkrVnBtQzk4aApvVmpaL3pRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml index 5b692e70ab2..680ff1bf524 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml @@ -141,5 +141,5 @@ xdsIR: alpnProtocols: null certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= diff --git a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml index 10f483e7293..bafbb34668b 100644 --- a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml @@ -141,5 +141,5 @@ xdsIR: alpnProtocols: null certificates: - name: default/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml index bec756628f7..2b7899d4f75 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml @@ -212,5 +212,5 @@ xdsIR: alpnProtocols: null certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= diff --git a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml index b690cb20370..02fd1a6ddd1 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml @@ -250,7 +250,7 @@ xdsIR: security: basicAuth: name: securitypolicy/default/policy-for-http-route-1 - users: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo= + users: '[redacted]' - destination: name: httproute/default/httproute-1/rule/1 settings: @@ -274,7 +274,7 @@ xdsIR: security: basicAuth: name: securitypolicy/default/policy-for-http-route-1 - users: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo= + users: '[redacted]' - destination: name: httproute/default/httproute-2/rule/0 settings: @@ -298,4 +298,4 @@ xdsIR: security: basicAuth: name: securitypolicy/default/policy-for-gateway-1 - users: Zm9vOntTSEF9WXMyM0FnLzVJT1dxWkN3OVFHYVZEZEh3SDAwPQpmb28xOntTSEF9ZGpaMTFxSFkwS09pamV5bUs3YUt2WXV2aHZNPQo= + users: '[redacted]' diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml index d6f0c4dbc47..eb518ba7c3c 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml @@ -217,12 +217,12 @@ xdsIR: security: oidc: clientID: client1.apps.googleusercontent.com - clientSecret: Y2xpZW50MTpzZWNyZXQK + clientSecret: '[redacted]' cookieSuffix: b0a1b740 defaultRefreshTokenTTL: 24h0m0s defaultTokenTTL: 30m0s forwardAccessToken: true - hmacSecret: qrOYACHXoe7UEDI/raOjNSx+Z9ufXSc/22C3T6X/zPY= + hmacSecret: '[redacted]' logoutPath: /bar/logout name: securitypolicy/envoy-gateway/policy-for-gateway provider: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml index 2482d1bc05b..a42e482a758 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml @@ -178,12 +178,12 @@ xdsIR: security: oidc: clientID: client1.apps.googleusercontent.com - clientSecret: Y2xpZW50MTpzZWNyZXQK + clientSecret: '[redacted]' cookieNameOverrides: accessToken: CustomAccessTokenCookie idToken: CustomIdTokenCookie cookieSuffix: b0a1b740 - hmacSecret: qrOYACHXoe7UEDI/raOjNSx+Z9ufXSc/22C3T6X/zPY= + hmacSecret: '[redacted]' logoutPath: /bar/logout name: securitypolicy/envoy-gateway/policy-for-gateway provider: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml index 5f327af8752..1d9093a8d38 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml @@ -273,13 +273,13 @@ xdsIR: security: oidc: clientID: client2.oauth.foo.com - clientSecret: Y2xpZW50MTpzZWNyZXQK + clientSecret: '[redacted]' cookieDomain: example.com cookieSuffix: 5f93c2e4 defaultRefreshTokenTTL: 48h0m0s defaultTokenTTL: 1h0m0s forwardAccessToken: true - hmacSecret: qrOYACHXoe7UEDI/raOjNSx+Z9ufXSc/22C3T6X/zPY= + hmacSecret: '[redacted]' logoutPath: /foo/logout name: securitypolicy/default/policy-for-http-route provider: @@ -317,12 +317,12 @@ xdsIR: security: oidc: clientID: client1.apps.googleusercontent.com - clientSecret: Y2xpZW50MTpzZWNyZXQK + clientSecret: '[redacted]' cookieSuffix: b0a1b740 defaultRefreshTokenTTL: 24h0m0s defaultTokenTTL: 30m0s forwardAccessToken: true - hmacSecret: qrOYACHXoe7UEDI/raOjNSx+Z9ufXSc/22C3T6X/zPY= + hmacSecret: '[redacted]' logoutPath: /bar/logout name: securitypolicy/envoy-gateway/policy-for-gateway provider: diff --git a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml index 7a4f2288ace..d3a6e8bdc19 100644 --- a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml +++ b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml @@ -185,13 +185,13 @@ xdsIR: alpnProtocols: [] certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= tls: alpnProtocols: [] certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= - address: 0.0.0.0 name: envoy-gateway/gateway-1/tls-hostname @@ -215,11 +215,11 @@ xdsIR: alpnProtocols: [] certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= tls: alpnProtocols: [] certificates: - name: envoy-gateway/tls-secret-1 - privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= diff --git a/internal/gatewayapi/translator_test.go b/internal/gatewayapi/translator_test.go index 39200342a5f..61e0025fbdd 100644 --- a/internal/gatewayapi/translator_test.go +++ b/internal/gatewayapi/translator_test.go @@ -14,6 +14,7 @@ import ( "fmt" "os" "path/filepath" + "reflect" "strconv" "strings" "testing" @@ -34,6 +35,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/gatewayapi/resource" + "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/utils/field" "github.com/envoyproxy/gateway/internal/utils/file" "github.com/envoyproxy/gateway/internal/wasm" @@ -318,6 +320,8 @@ func TestTranslate(t *testing.T) { opts := []cmp.Option{ cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime"), + cmp.Transformer("ClearXdsEqual", xdsWithoutEqual), + cmpopts.IgnoreTypes(ir.PrivateBytes{}), cmpopts.EquateEmpty(), } @@ -848,3 +852,42 @@ func (m *mockWasmCache) Get(downloadURL string, options wasm.GetOptions) (url st } func (m *mockWasmCache) Cleanup() {} + +// ir.Xds implements a custom Equal method which ensures exact equality, even +// over redacted fields. This function is used to remove the Equal method from +// the type, but ensure that the set of fields is the same. +// This allows us to use cmp.Diff to compare the types with field-level cmpopts. +func xdsWithoutEqual(a *ir.Xds) any { + ret := struct { + AccessLog *ir.AccessLog + Tracing *ir.Tracing + Metrics *ir.Metrics + HTTP []*ir.HTTPListener + TCP []*ir.TCPListener + UDP []*ir.UDPListener + EnvoyPatchPolicies []*ir.EnvoyPatchPolicy + FilterOrder []egv1a1.FilterPosition + }{ + AccessLog: a.AccessLog, + Tracing: a.Tracing, + Metrics: a.Metrics, + HTTP: a.HTTP, + TCP: a.TCP, + UDP: a.UDP, + EnvoyPatchPolicies: a.EnvoyPatchPolicies, + FilterOrder: a.FilterOrder, + } + + // Ensure we didn't drop an exported field. + ta, tr := reflect.TypeOf(*a), reflect.TypeOf(ret) + for i := 0; i < ta.NumField(); i++ { + aField := ta.Field(i) + if rField, ok := tr.FieldByName(aField.Name); !ok || aField.Type != rField.Type { + // We panic here because this is test code, and it would be hard to + // plumb the error out. + panic(fmt.Sprintf("field %q is missing or has wrong type in the ir.Xds mirror", aField.Name)) + } + } + + return ret +} diff --git a/internal/ir/xds.go b/internal/ir/xds.go index 5e26af0f479..5103d3ea81a 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -7,6 +7,7 @@ package ir import ( "cmp" + "encoding" "encoding/json" "errors" "fmt" @@ -77,6 +78,51 @@ var ( redacted = []byte("[redacted]") ) +// PrivateBytes implements a custom []byte type so that we can override the +// various string-ish printing functions to redact the contents. +type PrivateBytes []byte + +var ( + _ fmt.Stringer = PrivateBytes{} + _ encoding.TextMarshaler = PrivateBytes{} +) + +// MarshalText redacts the contents of the PrivateBytes type. +// Note that MarshalJSON will call MarshalText if it exists, so we don't +// need to implement MarshalJSON. +func (p PrivateBytes) MarshalText() ([]byte, error) { + if len(p) == 0 { + return nil, nil + } + return redacted, nil +} + +// String redacts the contents of the PrivateBytes type. +func (p PrivateBytes) String() string { + if len(p) == 0 { + return "" + } + return string(redacted) +} + +func (p *PrivateBytes) UnmarshalJSON(data []byte) error { + if len(data) == 0 { + *p = nil + return nil + } + if string(data) == `"`+string(redacted)+`"` { + *p = redacted + return nil + } + var b []byte + err := json.Unmarshal(data, &b) + if err != nil { + return fmt.Errorf("UnmarshalJSON failed: %w, %q", err, string(data)) + } + *p = b + return err +} + // Xds holds the intermediate representation of a Gateway and is // used by the xDS Translator to convert it into xDS resources. // +k8s:deepcopy-gen=true @@ -176,36 +222,15 @@ func (x *Xds) GetUDPListener(name string) *UDPListener { } func (x *Xds) YAMLString() string { - y, _ := yaml.Marshal(x.Printable()) + y, _ := yaml.Marshal(x) return string(y) } func (x *Xds) JSONString() string { - j, _ := json.Marshal(x.Printable()) + j, _ := json.Marshal(x) return string(j) } -// Printable returns a deep copy of the resource that can be safely logged. -func (x *Xds) Printable() *Xds { - out := x.DeepCopy() - for _, listener := range out.HTTP { - // Omit field - if listener.TLS != nil { - for i := range listener.TLS.Certificates { - listener.TLS.Certificates[i].PrivateKey = redacted - } - } - - for _, route := range listener.Routes { - // Omit field - if route.Security != nil { - route.Security = route.Security.Printable() - } - } - } - return out -} - type Listener interface { GetName() string GetAddress() string @@ -378,7 +403,7 @@ type TLSCertificate struct { // Certificate can be either a client or server certificate. Certificate []byte `json:"serverCertificate,omitempty" yaml:"serverCertificate,omitempty"` // PrivateKey for the server. - PrivateKey []byte `json:"privateKey,omitempty" yaml:"privateKey,omitempty"` + PrivateKey PrivateBytes `json:"privateKey,omitempty" yaml:"privateKey,omitempty"` } // TLSCACertificate holds CA Certificate to validate clients @@ -778,18 +803,6 @@ type SecurityFeatures struct { Authorization *Authorization `json:"authorization,omitempty" yaml:"authorization,omitempty"` } -func (s *SecurityFeatures) Printable() *SecurityFeatures { - out := s.DeepCopy() - if out.OIDC != nil { - out.OIDC.ClientSecret = redacted - out.OIDC.HMACSecret = redacted - } - if out.BasicAuth != nil { - out.BasicAuth.Users = redacted - } - return out -} - func (s *SecurityFeatures) Validate() error { var errs error @@ -883,10 +896,10 @@ type OIDC struct { // [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). // // This is an Opaque secret. The client secret should be stored in the key "client-secret". - ClientSecret []byte `json:"clientSecret,omitempty" yaml:"clientSecret,omitempty"` + ClientSecret PrivateBytes `json:"clientSecret,omitempty" yaml:"clientSecret,omitempty"` // HMACSecret is the secret used to sign the HMAC of the OAuth2 filter cookies. - HMACSecret []byte `json:"hmacSecret,omitempty" yaml:"hmacSecret,omitempty"` + HMACSecret PrivateBytes `json:"hmacSecret,omitempty" yaml:"hmacSecret,omitempty"` // The OIDC scopes to be used in the // [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). @@ -959,7 +972,7 @@ type BasicAuth struct { Name string `json:"name" yaml:"name"` // The username-password pairs in htpasswd format. - Users []byte `json:"users,omitempty" yaml:"users,omitempty"` + Users PrivateBytes `json:"users,omitempty" yaml:"users,omitempty"` } // ExtAuth defines the schema for the external authorization. diff --git a/internal/ir/xds_test.go b/internal/ir/xds_test.go index 7a81491417d..c73faf7eb44 100644 --- a/internal/ir/xds_test.go +++ b/internal/ir/xds_test.go @@ -6,6 +6,7 @@ package ir import ( + "encoding/json" "net/http" "testing" "time" @@ -1331,11 +1332,12 @@ func TestValidateLoadBalancer(t *testing.T) { } } -func TestPrintable(t *testing.T) { +func TestRedaction(t *testing.T) { tests := []struct { - name string - input Xds - want *Xds + name string + input Xds + want *Xds + wantStr string }{ { name: "empty", @@ -1360,10 +1362,59 @@ func TestPrintable(t *testing.T) { HTTP: []*HTTPListener{&redactedHappyHTTPSListener}, }, }, + { + name: "explicit string check", + input: Xds{ + HTTP: []*HTTPListener{{ + TLS: &TLSConfig{ + Certificates: []TLSCertificate{{ + Name: "server", + Certificate: []byte("---"), + PrivateKey: []byte("secret"), + }}, + ClientCertificates: []TLSCertificate{{ + Name: "client", + Certificate: []byte("---"), + PrivateKey: []byte("secret"), + }}, + }, + Routes: []*HTTPRoute{{ + Security: &SecurityFeatures{ + OIDC: &OIDC{ + ClientSecret: []byte("secret"), + HMACSecret: []byte("secret"), + }, + BasicAuth: &BasicAuth{ + Users: []byte("secret"), + }, + }, + }}, + }}, + }, + wantStr: `{"http":[{"name":"","address":"","port":0,"hostnames":null,` + + `"tls":{` + + `"certificates":[{"name":"server","serverCertificate":"LS0t","privateKey":"[redacted]"}],` + + `"clientCertificates":[{"name":"client","serverCertificate":"LS0t","privateKey":"[redacted]"}],` + + `"alpnProtocols":null},` + + `"routes":[{` + + `"name":"","hostname":"","isHTTP2":false,"security":{` + + `"oidc":{"name":"","provider":{},"clientID":"","clientSecret":"[redacted]","hmacSecret":"[redacted]"},` + + `"basicAuth":{"name":"","users":"[redacted]"}` + + `}}],` + + `"isHTTP2":false,"path":{"mergeSlashes":false,"escapedSlashesAction":""}}]}`, + }, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { - assert.Equal(t, *test.want, *test.input.Printable()) + if test.want != nil { + if test.wantStr != "" { + t.Fatalf("Don't set both want and wantStr") + } + wantJSON, err := json.Marshal(test.want) + require.NoError(t, err) + test.wantStr = string(wantJSON) + } + assert.Equal(t, test.wantStr, test.input.JSONString()) }) } } diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go index 85a26447ecb..59f1973b22a 100644 --- a/internal/ir/zz_generated.deepcopy.go +++ b/internal/ir/zz_generated.deepcopy.go @@ -315,7 +315,7 @@ func (in *BasicAuth) DeepCopyInto(out *BasicAuth) { *out = *in if in.Users != nil { in, out := &in.Users, &out.Users - *out = make([]byte, len(*in)) + *out = make(PrivateBytes, len(*in)) copy(*out, *in) } } @@ -1975,12 +1975,12 @@ func (in *OIDC) DeepCopyInto(out *OIDC) { in.Provider.DeepCopyInto(&out.Provider) if in.ClientSecret != nil { in, out := &in.ClientSecret, &out.ClientSecret - *out = make([]byte, len(*in)) + *out = make(PrivateBytes, len(*in)) copy(*out, *in) } if in.HMACSecret != nil { in, out := &in.HMACSecret, &out.HMACSecret - *out = make([]byte, len(*in)) + *out = make(PrivateBytes, len(*in)) copy(*out, *in) } if in.Scopes != nil { @@ -3028,7 +3028,7 @@ func (in *TLSCertificate) DeepCopyInto(out *TLSCertificate) { } if in.PrivateKey != nil { in, out := &in.PrivateKey, &out.PrivateKey - *out = make([]byte, len(*in)) + *out = make(PrivateBytes, len(*in)) copy(*out, *in) } } From a7d6526d022b62b1bad0fd268a8534dc535bc596 Mon Sep 17 00:00:00 2001 From: zirain Date: Mon, 11 Nov 2024 11:14:35 +0800 Subject: [PATCH 10/47] chore: net.JoinHostPort (#4692) Signed-off-by: zirain --- test/e2e/tests/gatewayt-with-envoyproxy.go | 3 ++- test/e2e/tests/utils.go | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/test/e2e/tests/gatewayt-with-envoyproxy.go b/test/e2e/tests/gatewayt-with-envoyproxy.go index ec9f7252a5e..e3100105f71 100644 --- a/test/e2e/tests/gatewayt-with-envoyproxy.go +++ b/test/e2e/tests/gatewayt-with-envoyproxy.go @@ -9,6 +9,7 @@ package tests import ( "context" + "net" "testing" "github.com/stretchr/testify/require" @@ -47,7 +48,7 @@ var GatewayWithEnvoyProxy = suite.ConformanceTest{ // Verify that the RouteType is set to Service by the attached EnvoyProxy Headers: map[string]string{ - "upstream-host": svc.Spec.ClusterIP + ":8080", + "upstream-host": net.JoinHostPort(svc.Spec.ClusterIP, "8080"), }, }, Namespace: ns, diff --git a/test/e2e/tests/utils.go b/test/e2e/tests/utils.go index 53aeb8b96a7..c63cad1e579 100644 --- a/test/e2e/tests/utils.go +++ b/test/e2e/tests/utils.go @@ -14,6 +14,7 @@ import ( "net" "net/http" "net/url" + "strconv" "strings" "testing" "time" @@ -400,7 +401,7 @@ func RetrieveURL(c client.Client, nn types.NamespacedName, port int32, path stri default: host = fmt.Sprintf("%s.%s.svc", nn.Name, nn.Namespace) } - return fmt.Sprintf("http://%s:%d%s", host, port, path), nil + return fmt.Sprintf("http://%s%s", net.JoinHostPort(host, strconv.Itoa(int(port))), path), nil } var metricParser = &expfmt.TextParser{} @@ -560,7 +561,7 @@ func QueryLogCountFromLoki(t *testing.T, c client.Client, keyValues map[string]s params := url.Values{} params.Add("query", q) params.Add("start", fmt.Sprintf("%d", time.Now().Add(-10*time.Minute).Unix())) // query logs from last 10 minutes - lokiQueryURL := fmt.Sprintf("http://%s:3100/loki/api/v1/query_range?%s", lokiHost, params.Encode()) + lokiQueryURL := fmt.Sprintf("http://%s/loki/api/v1/query_range?%s", net.JoinHostPort(lokiHost, "3100"), params.Encode()) res, err := http.DefaultClient.Get(lokiQueryURL) if err != nil { return -1, err From ec56a83e216735176e52aa3e7a5a04bab6db981e Mon Sep 17 00:00:00 2001 From: zirain Date: Mon, 11 Nov 2024 15:24:16 +0800 Subject: [PATCH 11/47] chore: dnsSearch on kind cluster (#4691) Signed-off-by: zirain --- tools/hack/create-cluster.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/hack/create-cluster.sh b/tools/hack/create-cluster.sh index ad3cff1cd92..d1601cb83b6 100755 --- a/tools/hack/create-cluster.sh +++ b/tools/hack/create-cluster.sh @@ -14,6 +14,9 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 networking: ipFamily: ${IP_FAMILY} + # it's to prevent inherit search domains from the host which slows down DNS resolution + # and cause problems to IPv6 only clusters running on IPv4 host. + dnsSearch: [] nodes: - role: control-plane EOM From c0b2c87f53553b3591a5ba8e71bb10763b01ea9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 18:48:03 -0800 Subject: [PATCH 12/47] build(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#4696) * build(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.67.1 to 1.68.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.67.1...v1.68.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * lint Signed-off-by: zirain --------- Signed-off-by: dependabot[bot] Signed-off-by: zirain Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain --- examples/extension-server/go.mod | 6 +++--- examples/extension-server/go.sum | 14 ++++++++------ go.mod | 6 +++--- go.sum | 12 ++++++------ 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/examples/extension-server/go.mod b/examples/extension-server/go.mod index 7b09ae7320b..d08fe02ac24 100644 --- a/examples/extension-server/go.mod +++ b/examples/extension-server/go.mod @@ -6,7 +6,7 @@ require ( github.com/envoyproxy/gateway v1.0.2 github.com/envoyproxy/go-control-plane v0.13.1 github.com/urfave/cli/v2 v2.27.5 - google.golang.org/grpc v1.67.1 + google.golang.org/grpc v1.68.0 google.golang.org/protobuf v1.35.1 k8s.io/apimachinery v0.31.2 sigs.k8s.io/controller-runtime v0.19.1 @@ -14,9 +14,9 @@ require ( ) require ( - cel.dev/expr v0.16.0 // indirect + cel.dev/expr v0.16.1 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect - github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20 // indirect + github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect diff --git a/examples/extension-server/go.sum b/examples/extension-server/go.sum index 42db960b446..e3e50a30b90 100644 --- a/examples/extension-server/go.sum +++ b/examples/extension-server/go.sum @@ -1,9 +1,9 @@ -cel.dev/expr v0.16.0 h1:yloc84fytn4zmJX2GU3TkXGsaieaV7dQ057Qs4sIG2Y= -cel.dev/expr v0.16.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= +cel.dev/expr v0.16.1 h1:NR0+oFYzR1CqLFhTAqg3ql59G9VfN8fKq1TCHJ6gq1g= +cel.dev/expr v0.16.1/go.mod h1:AsGA5zb3WruAEQeQng1RZdGEXmBj0jvMWh6l5SnNuC8= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= -github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20 h1:N+3sFI5GUjRKBi+i0TxYVST9h4Ie192jJWpHvthBBgg= -github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -23,6 +23,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -109,8 +111,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 h1: google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M= google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc= google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= -google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= -google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= +google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/go.mod b/go.mod index 68fd42b5a31..b5c05d514b0 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( fortio.org/fortio v1.67.1 fortio.org/log v1.17.1 github.com/Masterminds/semver/v3 v3.3.0 - github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20 + github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc github.com/docker/cli v27.3.1+incompatible github.com/dominikbraun/graph v0.23.0 @@ -65,12 +65,12 @@ require ( github.com/docker/docker v27.3.1+incompatible github.com/replicatedhq/troubleshoot v0.107.5 github.com/tetratelabs/func-e v1.1.5-0.20240822223546-c85a098d5bf0 - google.golang.org/grpc v1.67.1 + google.golang.org/grpc v1.68.0 sigs.k8s.io/kubectl-validate v0.0.5-0.20240827210056-ce13d95db263 ) require ( - cel.dev/expr v0.16.0 // indirect + cel.dev/expr v0.16.1 // indirect dario.cat/mergo v1.0.1 // indirect filippo.io/edwards25519 v1.1.0 // indirect fortio.org/cli v1.9.2 // indirect diff --git a/go.sum b/go.sum index 00d7b32bb36..26902bde34a 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -cel.dev/expr v0.16.0 h1:yloc84fytn4zmJX2GU3TkXGsaieaV7dQ057Qs4sIG2Y= -cel.dev/expr v0.16.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= +cel.dev/expr v0.16.1 h1:NR0+oFYzR1CqLFhTAqg3ql59G9VfN8fKq1TCHJ6gq1g= +cel.dev/expr v0.16.1/go.mod h1:AsGA5zb3WruAEQeQng1RZdGEXmBj0jvMWh6l5SnNuC8= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= @@ -123,8 +123,8 @@ github.com/cilium/ebpf v0.16.0 h1:+BiEnHL6Z7lXnlGUsXQPPAE7+kenAd4ES8MQ5min0Ok= github.com/cilium/ebpf v0.16.0/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20 h1:N+3sFI5GUjRKBi+i0TxYVST9h4Ie192jJWpHvthBBgg= -github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= @@ -1100,8 +1100,8 @@ google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQ google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= -google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= +google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From a9ff26987668b53274ec6be03b78e23de5d86ebc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 18:48:49 -0800 Subject: [PATCH 13/47] build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#4701) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.0 to 3.27.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...4f3212b61783c3c68e8309a0f18a699764811cda) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2027c7548aa..faca9d0eb1b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,14 +36,14 @@ jobs: - uses: ./tools/github-actions/setup-deps - name: Initialize CodeQL - uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 6e816b5460f..79f040fba97 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -40,6 +40,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: sarif_file: results.sarif From df8fa0f8bbdecdb5e472c9b9787857a6679230f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 18:49:05 -0800 Subject: [PATCH 14/47] build(deps): bump sigs.k8s.io/kind from 0.24.0 to 0.25.0 in /tools/src/kind (#4700) build(deps): bump sigs.k8s.io/kind in /tools/src/kind Bumps [sigs.k8s.io/kind](https://github.com/kubernetes-sigs/kind) from 0.24.0 to 0.25.0. - [Release notes](https://github.com/kubernetes-sigs/kind/releases) - [Commits](https://github.com/kubernetes-sigs/kind/compare/v0.24.0...v0.25.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/kind dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain --- tools/src/kind/go.mod | 2 +- tools/src/kind/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/src/kind/go.mod b/tools/src/kind/go.mod index 969589cce84..42dd6426e94 100644 --- a/tools/src/kind/go.mod +++ b/tools/src/kind/go.mod @@ -2,7 +2,7 @@ module github.com/envoyproxy/gateway/tools/src/kind go 1.23.1 -require sigs.k8s.io/kind v0.24.0 +require sigs.k8s.io/kind v0.25.0 require ( github.com/BurntSushi/toml v1.4.0 // indirect diff --git a/tools/src/kind/go.sum b/tools/src/kind/go.sum index e811249cb1e..43de9d29a84 100644 --- a/tools/src/kind/go.sum +++ b/tools/src/kind/go.sum @@ -36,7 +36,7 @@ gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b h1:QRR6H1YWRnHb4Y/HeNFCTJLF gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -sigs.k8s.io/kind v0.24.0 h1:g4y4eu0qa+SCeKESLpESgMmVFBebL0BDa6f777OIWrg= -sigs.k8s.io/kind v0.24.0/go.mod h1:t7ueEpzPYJvHA8aeLtI52rtFftNgUYUaCwvxjk7phfw= +sigs.k8s.io/kind v0.25.0 h1:ugUvgesHKKA0yKmD6QtYTiEev+kPUpGxdTPbMGf8VTU= +sigs.k8s.io/kind v0.25.0/go.mod h1:t7ueEpzPYJvHA8aeLtI52rtFftNgUYUaCwvxjk7phfw= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From 879da46901ca852e22152bcbf267d0842ba6735e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 18:49:27 -0800 Subject: [PATCH 15/47] build(deps): bump github.com/golangci/golangci-lint from 1.61.0 to 1.62.0 in /tools/src/golangci-lint (#4699) * build(deps): bump github.com/golangci/golangci-lint Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.61.0 to 1.62.0. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](https://github.com/golangci/golangci-lint/compare/v1.61.0...v1.62.0) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * fix Signed-off-by: zirain --------- Signed-off-by: dependabot[bot] Signed-off-by: zirain Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain --- internal/utils/jsonpatch/patch_test.go | 2 +- tools/src/golangci-lint/go.mod | 73 ++++++------ tools/src/golangci-lint/go.sum | 153 +++++++++++++------------ 3 files changed, 118 insertions(+), 110 deletions(-) diff --git a/internal/utils/jsonpatch/patch_test.go b/internal/utils/jsonpatch/patch_test.go index dbdd63fc527..cfd4ec8e2e4 100644 --- a/internal/utils/jsonpatch/patch_test.go +++ b/internal/utils/jsonpatch/patch_test.go @@ -241,7 +241,7 @@ func TestApplyJSONPatches(t *testing.T) { t.Error(err) } - require.Equal(t, expectedJSON, resultJSON) + require.JSONEq(t, expectedJSON, resultJSON) } require.NoError(t, err) } diff --git a/tools/src/golangci-lint/go.mod b/tools/src/golangci-lint/go.mod index e73d754d4b9..e88d8a1a325 100644 --- a/tools/src/golangci-lint/go.mod +++ b/tools/src/golangci-lint/go.mod @@ -2,34 +2,34 @@ module local go 1.23.1 -require github.com/golangci/golangci-lint v1.61.0 +require github.com/golangci/golangci-lint v1.62.0 require ( 4d63.com/gocheckcompilerdirectives v1.2.1 // indirect 4d63.com/gochecknoglobals v0.2.1 // indirect github.com/4meepo/tagalign v1.3.4 // indirect - github.com/Abirdcfly/dupword v0.1.1 // indirect - github.com/Antonboom/errname v0.1.13 // indirect - github.com/Antonboom/nilnil v0.1.9 // indirect - github.com/Antonboom/testifylint v1.4.3 // indirect + github.com/Abirdcfly/dupword v0.1.3 // indirect + github.com/Antonboom/errname v1.0.0 // indirect + github.com/Antonboom/nilnil v1.0.0 // indirect + github.com/Antonboom/testifylint v1.5.0 // indirect github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c // indirect github.com/Crocmagnon/fatcontext v0.5.2 // indirect github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect github.com/GaijinEntertainment/go-exhaustruct/v3 v3.3.0 // indirect github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/OpenPeeDeeP/depguard/v2 v2.2.0 // indirect - github.com/alecthomas/go-check-sumtype v0.1.4 // indirect - github.com/alexkohler/nakedret/v2 v2.0.4 // indirect + github.com/alecthomas/go-check-sumtype v0.2.0 // indirect + github.com/alexkohler/nakedret/v2 v2.0.5 // indirect github.com/alexkohler/prealloc v1.0.0 // indirect github.com/alingse/asasalint v0.0.11 // indirect github.com/ashanbrown/forbidigo v1.6.0 // indirect github.com/ashanbrown/makezero v1.1.1 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/bkielbasa/cyclop v1.2.1 // indirect + github.com/bkielbasa/cyclop v1.2.3 // indirect github.com/blizzy78/varnamelen v0.8.0 // indirect github.com/bombsimon/wsl/v4 v4.4.1 // indirect - github.com/breml/bidichk v0.2.7 // indirect - github.com/breml/errchkjson v0.3.6 // indirect + github.com/breml/bidichk v0.3.2 // indirect + github.com/breml/errchkjson v0.4.0 // indirect github.com/butuzov/ireturn v0.3.0 // indirect github.com/butuzov/mirror v1.2.0 // indirect github.com/catenacyber/perfsprint v0.7.1 // indirect @@ -37,19 +37,19 @@ require ( github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/charithe/durationcheck v0.0.10 // indirect github.com/chavacava/garif v0.1.0 // indirect - github.com/ckaznocha/intrange v0.2.0 // indirect + github.com/ckaznocha/intrange v0.2.1 // indirect github.com/curioswitch/go-reassign v0.2.0 // indirect github.com/daixiang0/gci v0.13.5 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/denis-tingaikin/go-header v0.5.0 // indirect github.com/ettle/strcase v0.2.0 // indirect - github.com/fatih/color v1.17.0 // indirect + github.com/fatih/color v1.18.0 // indirect github.com/fatih/structtag v1.2.0 // indirect github.com/firefart/nonamedreturns v1.0.5 // indirect github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/fzipp/gocyclo v0.6.0 // indirect - github.com/ghostiam/protogetter v0.3.6 // indirect - github.com/go-critic/go-critic v0.11.4 // indirect + github.com/ghostiam/protogetter v0.3.8 // indirect + github.com/go-critic/go-critic v0.11.5 // indirect github.com/go-toolsmith/astcast v1.1.0 // indirect github.com/go-toolsmith/astcopy v1.1.0 // indirect github.com/go-toolsmith/astequal v1.2.0 // indirect @@ -57,12 +57,13 @@ require ( github.com/go-toolsmith/astp v1.1.0 // indirect github.com/go-toolsmith/strparse v1.1.0 // indirect github.com/go-toolsmith/typep v1.1.0 // indirect - github.com/go-viper/mapstructure/v2 v2.1.0 // indirect + github.com/go-viper/mapstructure/v2 v2.2.1 // indirect github.com/go-xmlfmt/xmlfmt v1.1.2 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gofrs/flock v0.12.1 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect + github.com/golangci/go-printf-func-name v0.1.0 // indirect github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9 // indirect github.com/golangci/misspell v0.6.0 // indirect github.com/golangci/modinfo v0.3.4 // indirect @@ -81,20 +82,18 @@ require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jgautheron/goconst v1.7.1 // indirect github.com/jingyugao/rowserrcheck v1.1.1 // indirect - github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af // indirect github.com/jjti/go-spancheck v0.6.2 // indirect github.com/julz/importas v0.1.0 // indirect github.com/karamaru-alpha/copyloopvar v1.1.0 // indirect - github.com/kisielk/errcheck v1.7.0 // indirect + github.com/kisielk/errcheck v1.8.0 // indirect github.com/kkHAIKE/contextcheck v1.1.5 // indirect github.com/kulti/thelper v0.6.3 // indirect github.com/kunwardeep/paralleltest v1.0.10 // indirect github.com/kyoh86/exportloopref v0.1.11 // indirect - github.com/lasiar/canonicalheader v1.1.1 // indirect + github.com/lasiar/canonicalheader v1.1.2 // indirect github.com/ldez/gomoddirectives v0.2.4 // indirect github.com/ldez/tagliatelle v0.5.0 // indirect github.com/leonklingele/grouper v1.1.2 // indirect - github.com/lufeee/execinquery v1.2.1 // indirect github.com/macabu/inamedparam v0.1.3 // indirect github.com/magiconair/properties v1.8.6 // indirect github.com/maratori/testableexamples v1.0.0 // indirect @@ -102,16 +101,16 @@ require ( github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.9 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect - github.com/mgechev/revive v1.3.9 // indirect + github.com/mgechev/revive v1.5.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moricho/tparallel v0.3.2 // indirect github.com/nakabonne/nestif v0.3.1 // indirect github.com/nishanths/exhaustive v0.12.0 // indirect github.com/nishanths/predeclared v0.2.2 // indirect - github.com/nunnatsa/ginkgolinter v0.16.2 // indirect + github.com/nunnatsa/ginkgolinter v0.18.0 // indirect github.com/olekukonko/tablewriter v0.0.5 // indirect github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.2.3 // indirect @@ -126,18 +125,21 @@ require ( github.com/quasilyte/gogrep v0.5.0 // indirect github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect + github.com/raeperd/recvcheck v0.1.2 // indirect + github.com/rivo/uniseg v0.4.7 // indirect + github.com/rogpeppe/go-internal v1.13.1 // indirect github.com/ryancurrah/gomodguard v1.3.5 // indirect github.com/ryanrolds/sqlclosecheck v0.5.1 // indirect github.com/sanposhiho/wastedassign/v2 v2.0.7 // indirect github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect github.com/sashamelentyev/interfacebloat v1.1.0 // indirect github.com/sashamelentyev/usestdlibvars v1.27.0 // indirect - github.com/securego/gosec/v2 v2.21.2 // indirect + github.com/securego/gosec/v2 v2.21.4 // indirect github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/sivchari/containedctx v1.0.3 // indirect - github.com/sivchari/tenv v1.10.0 // indirect - github.com/sonatard/noctx v0.0.2 // indirect + github.com/sivchari/tenv v1.12.1 // indirect + github.com/sonatard/noctx v0.1.0 // indirect github.com/sourcegraph/go-diff v0.7.0 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.5.0 // indirect @@ -151,32 +153,33 @@ require ( github.com/stretchr/testify v1.9.0 // indirect github.com/subosito/gotenv v1.4.1 // indirect github.com/tdakkota/asciicheck v0.2.0 // indirect - github.com/tetafro/godot v1.4.17 // indirect + github.com/tetafro/godot v1.4.18 // indirect github.com/timakin/bodyclose v0.0.0-20230421092635-574207250966 // indirect - github.com/timonwong/loggercheck v0.9.4 // indirect + github.com/timonwong/loggercheck v0.10.1 // indirect github.com/tomarrell/wrapcheck/v2 v2.9.0 // indirect github.com/tommy-muehle/go-mnd/v2 v2.5.1 // indirect github.com/ultraware/funlen v0.1.0 // indirect github.com/ultraware/whitespace v0.1.1 // indirect github.com/uudashr/gocognit v1.1.3 // indirect + github.com/uudashr/iface v1.2.0 // indirect github.com/xen0n/gosmopolitan v1.2.2 // indirect github.com/yagipy/maintidx v1.0.0 // indirect github.com/yeya24/promlinter v0.3.0 // indirect github.com/ykadowak/zerologlint v0.1.5 // indirect gitlab.com/bosi/decorder v0.4.2 // indirect - go-simpler.org/musttag v0.12.2 // indirect + go-simpler.org/musttag v0.13.0 // indirect go-simpler.org/sloglint v0.7.2 // indirect go.uber.org/atomic v1.7.0 // indirect - go.uber.org/automaxprocs v1.5.3 // indirect + go.uber.org/automaxprocs v1.6.0 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.24.0 // indirect - golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e // indirect - golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f // indirect - golang.org/x/mod v0.21.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.25.0 // indirect + golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect + golang.org/x/exp/typeparams v0.0.0-20240909161429-701f63a606c0 // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/sync v0.9.0 // indirect + golang.org/x/sys v0.27.0 // indirect golang.org/x/text v0.18.0 // indirect - golang.org/x/tools v0.24.0 // indirect + golang.org/x/tools v0.27.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/tools/src/golangci-lint/go.sum b/tools/src/golangci-lint/go.sum index de6bd9d31a7..c8205a75d73 100644 --- a/tools/src/golangci-lint/go.sum +++ b/tools/src/golangci-lint/go.sum @@ -37,14 +37,14 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/4meepo/tagalign v1.3.4 h1:P51VcvBnf04YkHzjfclN6BbsopfJR5rxs1n+5zHt+w8= github.com/4meepo/tagalign v1.3.4/go.mod h1:M+pnkHH2vG8+qhE5bVc/zeP7HS/j910Fwa9TUSyZVI0= -github.com/Abirdcfly/dupword v0.1.1 h1:Bsxe0fIw6OwBtXMIncaTxCLHYO5BB+3mcsR5E8VXloY= -github.com/Abirdcfly/dupword v0.1.1/go.mod h1:B49AcJdTYYkpd4HjgAcutNGG9HZ2JWwKunH9Y2BA6sM= -github.com/Antonboom/errname v0.1.13 h1:JHICqsewj/fNckzrfVSe+T33svwQxmjC+1ntDsHOVvM= -github.com/Antonboom/errname v0.1.13/go.mod h1:uWyefRYRN54lBg6HseYCFhs6Qjcy41Y3Jl/dVhA87Ns= -github.com/Antonboom/nilnil v0.1.9 h1:eKFMejSxPSA9eLSensFmjW2XTgTwJMjZ8hUHtV4s/SQ= -github.com/Antonboom/nilnil v0.1.9/go.mod h1:iGe2rYwCq5/Me1khrysB4nwI7swQvjclR8/YRPl5ihQ= -github.com/Antonboom/testifylint v1.4.3 h1:ohMt6AHuHgttaQ1xb6SSnxCeK4/rnK7KKzbvs7DmEck= -github.com/Antonboom/testifylint v1.4.3/go.mod h1:+8Q9+AOLsz5ZiQiiYujJKs9mNz398+M6UgslP4qgJLA= +github.com/Abirdcfly/dupword v0.1.3 h1:9Pa1NuAsZvpFPi9Pqkd93I7LIYRURj+A//dFd5tgBeE= +github.com/Abirdcfly/dupword v0.1.3/go.mod h1:8VbB2t7e10KRNdwTVoxdBaxla6avbhGzb8sCTygUMhw= +github.com/Antonboom/errname v1.0.0 h1:oJOOWR07vS1kRusl6YRSlat7HFnb3mSfMl6sDMRoTBA= +github.com/Antonboom/errname v1.0.0/go.mod h1:gMOBFzK/vrTiXN9Oh+HFs+e6Ndl0eTFbtsRTSRdXyGI= +github.com/Antonboom/nilnil v1.0.0 h1:n+v+B12dsE5tbAqRODXmEKfZv9j2KcTBrp+LkoM4HZk= +github.com/Antonboom/nilnil v1.0.0/go.mod h1:fDJ1FSFoLN6yoG65ANb1WihItf6qt9PJVTn/s2IrcII= +github.com/Antonboom/testifylint v1.5.0 h1:dlUIsDMtCrZWUnvkaCz3quJCoIjaGi41GzjPBGkkJ8A= +github.com/Antonboom/testifylint v1.5.0/go.mod h1:wqaJbu0Blb5Wag2wv7Z5xt+CIV+eVLxtGZrlK13z3AE= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c h1:pxW6RcqyfI9/kWtOwnv/G+AzdKuy2ZrqINhenH4HyNs= github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= @@ -61,8 +61,8 @@ github.com/OpenPeeDeeP/depguard/v2 v2.2.0 h1:vDfG60vDtIuf0MEOhmLlLLSzqaRM8EMcgJP github.com/OpenPeeDeeP/depguard/v2 v2.2.0/go.mod h1:CIzddKRvLBC4Au5aYP/i3nyaWQ+ClszLIuVocRiCYFQ= github.com/alecthomas/assert/v2 v2.2.2 h1:Z/iVC0xZfWTaFNE6bA3z07T86hd45Xe2eLt6WVy2bbk= github.com/alecthomas/assert/v2 v2.2.2/go.mod h1:pXcQ2Asjp247dahGEmsZ6ru0UVwnkhktn7S0bBDLxvQ= -github.com/alecthomas/go-check-sumtype v0.1.4 h1:WCvlB3l5Vq5dZQTFmodqL2g68uHiSwwlWcT5a2FGK0c= -github.com/alecthomas/go-check-sumtype v0.1.4/go.mod h1:WyYPfhfkdhyrdaligV6svFopZV8Lqdzn5pyVBaV6jhQ= +github.com/alecthomas/go-check-sumtype v0.2.0 h1:Bo+e4DFf3rs7ME9w/0SU/g6nmzJaphduP8Cjiz0gbwY= +github.com/alecthomas/go-check-sumtype v0.2.0/go.mod h1:WyYPfhfkdhyrdaligV6svFopZV8Lqdzn5pyVBaV6jhQ= github.com/alecthomas/repr v0.2.0 h1:HAzS41CIzNW5syS8Mf9UwXhNH1J9aix/BvDRf1Ml2Yk= github.com/alecthomas/repr v0.2.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -70,8 +70,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/alexkohler/nakedret/v2 v2.0.4 h1:yZuKmjqGi0pSmjGpOC016LtPJysIL0WEUiaXW5SUnNg= -github.com/alexkohler/nakedret/v2 v2.0.4/go.mod h1:bF5i0zF2Wo2o4X4USt9ntUWve6JbFv02Ff4vlkmS/VU= +github.com/alexkohler/nakedret/v2 v2.0.5 h1:fP5qLgtwbx9EJE8dGEERT02YwS8En4r9nnZ71RK+EVU= +github.com/alexkohler/nakedret/v2 v2.0.5/go.mod h1:bF5i0zF2Wo2o4X4USt9ntUWve6JbFv02Ff4vlkmS/VU= github.com/alexkohler/prealloc v1.0.0 h1:Hbq0/3fJPQhNkN0dR95AVrr6R7tou91y0uHG5pOcUuw= github.com/alexkohler/prealloc v1.0.0/go.mod h1:VetnK3dIgFBBKmg0YnD9F9x6Icjd+9cvfHR56wJVlKE= github.com/alingse/asasalint v0.0.11 h1:SFwnQXJ49Kx/1GghOFz1XGqHYKp21Kq1nHad/0WQRnw= @@ -86,16 +86,16 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bkielbasa/cyclop v1.2.1 h1:AeF71HZDob1P2/pRm1so9cd1alZnrpyc4q2uP2l0gJY= -github.com/bkielbasa/cyclop v1.2.1/go.mod h1:K/dT/M0FPAiYjBgQGau7tz+3TMh4FWAEqlMhzFWCrgM= +github.com/bkielbasa/cyclop v1.2.3 h1:faIVMIGDIANuGPWH031CZJTi2ymOQBULs9H21HSMa5w= +github.com/bkielbasa/cyclop v1.2.3/go.mod h1:kHTwA9Q0uZqOADdupvcFJQtp/ksSnytRMe8ztxG8Fuo= github.com/blizzy78/varnamelen v0.8.0 h1:oqSblyuQvFsW1hbBHh1zfwrKe3kcSj0rnXkKzsQ089M= github.com/blizzy78/varnamelen v0.8.0/go.mod h1:V9TzQZ4fLJ1DSrjVDfl89H7aMnTvKkApdHeyESmyR7k= github.com/bombsimon/wsl/v4 v4.4.1 h1:jfUaCkN+aUpobrMO24zwyAMwMAV5eSziCkOKEauOLdw= github.com/bombsimon/wsl/v4 v4.4.1/go.mod h1:Xu/kDxGZTofQcDGCtQe9KCzhHphIe0fDuyWTxER9Feo= -github.com/breml/bidichk v0.2.7 h1:dAkKQPLl/Qrk7hnP6P+E0xOodrq8Us7+U0o4UBOAlQY= -github.com/breml/bidichk v0.2.7/go.mod h1:YodjipAGI9fGcYM7II6wFvGhdMYsC5pHDlGzqvEW3tQ= -github.com/breml/errchkjson v0.3.6 h1:VLhVkqSBH96AvXEyclMR37rZslRrY2kcyq+31HCsVrA= -github.com/breml/errchkjson v0.3.6/go.mod h1:jhSDoFheAF2RSDOlCfhHO9KqhZgAYLyvHe7bRCX8f/U= +github.com/breml/bidichk v0.3.2 h1:xV4flJ9V5xWTqxL+/PMFF6dtJPvZLPsyixAoPe8BGJs= +github.com/breml/bidichk v0.3.2/go.mod h1:VzFLBxuYtT23z5+iVkamXO386OB+/sVwZOpIj6zXGos= +github.com/breml/errchkjson v0.4.0 h1:gftf6uWZMtIa/Is3XJgibewBm2ksAQSY/kABDNFTAdk= +github.com/breml/errchkjson v0.4.0/go.mod h1:AuBOSTHyLSaaAFlWsRSuRBIroCh3eh7ZHh5YeelDIk8= github.com/butuzov/ireturn v0.3.0 h1:hTjMqWw3y5JC3kpnC5vXmFJAWI/m31jaCYQqzkS6PL0= github.com/butuzov/ireturn v0.3.0/go.mod h1:A09nIiwiqzN/IoVo9ogpa0Hzi9fex1kd9PSD6edP5ZA= github.com/butuzov/mirror v1.2.0 h1:9YVK1qIjNspaqWutSv8gsge2e/Xpq1eqEkslEUHy5cs= @@ -115,8 +115,8 @@ github.com/chavacava/garif v0.1.0/go.mod h1:XMyYCkEL58DF0oyW4qDjjnPWONs2HBqYKI+U github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/ckaznocha/intrange v0.2.0 h1:FykcZuJ8BD7oX93YbO1UY9oZtkRbp+1/kJcDjkefYLs= -github.com/ckaznocha/intrange v0.2.0/go.mod h1:r5I7nUlAAG56xmkOpw4XVr16BXhwYTUdcuRFeevn1oE= +github.com/ckaznocha/intrange v0.2.1 h1:M07spnNEQoALOJhwrImSrJLaxwuiQK+hA2DeajBlwYk= +github.com/ckaznocha/intrange v0.2.1/go.mod h1:7NEhVyf8fzZO5Ds7CRaqPEm52Ut83hsTiL5zbER/HYk= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -135,8 +135,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/ettle/strcase v0.2.0 h1:fGNiVF21fHXpX1niBgk0aROov1LagYsOwV/xqKDKR/Q= github.com/ettle/strcase v0.2.0/go.mod h1:DajmHElDSaX76ITe3/VHVyMin4LWSJN5Z909Wp+ED1A= -github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= -github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4= github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94= github.com/firefart/nonamedreturns v1.0.5 h1:tM+Me2ZaXs8tfdDw3X6DOX++wMCOqzYUho6tUTYIdRA= @@ -147,10 +147,10 @@ github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwV github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo= github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA= -github.com/ghostiam/protogetter v0.3.6 h1:R7qEWaSgFCsy20yYHNIJsU9ZOb8TziSRRxuAOTVKeOk= -github.com/ghostiam/protogetter v0.3.6/go.mod h1:7lpeDnEJ1ZjL/YtyoN99ljO4z0pd3H0d18/t2dPBxHw= -github.com/go-critic/go-critic v0.11.4 h1:O7kGOCx0NDIni4czrkRIXTnit0mkyKOCePh3My6OyEU= -github.com/go-critic/go-critic v0.11.4/go.mod h1:2QAdo4iuLik5S9YG0rT4wcZ8QxwHYkrr6/2MWAiv/vc= +github.com/ghostiam/protogetter v0.3.8 h1:LYcXbYvybUyTIxN2Mj9h6rHrDZBDwZloPoKctWrFyJY= +github.com/ghostiam/protogetter v0.3.8/go.mod h1:WZ0nw9pfzsgxuRsPOFQomgDVSWtDLJRfQJEhsGbmQMA= +github.com/go-critic/go-critic v0.11.5 h1:TkDTOn5v7EEngMxu8KbuFqFR43USaaH8XRJLz1jhVYA= +github.com/go-critic/go-critic v0.11.5/go.mod h1:wu6U7ny9PiaHaZHcvMDmdysMqvDem162Rh3zWTrqk8M= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -186,8 +186,8 @@ github.com/go-toolsmith/strparse v1.1.0 h1:GAioeZUK9TGxnLS+qfdqNbA4z0SSm5zVNtCQi github.com/go-toolsmith/strparse v1.1.0/go.mod h1:7ksGy58fsaQkGQlY8WVoBFNyEPMGuJin1rfoPS4lBSQ= github.com/go-toolsmith/typep v1.1.0 h1:fIRYDyF+JywLfqzyhdiHzRop/GQDxxNhLGQ6gFUNHus= github.com/go-toolsmith/typep v1.1.0/go.mod h1:fVIw+7zjdsMxDA3ITWnH1yOiw1rnTQKCsF/sk2H/qig= -github.com/go-viper/mapstructure/v2 v2.1.0 h1:gHnMa2Y/pIxElCH2GlZZ1lZSsn6XMtufpGyP1XxdC/w= -github.com/go-viper/mapstructure/v2 v2.1.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= +github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss= +github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= github.com/go-xmlfmt/xmlfmt v1.1.2 h1:Nea7b4icn8s57fTx1M5AI4qQT5HEM3rVUO8MuE6g80U= github.com/go-xmlfmt/xmlfmt v1.1.2/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= @@ -226,10 +226,12 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a h1:w8hkcTqaFpzKqonE9uMCefW1WDie15eSP/4MssdenaM= github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk= +github.com/golangci/go-printf-func-name v0.1.0 h1:dVokQP+NMTO7jwO4bwsRwLWeudOVUPPyAKJuzv8pEJU= +github.com/golangci/go-printf-func-name v0.1.0/go.mod h1:wqhWFH5mUdJQhweRnldEywnR5021wTdZSNgwYceV14s= github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9 h1:/1322Qns6BtQxUZDTAT4SdcoxknUki7IAoK4SAXr8ME= github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9/go.mod h1:Oesb/0uFAyWoaw1U1qS5zyjCg5NP9C9iwjnI4tIsXEE= -github.com/golangci/golangci-lint v1.61.0 h1:VvbOLaRVWmyxCnUIMTbf1kDsaJbTzH20FAMXTAlQGu8= -github.com/golangci/golangci-lint v1.61.0/go.mod h1:e4lztIrJJgLPhWvFPDkhiMwEFRrWlmFbrZea3FsJyN8= +github.com/golangci/golangci-lint v1.62.0 h1:/G0g+bi1BhmGJqLdNQkKBWjcim8HjOPc4tsKuHDOhcI= +github.com/golangci/golangci-lint v1.62.0/go.mod h1:jtoOhQcKTz8B6dGNFyfQV3WZkQk+YvBDewDtNpiAJts= github.com/golangci/misspell v0.6.0 h1:JCle2HUTNWirNlDIAUO44hUsKhOFqGPoC4LZxlaSXDs= github.com/golangci/misspell v0.6.0/go.mod h1:keMNyY6R9isGaSAu+4Q8NMBwMPkh15Gtc8UCVoDtAWo= github.com/golangci/modinfo v0.3.4 h1:oU5huX3fbxqQXdfspamej74DFX0kyGLkw1ppvXoJ8GA= @@ -301,8 +303,6 @@ github.com/jgautheron/goconst v1.7.1 h1:VpdAG7Ca7yvvJk5n8dMwQhfEZJh95kl/Hl9S1OI5 github.com/jgautheron/goconst v1.7.1/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4= github.com/jingyugao/rowserrcheck v1.1.1 h1:zibz55j/MJtLsjP1OF4bSdgXxwL1b+Vn7Tjzq7gFzUs= github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c= -github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af h1:KA9BjwUk7KlCh6S9EAGWBt1oExIUv9WyNCiRz5amv48= -github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0= github.com/jjti/go-spancheck v0.6.2 h1:iYtoxqPMzHUPp7St+5yA8+cONdyXD3ug6KK15n7Pklk= github.com/jjti/go-spancheck v0.6.2/go.mod h1:+X7lvIrR5ZdUTkxFYqzJ0abr8Sb5LOo80uOhWNqIrYA= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -318,8 +318,8 @@ github.com/julz/importas v0.1.0 h1:F78HnrsjY3cR7j0etXy5+TU1Zuy7Xt08X/1aJnH5xXY= github.com/julz/importas v0.1.0/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0= github.com/karamaru-alpha/copyloopvar v1.1.0 h1:x7gNyKcC2vRBO1H2Mks5u1VxQtYvFiym7fCjIP8RPos= github.com/karamaru-alpha/copyloopvar v1.1.0/go.mod h1:u7CIfztblY0jZLOQZgH3oYsJzpC2A7S6u/lfgSXHy0k= -github.com/kisielk/errcheck v1.7.0 h1:+SbscKmWJ5mOK/bO1zS60F5I9WwZDWOfRsC4RwfwRV0= -github.com/kisielk/errcheck v1.7.0/go.mod h1:1kLL+jV4e+CFfueBmI1dSK2ADDyQnlrnrY/FqKluHJQ= +github.com/kisielk/errcheck v1.8.0 h1:ZX/URYa7ilESY19ik/vBmCn6zdGQLxACwjAcWbHlYlg= +github.com/kisielk/errcheck v1.8.0/go.mod h1:1kLL+jV4e+CFfueBmI1dSK2ADDyQnlrnrY/FqKluHJQ= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kkHAIKE/contextcheck v1.1.5 h1:CdnJh63tcDe53vG+RebdpdXJTc9atMgGqdx8LXxiilg= github.com/kkHAIKE/contextcheck v1.1.5/go.mod h1:O930cpht4xb1YQpK+1+AgoM3mFsvxr7uyFptcnWTYUA= @@ -339,16 +339,14 @@ github.com/kunwardeep/paralleltest v1.0.10 h1:wrodoaKYzS2mdNVnc4/w31YaXFtsc21PCT github.com/kunwardeep/paralleltest v1.0.10/go.mod h1:2C7s65hONVqY7Q5Efj5aLzRCNLjw2h4eMc9EcypGjcY= github.com/kyoh86/exportloopref v0.1.11 h1:1Z0bcmTypkL3Q4k+IDHMWTcnCliEZcaPiIe0/ymEyhQ= github.com/kyoh86/exportloopref v0.1.11/go.mod h1:qkV4UF1zGl6EkF1ox8L5t9SwyeBAZ3qLMd6up458uqA= -github.com/lasiar/canonicalheader v1.1.1 h1:wC+dY9ZfiqiPwAexUApFush/csSPXeIi4QqyxXmng8I= -github.com/lasiar/canonicalheader v1.1.1/go.mod h1:cXkb3Dlk6XXy+8MVQnF23CYKWlyA7kfQhSw2CcZtZb0= +github.com/lasiar/canonicalheader v1.1.2 h1:vZ5uqwvDbyJCnMhmFYimgMZnJMjwljN5VGY0VKbMXb4= +github.com/lasiar/canonicalheader v1.1.2/go.mod h1:qJCeLFS0G/QlLQ506T+Fk/fWMa2VmBUiEI2cuMK4djI= github.com/ldez/gomoddirectives v0.2.4 h1:j3YjBIjEBbqZ0NKtBNzr8rtMHTOrLPeiwTkfUJZ3alg= github.com/ldez/gomoddirectives v0.2.4/go.mod h1:oWu9i62VcQDYp9EQ0ONTfqLNh+mDLWWDO+SO0qSQw5g= github.com/ldez/tagliatelle v0.5.0 h1:epgfuYt9v0CG3fms0pEgIMNPuFf/LpPIfjk4kyqSioo= github.com/ldez/tagliatelle v0.5.0/go.mod h1:rj1HmWiL1MiKQuOONhd09iySTEkUuE/8+5jtPYz9xa4= github.com/leonklingele/grouper v1.1.2 h1:o1ARBDLOmmasUaNDesWqWCIFH3u7hoFlM84YrjT3mIY= github.com/leonklingele/grouper v1.1.2/go.mod h1:6D0M/HVkhs2yRKRFZUoGjeDy7EZTfFBE9gl4kjmIGkA= -github.com/lufeee/execinquery v1.2.1 h1:hf0Ems4SHcUGBxpGN7Jz78z1ppVkP/837ZlETPCEtOM= -github.com/lufeee/execinquery v1.2.1/go.mod h1:EC7DrEKView09ocscGHC+apXMIaorh4xqSxS/dy8SbM= github.com/macabu/inamedparam v0.1.3 h1:2tk/phHkMlEL/1GNe/Yf6kkR/hkcUdAEY3L0hjYV1Mk= github.com/macabu/inamedparam v0.1.3/go.mod h1:93FLICAIk/quk7eaPPQvbzihUdn/QkGDwIZEoLtpH6I= github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo= @@ -366,12 +364,13 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mgechev/revive v1.3.9 h1:18Y3R4a2USSBF+QZKFQwVkBROUda7uoBlkEuBD+YD1A= -github.com/mgechev/revive v1.3.9/go.mod h1:+uxEIr5UH0TjXWHTno3xh4u7eg6jDpXKzQccA9UGhHU= +github.com/mgechev/revive v1.5.0 h1:oaSmjA7rP8+HyoRuCgC531VHwnLH1AlJdjj+1AnQceQ= +github.com/mgechev/revive v1.5.0/go.mod h1:L6T3H8EoerRO86c7WuGpvohIUmiploGiyoYbtIWFmV8= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -391,8 +390,8 @@ github.com/nishanths/exhaustive v0.12.0 h1:vIY9sALmw6T/yxiASewa4TQcFsVYZQQRUQJhK github.com/nishanths/exhaustive v0.12.0/go.mod h1:mEZ95wPIZW+x8kC4TgC+9YCUgiST7ecevsVDTgc2obs= github.com/nishanths/predeclared v0.2.2 h1:V2EPdZPliZymNAn79T8RkNApBjMmVKh5XRpLm/w98Vk= github.com/nishanths/predeclared v0.2.2/go.mod h1:RROzoN6TnGQupbC+lqggsOlcgysk3LMK/HI84Mp280c= -github.com/nunnatsa/ginkgolinter v0.16.2 h1:8iLqHIZvN4fTLDC0Ke9tbSZVcyVHoBs0HIbnVSxfHJk= -github.com/nunnatsa/ginkgolinter v0.16.2/go.mod h1:4tWRinDN1FeJgU+iJANW/kz7xKN5nYRAOfJDQUS9dOQ= +github.com/nunnatsa/ginkgolinter v0.18.0 h1:ZXO1wKhPg3A6LpbN5dMuqwhfOjN5c3ous8YdKOuqk9k= +github.com/nunnatsa/ginkgolinter v0.18.0/go.mod h1:vPrWafSULmjMGCMsfGA908if95VnHQNAahvSBOjTuWs= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= @@ -452,9 +451,14 @@ github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 h1:TCg2WBOl github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0= github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 h1:M8mH9eK4OUR4lu7Gd+PU1fV2/qnDNfzT635KRSObncs= github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567/go.mod h1:DWNGW8A4Y+GyBgPuaQJuWiy0XYftx4Xm/y5Jqk9I6VQ= +github.com/raeperd/recvcheck v0.1.2 h1:SjdquRsRXJc26eSonWIo8b7IMtKD3OAT2Lb5G3ZX1+4= +github.com/raeperd/recvcheck v0.1.2/go.mod h1:n04eYkwIR0JbgD73wT8wL4JjPC3wm0nFtzBnWNocnYU= +github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= +github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryancurrah/gomodguard v1.3.5 h1:cShyguSwUEeC0jS7ylOiG/idnd1TpJ1LfHGpV3oJmPU= github.com/ryancurrah/gomodguard v1.3.5/go.mod h1:MXlEPQRxgfPQa62O8wzK3Ozbkv9Rkqr+wKjSxTdsNJE= @@ -468,8 +472,8 @@ github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tM github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ= github.com/sashamelentyev/usestdlibvars v1.27.0 h1:t/3jZpSXtRPRf2xr0m63i32ZrusyurIGT9E5wAvXQnI= github.com/sashamelentyev/usestdlibvars v1.27.0/go.mod h1:9nl0jgOfHKWNFS43Ojw0i7aRoS4j6EBye3YBhmAIRF8= -github.com/securego/gosec/v2 v2.21.2 h1:deZp5zmYf3TWwU7A7cR2+SolbTpZ3HQiwFqnzQyEl3M= -github.com/securego/gosec/v2 v2.21.2/go.mod h1:au33kg78rNseF5PwPnTWhuYBFf534bvJRvOrgZ/bFzU= +github.com/securego/gosec/v2 v2.21.4 h1:Le8MSj0PDmOnHJgUATjD96PaXRvCpKC+DGJvwyy0Mlk= +github.com/securego/gosec/v2 v2.21.4/go.mod h1:Jtb/MwRQfRxCXyCm1rfM1BEiiiTfUOdyzzAhlr6lUTA= github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c h1:W65qqJCIOVP4jpqPQ0YvHYKwcMEMVWIzWC5iNQQfBTU= github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs= github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= @@ -481,10 +485,10 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sivchari/containedctx v1.0.3 h1:x+etemjbsh2fB5ewm5FeLNi5bUjK0V8n0RB+Wwfd0XE= github.com/sivchari/containedctx v1.0.3/go.mod h1:c1RDvCbnJLtH4lLcYD/GqwiBSSf4F5Qk0xld2rBqzJ4= -github.com/sivchari/tenv v1.10.0 h1:g/hzMA+dBCKqGXgW8AV/1xIWhAvDrx0zFKNR48NFMg0= -github.com/sivchari/tenv v1.10.0/go.mod h1:tdY24masnVoZFxYrHv/nD6Tc8FbkEtAQEEziXpyMgqY= -github.com/sonatard/noctx v0.0.2 h1:L7Dz4De2zDQhW8S0t+KUjY0MAQJd6SgVwhzNIc4ok00= -github.com/sonatard/noctx v0.0.2/go.mod h1:kzFz+CzWSjQ2OzIm46uJZoXuBpa2+0y3T36U18dWqIo= +github.com/sivchari/tenv v1.12.1 h1:+E0QzjktdnExv/wwsnnyk4oqZBUfuh89YMQT1cyuvSY= +github.com/sivchari/tenv v1.12.1/go.mod h1:1LjSOUCc25snIr5n3DtGGrENhX3LuWefcplwVGC24mw= +github.com/sonatard/noctx v0.1.0 h1:JjqOc2WN16ISWAjAk8M5ej0RfExEXtkEyExl2hLW+OM= +github.com/sonatard/noctx v0.1.0/go.mod h1:0RvBxqY8D4j9cTTTWE8ylt2vqj2EPI8fHmrxHdsaZ2c= github.com/sourcegraph/go-diff v0.7.0 h1:9uLlrd5T46OXs5qpp8L/MTltk0zikUGi0sNNyCpA8G0= github.com/sourcegraph/go-diff v0.7.0/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= @@ -527,12 +531,12 @@ github.com/tenntenn/modver v1.0.1 h1:2klLppGhDgzJrScMpkj9Ujy3rXPUspSjAcev9tSEBgA github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0= github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3 h1:f+jULpRQGxTSkNYKJ51yaw6ChIqO+Je8UqsTKN/cDag= github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY= -github.com/tetafro/godot v1.4.17 h1:pGzu+Ye7ZUEFx7LHU0dAKmCOXWsPjl7qA6iMGndsjPs= -github.com/tetafro/godot v1.4.17/go.mod h1:2oVxTBSftRTh4+MVfUaUXR6bn2GDXCaMcOG4Dk3rfio= +github.com/tetafro/godot v1.4.18 h1:ouX3XGiziKDypbpXqShBfnNLTSjR8r3/HVzrtJ+bHlI= +github.com/tetafro/godot v1.4.18/go.mod h1:2oVxTBSftRTh4+MVfUaUXR6bn2GDXCaMcOG4Dk3rfio= github.com/timakin/bodyclose v0.0.0-20230421092635-574207250966 h1:quvGphlmUVU+nhpFa4gg4yJyTRJ13reZMDHrKwYw53M= github.com/timakin/bodyclose v0.0.0-20230421092635-574207250966/go.mod h1:27bSVNWSBOHm+qRp1T9qzaIpsWEP6TbUnei/43HK+PQ= -github.com/timonwong/loggercheck v0.9.4 h1:HKKhqrjcVj8sxL7K77beXh0adEm6DLjV/QOGeMXEVi4= -github.com/timonwong/loggercheck v0.9.4/go.mod h1:caz4zlPcgvpEkXgVnAJGowHAMW2NwHaNlpS8xDbVhTg= +github.com/timonwong/loggercheck v0.10.1 h1:uVZYClxQFpw55eh+PIoqM7uAOHMrhVcDoWDery9R8Lg= +github.com/timonwong/loggercheck v0.10.1/go.mod h1:HEAWU8djynujaAVX7QI65Myb8qgfcZ1uKbdpg3ZzKl8= github.com/tomarrell/wrapcheck/v2 v2.9.0 h1:801U2YCAjLhdN8zhZ/7tdjB3EnAoRlJHt/s+9hijLQ4= github.com/tomarrell/wrapcheck/v2 v2.9.0/go.mod h1:g9vNIyhb5/9TQgumxQyOEqDHsmGYcGsVMOx/xGkqdMo= github.com/tommy-muehle/go-mnd/v2 v2.5.1 h1:NowYhSdyE/1zwK9QCLeRb6USWdoif80Ie+v+yU8u1Zw= @@ -543,6 +547,8 @@ github.com/ultraware/whitespace v0.1.1 h1:bTPOGejYFulW3PkcrqkeQwOd6NKOOXvmGD9bo/ github.com/ultraware/whitespace v0.1.1/go.mod h1:XcP1RLD81eV4BW8UhQlpaR+SDc2givTvyI8a586WjW8= github.com/uudashr/gocognit v1.1.3 h1:l+a111VcDbKfynh+airAy/DJQKaXh2m9vkoysMPSZyM= github.com/uudashr/gocognit v1.1.3/go.mod h1:aKH8/e8xbTRBwjbCkwZ8qt4l2EpKXl31KMHgSS+lZ2U= +github.com/uudashr/iface v1.2.0 h1:ECJjh5q/1Zmnv/2yFpWV6H3oMg5+Mo+vL0aqw9Gjazo= +github.com/uudashr/iface v1.2.0/go.mod h1:Ux/7d/rAF3owK4m53cTVXL4YoVHKNqnoOeQHn2xrlp0= github.com/xen0n/gosmopolitan v1.2.2 h1:/p2KTnMzwRexIW8GlKawsTWOxn7UHA+jCMF/V8HHtvU= github.com/xen0n/gosmopolitan v1.2.2/go.mod h1:7XX7Mj61uLYrj0qmeN0zi7XDon9JRAEhYQqAPLVNTeg= github.com/yagipy/maintidx v1.0.0 h1:h5NvIsCz+nRDapQ0exNv4aJ0yXSI0420omVANTv3GJM= @@ -562,8 +568,8 @@ gitlab.com/bosi/decorder v0.4.2 h1:qbQaV3zgwnBZ4zPMhGLW4KZe7A7NwxEhJx39R3shffo= gitlab.com/bosi/decorder v0.4.2/go.mod h1:muuhHoaJkA9QLcYHq4Mj8FJUwDZ+EirSHRiaTcTf6T8= go-simpler.org/assert v0.9.0 h1:PfpmcSvL7yAnWyChSjOz6Sp6m9j5lyK8Ok9pEL31YkQ= go-simpler.org/assert v0.9.0/go.mod h1:74Eqh5eI6vCK6Y5l3PI8ZYFXG4Sa+tkr70OIPJAUr28= -go-simpler.org/musttag v0.12.2 h1:J7lRc2ysXOq7eM8rwaTYnNrHd5JwjppzB6mScysB2Cs= -go-simpler.org/musttag v0.12.2/go.mod h1:uN1DVIasMTQKk6XSik7yrJoEysGtR2GRqvWnI9S7TYM= +go-simpler.org/musttag v0.13.0 h1:Q/YAW0AHvaoaIbsPj3bvEI5/QFP7w696IMUpnKXQfCE= +go-simpler.org/musttag v0.13.0/go.mod h1:FTzIGeK6OkKlUDVpj0iQUXZLUO1Js9+mvykDQy9C5yM= go-simpler.org/sloglint v0.7.2 h1:Wc9Em/Zeuu7JYpl+oKoYOsQSy2X560aVueCW/m6IijY= go-simpler.org/sloglint v0.7.2/go.mod h1:US+9C80ppl7VsThQclkM7BkCHQAzuz8kHLsW3ppuluo= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -573,8 +579,8 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/automaxprocs v1.5.3 h1:kWazyxZUrS3Gs4qUpbwo5kEIMGe/DAvi5Z4tl2NW4j8= -go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0= +go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= +go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= @@ -599,12 +605,12 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e h1:I88y4caeGeuDQxgdoFPUq097j7kNfw6uvuiNxUBfcBk= -golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= -golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f h1:phY1HzDcf18Aq9A8KkmRtY9WvOFIxN8wgfvy6Zm1DV8= -golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= +golang.org/x/exp/typeparams v0.0.0-20240909161429-701f63a606c0 h1:bVwtbF629Xlyxk6xLQq2TDYmqP0uiWaet5LwRebuY0k= +golang.org/x/exp/typeparams v0.0.0-20240909161429-701f63a606c0/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -633,8 +639,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -673,8 +679,8 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -694,8 +700,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= +golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -749,8 +755,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -789,7 +795,6 @@ golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -832,8 +837,8 @@ golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= -golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= +golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= +golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 13b74875b338cfa5447ecf768767dc6ef6addf11 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 20:57:26 -0800 Subject: [PATCH 16/47] build(deps): bump the golang-org group across 2 directories with 2 updates (#4694) Bumps the golang-org group with 2 updates in the / directory: [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/net](https://github.com/golang/net). Bumps the golang-org group with 2 updates in the /examples/extension-server directory: [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/sys` from 0.26.0 to 0.27.0 - [Commits](https://github.com/golang/sys/compare/v0.26.0...v0.27.0) Updates `golang.org/x/net` from 0.30.0 to 0.31.0 - [Commits](https://github.com/golang/net/compare/v0.30.0...v0.31.0) Updates `golang.org/x/sys` from 0.26.0 to 0.27.0 - [Commits](https://github.com/golang/sys/compare/v0.26.0...v0.27.0) Updates `golang.org/x/net` from 0.30.0 to 0.31.0 - [Commits](https://github.com/golang/net/compare/v0.30.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-org - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-org - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: golang-org - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: golang-org ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain --- examples/extension-server/go.mod | 6 +++--- examples/extension-server/go.sum | 12 ++++++------ go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ 4 files changed, 27 insertions(+), 27 deletions(-) diff --git a/examples/extension-server/go.mod b/examples/extension-server/go.mod index d08fe02ac24..a28c5b211ed 100644 --- a/examples/extension-server/go.mod +++ b/examples/extension-server/go.mod @@ -31,9 +31,9 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect - golang.org/x/net v0.30.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/text v0.19.0 // indirect + golang.org/x/net v0.31.0 // indirect + golang.org/x/sys v0.27.0 // indirect + golang.org/x/text v0.20.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/examples/extension-server/go.sum b/examples/extension-server/go.sum index e3e50a30b90..2ac0aecd2b4 100644 --- a/examples/extension-server/go.sum +++ b/examples/extension-server/go.sum @@ -83,20 +83,20 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= +golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= diff --git a/go.mod b/go.mod index b5c05d514b0..caa50aed2e7 100644 --- a/go.mod +++ b/go.mod @@ -44,7 +44,7 @@ require ( go.opentelemetry.io/proto/otlp v1.3.1 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e - golang.org/x/sys v0.26.0 + golang.org/x/sys v0.27.0 google.golang.org/protobuf v1.35.1 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.16.2 @@ -208,7 +208,7 @@ require ( go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect - golang.org/x/crypto v0.28.0 // indirect + golang.org/x/crypto v0.29.0 // indirect golang.org/x/crypto/x509roots/fallback v0.0.0-20240904212608-c9da6b9a4008 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect @@ -277,11 +277,11 @@ require ( go.starlark.net v0.0.0-20240520160348-046347dcd104 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/mod v0.21.0 // indirect - golang.org/x/net v0.30.0 + golang.org/x/net v0.31.0 golang.org/x/oauth2 v0.23.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/term v0.25.0 // indirect - golang.org/x/text v0.19.0 // indirect + golang.org/x/sync v0.9.0 // indirect + golang.org/x/term v0.26.0 // indirect + golang.org/x/text v0.20.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 26902bde34a..5263e6a6446 100644 --- a/go.sum +++ b/go.sum @@ -944,8 +944,8 @@ golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= +golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= +golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= golang.org/x/crypto/x509roots/fallback v0.0.0-20240904212608-c9da6b9a4008 h1:vKHSxFhPLnBEYu9R8DcQ4gXq9EqU0VVhC9pq9wmtYsg= golang.org/x/crypto/x509roots/fallback v0.0.0-20240904212608-c9da6b9a4008/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -982,8 +982,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -996,8 +996,8 @@ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= +golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1035,17 +1035,17 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= +golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= +golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 36d0193e721894cb46bffdbcde775c2d97277720 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 07:20:36 -0700 Subject: [PATCH 17/47] build(deps): bump github.com/google/cel-go from 0.21.0 to 0.22.0 (#4695) Bumps [github.com/google/cel-go](https://github.com/google/cel-go) from 0.21.0 to 0.22.0. - [Release notes](https://github.com/google/cel-go/releases) - [Commits](https://github.com/google/cel-go/compare/v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: github.com/google/cel-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- examples/extension-server/go.mod | 2 +- examples/extension-server/go.sum | 4 ++-- go.mod | 4 ++-- go.sum | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/examples/extension-server/go.mod b/examples/extension-server/go.mod index a28c5b211ed..13edb3f3877 100644 --- a/examples/extension-server/go.mod +++ b/examples/extension-server/go.mod @@ -14,7 +14,7 @@ require ( ) require ( - cel.dev/expr v0.16.1 // indirect + cel.dev/expr v0.18.0 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect diff --git a/examples/extension-server/go.sum b/examples/extension-server/go.sum index 2ac0aecd2b4..c572782b694 100644 --- a/examples/extension-server/go.sum +++ b/examples/extension-server/go.sum @@ -1,5 +1,5 @@ -cel.dev/expr v0.16.1 h1:NR0+oFYzR1CqLFhTAqg3ql59G9VfN8fKq1TCHJ6gq1g= -cel.dev/expr v0.16.1/go.mod h1:AsGA5zb3WruAEQeQng1RZdGEXmBj0jvMWh6l5SnNuC8= +cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo= +cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI= diff --git a/go.mod b/go.mod index caa50aed2e7..74bb7f24aca 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/go-logr/zapr v1.3.0 github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 - github.com/google/cel-go v0.21.0 + github.com/google/cel-go v0.22.0 github.com/google/go-cmp v0.6.0 github.com/google/go-containerregistry v0.20.2 github.com/hashicorp/go-multierror v1.1.1 @@ -70,7 +70,7 @@ require ( ) require ( - cel.dev/expr v0.16.1 // indirect + cel.dev/expr v0.18.0 // indirect dario.cat/mergo v1.0.1 // indirect filippo.io/edwards25519 v1.1.0 // indirect fortio.org/cli v1.9.2 // indirect diff --git a/go.sum b/go.sum index 5263e6a6446..449ba4b60db 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -cel.dev/expr v0.16.1 h1:NR0+oFYzR1CqLFhTAqg3ql59G9VfN8fKq1TCHJ6gq1g= -cel.dev/expr v0.16.1/go.mod h1:AsGA5zb3WruAEQeQng1RZdGEXmBj0jvMWh6l5SnNuC8= +cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo= +cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= @@ -386,8 +386,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.21.0 h1:cl6uW/gxN+Hy50tNYvI691+sXxioCnstFzLp2WO4GCI= -github.com/google/cel-go v0.21.0/go.mod h1:rHUlWCcBKgyEk+eV03RPdZUekPp6YcJwV0FxuUksYxc= +github.com/google/cel-go v0.22.0 h1:b3FJZxpiv1vTMo2/5RDUqAHPxkT8mmMfJIrq1llbf7g= +github.com/google/cel-go v0.22.0/go.mod h1:BuznPXXfQDpXKWQ9sPW3TzlAJN5zzFe+i9tIs0yC4s8= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= From 639a441e05a1aca94b6064d9d838a09be375bd8a Mon Sep 17 00:00:00 2001 From: zirain Date: Thu, 14 Nov 2024 09:51:07 +0800 Subject: [PATCH 18/47] docs: fix api doc (#4711) * docs: fix api doc Signed-off-by: zirain * v1.2 Signed-off-by: zirain --------- Signed-off-by: zirain --- site/content/en/docs/api/extension_types.md | 200 ++++++++++++++++++ site/content/en/latest/api/extension_types.md | 200 ++++++++++++++++++ site/content/en/v1.2/api/extension_types.md | 200 ++++++++++++++++++ site/content/zh/latest/api/extension_types.md | 200 ++++++++++++++++++ tools/make/docs.mk | 2 +- 5 files changed, 801 insertions(+), 1 deletion(-) diff --git a/site/content/en/docs/api/extension_types.md b/site/content/en/docs/api/extension_types.md index 6855d7a0ded..a519fc34ea7 100644 --- a/site/content/en/docs/api/extension_types.md +++ b/site/content/en/docs/api/extension_types.md @@ -300,6 +300,19 @@ _Appears in:_ +#### BackendConnection + + + +BackendConnection allows users to configure connection-level settings of backend + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. | #### BackendEndpoint @@ -507,6 +520,23 @@ _Appears in:_ | `allowCredentials` | _boolean_ | false | AllowCredentials indicates whether a request can include user credentials
like cookies, authentication headers, or TLS client certificates.
It specifies the value in the Access-Control-Allow-Credentials CORS response header. | +#### CircuitBreaker + + + +CircuitBreaker defines the Circuit Breaker configuration. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `maxConnections` | _integer_ | false | The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule. | +| `maxPendingRequests` | _integer_ | false | The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule. | +| `maxParallelRequests` | _integer_ | false | The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule. | +| `maxParallelRetries` | _integer_ | false | The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule. | +| `maxRequestsPerConnection` | _integer_ | false | The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule.
Default: unlimited. | #### ClaimToHeader @@ -877,6 +907,20 @@ _Appears in:_ | `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
| +#### DNS + + + + + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `dnsRefreshRate` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | DNSRefreshRate specifies the rate at which DNS records should be refreshed.
Defaults to 30 seconds. | +| `respectDnsTtl` | _boolean_ | true | RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
Defaults to true. | #### EnvironmentCustomTag @@ -1790,6 +1834,23 @@ _Appears in:_ | `http10` | _[HTTP10Settings](#http10settings)_ | false | HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests. | +#### HTTP2Settings + + + +HTTP2Settings provides HTTP/2 configuration for listeners and backends. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). | +| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. | +| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. | +| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection | #### HTTP3Settings @@ -2033,6 +2094,21 @@ _Appears in:_ | `name` | _string_ | true | Name of the header to hash. | +#### HeaderMatch + + + +HeaderMatch defines the match attributes within the HTTP Headers of the request. + +_Appears in:_ +- [RateLimitSelectCondition](#ratelimitselectcondition) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[HeaderMatchType](#headermatchtype)_ | false | Type specifies how to match against the value of the header. | +| `name` | _string_ | true | Name of the HTTP header. | +| `value` | _string_ | false | Value within the HTTP header. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. | +| `invert` | _boolean_ | false | Invert specifies whether the value match result will be inverted.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. | #### HeaderMatchType @@ -2071,6 +2147,21 @@ _Appears in:_ | `earlyRequestHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | EarlyRequestHeaders defines settings for early request header modification, before envoy performs
routing, tracing and built-in header manipulation. | +#### HealthCheck + + + +HealthCheck configuration to decide which endpoints +are healthy and can be used for routing. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `active` | _[ActiveHealthCheck](#activehealthcheck)_ | false | Active health check configuration | +| `passive` | _[PassiveHealthCheck](#passivehealthcheck)_ | false | Passive passive check configuration | #### HealthCheckSettings @@ -2566,6 +2657,21 @@ _Appears in:_ | `value` | _string_ | true | Value defines the hard-coded value to add to each span. | +#### LoadBalancer + + + +LoadBalancer defines the load balancer policy to be applied. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[LoadBalancerType](#loadbalancertype)_ | true | Type decides the type of Load Balancer policy.
Valid LoadBalancerType values are
"ConsistentHash",
"LeastRequest",
"Random",
"RoundRobin". | +| `consistentHash` | _[ConsistentHash](#consistenthash)_ | false | ConsistentHash defines the configuration when the load balancer type is
set to ConsistentHash | +| `slowStart` | _[SlowStart](#slowstart)_ | false | SlowStart defines the configuration related to the slow start load balancer policy.
If set, during slow start window, traffic sent to the newly added hosts will gradually increase.
Currently this is only supported for RoundRobin and LeastRequest load balancers | #### LoadBalancerType @@ -2617,6 +2723,19 @@ _Appears in:_ | `error` | LogLevelError defines the "Error" logging level.
| +#### MergeType + +_Underlying type:_ _string_ + +MergeType defines the type of merge operation + +_Appears in:_ +- [KubernetesPatchSpec](#kubernetespatchspec) + +| Value | Description | +| ----- | ----------- | +| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
| +| `JSONMerge` | JSONMerge indicates a JSON merge patch type
| #### MetricSinkType @@ -3103,6 +3222,20 @@ _Appears in:_ | `compression` | _[Compression](#compression)_ | false | Configure the compression on Prometheus endpoint. Compression is useful in situations when bandwidth is scarce and large payloads can be effectively compressed at the expense of higher CPU load. | +#### ProxyProtocol + + + +ProxyProtocol defines the configuration related to the proxy protocol +when communicating with the backend. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `version` | _[ProxyProtocolVersion](#proxyprotocolversion)_ | true | Version of ProxyProtol
Valid ProxyProtocolVersion values are
"V1"
"V2" | #### ProxyProtocolVersion @@ -3340,6 +3473,15 @@ _Appears in:_ | `url` | _string_ | true | URL is the endpoint of the trace collector that supports the OTLP protocol | +#### RateLimitTracingProviderType + +_Underlying type:_ _string_ + + + +_Appears in:_ +- [RateLimitTracingProvider](#ratelimittracingprovider) + #### RateLimitType @@ -3493,6 +3635,21 @@ _Appears in:_ | `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
| +#### Retry + + + +Retry defines the retry strategy to be applied. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `numRetries` | _integer_ | false | NumRetries is the number of retries to be attempted. Defaults to 2. | +| `retryOn` | _[RetryOn](#retryon)_ | false | RetryOn specifies the retry trigger condition.

If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503). | +| `perRetry` | _[PerRetryPolicy](#perretrypolicy)_ | false | PerRetry is the retry policy to be applied per retry attempt. | #### RetryOn @@ -3670,6 +3827,19 @@ _Appears in:_ | `window` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | Window defines the duration of the warm up period for newly added host.
During slow start window, traffic sent to the newly added hosts will gradually increase.
Currently only supports linear growth of traffic. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig | +#### SourceMatch + + + + + +_Appears in:_ +- [RateLimitSelectCondition](#ratelimitselectcondition) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[SourceMatchType](#sourcematchtype)_ | false | | +| `value` | _string_ | true | Value is the IP CIDR that represents the range of Source IP Addresses of the client.
These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header.
For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`. | #### SourceMatchType @@ -3828,6 +3998,22 @@ _Appears in:_ | `idleTimeout` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no
bytes sent or received on either the upstream or downstream connection.
Default: 1 hour. | +#### TCPKeepalive + + + +TCPKeepalive define the TCP Keepalive configuration. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `probes` | _integer_ | false | The total number of unacknowledged probes to send before deciding
the connection is dead.
Defaults to 9. | +| `idleTime` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration a connection needs to be idle before keep-alive
probes start being sent.
The duration format is
Defaults to `7200s`. | +| `interval` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration between keep-alive probes.
Defaults to `75s`. | #### TCPTimeout @@ -3904,6 +4090,20 @@ _Appears in:_ | `matchLabels` | _object (keys:string, values:string)_ | true | MatchLabels are the set of label selectors for identifying the targeted resource | +#### Timeout + + + +Timeout defines configuration for timeouts related to connections. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `tcp` | _[TCPTimeout](#tcptimeout)_ | false | Timeout settings for TCP. | +| `http` | _[HTTPTimeout](#httptimeout)_ | false | Timeout settings for HTTP. | #### TracingProvider diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 6855d7a0ded..a519fc34ea7 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -300,6 +300,19 @@ _Appears in:_ +#### BackendConnection + + + +BackendConnection allows users to configure connection-level settings of backend + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. | #### BackendEndpoint @@ -507,6 +520,23 @@ _Appears in:_ | `allowCredentials` | _boolean_ | false | AllowCredentials indicates whether a request can include user credentials
like cookies, authentication headers, or TLS client certificates.
It specifies the value in the Access-Control-Allow-Credentials CORS response header. | +#### CircuitBreaker + + + +CircuitBreaker defines the Circuit Breaker configuration. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `maxConnections` | _integer_ | false | The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule. | +| `maxPendingRequests` | _integer_ | false | The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule. | +| `maxParallelRequests` | _integer_ | false | The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule. | +| `maxParallelRetries` | _integer_ | false | The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule. | +| `maxRequestsPerConnection` | _integer_ | false | The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule.
Default: unlimited. | #### ClaimToHeader @@ -877,6 +907,20 @@ _Appears in:_ | `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
| +#### DNS + + + + + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `dnsRefreshRate` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | DNSRefreshRate specifies the rate at which DNS records should be refreshed.
Defaults to 30 seconds. | +| `respectDnsTtl` | _boolean_ | true | RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
Defaults to true. | #### EnvironmentCustomTag @@ -1790,6 +1834,23 @@ _Appears in:_ | `http10` | _[HTTP10Settings](#http10settings)_ | false | HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests. | +#### HTTP2Settings + + + +HTTP2Settings provides HTTP/2 configuration for listeners and backends. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). | +| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. | +| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. | +| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection | #### HTTP3Settings @@ -2033,6 +2094,21 @@ _Appears in:_ | `name` | _string_ | true | Name of the header to hash. | +#### HeaderMatch + + + +HeaderMatch defines the match attributes within the HTTP Headers of the request. + +_Appears in:_ +- [RateLimitSelectCondition](#ratelimitselectcondition) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[HeaderMatchType](#headermatchtype)_ | false | Type specifies how to match against the value of the header. | +| `name` | _string_ | true | Name of the HTTP header. | +| `value` | _string_ | false | Value within the HTTP header. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. | +| `invert` | _boolean_ | false | Invert specifies whether the value match result will be inverted.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. | #### HeaderMatchType @@ -2071,6 +2147,21 @@ _Appears in:_ | `earlyRequestHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | EarlyRequestHeaders defines settings for early request header modification, before envoy performs
routing, tracing and built-in header manipulation. | +#### HealthCheck + + + +HealthCheck configuration to decide which endpoints +are healthy and can be used for routing. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `active` | _[ActiveHealthCheck](#activehealthcheck)_ | false | Active health check configuration | +| `passive` | _[PassiveHealthCheck](#passivehealthcheck)_ | false | Passive passive check configuration | #### HealthCheckSettings @@ -2566,6 +2657,21 @@ _Appears in:_ | `value` | _string_ | true | Value defines the hard-coded value to add to each span. | +#### LoadBalancer + + + +LoadBalancer defines the load balancer policy to be applied. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[LoadBalancerType](#loadbalancertype)_ | true | Type decides the type of Load Balancer policy.
Valid LoadBalancerType values are
"ConsistentHash",
"LeastRequest",
"Random",
"RoundRobin". | +| `consistentHash` | _[ConsistentHash](#consistenthash)_ | false | ConsistentHash defines the configuration when the load balancer type is
set to ConsistentHash | +| `slowStart` | _[SlowStart](#slowstart)_ | false | SlowStart defines the configuration related to the slow start load balancer policy.
If set, during slow start window, traffic sent to the newly added hosts will gradually increase.
Currently this is only supported for RoundRobin and LeastRequest load balancers | #### LoadBalancerType @@ -2617,6 +2723,19 @@ _Appears in:_ | `error` | LogLevelError defines the "Error" logging level.
| +#### MergeType + +_Underlying type:_ _string_ + +MergeType defines the type of merge operation + +_Appears in:_ +- [KubernetesPatchSpec](#kubernetespatchspec) + +| Value | Description | +| ----- | ----------- | +| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
| +| `JSONMerge` | JSONMerge indicates a JSON merge patch type
| #### MetricSinkType @@ -3103,6 +3222,20 @@ _Appears in:_ | `compression` | _[Compression](#compression)_ | false | Configure the compression on Prometheus endpoint. Compression is useful in situations when bandwidth is scarce and large payloads can be effectively compressed at the expense of higher CPU load. | +#### ProxyProtocol + + + +ProxyProtocol defines the configuration related to the proxy protocol +when communicating with the backend. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `version` | _[ProxyProtocolVersion](#proxyprotocolversion)_ | true | Version of ProxyProtol
Valid ProxyProtocolVersion values are
"V1"
"V2" | #### ProxyProtocolVersion @@ -3340,6 +3473,15 @@ _Appears in:_ | `url` | _string_ | true | URL is the endpoint of the trace collector that supports the OTLP protocol | +#### RateLimitTracingProviderType + +_Underlying type:_ _string_ + + + +_Appears in:_ +- [RateLimitTracingProvider](#ratelimittracingprovider) + #### RateLimitType @@ -3493,6 +3635,21 @@ _Appears in:_ | `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
| +#### Retry + + + +Retry defines the retry strategy to be applied. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `numRetries` | _integer_ | false | NumRetries is the number of retries to be attempted. Defaults to 2. | +| `retryOn` | _[RetryOn](#retryon)_ | false | RetryOn specifies the retry trigger condition.

If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503). | +| `perRetry` | _[PerRetryPolicy](#perretrypolicy)_ | false | PerRetry is the retry policy to be applied per retry attempt. | #### RetryOn @@ -3670,6 +3827,19 @@ _Appears in:_ | `window` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | Window defines the duration of the warm up period for newly added host.
During slow start window, traffic sent to the newly added hosts will gradually increase.
Currently only supports linear growth of traffic. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig | +#### SourceMatch + + + + + +_Appears in:_ +- [RateLimitSelectCondition](#ratelimitselectcondition) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[SourceMatchType](#sourcematchtype)_ | false | | +| `value` | _string_ | true | Value is the IP CIDR that represents the range of Source IP Addresses of the client.
These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header.
For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`. | #### SourceMatchType @@ -3828,6 +3998,22 @@ _Appears in:_ | `idleTimeout` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no
bytes sent or received on either the upstream or downstream connection.
Default: 1 hour. | +#### TCPKeepalive + + + +TCPKeepalive define the TCP Keepalive configuration. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `probes` | _integer_ | false | The total number of unacknowledged probes to send before deciding
the connection is dead.
Defaults to 9. | +| `idleTime` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration a connection needs to be idle before keep-alive
probes start being sent.
The duration format is
Defaults to `7200s`. | +| `interval` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration between keep-alive probes.
Defaults to `75s`. | #### TCPTimeout @@ -3904,6 +4090,20 @@ _Appears in:_ | `matchLabels` | _object (keys:string, values:string)_ | true | MatchLabels are the set of label selectors for identifying the targeted resource | +#### Timeout + + + +Timeout defines configuration for timeouts related to connections. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `tcp` | _[TCPTimeout](#tcptimeout)_ | false | Timeout settings for TCP. | +| `http` | _[HTTPTimeout](#httptimeout)_ | false | Timeout settings for HTTP. | #### TracingProvider diff --git a/site/content/en/v1.2/api/extension_types.md b/site/content/en/v1.2/api/extension_types.md index 6855d7a0ded..a519fc34ea7 100644 --- a/site/content/en/v1.2/api/extension_types.md +++ b/site/content/en/v1.2/api/extension_types.md @@ -300,6 +300,19 @@ _Appears in:_ +#### BackendConnection + + + +BackendConnection allows users to configure connection-level settings of backend + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. | #### BackendEndpoint @@ -507,6 +520,23 @@ _Appears in:_ | `allowCredentials` | _boolean_ | false | AllowCredentials indicates whether a request can include user credentials
like cookies, authentication headers, or TLS client certificates.
It specifies the value in the Access-Control-Allow-Credentials CORS response header. | +#### CircuitBreaker + + + +CircuitBreaker defines the Circuit Breaker configuration. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `maxConnections` | _integer_ | false | The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule. | +| `maxPendingRequests` | _integer_ | false | The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule. | +| `maxParallelRequests` | _integer_ | false | The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule. | +| `maxParallelRetries` | _integer_ | false | The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule. | +| `maxRequestsPerConnection` | _integer_ | false | The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule.
Default: unlimited. | #### ClaimToHeader @@ -877,6 +907,20 @@ _Appears in:_ | `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
| +#### DNS + + + + + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `dnsRefreshRate` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | DNSRefreshRate specifies the rate at which DNS records should be refreshed.
Defaults to 30 seconds. | +| `respectDnsTtl` | _boolean_ | true | RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
Defaults to true. | #### EnvironmentCustomTag @@ -1790,6 +1834,23 @@ _Appears in:_ | `http10` | _[HTTP10Settings](#http10settings)_ | false | HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests. | +#### HTTP2Settings + + + +HTTP2Settings provides HTTP/2 configuration for listeners and backends. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). | +| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. | +| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. | +| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection | #### HTTP3Settings @@ -2033,6 +2094,21 @@ _Appears in:_ | `name` | _string_ | true | Name of the header to hash. | +#### HeaderMatch + + + +HeaderMatch defines the match attributes within the HTTP Headers of the request. + +_Appears in:_ +- [RateLimitSelectCondition](#ratelimitselectcondition) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[HeaderMatchType](#headermatchtype)_ | false | Type specifies how to match against the value of the header. | +| `name` | _string_ | true | Name of the HTTP header. | +| `value` | _string_ | false | Value within the HTTP header. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. | +| `invert` | _boolean_ | false | Invert specifies whether the value match result will be inverted.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. | #### HeaderMatchType @@ -2071,6 +2147,21 @@ _Appears in:_ | `earlyRequestHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | EarlyRequestHeaders defines settings for early request header modification, before envoy performs
routing, tracing and built-in header manipulation. | +#### HealthCheck + + + +HealthCheck configuration to decide which endpoints +are healthy and can be used for routing. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `active` | _[ActiveHealthCheck](#activehealthcheck)_ | false | Active health check configuration | +| `passive` | _[PassiveHealthCheck](#passivehealthcheck)_ | false | Passive passive check configuration | #### HealthCheckSettings @@ -2566,6 +2657,21 @@ _Appears in:_ | `value` | _string_ | true | Value defines the hard-coded value to add to each span. | +#### LoadBalancer + + + +LoadBalancer defines the load balancer policy to be applied. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[LoadBalancerType](#loadbalancertype)_ | true | Type decides the type of Load Balancer policy.
Valid LoadBalancerType values are
"ConsistentHash",
"LeastRequest",
"Random",
"RoundRobin". | +| `consistentHash` | _[ConsistentHash](#consistenthash)_ | false | ConsistentHash defines the configuration when the load balancer type is
set to ConsistentHash | +| `slowStart` | _[SlowStart](#slowstart)_ | false | SlowStart defines the configuration related to the slow start load balancer policy.
If set, during slow start window, traffic sent to the newly added hosts will gradually increase.
Currently this is only supported for RoundRobin and LeastRequest load balancers | #### LoadBalancerType @@ -2617,6 +2723,19 @@ _Appears in:_ | `error` | LogLevelError defines the "Error" logging level.
| +#### MergeType + +_Underlying type:_ _string_ + +MergeType defines the type of merge operation + +_Appears in:_ +- [KubernetesPatchSpec](#kubernetespatchspec) + +| Value | Description | +| ----- | ----------- | +| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
| +| `JSONMerge` | JSONMerge indicates a JSON merge patch type
| #### MetricSinkType @@ -3103,6 +3222,20 @@ _Appears in:_ | `compression` | _[Compression](#compression)_ | false | Configure the compression on Prometheus endpoint. Compression is useful in situations when bandwidth is scarce and large payloads can be effectively compressed at the expense of higher CPU load. | +#### ProxyProtocol + + + +ProxyProtocol defines the configuration related to the proxy protocol +when communicating with the backend. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `version` | _[ProxyProtocolVersion](#proxyprotocolversion)_ | true | Version of ProxyProtol
Valid ProxyProtocolVersion values are
"V1"
"V2" | #### ProxyProtocolVersion @@ -3340,6 +3473,15 @@ _Appears in:_ | `url` | _string_ | true | URL is the endpoint of the trace collector that supports the OTLP protocol | +#### RateLimitTracingProviderType + +_Underlying type:_ _string_ + + + +_Appears in:_ +- [RateLimitTracingProvider](#ratelimittracingprovider) + #### RateLimitType @@ -3493,6 +3635,21 @@ _Appears in:_ | `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
| +#### Retry + + + +Retry defines the retry strategy to be applied. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `numRetries` | _integer_ | false | NumRetries is the number of retries to be attempted. Defaults to 2. | +| `retryOn` | _[RetryOn](#retryon)_ | false | RetryOn specifies the retry trigger condition.

If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503). | +| `perRetry` | _[PerRetryPolicy](#perretrypolicy)_ | false | PerRetry is the retry policy to be applied per retry attempt. | #### RetryOn @@ -3670,6 +3827,19 @@ _Appears in:_ | `window` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | Window defines the duration of the warm up period for newly added host.
During slow start window, traffic sent to the newly added hosts will gradually increase.
Currently only supports linear growth of traffic. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig | +#### SourceMatch + + + + + +_Appears in:_ +- [RateLimitSelectCondition](#ratelimitselectcondition) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[SourceMatchType](#sourcematchtype)_ | false | | +| `value` | _string_ | true | Value is the IP CIDR that represents the range of Source IP Addresses of the client.
These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header.
For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`. | #### SourceMatchType @@ -3828,6 +3998,22 @@ _Appears in:_ | `idleTimeout` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no
bytes sent or received on either the upstream or downstream connection.
Default: 1 hour. | +#### TCPKeepalive + + + +TCPKeepalive define the TCP Keepalive configuration. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `probes` | _integer_ | false | The total number of unacknowledged probes to send before deciding
the connection is dead.
Defaults to 9. | +| `idleTime` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration a connection needs to be idle before keep-alive
probes start being sent.
The duration format is
Defaults to `7200s`. | +| `interval` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration between keep-alive probes.
Defaults to `75s`. | #### TCPTimeout @@ -3904,6 +4090,20 @@ _Appears in:_ | `matchLabels` | _object (keys:string, values:string)_ | true | MatchLabels are the set of label selectors for identifying the targeted resource | +#### Timeout + + + +Timeout defines configuration for timeouts related to connections. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `tcp` | _[TCPTimeout](#tcptimeout)_ | false | Timeout settings for TCP. | +| `http` | _[HTTPTimeout](#httptimeout)_ | false | Timeout settings for HTTP. | #### TracingProvider diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md index 6855d7a0ded..a519fc34ea7 100644 --- a/site/content/zh/latest/api/extension_types.md +++ b/site/content/zh/latest/api/extension_types.md @@ -300,6 +300,19 @@ _Appears in:_ +#### BackendConnection + + + +BackendConnection allows users to configure connection-level settings of backend + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. | #### BackendEndpoint @@ -507,6 +520,23 @@ _Appears in:_ | `allowCredentials` | _boolean_ | false | AllowCredentials indicates whether a request can include user credentials
like cookies, authentication headers, or TLS client certificates.
It specifies the value in the Access-Control-Allow-Credentials CORS response header. | +#### CircuitBreaker + + + +CircuitBreaker defines the Circuit Breaker configuration. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `maxConnections` | _integer_ | false | The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule. | +| `maxPendingRequests` | _integer_ | false | The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule. | +| `maxParallelRequests` | _integer_ | false | The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule. | +| `maxParallelRetries` | _integer_ | false | The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule. | +| `maxRequestsPerConnection` | _integer_ | false | The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule.
Default: unlimited. | #### ClaimToHeader @@ -877,6 +907,20 @@ _Appears in:_ | `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
| +#### DNS + + + + + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `dnsRefreshRate` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | DNSRefreshRate specifies the rate at which DNS records should be refreshed.
Defaults to 30 seconds. | +| `respectDnsTtl` | _boolean_ | true | RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
Defaults to true. | #### EnvironmentCustomTag @@ -1790,6 +1834,23 @@ _Appears in:_ | `http10` | _[HTTP10Settings](#http10settings)_ | false | HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests. | +#### HTTP2Settings + + + +HTTP2Settings provides HTTP/2 configuration for listeners and backends. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). | +| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. | +| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. | +| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection | #### HTTP3Settings @@ -2033,6 +2094,21 @@ _Appears in:_ | `name` | _string_ | true | Name of the header to hash. | +#### HeaderMatch + + + +HeaderMatch defines the match attributes within the HTTP Headers of the request. + +_Appears in:_ +- [RateLimitSelectCondition](#ratelimitselectcondition) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[HeaderMatchType](#headermatchtype)_ | false | Type specifies how to match against the value of the header. | +| `name` | _string_ | true | Name of the HTTP header. | +| `value` | _string_ | false | Value within the HTTP header. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. | +| `invert` | _boolean_ | false | Invert specifies whether the value match result will be inverted.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. | #### HeaderMatchType @@ -2071,6 +2147,21 @@ _Appears in:_ | `earlyRequestHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | EarlyRequestHeaders defines settings for early request header modification, before envoy performs
routing, tracing and built-in header manipulation. | +#### HealthCheck + + + +HealthCheck configuration to decide which endpoints +are healthy and can be used for routing. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `active` | _[ActiveHealthCheck](#activehealthcheck)_ | false | Active health check configuration | +| `passive` | _[PassiveHealthCheck](#passivehealthcheck)_ | false | Passive passive check configuration | #### HealthCheckSettings @@ -2566,6 +2657,21 @@ _Appears in:_ | `value` | _string_ | true | Value defines the hard-coded value to add to each span. | +#### LoadBalancer + + + +LoadBalancer defines the load balancer policy to be applied. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[LoadBalancerType](#loadbalancertype)_ | true | Type decides the type of Load Balancer policy.
Valid LoadBalancerType values are
"ConsistentHash",
"LeastRequest",
"Random",
"RoundRobin". | +| `consistentHash` | _[ConsistentHash](#consistenthash)_ | false | ConsistentHash defines the configuration when the load balancer type is
set to ConsistentHash | +| `slowStart` | _[SlowStart](#slowstart)_ | false | SlowStart defines the configuration related to the slow start load balancer policy.
If set, during slow start window, traffic sent to the newly added hosts will gradually increase.
Currently this is only supported for RoundRobin and LeastRequest load balancers | #### LoadBalancerType @@ -2617,6 +2723,19 @@ _Appears in:_ | `error` | LogLevelError defines the "Error" logging level.
| +#### MergeType + +_Underlying type:_ _string_ + +MergeType defines the type of merge operation + +_Appears in:_ +- [KubernetesPatchSpec](#kubernetespatchspec) + +| Value | Description | +| ----- | ----------- | +| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
| +| `JSONMerge` | JSONMerge indicates a JSON merge patch type
| #### MetricSinkType @@ -3103,6 +3222,20 @@ _Appears in:_ | `compression` | _[Compression](#compression)_ | false | Configure the compression on Prometheus endpoint. Compression is useful in situations when bandwidth is scarce and large payloads can be effectively compressed at the expense of higher CPU load. | +#### ProxyProtocol + + + +ProxyProtocol defines the configuration related to the proxy protocol +when communicating with the backend. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `version` | _[ProxyProtocolVersion](#proxyprotocolversion)_ | true | Version of ProxyProtol
Valid ProxyProtocolVersion values are
"V1"
"V2" | #### ProxyProtocolVersion @@ -3340,6 +3473,15 @@ _Appears in:_ | `url` | _string_ | true | URL is the endpoint of the trace collector that supports the OTLP protocol | +#### RateLimitTracingProviderType + +_Underlying type:_ _string_ + + + +_Appears in:_ +- [RateLimitTracingProvider](#ratelimittracingprovider) + #### RateLimitType @@ -3493,6 +3635,21 @@ _Appears in:_ | `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
| +#### Retry + + + +Retry defines the retry strategy to be applied. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `numRetries` | _integer_ | false | NumRetries is the number of retries to be attempted. Defaults to 2. | +| `retryOn` | _[RetryOn](#retryon)_ | false | RetryOn specifies the retry trigger condition.

If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503). | +| `perRetry` | _[PerRetryPolicy](#perretrypolicy)_ | false | PerRetry is the retry policy to be applied per retry attempt. | #### RetryOn @@ -3670,6 +3827,19 @@ _Appears in:_ | `window` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | Window defines the duration of the warm up period for newly added host.
During slow start window, traffic sent to the newly added hosts will gradually increase.
Currently only supports linear growth of traffic. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig | +#### SourceMatch + + + + + +_Appears in:_ +- [RateLimitSelectCondition](#ratelimitselectcondition) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `type` | _[SourceMatchType](#sourcematchtype)_ | false | | +| `value` | _string_ | true | Value is the IP CIDR that represents the range of Source IP Addresses of the client.
These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header.
For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`. | #### SourceMatchType @@ -3828,6 +3998,22 @@ _Appears in:_ | `idleTimeout` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no
bytes sent or received on either the upstream or downstream connection.
Default: 1 hour. | +#### TCPKeepalive + + + +TCPKeepalive define the TCP Keepalive configuration. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `probes` | _integer_ | false | The total number of unacknowledged probes to send before deciding
the connection is dead.
Defaults to 9. | +| `idleTime` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration a connection needs to be idle before keep-alive
probes start being sent.
The duration format is
Defaults to `7200s`. | +| `interval` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration between keep-alive probes.
Defaults to `75s`. | #### TCPTimeout @@ -3904,6 +4090,20 @@ _Appears in:_ | `matchLabels` | _object (keys:string, values:string)_ | true | MatchLabels are the set of label selectors for identifying the targeted resource | +#### Timeout + + + +Timeout defines configuration for timeouts related to connections. + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) +- [ClusterSettings](#clustersettings) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `tcp` | _[TCPTimeout](#tcptimeout)_ | false | Timeout settings for TCP. | +| `http` | _[HTTPTimeout](#httptimeout)_ | false | Timeout settings for HTTP. | #### TracingProvider diff --git a/tools/make/docs.mk b/tools/make/docs.mk index 761fb183d75..d6fcfe8832c 100644 --- a/tools/make/docs.mk +++ b/tools/make/docs.mk @@ -89,7 +89,7 @@ docs-api-gen: $(tools/crd-ref-docs) --config=tools/crd-ref-docs/config.yaml \ --templates-dir=tools/crd-ref-docs/templates \ --output-path=site/content/en/latest/api/extension_types.md \ - --max-depth 10 \ + --max-depth 100 \ --renderer=markdown # below line copy command for sync English api doc into Chinese cp site/content/en/latest/api/extension_types.md site/content/zh/latest/api/extension_types.md From 798966742dc1cb214b2eef549ca5c918af9dcd2d Mon Sep 17 00:00:00 2001 From: zirain Date: Thu, 14 Nov 2024 23:02:55 +0800 Subject: [PATCH 19/47] chore: bump golang to 1.23.3 (#4716) Signed-off-by: zirain --- examples/envoy-als/Dockerfile | 2 +- examples/envoy-als/go.mod | 2 +- examples/extension-server/go.mod | 2 +- examples/grpc-ext-auth/Dockerfile | 2 +- examples/grpc-ext-auth/go.mod | 2 +- examples/grpc-ext-proc/Dockerfile | 2 +- examples/grpc-ext-proc/go.mod | 2 +- examples/preserve-case-backend/Dockerfile | 2 +- examples/preserve-case-backend/go.mod | 2 +- go.mod | 2 +- tools/make/examples.mk | 9 +++++++++ tools/make/golang.mk | 2 +- tools/src/buf/go.mod | 2 +- tools/src/crd-ref-docs/go.mod | 2 +- tools/src/gci/go.mod | 2 +- tools/src/golangci-lint/go.mod | 2 +- tools/src/helm-docs/go.mod | 2 +- tools/src/jb/go.mod | 2 +- tools/src/jsonnet/go.mod | 2 +- tools/src/kind/go.mod | 2 +- tools/src/protoc-gen-go-grpc/go.mod | 2 +- tools/src/protoc-gen-go/go.mod | 2 +- tools/src/setup-envtest/go.mod | 2 +- 23 files changed, 31 insertions(+), 22 deletions(-) diff --git a/examples/envoy-als/Dockerfile b/examples/envoy-als/Dockerfile index 0ad9437f993..835a8200716 100644 --- a/examples/envoy-als/Dockerfile +++ b/examples/envoy-als/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.1 AS builder +FROM golang:1.23.3 AS builder ARG GO_LDFLAGS="" diff --git a/examples/envoy-als/go.mod b/examples/envoy-als/go.mod index 610090483ad..df62679506a 100644 --- a/examples/envoy-als/go.mod +++ b/examples/envoy-als/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway-envoy-als -go 1.23.1 +go 1.23.3 require ( github.com/envoyproxy/go-control-plane v0.13.1 diff --git a/examples/extension-server/go.mod b/examples/extension-server/go.mod index 13edb3f3877..24e910c1ddf 100644 --- a/examples/extension-server/go.mod +++ b/examples/extension-server/go.mod @@ -1,6 +1,6 @@ module github.com/exampleorg/envoygateway-extension -go 1.23.1 +go 1.23.3 require ( github.com/envoyproxy/gateway v1.0.2 diff --git a/examples/grpc-ext-auth/Dockerfile b/examples/grpc-ext-auth/Dockerfile index 4f6ea6ff545..f90bb04d8cb 100644 --- a/examples/grpc-ext-auth/Dockerfile +++ b/examples/grpc-ext-auth/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.1 AS builder +FROM golang:1.23.3 AS builder ARG GO_LDFLAGS="" diff --git a/examples/grpc-ext-auth/go.mod b/examples/grpc-ext-auth/go.mod index 8e3fcb7e061..fe656cdc112 100644 --- a/examples/grpc-ext-auth/go.mod +++ b/examples/grpc-ext-auth/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway-grcp-ext-auth -go 1.23.1 +go 1.23.3 require ( github.com/envoyproxy/go-control-plane v0.13.1 diff --git a/examples/grpc-ext-proc/Dockerfile b/examples/grpc-ext-proc/Dockerfile index a07ab13f48b..cd0f7db820b 100644 --- a/examples/grpc-ext-proc/Dockerfile +++ b/examples/grpc-ext-proc/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.1 AS builder +FROM golang:1.23.3 AS builder ARG GO_LDFLAGS="" diff --git a/examples/grpc-ext-proc/go.mod b/examples/grpc-ext-proc/go.mod index bb18254c721..5c7b98ee08e 100644 --- a/examples/grpc-ext-proc/go.mod +++ b/examples/grpc-ext-proc/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway-grpc-ext-proc -go 1.23.1 +go 1.23.3 require ( github.com/envoyproxy/go-control-plane v0.13.1 diff --git a/examples/preserve-case-backend/Dockerfile b/examples/preserve-case-backend/Dockerfile index 4616d465cb6..46d71ff22b5 100644 --- a/examples/preserve-case-backend/Dockerfile +++ b/examples/preserve-case-backend/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.1 AS builder +FROM golang:1.23.3 AS builder ARG GO_LDFLAGS="" diff --git a/examples/preserve-case-backend/go.mod b/examples/preserve-case-backend/go.mod index 7a9712aa341..22c616a7ba3 100644 --- a/examples/preserve-case-backend/go.mod +++ b/examples/preserve-case-backend/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway-preserve-case-backend -go 1.23.1 +go 1.23.3 require github.com/valyala/fasthttp v1.51.0 diff --git a/go.mod b/go.mod index 74bb7f24aca..59d3ffde5fb 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway -go 1.23.1 +go 1.23.3 replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.16 diff --git a/tools/make/examples.mk b/tools/make/examples.mk index 5caf9846e63..e0e01e190d6 100644 --- a/tools/make/examples.mk +++ b/tools/make/examples.mk @@ -17,4 +17,13 @@ kube-install-examples-image: kube-build-examples-image @$(LOG_TARGET) @for app in $(EXAMPLE_APPS); do \ tools/hack/kind-load-image.sh $(EXAMPLE_IMAGE_PREFIX)$$app $(EXAMPLE_TAG); \ + done + +.PHONY: go.mod.tidy.examples +go.mod.tidy.examples: + @$(LOG_TARGET) + @for app in $(EXAMPLE_APPS); do \ + pushd $(ROOT_DIR)/examples/$$app; \ + go mod tidy -compat=$(GO_VERSION); \ + popd; \ done \ No newline at end of file diff --git a/tools/make/golang.mk b/tools/make/golang.mk index 4c0d38bf83e..4f4dce00faa 100644 --- a/tools/make/golang.mk +++ b/tools/make/golang.mk @@ -84,7 +84,7 @@ go.mod.tidy: ## Update and check dependences with go mod tidy. .PHONY: go.mod.lint lint: go.mod.lint -go.mod.lint: go.mod.tidy ## Check if go.mod is clean +go.mod.lint: go.mod.tidy go.mod.tidy.examples ## Check if go.mod is clean @$(LOG_TARGET) @if test -n "$$(git status -s -- go.mod go.sum)"; then \ git diff --exit-code go.mod; \ diff --git a/tools/src/buf/go.mod b/tools/src/buf/go.mod index d8bea4a9f7c..b276538c15a 100644 --- a/tools/src/buf/go.mod +++ b/tools/src/buf/go.mod @@ -1,6 +1,6 @@ module local -go 1.23.1 +go 1.23.3 require github.com/bufbuild/buf v1.46.0 diff --git a/tools/src/crd-ref-docs/go.mod b/tools/src/crd-ref-docs/go.mod index 017b54837b8..5d5bcd374a3 100644 --- a/tools/src/crd-ref-docs/go.mod +++ b/tools/src/crd-ref-docs/go.mod @@ -1,6 +1,6 @@ module local -go 1.23.1 +go 1.23.3 require github.com/elastic/crd-ref-docs v0.1.0 diff --git a/tools/src/gci/go.mod b/tools/src/gci/go.mod index 382ffae2274..bf8d0ac7a5c 100644 --- a/tools/src/gci/go.mod +++ b/tools/src/gci/go.mod @@ -1,6 +1,6 @@ module local -go 1.23.1 +go 1.23.3 require github.com/daixiang0/gci v0.13.4 diff --git a/tools/src/golangci-lint/go.mod b/tools/src/golangci-lint/go.mod index e88d8a1a325..d7d2cdce1f2 100644 --- a/tools/src/golangci-lint/go.mod +++ b/tools/src/golangci-lint/go.mod @@ -1,6 +1,6 @@ module local -go 1.23.1 +go 1.23.3 require github.com/golangci/golangci-lint v1.62.0 diff --git a/tools/src/helm-docs/go.mod b/tools/src/helm-docs/go.mod index 2f61f2bf33a..05180f8b0f0 100644 --- a/tools/src/helm-docs/go.mod +++ b/tools/src/helm-docs/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/helm-docs -go 1.23.1 +go 1.23.3 require github.com/norwoodj/helm-docs v1.14.2 diff --git a/tools/src/jb/go.mod b/tools/src/jb/go.mod index fb8807bab20..9915adc8bfd 100644 --- a/tools/src/jb/go.mod +++ b/tools/src/jb/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/jb -go 1.23.1 +go 1.23.3 require github.com/jsonnet-bundler/jsonnet-bundler v0.5.1 diff --git a/tools/src/jsonnet/go.mod b/tools/src/jsonnet/go.mod index 2cf5cfd4c7b..aec5a71feeb 100644 --- a/tools/src/jsonnet/go.mod +++ b/tools/src/jsonnet/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/jsonnet -go 1.23.1 +go 1.23.3 require github.com/google/go-jsonnet v0.20.0 diff --git a/tools/src/kind/go.mod b/tools/src/kind/go.mod index 42dd6426e94..398e0d90a29 100644 --- a/tools/src/kind/go.mod +++ b/tools/src/kind/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/kind -go 1.23.1 +go 1.23.3 require sigs.k8s.io/kind v0.25.0 diff --git a/tools/src/protoc-gen-go-grpc/go.mod b/tools/src/protoc-gen-go-grpc/go.mod index 11e0bc567bd..1b6f5e9f0c6 100644 --- a/tools/src/protoc-gen-go-grpc/go.mod +++ b/tools/src/protoc-gen-go-grpc/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/protoc-gen-go-grpc -go 1.23.1 +go 1.23.3 require google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0 diff --git a/tools/src/protoc-gen-go/go.mod b/tools/src/protoc-gen-go/go.mod index 588c433426f..86ccc619362 100644 --- a/tools/src/protoc-gen-go/go.mod +++ b/tools/src/protoc-gen-go/go.mod @@ -1,5 +1,5 @@ module github.com/envoyproxy/gateway/tools/src/protoc-gen-go -go 1.23.1 +go 1.23.3 require google.golang.org/protobuf v1.33.0 diff --git a/tools/src/setup-envtest/go.mod b/tools/src/setup-envtest/go.mod index 33e82a774e7..53ea509481f 100644 --- a/tools/src/setup-envtest/go.mod +++ b/tools/src/setup-envtest/go.mod @@ -1,6 +1,6 @@ module local -go 1.23.1 +go 1.23.3 require sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240813183042-b901db121e1f From 1c29f66f851ae4bc76f5e270331b0059f56a9efe Mon Sep 17 00:00:00 2001 From: Lior Okman Date: Thu, 14 Nov 2024 18:00:22 +0200 Subject: [PATCH 20/47] fix: recover from panics that occur during envoy gateway's reconciliation (#4643) * Added a panic recovery flow for HandleSubscription. Signed-off-by: Lior Okman * Panic recovery should not be a one-off occurrence Signed-off-by: Lior Okman * Added a metric for recovered panics Signed-off-by: Lior Okman * Verify that the correct number of calls were received by the HandleSubscription handler function, Signed-off-by: Lior Okman * Typo and align the metric name with other metrics in the same area. Signed-off-by: Lior Okman --------- Signed-off-by: Lior Okman --- internal/message/metrics.go | 5 ++++ internal/message/watchutil.go | 37 ++++++++++++++++++++++-------- internal/message/watchutil_test.go | 28 ++++++++++++++++++++++ 3 files changed, 61 insertions(+), 9 deletions(-) diff --git a/internal/message/metrics.go b/internal/message/metrics.go index 5f120124191..de744f47aa8 100644 --- a/internal/message/metrics.go +++ b/internal/message/metrics.go @@ -13,6 +13,11 @@ var ( "Current depth of watchable queue.", ) + panicCounter = metrics.NewCounter( + "watchable_panics_recovered_total", + "Total number of panics recovered while handling items in queue.", + ) + watchableSubscribeDurationSeconds = metrics.NewHistogram( "watchable_subscribe_duration_seconds", "How long in seconds a subscribed watchable queue is handled.", diff --git a/internal/message/watchutil.go b/internal/message/watchutil.go index f8391cbc47a..77caa4af3d9 100644 --- a/internal/message/watchutil.go +++ b/internal/message/watchutil.go @@ -6,6 +6,8 @@ package message import ( + "fmt" + "runtime/debug" "time" "github.com/telepresenceio/watchable" @@ -36,6 +38,28 @@ func (m Metadata) LabelValues() []metrics.LabelValue { return labels } +// handleWithCrashRecovery calls the provided handle function and gracefully recovers from any panics +// that might occur when the handle function is called. +func handleWithCrashRecovery[K comparable, V any]( + handle func(updateFunc Update[K, V], errChans chan error), + update Update[K, V], + meta Metadata, + errChans chan error, +) { + defer func() { + if r := recover(); r != nil { + logger.WithValues("runner", meta.Runner).Error(fmt.Errorf("%+v", r), "observed a panic", + "stackTrace", string(debug.Stack())) + watchableSubscribeTotal.WithFailure(metrics.ReasonError, meta.LabelValues()...).Increment() + panicCounter.WithFailure(metrics.ReasonError, meta.LabelValues()...).Increment() + } + }() + startHandleTime := time.Now() + handle(update, errChans) + watchableSubscribeTotal.WithSuccess(meta.LabelValues()...).Increment() + watchableSubscribeDurationSeconds.With(meta.LabelValues()...).Record(time.Since(startHandleTime).Seconds()) +} + // HandleSubscription takes a channel returned by // watchable.Map.Subscribe() (or .SubscribeSubset()), and calls the // given function for each initial value in the map, and for any @@ -57,25 +81,20 @@ func HandleSubscription[K comparable, V any]( watchableSubscribeTotal.WithFailure(metrics.ReasonError, meta.LabelValues()...).Increment() } }() + defer close(errChans) if snapshot, ok := <-subscription; ok { for k, v := range snapshot.State { - startHandleTime := time.Now() - handle(Update[K, V]{ + handleWithCrashRecovery(handle, Update[K, V]{ Key: k, Value: v, - }, errChans) - watchableSubscribeTotal.WithSuccess(meta.LabelValues()...).Increment() - watchableSubscribeDurationSeconds.With(meta.LabelValues()...).Record(time.Since(startHandleTime).Seconds()) + }, meta, errChans) } } for snapshot := range subscription { watchableDepth.With(meta.LabelValues()...).Record(float64(len(subscription))) for _, update := range snapshot.Updates { - startHandleTime := time.Now() - handle(Update[K, V](update), errChans) - watchableSubscribeTotal.WithSuccess(meta.LabelValues()...).Increment() - watchableSubscribeDurationSeconds.With(meta.LabelValues()...).Record(time.Since(startHandleTime).Seconds()) + handleWithCrashRecovery(handle, Update[K, V](update), meta, errChans) } } } diff --git a/internal/message/watchutil_test.go b/internal/message/watchutil_test.go index 2c08821b211..6e6472d14f0 100644 --- a/internal/message/watchutil_test.go +++ b/internal/message/watchutil_test.go @@ -30,6 +30,34 @@ func TestHandleSubscriptionAlreadyClosed(t *testing.T) { assert.Equal(t, 0, calls) } +func TestPanicInSubscriptionHandler(t *testing.T) { + defer func() { + if r := recover(); r != nil { + assert.Fail(t, "recovered from an unexpected panic") + } + }() + var m watchable.Map[string, any] + m.Store("foo", "bar") + + go func() { + time.Sleep(100 * time.Millisecond) + m.Store("baz", "qux") + time.Sleep(100 * time.Millisecond) + m.Close() + }() + + numCalls := 0 + message.HandleSubscription[string, any]( + message.Metadata{Runner: "demo", Message: "demo"}, + m.Subscribe(context.Background()), + func(update message.Update[string, any], errChans chan error) { + numCalls++ + panic("oops " + update.Key) + }, + ) + assert.Equal(t, 2, numCalls) +} + func TestHandleSubscriptionAlreadyInitialized(t *testing.T) { var m watchable.Map[string, any] m.Store("foo", "bar") From c2b0ee38e84666f41486dfdaba092f4dfdd1e480 Mon Sep 17 00:00:00 2001 From: Steve Gargan Date: Thu, 14 Nov 2024 17:25:40 +0000 Subject: [PATCH 21/47] feat(translator): allow configuration of hostEnvKeys on WASM extensions (#4470) feat(translation): allow configuration of hostEnvKeys on WASM extensions exposes the hostEnvKeys configuration for WASM extensons through envoy extension policies. This enables access to env vars that are set on the host envoy processes and is a convenient way to share secret meterial with WASM extensions. Signed-off-by: Steve Gargan --- api/v1alpha1/wasm_types.go | 12 + api/v1alpha1/zz_generated.deepcopy.go | 25 ++ ....envoyproxy.io_envoyextensionpolicies.yaml | 11 + internal/gatewayapi/envoyextensionpolicy.go | 4 + ...extensionpolicy-with-wasm-env-vars.in.yaml | 123 +++++++ ...xtensionpolicy-with-wasm-env-vars.out.yaml | 342 ++++++++++++++++++ internal/ir/xds.go | 4 + internal/ir/zz_generated.deepcopy.go | 5 + .../translator/testdata/in/xds-ir/wasm.yaml | 3 + .../testdata/out/xds-ir/wasm.listeners.yaml | 4 + internal/xds/translator/wasm.go | 48 ++- site/content/en/latest/api/extension_types.md | 15 + .../en/v1.1/tasks/extensibility/wasm.md | 143 +++++++- site/content/zh/latest/api/extension_types.md | 15 + 14 files changed, 732 insertions(+), 22 deletions(-) create mode 100644 internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.in.yaml create mode 100644 internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.out.yaml diff --git a/api/v1alpha1/wasm_types.go b/api/v1alpha1/wasm_types.go index 66c0e1fc84f..8913486d6f1 100644 --- a/api/v1alpha1/wasm_types.go +++ b/api/v1alpha1/wasm_types.go @@ -10,6 +10,14 @@ import ( gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" ) +// WasmEnv defines the environment variables for the VM of a Wasm extension +type WasmEnv struct { + // HostKeys is a list of keys for environment variables from the host envoy process + // that should be passed into the Wasm VM. This is useful for passing secrets to to Wasm extensions. + // +optional + HostKeys []string `json:"hostKeys,omitempty"` +} + // Wasm defines a Wasm extension. // // Note: at the moment, Envoy Gateway does not support configuring Wasm runtime. @@ -52,6 +60,10 @@ type Wasm struct { // Priority defines the location of the Wasm extension in the HTTP filter chain. // If not specified, the Wasm extension will be inserted before the router filter. // Priority *uint32 `json:"priority,omitempty"` + + // Env configures the environment for the Wasm extension + // +optional + Env *WasmEnv `json:"env,omitempty"` } // WasmCodeSource defines the source of the Wasm code. diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 3368e73dd70..12f634586c6 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -5479,6 +5479,11 @@ func (in *Wasm) DeepCopyInto(out *Wasm) { *out = new(bool) **out = **in } + if in.Env != nil { + in, out := &in.Env, &out.Env + *out = new(WasmEnv) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Wasm. @@ -5521,6 +5526,26 @@ func (in *WasmCodeSource) DeepCopy() *WasmCodeSource { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WasmEnv) DeepCopyInto(out *WasmEnv) { + *out = *in + if in.HostKeys != nil { + in, out := &in.HostKeys, &out.HostKeys + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WasmEnv. +func (in *WasmEnv) DeepCopy() *WasmEnv { + if in == nil { + return nil + } + out := new(WasmEnv) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *XDSTranslatorHooks) DeepCopyInto(out *XDSTranslatorHooks) { *out = *in diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml index 6baa2842c0c..e6cb298d3a8 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml @@ -1232,6 +1232,17 @@ spec: Config is the configuration for the Wasm extension. This configuration will be passed as a JSON string to the Wasm extension. x-kubernetes-preserve-unknown-fields: true + env: + description: Env configures the environment for the Wasm extension + properties: + hostKeys: + description: |- + HostKeys is a list of keys for environment variables from the host envoy process + that should be passed into the Wasm VM. This is useful for passing secrets to to Wasm extensions. + items: + type: string + type: array + type: object failOpen: default: false description: |- diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index 9ba561f1b5d..64e0f9e9a2a 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -675,6 +675,10 @@ func (t *Translator) buildWasm( Code: code, } + if config.Env != nil && len(config.Env.HostKeys) > 0 { + wasmIR.HostKeys = config.Env.HostKeys + } + return wasmIR, nil } diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.in.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.in.yaml new file mode 100644 index 00000000000..c4184d15476 --- /dev/null +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.in.yaml @@ -0,0 +1,123 @@ +secrets: +- apiVersion: v1 + kind: Secret + metadata: + namespace: envoy-gateway + name: my-pull-secret + data: + .dockerconfigjson: VGhpc0lzTm90QVJlYWxEb2NrZXJDb25maWdKc29u +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-1 + spec: + hostnames: + - www.example.com + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: "/foo" + backendRefs: + - name: service-1 + port: 8080 +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-2 + spec: + hostnames: + - www.example.com + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: "/bar" + backendRefs: + - name: service-1 + port: 8080 +envoyextensionpolicies: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyExtensionPolicy + metadata: + namespace: envoy-gateway + name: policy-for-gateway # This policy should attach httproute-2 + spec: + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + wasm: + - name: wasm-filter-1 + code: + type: HTTP + http: + url: https://www.example.com/wasm-filter-1.wasm + sha256: 2d89c4c6ab2a1c615c7696ed37ade9e50654ac70384b5d45100eb08e62130ff4 + env: + hostKeys: + - SOME_KEY + - ANOTHER_KEY + - name: wasm-filter-2 + rootID: "my-root-id" + code: + type: Image + image: + url: oci://www.example.com/wasm-filter-2:v1.0.0 + pullSecretRef: + name: my-pull-secret + sha256: 314100af781b98a8ca175d5bf90a8bf76576e20a2f397a88223404edc6ebfd46 + env: + hostKeys: + - SOME_KEY + - ANOTHER_KEY + - code: + type: Image + image: + url: www.example.com:8080/wasm-filter-3 +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyExtensionPolicy + metadata: + namespace: default + name: policy-for-http-route # This policy should attach httproute-1 + spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-1 + wasm: + - name: wasm-filter-4 + code: + type: HTTP + http: + url: https://www.test.com/wasm-filter-4.wasm + sha256: b6922722ab58109abfaa8d9eb16f339b38b2bb1c17076b083b34438b934e7463 + failOpen: true + env: + hostKeys: + - SOME_KEY + - ANOTHER_KEY diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.out.yaml new file mode 100644 index 00000000000..4a19852eea0 --- /dev/null +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.out.yaml @@ -0,0 +1,342 @@ +envoyExtensionPolicies: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyExtensionPolicy + metadata: + creationTimestamp: null + name: policy-for-http-route + namespace: default + spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-1 + wasm: + - code: + http: + sha256: b6922722ab58109abfaa8d9eb16f339b38b2bb1c17076b083b34438b934e7463 + url: https://www.test.com/wasm-filter-4.wasm + type: HTTP + env: + hostKeys: + - SOME_KEY + - ANOTHER_KEY + failOpen: true + name: wasm-filter-4 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyExtensionPolicy + metadata: + creationTimestamp: null + name: policy-for-gateway + namespace: envoy-gateway + spec: + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + wasm: + - code: + http: + sha256: 2d89c4c6ab2a1c615c7696ed37ade9e50654ac70384b5d45100eb08e62130ff4 + url: https://www.example.com/wasm-filter-1.wasm + type: HTTP + env: + hostKeys: + - SOME_KEY + - ANOTHER_KEY + name: wasm-filter-1 + - code: + image: + pullSecretRef: + group: null + kind: null + name: my-pull-secret + sha256: 314100af781b98a8ca175d5bf90a8bf76576e20a2f397a88223404edc6ebfd46 + url: oci://www.example.com/wasm-filter-2:v1.0.0 + type: Image + env: + hostKeys: + - SOME_KEY + - ANOTHER_KEY + name: wasm-filter-2 + rootID: my-root-id + - code: + image: + sha256: null + url: www.example.com:8080/wasm-filter-3 + type: Image + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: 'This policy is being overridden by other envoyExtensionPolicies + for these routes: [default/httproute-1]' + reason: Overridden + status: "True" + type: Overridden + controllerName: gateway.envoyproxy.io/gatewayclass-controller +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: All + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 2 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +httpRoutes: +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-1 + namespace: default + spec: + hostnames: + - www.example.com + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: /foo + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-2 + namespace: default + spec: + hostnames: + - www.example.com + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + sectionName: http + rules: + - backendRefs: + - name: service-1 + port: 8080 + matches: + - path: + value: /bar + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway + sectionName: http +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: null + name: envoy-gateway/gateway-1/http + ports: + - containerPort: 10080 + name: http-80 + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + metadata: + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http + name: envoy-gateway/gateway-1/http + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + routes: + - destination: + name: httproute/default/httproute-1/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + envoyExtensions: + wasms: + - config: null + failOpen: true + hostKeys: + - SOME_KEY + - ANOTHER_KEY + httpWasmCode: + originalDownloadingURL: https://www.test.com/wasm-filter-4.wasm + servingURL: https://envoy-gateway:18002/fe571e7b1ef5dc626ceb2c2c86782a134a92989a2643485238951696ae4334c3.wasm + sha256: b6922722ab58109abfaa8d9eb16f339b38b2bb1c17076b083b34438b934e7463 + name: envoyextensionpolicy/default/policy-for-http-route/wasm/0 + wasmName: wasm-filter-4 + hostname: www.example.com + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-1 + namespace: default + name: httproute/default/httproute-1/rule/0/match/0/www_example_com + pathMatch: + distinct: false + name: "" + prefix: /foo + - destination: + name: httproute/default/httproute-2/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + envoyExtensions: + wasms: + - config: null + failOpen: false + hostKeys: + - SOME_KEY + - ANOTHER_KEY + httpWasmCode: + originalDownloadingURL: https://www.example.com/wasm-filter-1.wasm + servingURL: https://envoy-gateway:18002/5c90b9a82642ce00a7753923fabead306b9d9a54a7c0bd2463a1af3efcfb110b.wasm + sha256: 2d89c4c6ab2a1c615c7696ed37ade9e50654ac70384b5d45100eb08e62130ff4 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0 + wasmName: wasm-filter-1 + - config: null + failOpen: false + hostKeys: + - SOME_KEY + - ANOTHER_KEY + httpWasmCode: + originalDownloadingURL: oci://www.example.com/wasm-filter-2:v1.0.0 + servingURL: https://envoy-gateway:18002/7abf116e5cd5a20389604a5ba0f3bd04fdf76f92181fe67506b42c2ee596d3fd.wasm + sha256: 314100af781b98a8ca175d5bf90a8bf76576e20a2f397a88223404edc6ebfd46 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/1 + rootID: my-root-id + wasmName: wasm-filter-2 + - config: null + failOpen: false + httpWasmCode: + originalDownloadingURL: oci://www.example.com:8080/wasm-filter-3:latest + servingURL: https://envoy-gateway:18002/42d30b4a4cc631415e6e48c02d244700da327201eb273f752cacf745715b31d9.wasm + sha256: 2a19e4f337e5223d7287e7fccd933fb01905deaff804292e5257f8c681b82bee + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 + wasmName: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 + hostname: www.example.com + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-2 + namespace: default + name: httproute/default/httproute-2/rule/0/match/0/www_example_com + pathMatch: + distinct: false + name: "" + prefix: /bar diff --git a/internal/ir/xds.go b/internal/ir/xds.go index 5103d3ea81a..b0b9a1594b1 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -2634,6 +2634,10 @@ type Wasm struct { // original URL(either an HTTP URL or an OCI image) and serves it through the // local HTTP server. Code *HTTPWasmCode `json:"httpWasmCode,omitempty"` + + // HostKeys is a list of keys for environment variables from the host envoy process + // that should be passed into the Wasm VM. + HostKeys []string `json:"hostKeys,omitempty"` } // HTTPWasmCode holds the information associated with the HTTP Wasm code source. diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go index 59f1973b22a..de0be09ff0f 100644 --- a/internal/ir/zz_generated.deepcopy.go +++ b/internal/ir/zz_generated.deepcopy.go @@ -3425,6 +3425,11 @@ func (in *Wasm) DeepCopyInto(out *Wasm) { *out = new(HTTPWasmCode) **out = **in } + if in.HostKeys != nil { + in, out := &in.HostKeys, &out.HostKeys + *out = make([]string, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Wasm. diff --git a/internal/xds/translator/testdata/in/xds-ir/wasm.yaml b/internal/xds/translator/testdata/in/xds-ir/wasm.yaml index 9afa2c97c9c..756e38952fa 100644 --- a/internal/xds/translator/testdata/in/xds-ir/wasm.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/wasm.yaml @@ -89,3 +89,6 @@ http: sha256: 2a19e4f337e5223d7287e7fccd933fb01905deaff804292e5257f8c681b82bee name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 wasmName: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 + hostKeys: + - SOME_KEY + - ANOTHER_KEY diff --git a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml index a4545e62e2c..e3a679d1ae0 100755 --- a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml @@ -90,6 +90,10 @@ timeout: 10s uri: https://envoy-gateway:18002/42d30b4a4cc631415e6e48c02d244700da327201eb273f752cacf745715b31d9.wasm sha256: 2a19e4f337e5223d7287e7fccd933fb01905deaff804292e5257f8c681b82bee + environmentVariables: + hostEnvKeys: + - SOME_KEY + - ANOTHER_KEY runtime: envoy.wasm.runtime.v8 vmId: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 - name: envoy.filters.http.router diff --git a/internal/xds/translator/wasm.go b/internal/xds/translator/wasm.go index b8777e3805c..34b1087d5cc 100644 --- a/internal/xds/translator/wasm.go +++ b/internal/xds/translator/wasm.go @@ -118,30 +118,38 @@ func wasmConfig(wasm ir.Wasm) (*wasmfilterv3.Wasm, error) { return nil, err } + vmConfig := &wasmv3.VmConfig{ + VmId: wasm.Name, // Do not share VMs across different filters + Runtime: vmRuntimeV8, + Code: &corev3.AsyncDataSource{ + Specifier: &corev3.AsyncDataSource_Remote{ + Remote: &corev3.RemoteDataSource{ + HttpUri: &corev3.HttpUri{ + Uri: wasm.Code.ServingURL, + HttpUpstreamType: &corev3.HttpUri_Cluster{ + Cluster: wasmHTTPServerCluster, + }, + Timeout: &durationpb.Duration{ + Seconds: defaultExtServiceRequestTimeout, + }, + }, + Sha256: wasm.Code.SHA256, + }, + }, + }, + } + + if wasm.HostKeys != nil { + vmConfig.EnvironmentVariables = &wasmv3.EnvironmentVariables{ + HostEnvKeys: wasm.HostKeys, + } + } + filterConfig = &wasmfilterv3.Wasm{ Config: &wasmv3.PluginConfig{ Name: wasm.WasmName, Vm: &wasmv3.PluginConfig_VmConfig{ - VmConfig: &wasmv3.VmConfig{ - VmId: wasm.Name, // Do not share VMs across different filters - Runtime: vmRuntimeV8, - Code: &corev3.AsyncDataSource{ - Specifier: &corev3.AsyncDataSource_Remote{ - Remote: &corev3.RemoteDataSource{ - HttpUri: &corev3.HttpUri{ - Uri: wasm.Code.ServingURL, - HttpUpstreamType: &corev3.HttpUri_Cluster{ - Cluster: wasmHTTPServerCluster, - }, - Timeout: &durationpb.Duration{ - Seconds: defaultExtServiceRequestTimeout, - }, - }, - Sha256: wasm.Code.SHA256, - }, - }, - }, - }, + VmConfig: vmConfig, }, Configuration: configAny, FailOpen: wasm.FailOpen, diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index a519fc34ea7..77a28384c06 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -4204,6 +4204,7 @@ _Appears in:_ | `code` | _[WasmCodeSource](#wasmcodesource)_ | true | Code is the Wasm code for the extension. | | `config` | _[JSON](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#json-v1-apiextensions-k8s-io)_ | false | Config is the configuration for the Wasm extension.
This configuration will be passed as a JSON string to the Wasm extension. | | `failOpen` | _boolean_ | false | FailOpen is a switch used to control the behavior when a fatal error occurs
during the initialization or the execution of the Wasm extension.
If FailOpen is set to true, the system bypasses the Wasm extension and
allows the traffic to pass through. Otherwise, if it is set to false or
not set (defaulting to false), the system blocks the traffic and returns
an HTTP 5xx error. | +| `env` | _[WasmEnv](#wasmenv)_ | false | Env configures the environment for the Wasm extension | #### WasmCodeSource @@ -4238,6 +4239,20 @@ _Appears in:_ | `Image` | ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.
| +#### WasmEnv + + + +WasmEnv defines the environment variables for the VM of a Wasm extension + +_Appears in:_ +- [Wasm](#wasm) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `hostKeys` | _string array_ | false | HostKeys is a list of keys for environment variables from the host envoy process
that should be passed into the Wasm VM. This is useful for passing secrets to to Wasm extensions. | + + #### WithUnderscoresAction _Underlying type:_ _string_ diff --git a/site/content/en/v1.1/tasks/extensibility/wasm.md b/site/content/en/v1.1/tasks/extensibility/wasm.md index 1b1d32f9ecb..5d2495cf566 100644 --- a/site/content/en/v1.1/tasks/extensibility/wasm.md +++ b/site/content/en/v1.1/tasks/extensibility/wasm.md @@ -90,7 +90,7 @@ spec: Verify the EnvoyExtensionPolicy status: ```shell -kubectl get envoyextensionpolicy/http-wasm-source-test -o yaml +kubectl get envoyextensionpolicy/wasm-test -o yaml ``` ### Image Wasm Extension @@ -151,9 +151,148 @@ spec: Verify the EnvoyExtensionPolicy status: ```shell -kubectl get envoyextensionpolicy/http-wasm-source-test -o yaml +kubectl get envoyextensionpolicy/wasm-test -o yaml ``` +### Wasm Extension Configuration + +This [EnvoyExtensionPolicy][] configuration fetches the Wasm extension from an OCI image and uses a config block to pass parameters to the extension when it's loaded. + +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} + +```shell +cat <}} + +Verify the EnvoyExtensionPolicy status: + +```shell +kubectl get envoyextensionpolicy/wasm-test-o yaml +``` + +### Wasm Extension Configuration through Environment variables + +It is also possible to configure a wasm extension using environment variables from the host envoy process. Keys for the env vars to be shared are defined in a `hostKeys` block. + +This is especially useful for sharing secure data from environment vars on the envoy process set using [valueFrom](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables) a Kubernetes secret. + +Note that setting an env var on the envoy process requires a custom [EnvoyProxy](../../api/extension_types#envoyproxy) configuration. + +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} + +```shell +cat <}} + + ### Testing Ensure the `GATEWAY_HOST` environment variable from the [Quickstart](../../quickstart) is set. If not, follow the diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md index a519fc34ea7..77a28384c06 100644 --- a/site/content/zh/latest/api/extension_types.md +++ b/site/content/zh/latest/api/extension_types.md @@ -4204,6 +4204,7 @@ _Appears in:_ | `code` | _[WasmCodeSource](#wasmcodesource)_ | true | Code is the Wasm code for the extension. | | `config` | _[JSON](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#json-v1-apiextensions-k8s-io)_ | false | Config is the configuration for the Wasm extension.
This configuration will be passed as a JSON string to the Wasm extension. | | `failOpen` | _boolean_ | false | FailOpen is a switch used to control the behavior when a fatal error occurs
during the initialization or the execution of the Wasm extension.
If FailOpen is set to true, the system bypasses the Wasm extension and
allows the traffic to pass through. Otherwise, if it is set to false or
not set (defaulting to false), the system blocks the traffic and returns
an HTTP 5xx error. | +| `env` | _[WasmEnv](#wasmenv)_ | false | Env configures the environment for the Wasm extension | #### WasmCodeSource @@ -4238,6 +4239,20 @@ _Appears in:_ | `Image` | ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.
| +#### WasmEnv + + + +WasmEnv defines the environment variables for the VM of a Wasm extension + +_Appears in:_ +- [Wasm](#wasm) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `hostKeys` | _string array_ | false | HostKeys is a list of keys for environment variables from the host envoy process
that should be passed into the Wasm VM. This is useful for passing secrets to to Wasm extensions. | + + #### WithUnderscoresAction _Underlying type:_ _string_ From 5068698ef07c0bad91352df6c262e3df9c8171c5 Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Thu, 14 Nov 2024 16:09:45 -0700 Subject: [PATCH 22/47] fix: remove backendrefs validation (#4705) * remove backendrefs validation Signed-off-by: Huabing Zhao * add tests Signed-off-by: Huabing Zhao * add tests Signed-off-by: Huabing Zhao --------- Signed-off-by: Huabing Zhao Co-authored-by: zirain --- api/v1alpha1/ext_auth_types.go | 2 - ...ateway.envoyproxy.io_securitypolicies.yaml | 4 - internal/gatewayapi/securitypolicy.go | 51 ++-- ...ecuritypolicy-with-extauth-backend.in.yaml | 75 ++++++ ...curitypolicy-with-extauth-backend.out.yaml | 217 +++++++++++++++++- release-notes/current.yaml | 1 + test/cel-validation/securitypolicy_test.go | 80 ++----- .../ext-auth-http-securitypolicy.yaml | 4 +- 8 files changed, 352 insertions(+), 82 deletions(-) diff --git a/api/v1alpha1/ext_auth_types.go b/api/v1alpha1/ext_auth_types.go index 0670ed4b676..faa0897e300 100644 --- a/api/v1alpha1/ext_auth_types.go +++ b/api/v1alpha1/ext_auth_types.go @@ -56,7 +56,6 @@ type ExtAuth struct { // The authorization request message is defined in // https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto // +kubebuilder:validation:XValidation:message="backendRef or backendRefs needs to be set",rule="has(self.backendRef) || self.backendRefs.size() > 0" -// +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" // +kubebuilder:validation:XValidation:message="BackendRefs only supports Service and Backend kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service' || f.kind == 'Backend') : true" // +kubebuilder:validation:XValidation:message="BackendRefs only supports Core and gateway.envoyproxy.io group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\" || f.group == 'gateway.envoyproxy.io')) : true" type GRPCExtAuthService struct { @@ -67,7 +66,6 @@ type GRPCExtAuthService struct { // HTTPExtAuthService defines the HTTP External Authorization service // // +kubebuilder:validation:XValidation:message="backendRef or backendRefs needs to be set",rule="has(self.backendRef) || self.backendRefs.size() > 0" -// +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" // +kubebuilder:validation:XValidation:message="BackendRefs only supports Service and Backend kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service' || f.kind == 'Backend') : true" // +kubebuilder:validation:XValidation:message="BackendRefs only supports Core and gateway.envoyproxy.io group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\" || f.group == 'gateway.envoyproxy.io')) : true" type HTTPExtAuthService struct { diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml index b6a040f8c42..840c8d59d30 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml @@ -1204,8 +1204,6 @@ spec: x-kubernetes-validations: - message: backendRef or backendRefs needs to be set rule: has(self.backendRef) || self.backendRefs.size() > 0 - - message: BackendRefs must be used, backendRef is not supported. - rule: '!has(self.backendRef)' - message: BackendRefs only supports Service and Backend kind. rule: 'has(self.backendRefs) ? self.backendRefs.all(f, f.kind == ''Service'' || f.kind == ''Backend'') : true' @@ -2103,8 +2101,6 @@ spec: x-kubernetes-validations: - message: backendRef or backendRefs needs to be set rule: has(self.backendRef) || self.backendRefs.size() > 0 - - message: BackendRefs must be used, backendRef is not supported. - rule: '!has(self.backendRef)' - message: BackendRefs only supports Service and Backend kind. rule: 'has(self.backendRefs) ? self.backendRefs.all(f, f.kind == ''Service'' || f.kind == ''Backend'') : true' diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index 3c2d2af31ed..8635d216457 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -841,14 +841,15 @@ func (t *Translator) buildBasicAuth( func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *resource.Resources, envoyProxy *egv1a1.EnvoyProxy) (*ir.ExtAuth, error) { var ( - http = policy.Spec.ExtAuth.HTTP - grpc = policy.Spec.ExtAuth.GRPC - backends *egv1a1.BackendCluster - protocol ir.AppProtocol - rd *ir.RouteDestination - authority string - err error - traffic *ir.TrafficFeatures + http = policy.Spec.ExtAuth.HTTP + grpc = policy.Spec.ExtAuth.GRPC + backendRefs []egv1a1.BackendRef + backendSettings *egv1a1.ClusterSettings + protocol ir.AppProtocol + rd *ir.RouteDestination + authority string + err error + traffic *ir.TrafficFeatures ) // These are sanity checks, they should never happen because the API server @@ -861,18 +862,42 @@ func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *reso switch { case http != nil: - backends = &http.BackendCluster protocol = ir.HTTP + switch { + case len(http.BackendRefs) > 0: + backendRefs = http.BackendCluster.BackendRefs + case http.BackendRef != nil: + backendRefs = []egv1a1.BackendRef{ + { + BackendObjectReference: *http.BackendRef, + }, + } + default: + // This is a sanity check, it should never happen because the API server should have caught it + return nil, errors.New("http backend refs must be specified") + } case grpc != nil: - backends = &grpc.BackendCluster protocol = ir.GRPC + switch { + case len(grpc.BackendCluster.BackendRefs) > 0: + backendRefs = grpc.BackendRefs + case grpc.BackendRef != nil: + backendRefs = []egv1a1.BackendRef{ + { + BackendObjectReference: *grpc.BackendRef, + }, + } + default: + // This is a sanity check, it should never happen because the API server should have caught it + return nil, errors.New("grpc backend refs must be specified") + } } - if rd, err = t.translateExtServiceBackendRefs(policy, backends.BackendRefs, protocol, resources, envoyProxy, 0); err != nil { + if rd, err = t.translateExtServiceBackendRefs(policy, backendRefs, protocol, resources, envoyProxy, 0); err != nil { return nil, err } - for _, backendRef := range backends.BackendRefs { + for _, backendRef := range backendRefs { // Authority is the calculated hostname that will be used as the Authority header. // If there are multiple backend referenced, simply use the first one - there are no good answers here. // When translated to XDS, the authority is used on the filter level not on the cluster level. @@ -882,7 +907,7 @@ func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *reso } } - if traffic, err = translateTrafficFeatures(backends.BackendSettings); err != nil { + if traffic, err = translateTrafficFeatures(backendSettings); err != nil { return nil, err } extAuth := &ir.ExtAuth{ diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml index 78529bf6d73..5d756b3b981 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml @@ -58,6 +58,44 @@ httpRoutes: backendRefs: - name: service-3 port: 8080 + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-3 + spec: + hostnames: + - www.baz.com + parentRefs: + - namespace: default + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: /baz + backendRefs: + - name: service-4 + port: 8080 + - apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + namespace: default + name: httproute-4 + spec: + hostnames: + - www.qux.com + parentRefs: + - namespace: default + name: gateway-1 + sectionName: http + rules: + - matches: + - path: + value: /qux + backendRefs: + - name: service-5 + port: 8080 backends: - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: Backend @@ -108,3 +146,40 @@ securityPolicies: kind: Backend group: gateway.envoyproxy.io port: 3000 + - apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: SecurityPolicy + metadata: + namespace: default + name: policy-for-http-route-3--grpc-backendref + spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-3 + extAuth: + failOpen: true + headersToExtAuth: + - header3 + - header4 + grpc: + backendRef: + name: service-2 + kind: Service + port: 8080 + - apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: SecurityPolicy + metadata: + namespace: default + name: policy-for-http-route-3-http-backendref + spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-4 + extAuth: + http: + backendRef: + name: backend-fqdn + kind: Backend + group: gateway.envoyproxy.io + port: 3000 diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml index 05086bae4c8..d304f6c13eb 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml @@ -35,7 +35,7 @@ gateways: protocol: HTTP status: listeners: - - attachedRoutes: 2 + - attachedRoutes: 4 conditions: - lastTransitionTime: null message: Sending translated listener configuration to the data plane @@ -141,6 +141,82 @@ httpRoutes: name: gateway-1 namespace: default sectionName: http +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-3 + namespace: default + spec: + hostnames: + - www.baz.com + parentRefs: + - name: gateway-1 + namespace: default + sectionName: http + rules: + - backendRefs: + - name: service-4 + port: 8080 + matches: + - path: + value: /baz + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: default + sectionName: http +- apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + creationTimestamp: null + name: httproute-4 + namespace: default + spec: + hostnames: + - www.qux.com + parentRefs: + - name: gateway-1 + namespace: default + sectionName: http + rules: + - backendRefs: + - name: service-5 + port: 8080 + matches: + - path: + value: /qux + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Service default/service-5 not found + reason: BackendNotFound + status: "False" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: default + sectionName: http infraIR: default/gateway-1: proxy: @@ -198,6 +274,75 @@ securityPolicies: status: "True" type: Accepted controllerName: gateway.envoyproxy.io/gatewayclass-controller +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: SecurityPolicy + metadata: + creationTimestamp: null + name: policy-for-http-route-3--grpc-backendref + namespace: default + spec: + extAuth: + failOpen: true + grpc: + backendRef: + kind: Service + name: service-2 + port: 8080 + headersToExtAuth: + - header3 + - header4 + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-3 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: default + sectionName: http + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: SecurityPolicy + metadata: + creationTimestamp: null + name: policy-for-http-route-3-http-backendref + namespace: default + spec: + extAuth: + http: + backendRef: + group: gateway.envoyproxy.io + kind: Backend + name: backend-fqdn + port: 3000 + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: httproute-4 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: default + sectionName: http + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller xdsIR: default/gateway-1: accessLog: @@ -327,3 +472,73 @@ xdsIR: distinct: false name: "" prefix: /bar + - destination: + name: httproute/default/httproute-3/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + hostname: www.baz.com + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-3 + namespace: default + name: httproute/default/httproute-3/rule/0/match/0/www_baz_com + pathMatch: + distinct: false + name: "" + prefix: /baz + security: + extAuth: + failOpen: true + grpc: + authority: service-2.default:8080 + destination: + name: securitypolicy/default/policy-for-http-route-3--grpc-backendref/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: GRPC + weight: 1 + headersToExtAuth: + - header3 + - header4 + name: securitypolicy/default/policy-for-http-route-3--grpc-backendref + - destination: + name: httproute/default/httproute-4/rule/0 + settings: + - weight: 1 + directResponse: + statusCode: 500 + hostname: www.qux.com + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-4 + namespace: default + name: httproute/default/httproute-4/rule/0/match/0/www_qux_com + pathMatch: + distinct: false + name: "" + prefix: /qux + security: + extAuth: + http: + authority: primary.foo.com:3000 + destination: + name: securitypolicy/default/policy-for-http-route-3-http-backendref/0 + settings: + - addressType: FQDN + endpoints: + - host: primary.foo.com + port: 3000 + protocol: HTTP + weight: 1 + path: "" + name: securitypolicy/default/policy-for-http-route-3-http-backendref diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 39e8a900c47..2e2df4724ab 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -15,6 +15,7 @@ new features: | # Fixes for bugs identified in previous versions. bug fixes: | Add a bug fix here + Fixed failed to update SecurityPolicy resources with the `backendRef` field specified # Enhancements that improve performance. performance improvements: | diff --git a/test/cel-validation/securitypolicy_test.go b/test/cel-validation/securitypolicy_test.go index f00ee84260c..033726f2b56 100644 --- a/test/cel-validation/securitypolicy_test.go +++ b/test/cel-validation/securitypolicy_test.go @@ -566,6 +566,26 @@ func TestSecurityPolicyTarget(t *testing.T) { }, wantErrors: []string{}, }, + { + desc: "empty HTTP external auth service", + mutate: func(sp *egv1a1.SecurityPolicy) { + sp.Spec = egv1a1.SecurityPolicySpec{ + ExtAuth: &egv1a1.ExtAuth{ + HTTP: &egv1a1.HTTPExtAuthService{}, + }, + PolicyTargetReferences: egv1a1.PolicyTargetReferences{ + TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{ + LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{ + Group: "gateway.networking.k8s.io", + Kind: "Gateway", + Name: "eg", + }, + }, + }, + } + }, + wantErrors: []string{" backendRef or backendRefs needs to be set"}, + }, { desc: "no extAuth", mutate: func(sp *egv1a1.SecurityPolicy) { @@ -657,36 +677,6 @@ func TestSecurityPolicyTarget(t *testing.T) { " BackendRefs only supports Core and gateway.envoyproxy.io group.", }, }, - { - desc: "http extAuth service invalid Kind", - mutate: func(sp *egv1a1.SecurityPolicy) { - sp.Spec = egv1a1.SecurityPolicySpec{ - ExtAuth: &egv1a1.ExtAuth{ - HTTP: &egv1a1.HTTPExtAuthService{ - BackendCluster: egv1a1.BackendCluster{ - BackendRef: &gwapiv1.BackendObjectReference{ - Kind: ptr.To(gwapiv1.Kind("unsupported")), - Name: "http-auth-service", - Port: ptr.To(gwapiv1.PortNumber(15001)), - }, - }, - }, - }, - PolicyTargetReferences: egv1a1.PolicyTargetReferences{ - TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{ - LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{ - Group: "gateway.networking.k8s.io", - Kind: "Gateway", - Name: "eg", - }, - }, - }, - } - }, - wantErrors: []string{ - "BackendRefs must be used, backendRef is not supported.", - }, - }, { desc: "http extAuth service backendRefs invalid Kind", mutate: func(sp *egv1a1.SecurityPolicy) { @@ -753,36 +743,6 @@ func TestSecurityPolicyTarget(t *testing.T) { "BackendRefs only supports Core and gateway.envoyproxy.io group.", }, }, - { - desc: "grpc extAuth service invalid Kind", - mutate: func(sp *egv1a1.SecurityPolicy) { - sp.Spec = egv1a1.SecurityPolicySpec{ - ExtAuth: &egv1a1.ExtAuth{ - GRPC: &egv1a1.GRPCExtAuthService{ - BackendCluster: egv1a1.BackendCluster{ - BackendRef: &gwapiv1.BackendObjectReference{ - Kind: ptr.To(gwapiv1.Kind("unsupported")), - Name: "http-auth-service", - Port: ptr.To(gwapiv1.PortNumber(15001)), - }, - }, - }, - }, - PolicyTargetReferences: egv1a1.PolicyTargetReferences{ - TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{ - LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{ - Group: "gateway.networking.k8s.io", - Kind: "Gateway", - Name: "eg", - }, - }, - }, - } - }, - wantErrors: []string{ - "BackendRefs must be used, backendRef is not supported.", - }, - }, { desc: "grpc extAuth service backendRefs invalid Kind", mutate: func(sp *egv1a1.SecurityPolicy) { diff --git a/test/e2e/testdata/ext-auth-http-securitypolicy.yaml b/test/e2e/testdata/ext-auth-http-securitypolicy.yaml index c6a1e73c6a6..f79bbaf8745 100644 --- a/test/e2e/testdata/ext-auth-http-securitypolicy.yaml +++ b/test/e2e/testdata/ext-auth-http-securitypolicy.yaml @@ -47,8 +47,8 @@ spec: name: http-with-ext-auth extAuth: http: - backendRefs: - - name: http-ext-auth + backendRef: + name: http-ext-auth namespace: gateway-conformance-infra port: 9002 headersToBackend: ["x-current-user"] From e48fecf03141b45279f5a3d5ac16e288d960c20f Mon Sep 17 00:00:00 2001 From: zirain Date: Fri, 15 Nov 2024 13:55:23 +0800 Subject: [PATCH 23/47] ci: use static file server instead of `github.com` (#4715) * ci: use static file server instead of github.com Signed-off-by: zirain * new-line-at-end-of-file Signed-off-by: zirain * fix Signed-off-by: zirain * nit Signed-off-by: zirain * 1.23.3 Signed-off-by: zirain --------- Signed-off-by: zirain --- examples/static-file-server/Dockerfile | 23 +++++ examples/static-file-server/Makefile | 8 ++ examples/static-file-server/README.md | 10 ++ .../static-file-server/files/jwt/jwks.json | 22 ++++ .../wasm/envoy_filter_http_wasm_example.wasm | Bin 0 -> 59641 bytes examples/static-file-server/go.mod | 3 + examples/static-file-server/go.sum | 0 examples/static-file-server/main.go | 39 +++++++ .../static-file-server/manifests/http.yaml | 33 ++++++ .../manifests/httproute.yaml | 22 ++++ .../static-file-server/manifests/tls.yaml | 95 ++++++++++++++++++ test/e2e/base/manifests.yaml | 35 +++++++ test/e2e/testdata/authorization-jwt.yaml | 6 +- test/e2e/testdata/jwt-optional.yaml | 2 +- test/e2e/testdata/jwt.yaml | 2 +- .../testdata/ratelimit-based-jwt-claims.yaml | 2 +- test/e2e/testdata/wasm-http.yaml | 4 +- tools/make/examples.mk | 4 +- 18 files changed, 300 insertions(+), 10 deletions(-) create mode 100644 examples/static-file-server/Dockerfile create mode 100644 examples/static-file-server/Makefile create mode 100644 examples/static-file-server/README.md create mode 100644 examples/static-file-server/files/jwt/jwks.json create mode 100644 examples/static-file-server/files/wasm/envoy_filter_http_wasm_example.wasm create mode 100644 examples/static-file-server/go.mod create mode 100644 examples/static-file-server/go.sum create mode 100644 examples/static-file-server/main.go create mode 100644 examples/static-file-server/manifests/http.yaml create mode 100644 examples/static-file-server/manifests/httproute.yaml create mode 100644 examples/static-file-server/manifests/tls.yaml diff --git a/examples/static-file-server/Dockerfile b/examples/static-file-server/Dockerfile new file mode 100644 index 00000000000..1f1268a2197 --- /dev/null +++ b/examples/static-file-server/Dockerfile @@ -0,0 +1,23 @@ +FROM golang:1.23.3 AS builder + +ARG GO_LDFLAGS="" + +WORKDIR /workspace +COPY go.mod go.sum ./ +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod \ + go mod download + +COPY . ./ +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod \ + CGO_ENABLED=0 \ + GOOS=${TARGETOS} \ + GOARCH=${TARGETARCH} \ + go build -o /bin/static-file-server -ldflags "${GO_LDFLAGS}" . + +# Need root user for UDS +FROM gcr.io/distroless/static-debian11 +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=builder /bin/static-file-server / +COPY files/ files/ + +ENTRYPOINT ["/static-file-server"] diff --git a/examples/static-file-server/Makefile b/examples/static-file-server/Makefile new file mode 100644 index 00000000000..a4e59d1e3dd --- /dev/null +++ b/examples/static-file-server/Makefile @@ -0,0 +1,8 @@ + +IMAGE_PREFIX ?= envoyproxy/gateway- +APP_NAME ?= static-file-server +TAG ?= latest + +.PHONY: docker-buildx +docker-buildx: + docker buildx build . -t $(IMAGE_PREFIX)$(APP_NAME):$(TAG) --build-arg GO_LDFLAGS="$(GO_LDFLAGS)" --load diff --git a/examples/static-file-server/README.md b/examples/static-file-server/README.md new file mode 100644 index 00000000000..7cb2417e3cd --- /dev/null +++ b/examples/static-file-server/README.md @@ -0,0 +1,10 @@ +# Static File Server + +This example demonstrates how to create a simple static file server using the `http` package. +Which serves files used by e2e tests. + +- test/e2e/testdata/authorization-jwt.yaml +- test/e2e/testdata/jwt.yaml +- test/e2e/testdata/jwt-optional.yaml +- test/e2e/testdata/ratelimit-based-jwt-claims.yaml +- test/e2e/testdata/wasm-http.yaml \ No newline at end of file diff --git a/examples/static-file-server/files/jwt/jwks.json b/examples/static-file-server/files/jwt/jwks.json new file mode 100644 index 00000000000..b58d8e04fb3 --- /dev/null +++ b/examples/static-file-server/files/jwt/jwks.json @@ -0,0 +1,22 @@ +{ + "keys": [ + { + "kty": "RSA", + "n": "u1SU1LfVLPHCozMxH2Mo4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0_IzW7yWR7QkrmBL7jTKEn5u-qKhbwKfBstIs-bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyehkd3qqGElvW_VDL5AaWTg0nLVkjRo9z-40RQzuVaE8AkAFmxZzow3x-VJYKdjykkJ0iT9wCS0DRTXu269V264Vf_3jvredZiKRkgwlL9xNAwxXFg0x_XFw005UWVRIkdgcKWTjpBP2dPwVZ4WWC-9aGVd-Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbcmw", + "e": "AQAB", + "alg": "RS256", + "use": "sig" + }, + { + "alg": "RS256", + "e": "AQAB", + "key_ops": [ + "verify" + ], + "kty": "RSA", + "n": "xOHb-i1WDfeAvsbXTSOtosl3hCUDHQ8fRDqX_Rt998-hZDJmAoPOu4J-wcwq5aZtSn_iWUYLcK2WmC_1n-p1eyc-Pl4CBnxF7LUjCk-WGhniaCzXC5I5RON6c5N-MdE0UfukK0PM0zD3iQonZq0fIsnOYyFdYdWvQ5XW-C2aLlq2FUKrjmhAav10jIC0KGd2dHRzauzfLMUmt_iMnpU84Xrur1zRYzBO4D90rN0ypC2HH7o_zI8Osx4o1L8BScW78545sWyVbaprhBV1I2Sa4SH3NAc25ej3RIh-f13Yu97FVfO0AIG4VfFiaMmsTqNTCiBkM20tXD2Z-cHJTKemXzFgInJoqFLAkHLzJ0lPvAkKOgAOufLHa7RA-C276OXd72IXPsL1UOLN4sjhGqTtaynVa00yuHdi3f4-aoy9F9SUJeWfPg--nZNLzuI0eyufsTFywnx1bTQ_kdYlEr0dRE5sujlMk3cZ7FmOQRvcjA9MxFzoVKMmlZc6LMCgqw-P", + "use": "sig", + "kid": "b520b3c2c4bd75a10e9cebc9576933dc" + } + ] +} \ No newline at end of file diff --git a/examples/static-file-server/files/wasm/envoy_filter_http_wasm_example.wasm b/examples/static-file-server/files/wasm/envoy_filter_http_wasm_example.wasm new file mode 100644 index 0000000000000000000000000000000000000000..df2554e971e8538ce58066a2bdacfddf4c1b1bab GIT binary patch literal 59641 zcmeIb3zS{gS?9UWIrmj{?yb6#O17j@;&U&OQ;wxXP8`{h9bCr`S+bp2N!-LVFy*pT zwyR1i)l0J6ajZ&W(t-pqO@I)>poBCrN!++QVL><0(J;`RSq;;MFioamx($;>vw*e6 z3|T{F$l&??zrD|W)XR24z-zGOQ|H`$_T$^%{$Bgr-`>YfE}e>;bI}K)k^7?ajw?EU zUvmC@adY>@=Sk)d=_S(nQPz#SbN5y3v6EKhvHN3>so-NOSoPUdhF_KQkLov1$zyhl zAA2l%^uGAf^Ug@E?!`G;e;}cWork9;l9b3C~@H9WQxcrDq z_2M%BVu{M{Kl8u?RDS;>%Tr6vAPFzk^4gcL@+B9iPMtnG)eG6#$&+WMJm{}3^30!{ zJibmQYbEq=^2CX?wOEFB7slo3Oak`}uC(+h=y<9F+mOrtc;!@tZh7MP;uN*HAC9`O=B6H2C3929 zt?I|49i3WEoPKz2X_+FYCIDj6eJBdVM2%Z3@({m4Yv;NZ_T=rJ#zAxI=Uxy#r?~g`0$qd<NoTs%9MwLMC|1zqaqEn}jyXyzeMlO%i?|4&d_lbObrnUROyXw2Y>mRpv@7#Is z?spw~$3NQr_IKX%FQTWS+iv^O=)=*q7o*nL&QC`>cm7=T#y7rk=l&<6e;$1@`kCkx z(Z{3DAWc3M{cP0QJ=Xf^=)aGCD*9M7)^6|L|C7;cJ{rB|C!*K-`N_tUm zM~6$}`Bz)~PqF;5EPi<5VC?EiN`~lQT+gDcbTF>f<5c-~v?@SkAW&4TST(hFtd?Rb z+?8f=Q7~4)C{>AkWTwq)fTb%*-t7L$T`M9}Lh)8LE7A4dtPxpTR5%tlRW!}2xdXm5 ztAL9Fl-=|zUd}(cXQo}E4SM8(2WgEc|5}UxS9h+GH}jFKLbX|PcyvY(ll!&?-Hfuz z!FY#y+ib^F6=n3J>3g-qurSh&H4^q>B)p&tS$QlL{K-O|+}?2c*ISuj&B~13V_+3j zF~HHHo~!~VZPGlf6_8H)3z46 z^%mpbNNCx97K?Nz)0MWqo3?R3UHe)K=~1<= zA#K&eMB-tGbu)MQPHKtH&hqz)!=uYyI3dFjV3EX6$ynuZLqNakY>SG4hFoHi(!xx; z3K7C^?Z~8=8UP`pcgdClZ9<~jqrO_(a9XDVr82bO6!D}Y0mHR4|8SfCsWv|!M1n&A z{mR}}0$4~g*9O}&EyjaZmH9mVO4B-{AbdC9&}^iykK*%;LzKDEmPTl>J?!K2-{$h>Y`e0@DSJEFNA2!N>Ac#kX-J>1E&x(FA57b2sxLB- z8B7^Q_X9_}1Um1Q29Z<;icpV-UD*=KXC>rx7B@#FA5b6~#NHY;O1{o4Iz+87n>*x& z$z7hwD*N5=A?Ilo?o|z0c^0H1azMbh8*9$&ahXfsSBjGJ4BN^jCzy=kns3b<1PlVe zqWYReOH#-s;fWDGqKvKBdgRkPKU*UqW?DuSbRkRbMv#J-u&j{YdNFj|b zm1L!%>&ctUGKMP}zLofBI~r}iID zfs9>NfirCSn+QB%Tas^{yQQMa=k@5DhKBO43o@z~t)j zVevoRw!SyN^R|C5_^z#oZzXzs|8MoE7W6;~;)H3DLK^SndQzT4!bC^gwNa)P5I(Xyk8-9ECwDeb zw0Sg(pQjX|&b}0x5~bp~Huk_#6uSy1Cw-GiJ~-2+8)_%KqF#e0q01Y-Vg|HPsjVBo zx@_ZDyElII>WyD9W!eagv5jB7cH>vC+xXSB8^1cV@v9p*e)Vh2e>Q^t-)-{li<`Xr zpEr5;JDa@w@+R+|-Q?X@HhK5Qo4oteP2T-u>7n?>@H4yH9NL?q@f7_v9w;KD)`gf3?ZG&u{YX-)!>k-){2m(kAbI zeUo?pZj*P<^u0?Eb{1f+Se9W#sk@K#ydQGO}hnKHQMM^GI3 zb4qDm=hDBxXMa9=jK*zxM4eJ17+V;o){<`6_cG^`{ITA2bV&Z5-UQ7Ut3KnSz3Es< z`GC@$6xS@1g*K+MOkB*w{Jrmcymqp117UK`f}b`}NT2zRhtf6~Xa1-}O-9d!*HOOQ z$+**+R}RfExsCXnrl=Yvip_V5o$Ne4)Ok8lR7K}X3;B-4c7)BEX9oUL?efjp2eR_x zkO94C7LbhdP`)nN;crcUtNEKypZTf6eb{FC6*7*~4Q=83dTrtNM{(lE#ofHZf6aR| z)~zyRrZ#2lMG%6!d2j`w1|NIRr}6`fHe@$z*80=YcgVHXV(iprR{oS+f!&fCs=+x% zdhq0ICRjM z?>Gb2-I3AO0HTGCH6S#J0;)~20dqlTvGU7BWckV69vr>BAvU5w6_8^FYJf5gVX$g{ zvcb`8pgGcD5+fh7d47HVtn@-Pi>fGwJY&uPQ5 zOT9HnFKYOPJSg#Kn=&qIw5!~@8RKy(9Te>jsuA);EgaLbYvZhmYn<^{iNnyJfkWMi zxx|^-*hCCA##;bIweZm~?##1~Srxr84(Cs$To$SSvw zk}Q8*7D>0|&gQk9B2iJKtnp$}tNATA=C_bk<#w$s^p%d%ya}6^gnV2ZP^$@8e#@PM zfR>cDM3=8z`C9VS@~>+;&nSPcH4u-(KkB{k{<#ll1K*QJOZr){+W zi~Nn27vaC9&(y{3IH#fO+If!QU^8fa2z$i z2f@9Iv@E(R#$|0!482AsYQ81CUOp8kXST}GAWo0wTPV}3o=G1Y0kFjOJOQ~c1t{r(!)XZ zj57xn1PB@31)X0v)7r-E`k7WUcS3Q(P-P8dqwwkB%o?+Ic$?}iLe=?JLwX^~8c12> z#8`Y+dq73)A1t``Up9dBX;-8v{mZN(8>L+p1w>xYRP(*JBfR(p!{LpI{BJFiVYO5R zZbcFeMTAoi$yjYg2)(@$YSK~zaxzL$I0!kClPqd%1=!)7Dh*1bAc4D&%8$+DgLkWs zRF?07bF;`NTY)WkB4sCY1gliI0y|pbB$I0o<=7pA*c}Fa)v(b*%4UPhB!Ay;m$Xzz zF9f?pufd)TE(&%U>6WLz^rE+*Izux<`D;xjN}^@eUU&`NtALJ|@mlAX9-~VPknc#c zj3Je;yhpOOmF7`v3&12Zf^|y+Pe*GD7j#J%;At{p7?x(NxRvk&3;3yZKTGrTcd%;Y zvUHYWl^iEH{ZV!0{5Rc9^Om+e{0&?Gx(k*E^EKg%fzMxO=+%&_S4!On(u)x&dX#jA zLF#{XkF-MF)1#Up7jsu*BXzZ(<4YdC8PNFWmZM)|}7lpW>6tVrYQin6VE zyYeS7Acpentt_>Si|{m1>NGT6F;dUJ-$?cJw&%cXqly7#~ z$a~r&(76DHTI)z&D7cB~VJUy8l>CoU`G8RY3+?)-))Z7p)@+`l+6oK8w;_9KSi1wZ z&O0M87>=59*7BOJJNc=s$gTWq5JXW0Xvh|tCp+~p&!FmKObif-XK8f?oe+bXBo!UO z<)*uGmZfn*_x_WqJv&roj#;XgD~<-hS=NB1>kNJO2eUQ*=UDoK+X z35GQ&$KwoH=_$O9fB~C>B-gURBctshbQx5EJmZJto!HA|!&#lRDm*!iKWWTZOX3M7 z3?Uz!Wn%0tQ&wa$#t}<^Q&AVT35!)(J^jB2;#B55%Q(>Ne$39^$w#|1+O9G+;jN=8 zeqq>VRi>^bEy~&tbIeC$&gDP)rGNil$|te7BS}I%wyv1t+gk^eY^-RESgU1KDQ`7P&5jm<=^U*<>2uN=vt8`mAtF)PmGvyFx zAbn_RK$t?fLVpr~67?8wVo@{(HIQAFn@ErvN=naY13}pw;Wzk`bdDNKr(DXIsPnBx zZy$2RRMuF?>de5RZw&C#CV(TnUIgIGoBIIQzz4vg>>bTIbX1!`LQjiWy@QQ;!3cP? zInRe}1~-&Hp-~1gpKA?^0Q?MY$YyZE#SD%~q0qI#3=Zp*@EOhHhO;5&aYJDqr@Qm> zxS?VmhsT9~@lpHM33QhMX%_F|;ij3w8Ge;KS&U>&w zms>A3Z&Nc&`c+oxX9!=J3O{#MV7>j0o^aqTHe!= zhlbJiZ3r;6A$6RBu+C5`Epu6zcv_YpiWFgjjxid*sjcC#6>8x2eubdpeaxq1if1Ai zBVsUp1ce9?epv!f&;P%F{V=or6}-XcRGAnF9u*p5vq>{vvt7WIf<NPLCi*)TA8S#y zsQ;MvaGEP;EWY)ds`SR9QsPZC#G%py-AV-;AnuR=6pTFMf?E&3v7)ZAzPfgQBXx}w zb;0o+xc0ei-Zu$0Y6fZg7T5fFLQ?md?*Ipezpq>=_wU!4*^5+t+T-E=;qJS%?3&-^ z!rw3MkJ7O0o+=b&y?@~UtF{Jj(Y-joq^;8#i%`o`#6nrIe$E0n9qRlU?lZ5VKzq~WYO0)F~YK|ir$h< zy-l=Af>|YH(4tMWVbR~Rj4F=NoQYplhX)is3V=RyoOi4v>9c{;>loC>Th%#rZ z4A%D@nDjzvGYlsgvQgw<;r!vK*<0`LNIM`axcqCvQ zv)m>K%-{)atyySm&4;!k@LSHt2+w{o9M}^w4HC$$qGbj0FgnzMNkp=SP(}yiOZclI zUWF!kA20|AEM=e)oYKpTpw~a(b5UT#S#24J={1~Qg`+hP{`bbbP7d+9gxE{u^)41# zQqLl~WW1N`WR(a=vC$}91WrBRJXVJYea#|JOLtQv0@S~BcpSp%%d7z~K)yU+BW{O5~T2S$<;fYNsG3rYMEUrsv(}>t-q($2=0q#4riEBu- z3IAK1KQvTkjt~Tki^sv9cr0%!714m?a1s@eDMF7Q!a!%!LWGH{G~Rl_CJ}g{ZEaB6 z?!079Wm2A}ekl*8O)`pCYzu?n!RN#e4~Wd8{6lU2x2_8aYf#olv2&u3soknvO8~td zjRZ&i=3a_YMyg(irN5V4{ z|KAx#EPBuP^qEF8clW3y-s8}`>Xekte`&9_9l8ATdo8hu(a%59_5`hWmpoM_;7Qh5 zEJKCfnt8%|9-kz^m=@75<&)V`CCpXH?=@vamvch$H88aqo|qY8i>UGsi36eHz-~#0 z-J+SCi11SWL_7Zjp@Yow_`3bBjyp~=M|4E%qF#`uLB{c0QjJM|E=xj-TH&@9u`Z3x zSK4746Zi&O=qq&s^n|9VaGj=Q?gVTqT%y2Y7AYE4%Q&qVB(|KGuJ{MWY&dK!Jq(MF z^bNg`__tERtyqk<#g~3Okt;o%iK=6^Bc)*@#Z6=G`wVF3)}UCDp^#ZI@8f`wI3PqK z5`QXY0a6S-AC!}Q?S;&tjq~^#M zt%%!EsFHO3d${0&x||lipi0R2G6h!_v0;35e!)3fnqtrrG;|qZ)ti;+j^fcO(uEY2 zU{JsDg`%koP`SMy5;w9SwFOQ zkUZ?~AwBHjvKQLJ6<)9&(TXxm@EHkILsBVh8tjZUufxzW`rq_kEwu)5;Xc<*K46fe z8@yQ)ZB)C~={LAbYhCLUA>*x66#Cj-S~R{pt7--ea)XT~YdKiZNG0t-^Rpl}YGDr9 zEQoD{qG(MV%#5XOc4$T3jD;8(SzB7ccM>dFypjUXc4$%SGK3-ExyORh> z-bdEi!Ah!jxA;!j+>#Q39GSUxH-WbBX21BYgCa)>3&@dMm`Uqq;!VeFqVI!Vv};n5q36m zv_8-u0dM;TOGcH*Y^c(Cszj8nrOMJ_T;$GECApUwje;soj2Trjx$>I^MU>_z_6Rds z3*$oK@>>|K8e`P_3{?bdV%b<7FU5d{-N}>+MGW%{u*M;guv8SN6-jJjQW)*%DMi^r z{yeb`=gAyOm+B;`V?}Iew6nxk#O^vkh_xaS#4_x+8`H%j+eCdPN0Y}USTnIqj~>h1 z!-STI@B4*vY0bu36Uu%HMMaF6@JCgKKhn+Xz;C@6DP90koDa(ifYa0`jIO}B#3MM< z`auaJci1u%Uh^dD9NMtlpfgOG3Z-h=RBO8CrigR%lu+6w?lJXHdJ zKUK=&UqzL|P>%x=Gd55qdS zCMuu~VG@=>jF{U|y_RnQw9B|L)Uv#cF53gZ>CZ&`%?X%)6P+_#I@SuLC0(loY$>@1 zNzfiu8@?Uf_(fcLt{JOx9SBdV>7c^GGTEnkv!fm7{#hVE7WnphO2DaBMN!ZiK1c%; z-NQVJM$`0rh{96>zN|i2B!dGiwg-VxDO%0x29OCWJG6Ju>gN`U^wvH|V*jCG|Mes12!A?R106^%RzkkG90xHo|g=q@z*| zah~3tDtL<*I9`}#`E8fn(!-Y@=4f(H<6D=X(9VEiqCdu0CLzdhtoigLwQ_q(e00ce~4 z9=3cpx4CqfH&o_F=xu2_rYC9doD&G>hUO%`g@{0|j6b#J!kZJ9{-?{5E$3rS>;m~u z1M2{|8qo0U1MktVwlDXgG0{ic(XX~H&!ZMm9>WrfYzPivF(di^u9WUk?H2@Qj9D?dJRQtC{Gr(LgC^g9Y+gAFIGw zZR;?D=qCcW&*sMgE&8;^$tX;5=Fbez0Cm=|T_yM>e(~cyor^$)0wwUlsnS_VAV-=4 zcaq%Qp^0wD?%bpnM9TT=wAGyu5BvkrcjxW>LXaQsL0fvapm0U>YF5i=_JelMj=KV^$@$Go&L5dJp}kz0XW}4ZI?q35ZVW%58*xneiy=j2xah; zLobf_NZJmhlOh^n+@e7O`J9+(r#fYz=+M*oCm79K3kWP1Fhuey4&=|knmEdcM{2Zc zi~#bfQ{=h)c<0%<2W%npGa3s*illNFN9Hv)v-l-H2vfiHTlpt?$r&7iedLbLaj4-} zZ?r7jmm7_x`KxrX=|m)4Q`8V{Q$?cJpK9&6*|jbwQw4rRU_L+m{;cvQ8r|`MN86W+ zM?d^$e~_%e>h|#1d%m4_l~4t11Zj5pr%)->Wzk6ZWPvzU57mZbuVvPD37HKrn&B|3 z&w9L7=omePVtB^_l(xbQ<~wKdfm6^|YdcYFf9wuxqfU557QIkR2k6=QUI@F3GXLOePe{+YGcKZVKOrwoZVgB%p zNP<;1Z5kc|s}_AlOnm64`M`$((KjrI{@YBwII z-AdLJmbM?xngVnfW@B?XtV12!*mV;)=GmLV!*j*M*KW$TQ8`Q5^~0m#C25sxJL_xP zvii}{*3MfalhNb1g!kjOWW=HpBrKUj$d$`3GifRlYv)H1vk|g1B{Xn2+cw+g1QA4! zq-r!t2JQPpwHp_K1Ca$3Ll4u1jgA*(pZ^ic%B?`i>o+i5 zhA<5b^gw)PC5_KR(V()8%L?!PE`~sCX>8)ac-m^xUyZAI8YRHDLfQ}m#?N_%I%3Bc zELOXNq<7yT9Vp*1yQ?tZc`hr6O>)1z6@4{eqO2+GsU3~l5I;2fkYWW456&B{g{=#W zrD!dgClfuc_tF!DAuTDk#AEAPTL~6QhSQ|+5*|LzRNZ`v_qjHQ9zz@z0Q@gbmXkS1;%f%D=Kn( zR$gB}ZppUK3W|}LY3I&-(YE;<_LViX+;n|D@54cYkv1!B^W6`=<0J8lNI$}X&)GV4zq7NwaLop_ko7yqG7Cj)x1aTv)38qG$mE-#emWZ2w@mK;S z>b3p~&aJoQIHTz~;;08DLR>>+SYfmWv&tRTH4^AUko;wjGj@@P@)aCBm~WlQw*~`Y zJ7l#T#LH(hXk$T+3WlQ8Q?qGBWV)LD;e+l6u$?tiR3fK29T`n8#?AtpZbIx|)AfcgFrL-f` zpgZABlUvz`G16*=e9X9b>vv80Ef8_~Sj=g&INN@;o!orwg-sM{H@%G~CJDS4!9*L3VR1u`>!4mY?u7m-h4f^1}zW5OYE zBUDGvE=8}(gbb!RI(Un~C|hSIKol_XKUsjN^Jgbfom{kp&=%pSc2*Z@3P%m~S}1DR z-Y8Fz;?X-$5Ojs$h$B#aD}7c@Tq17l5RA|+EXyq*FshKl_Xe)HUsPTn6P=H%r(*aAd4s^ja z7lHxMQb9ksMl7BPyn(_d7{BRw3*rqJbI~N7Z$6fOK5WakGB%&{2a|aMEBO%MR?OWy z{^S~nRriG}jldu-A0=$Nc-A25eqX+=0UJB30Sv(xs@d<$C!3ZtZ8sZx z^wo^|6u^n-Z3mo)wxlvu1P(}vD~xH&%t}CEKNMX+Ikzj^x*6kfDlIlbP~m$bB2jK8G#;Z-eUXb`f9Qz}Ri-qy#O-`&O5Pv|OyYCFPmf=@ik~j{gf#uvkq+E=4{k%rV!zn{*5bL? zY~ZxnASzC$)66z%a;93$-G>yiE^?Gpz0Ug$+n@8h-q~$Xy2aT}b={rc;ZO=Y99pcN zPyyys7Ek-#1~i^$)~t3LxIFAOu+|+-MX=OpoBWzNy5`|DeIgDzg_;maif`sdT*Pc% zI+I0y!V_!xky5(Jd#D^3feM#F9MZ|2JuF}V>~g3jg1dAE>yq);qRPrjgmHud((VoI z{Uk?{Cuf*1vv20;s1|CTM;%j0k2e9Qo%&G}mHWP=vq2ya%tQ84%rFzCbrN4KGJ6|H zg*S15a-a=Bq5*h^k`=^=b^ilZ;Z*WEI7v8z>^cMSdBRLW`gF@RLxIOaxOV zx=q2hVt6|?380`LW)iAF3+5c^KqW{iIJH|T!me}viO#mvcLH=-+q;Z_D zWcEk0t~msq5#nx#J`rBPUHrpRK@8ia=~rUT=7Rjm1TFJG`I$`dnIsXqXlx9NS;dGz zZ_??UUVm7mUdU6G*nGjZRsjZ9z9gbFySy7gZEIl)4U9Iig@2vT>xGAO4RJ1bnSEJo zGdh6$2Y|#N3Kb#Q?NndhDn63j%7~K+m<703zlldO#ADwg>%DRok-Q`KZQH6X;yY&*dtaJfphsP$`OIHh+wa0);V)4rUr zAll5`4Uw&f7g&sQG*%B5MZ<4W|8oknq_W>#i*@KjL=Ad6jJ?7ZwVrrNwg)y!eM(4yL z_`gKYdXk$0a%X7sFK^S@KkVrv4L}+Z_yo1(E`N5_O&Swf2o>TFiz5LUmj{YJnA38YVk;HLQ$)4 zLuAU+fd(Ve!9PzFH@f9~4##Es*65u%bvB%X*EORZU+CfTXm;XOo(jSX( zjd}T279!>F(z2458#eHO$5{)dWIQ%UP49d2l+bZ4etP#3H6YCZJpT;K-_6&zL9^^| z65ooRF~$QS-G}V-l<1Lb#rMnZotYzbUvr7-UBH`~cq0 z&gTa}K15vIiuA4V8n5NMc z_eZphA}Ba;=&hstLGALM831z4d@%(8P^`GnVB~4@uN5GNELv+8GDG@6G(BG{AVP&L z!589AgbzfWpJorjrr|x6{_q|^4dFdJ(VJD_J!OUW$kPO^;tkPS^igw-m_4AFpn;bh z-c#)f?_tK*3Fpy-*Sf166>v#6mZt){gEr$j#~e=cX&=kuImpNAz~n2nbP@^Vc^rMh z!1u>Ec}=2t5cm**=RXb6GbFJBf`*h}Z--2z}JYB`Ij(3P#vi&JFA7T(Zn%+pI(l;aC+Senh zl^|#V#d2lD#DjX2gJCsuCH=+7)8j=poPi_&XDif&X8wdS$KwJ9ESUSJs)!85I7cmv zyZoo65VbG>(AWCgZjxD!;ebC{MAoQHsc)OapaK;mY58|pJJ3+loNLh!DO&utoNque z9(Ej_6#_*|3dRnH{;9S6V&pCTYw5@_{Ktuhkdp3GI!!DDH^t$|+|q?M*nNlT>?qy8 zULp1~6bI}keYyWkr%o_R&wv|EIN*YV@o!?BVIU*|1ew{-yplk%%UDRd8fVFPZ7{ZC)H>~+2L zI}f-um1#s3dm|W%;Z&rw#gOQYYr`uF%_W&6`lC(q%qi&|fZBLQ>62pC80J(UYY9Fq zVa7D)Aq=HJ@loHGC|Z6WOerT`@Ate}4Vc?XD8R5VJM zD2%zzd*MYDVJvZScfi{ry5zf21tY+Pvd4^KZj|Tj^4@no{njl6 zS*(*jzCrqt4btyY`p5fFqeB&CVSCghA@l=)JZiMo#%8>L8VL!^ET+D65jF1ECt%Fj3@{ooBBPk36Phl8jIn~>=VHC9+YU{9p6r8V5C!rwy{a4?T zX%?c3uf8D^knNhH=sbK|3RFw-A9}8k&1gki)tL3o?piH;1UUY)zvu-`6X+2(wP`zWwvUT~ z;ADr=15RJsD|aj5Ql(a8T?)&;RB3hrz0gXnIunclTd6fjEZ*d$mMqCcx5j-P0k=Mm zEcA$NN1X^VYaUZd5oGjC?*4*L)j9tG5LG4c5M@-3z*8ID^X;`*Yxu3V!pk~ZOPKR~ z=ND@gsFao@%)kGNxWVzOn862ZQtFKn$<*F|a%|{31rQ3&@hJ{XL|OOI4O`M+Scm-j ziBD_Of#mv#uk$emBe^P}8o(=}wTNF&2(pBD61MCs3i?sVqf{nIk&OWtbyhuLa)U5+ zj!oEuM=8;R9XxcUzNRqT`7Xfc2o=|)$jn2WBYaJvS)9cgNKQa;YRc_E*Zr1)Tsnl! z6QMGEi?aw7-JOq68Sb9J$;>q)3Z?j#f_%q7iglq7^U2?$Fg32y$|DS;Yd zBXx`UvdBx3HdG-x;G+umnV4#bI;07>&+JoCui6TPC#z7=i|aJh+l*BwSePODHh@Y^ ztp28gEOC7?RGt@jsKjwP%`0gRj${u&S5oPVf$c%gM3glvx62@25W=|ZGe+2|B@q)o z3+8c2QwYpd-6ZWPdb1CWOHx)(%$VlU2SMi@bgjA}@c#|8x1v^}w zr$bI2Bs(I+ThfGLGZ|Lo3@F0wfYF1S^dkzH;)GlHpbj4Zj~IZncV1=u78pUGBEnTa zJ0sUHo<`ilc7lN87uaaUc_dH)Lj46{BUx#`)0xYCL1}Frge-JgRtrM|FI7bsnYTzk zY(+R8bDgu0YdQwdD7h`dY(?eEeZ<<$s!RCJEa3l#6fR$Z-S8YO(Il;}cfEpBG@WDVqeIR1cm zMMWoS`(P&=kZmA#7IG}Fx1epYZ&5Zsv769sJE42*2kD%J>@lTtl6ey;v!-xKRwp{Y1??!+=t~AEG-i&ozW2;<1FNR;ulvweSW=4;NyGGtpNe2e zg&=fj+dNl%cQ@)1vFwb(0*fHxUM1)O5;;pq6QLMc4Vtk4y^(mJWNa1mVV8VSiJTE< zpxB~juTIT;3`5bD?qlG-M;%UTDJan=>uAfN8`3T>pRgfjdVo=^ z0UCrl1dM&GP(nenRC}WMw2lFzeOn$Fbi4;9v&Q-IykH=7K{v=t-PC!%dwdGpqx9m& z?hC%Gt(05+?O6B4T|VXBZpwY2h^{E`8kP{w`F`$|M$nq#N-;&InAWHz4KPJabL&s@ z8Y^X5(o!WH|9`KRq=-xz16dZZ>Zi~&S2nyt1euXvHtVL(11W(-(s z$sqR3iDr^pMeJxHI8sRFLG&4DU*GRt` zr>UPawma3;Rh?+G?kh*{p_mKW_ih7qG7gn*w6`k#tFm9oeVUcrh!q;s(5ut1D*U?GaLAExOY=Q+cq5=NRQ4pUuDCoBQ5QZd9TaWH&b^N&b7T zxy4%1nlQ|pQANhnes^`d=lh!&_Pj**BI%lq4k!m>nMNI3(L7q_W5

?y#PhKmAEtSunBwRr_OqWmv+HTSeJ*$kgM zNOFeHre70vS=`0v6Reoibses#*}5j1t~=r3yQI9-ifJso6jeScKzyASdGL_?N^?Zn zSWIf9rFvEP8HjLoji02Hs$}LywB2X0inac31!X^zHrh!ti<*>RW0Oh2d&={Z-Ess@ z__Pmp(^iVKcX#TV54mPLDffkxt2-%KNcpZ#%CV4gXD4Mmq}tM7jYQ6!gYs_GR29m}kkm+eRggKO62WbpYG}GiWb1r@V&Zwej zi04-E5Tt25bRW4rDfThZ3zK3W7i~(4ifYK;68H$B)HofZQDdq7?z`49(mksgX>-br zh~(YFO2r^#xIE^eSxRfE5N|?Gt(El1um^BkY}1BmCX zCZq9*(W}^S?KEZhsDCsjI^?z*`Y(Z$INu6~Bnpc|h<#bLC&qQp@ZdS58rV*s@ay5$ zXFN)wf4zWX?(Ah4FPd%@ZFm;+Qu0sKfM>yHdFT}$Ij_cIQlSgaf`8V>g1*MDP)b#L z7W}g=+dNya&02E*{cf&jEEnEmG2(ydre7*b|8h6&=^|}CMqiJK*RtL>#@52O;eq=z zY~d;}qVShyw96)|Y{nC^S}Z8&=^0#?_?Bh9IkIyTra^D=Y!r_Ns|yk21DHLAlja>V zqIFDzc3fy%7)R%EUI;D%mr#gpb~uu(9c@ZMF1t2F!b+SuP?f+^Ko~U+zveizjDRrw zEKDx-Ek1&OaO!A+sW~w-Ni23;?#jU+%8!je)D)6h(TFA)U{TVE^zI zY~rpukWMqnP-K@N@!98BXO}L%ROnZ_qQ znKJSZznR;>A$LP2=n*;m#k?8lQJr7x0(5C@{W49)Vp!8?McYlAeAkFtBwXi@At_FKVZL0sjiw{!~JmnTD7^JELg23_qlII zI;*!yuokANu@)($LH>cWyhw)e0x=&e zkezfnON0%F9#SH8fyj93&9md3o4%}f|#9?3CilG1+}5s_;CLG3xy z5sMZ4j1GkBtCN0FhYBRMGj8&uY5L65A$K($wvB^|OtjTh;$QuC=&-0mzF@6x$YI3< zVHKL!l@^^|0a&KRCQ~0x+CV}O&zN8Q&tH45c{0_mmlAZUWKzOoYh5YPsh3{Xe5G)w zrj&*)^Dfn1EVig1=s01^!V3*sAPu~3j;bJxgnr18&)sy*dygmFkNxDht|apPc_B&U zYcxsJu~ycTL}`cLi|N67l4!J(s~JrA^(4_+srH$!HFL4BW`44p_7bNbYvti=2d-j5 z(l482Wv!BNF`R&)Dx3DthR`v6_(R`>`VY+4V zjk&%be_4S-gqD!8<*Kshm}@YJQ2?KOM7sW>>i0HiBJY^U^YWnPcy@mRy3U=dvl*Y0 zG2bkE;|fC1WUz(POHWUjafP8H#r=C7G&n-T-GltVu5cldQ0IX&BuHtlAW5#!6B5y`8#`t*)DT zB;L(bDY8G*$$sBD*%9jb^P0aD+0S*d&##kR0^7uCksX0u;AI6a?ColZ&iIktHf7Q0 zY<|E$vK%c5q-`wV9)qF`Ni;eTAkvE}pIB9;T#q`{jvJ8!lr{+@gCao!<@1DTnDShA z;hjo5GP*_+h#LU#^Ikkx-pv`?o{+Xyzj2f!rq@|}H@G1#jgD$C+0*aD;SJ`smpz3) z3C%-mHWj7aD!^_X_@Uh+BTED}u?zY*5{0_h1Iahv%rwS&H z#l+sJDMcLTTVC-yjK!AbPigl&^c?ni?%7IN8Zd?cOn6&o29Rtd=0O-9SSB7YK)OLH3kd*hpsW+ z5d}g0k;~K{xxN|Uu%0LgDpwR3M8OLShmJC*l*EkI1=ctnWKJbqjJo&g9l^+xl}w7! z`nS^ca9v<7nDS-ec?hiacj$S*V3fsM(lET@c>n`lL9~wN!TdC@cpifFzkx6s?N|-X zAS%`qMr#Gzi?vw~f*@GUZhnsaav=Qw_2otQzw>uP z_+Ng7@DXw^VJ7>xO!!;mw?h!||GitBW7paL_4gkm_WEG%zC2XGfBn1Rgg<$O6aHQ~ zp#~o`uSIeEb&8`k9`FAr9@*Ds4*|Id$hWh$m?xIm|D&^(%iaCE5uqYFcu;38m*>-V zt=IzP&vJ&mCqj&aq zG*rluQ#vG}%CHjOZySPo$U;c75ePfi_)!;uYCT@TZ!NwbPD@%*6iR6cM!Uy8?gvUM zo$nfGhgs&rmS;{Ou}_52Y{fP`Q|6d@ZYMPKY)03%bgE(FtH@b(1ah`!IHO(U3}tX2 zdDsj^O)NXv4s;&b*eJ36;i(`OTX!)m8aiDd6K&2S)pPR^C8EU;{DE8O^>k$FvDEZFc_vsWEP`_gR~O%eHrsJEPy}s}JlqNX7r2xPg`J&}@)0uoFR2 zYKP%6E+nHLuD)*T43aL`J%^L3TPPG^K`G{$*xaeuRL(rGXSW7%_%DZ0DyV+Iz45XgfcQ$vB2SXxSQ~ zdTAv~a$Z>bHhcwo{oeb~yyTxhV+m=d<|Wj$_a5$Jho(Mn7pPH_TB8~#=wK-OX-%-* zgnZx4Kp%|1TO(A5BWx{zKzi$==RO}nFIQ&zyJe1P>=*suglwA&|E>h-7ycayVmsG8 zmx_jB9fTbP5_X(IXua#G>)XW}SKg z;h#HE?n@N@FVI^_0fa(F`1gDxfg^P6=mSMW6vAKMNazgRD&fz09NP71pGt7OLuY!M zp?%51zqYyXw@)rm?@JK=!k{PZrjBMw|2*=C%8_=Dw?25164W^ZvR{&3C5R{rO0e(z zk%CVVAYSALB32#R+YX;ZCJej<1EYr1Ll|$GGYbYH6kN7Xr4aeOg$TU&7L3k@fZ~hO zM~d3UZzGaH~HFeIpABA;WlxJ+a z#udL<~v&`@&IsQwDj2@(tFyb zSO5$$7XbGt^8On5+KCktEeAZU>Zi3Ij=L$ocH&0~cEa=m69}fRB9Bqz;nPGR)=Yz+ z@8*O}=?(;^KT9Mi(%!F~=##HtluBhxWU=XS>jIy9urSY7+y&+`KvI^|)x&Ta`WxNi_*NqK>4;{qZ%KjeKT$JQE%}->%>pRgU8V^h$mI zX~`es`a~x#&M(&S0eD-iBftz?5qM^C!bR-X7^yy_E$ffmvfSCKkhV<%;PU-=F4O{X z!SswLg)r%xN}Urcd@LIy+8@hyqyqv{v^RLnsw1$uFO=g;C1G2(eFnMe(m^^7G*vf@^f;t$o|eh1P!HTS{wvwf_U9HQciQ=if86jlEo`?MJ_*)Yez~KQL;`|D@U+ z(0SK{^b&WalcxOE952)i44^@iTu`W7?YlQup zIwlMiSW>)<4pQNq7^T$6W#2K}Jkv*fCcG5!xRgk}-Q4eLoVsVHeerFBuy?acoj3_) zci^#Mj|z%aHblh=mi!(Sox`9#Dmn`%!2+%I#6NQmoh*&2oy4D2?Tg;}rTFJ+dyxE0 z95KQa|6HkQA1jxUY2_5Be!+*H$OyT;x?Ih5=$F#BPLftANx z=P)o1wK|(silexgm~{^Wy>QMq*H1c!k! zHN%M`6o5VE@x@_ad{KZ%f#Ucte)Sy&#_!(4zyPA}+^>?({VFYmARIfA#oQXYyv?wHL7 zsN32@*-#hhmC-E4t%b?RQDDO&fqGWasVk`t@~YYAJ$sJ=8xo%QL_Ft-`J=!9T8G`$ zvtjMx90nJ~QDD?iQhG)kwJdFp*f}LKRoi7w&%~F-h}blE3&we;4_H5yYzqg0-9D-_ ziN6uRImT;4z(LB309*(pN=m`jDvt{RH;sGWB8eCiQg?hA>sxY5!ptQX>5|VR zUtBQ{dr^(4#?X)-BZin1s?_9@Mz{|ct{CEQ3`xDk*9Z{Igqi79f_1p*2sX}?bZrNu zxZ6+}azz`-h;l00eh24dEjTr68dWg`)Cu>J!}e_k{OE=lKd<9FO3ZeBB1-ZUt-~4Qc` zACTGW1ASl`eV~If3w=NhCHMhP3LDe(?duKo!Ejd}#J8gl_`)G)aIMh?FB))IZ9~9= zK6nAZIYF%t@NZ5ZWNY=opw|Zw!3*hw`lkB8y####C-M&g%+6P@5A=K0hpmk;S&x)H z7=(3AA5cpAfMZpUwrUWq!2VpOKD>ZF;QL%Lw4|~@A3!g8W?on61C|fGJ_x!<096E_ zZ_og+19V{;ln1ouOdlYII}Woo`aql&^nqk;p$|w#f9sG<(+52C>I1|T_*tb7HgC*W z*f+GHJ{UAy1$|&^YeTjus1wonscnheqz{G!s!pt8VWFcBkgn1Pc=>wt0SD}0Wk?_3 zMO~#2qTuKAM|}0@10=t`j^#JU{z$B2eas1p{IT}^nQG>j!cQGen2gl2{HnmAjo|(u zkM73FRTGCYih}-N^Dvn)ML{7|L5+46h%`S>I%v{Q7tC=TPQ5Iq3kJh(?;>M2t7b!E zv>oP0dwj|Pf8&&i;srZRl=W7BJJx-1mruF3n}UBYf9`V80)xQKBLydw4n}5)(E}X1 z{`jtL#`HquJ*ONs?l%;3`d%Ft`s!sWEsy(plCvTiw<&(LB@YNwN_}jKN@nx;Oe;c?dKzNH zIJZ}WTc@|tSxt8I1$7chV#sX*c+^f2R*DXQu`;%3w=|=LCEMjHn_ZMcOhw5x-;}05 zxcya5-==%V((;Kzhwh&|G4a5ex#P>zr{^Y)Po6yK?7t%==VG1`E*{<6-nsn7iHSE{ zbKRQ!x8as{ZXcNr41lp(`k|yKSf*f=i}$X<1zOxTuFJVz#dQVOUaqUSuIA$0Bljk* z8@S%Wbqm++Tt~U?=6WaBcXCZ~O>sTQHOqC1Yk})L*ZaA?kL!b6Kg#vvTtCJ2GhCnI zdW!3FT))8e1+M>r>o>UmJ=d4GBCfwHcpssy)iD1MY3srLbENme{>%Jc4gYVGw*TrZ z%MRRo;G7$qJ9F~nRSb1KY{A}I6vG# zg+HmQsD#Spzgw}Fns=NHh8|n7Cs<%G__E*om`VDdn zQ5!i#5GDO_14H`j_{*#3$BLU`arq^*Sz74*S_iCb=SW+zxkG1Z#%sI zz`a)=xEG}EKXC5q1LrbuJ3aS+JNmZ6ZfbJ?QqHaC^_Vy(iB&`0VuY$>r0FH{SE@hYp2bQ)5fh|72=nIh(sG zd(GTyvZ-^&r>0IUWv3?3O`ke*DqA`;KYx00dFn)_eD3VjaVl`e#mYJ_7RIf$HT|^` ztmta$IhRoI&gD0Ev+(=NBxXhe&V4s`AxPNJc)WA@nrlv;eh{#y78hwiFYh9c>ePQv zg!~${kpB%Qr{*49eyAwG3(7o7KGjXz%a6=YO@Oo0DzCObM*7>XIWRGC{M@<8`=`%d zbIrktiKU08Pfc{P-ln{&=kw(K?3(=7QTF8I($cB|2fV6g_sKLR{! z^S^mwV*d2>-15|7UkUQxO8)D)^xrRW7ln#G#VaC5Nw~hgy#dLIh&?fRYHDtI^5p9J zo(S!qrQD-D|9Ysq7U~`$y{LOT&zEsYg6`nbe@B2xFzn>&&9{r+qg=bW`r!fZOVjJ3 zPx#KbXgh!QvNZm4c=ox=(%mbhoqA+q@$~8CiRlx53@?!O#yu0)xctMHr(cPG3Htdq zn%cv)m+MNd*KpzeGXeiv?pJf|kV9Q_d1?m zsNU2ut{9UeVuIYa#w)g`}5BYC~S}CIRuaXX`471uA8}pYU$5gxkTxQxo+n=!gZAE4z4@7?&5kY*W0-6<~qhDFc)F($GJ|=-FkX% zD%>)6WD3c(FMIg(;>i;vzGG@>{`B0^)RC#l6H|*zYg01!kbiY3bNB9l7r5Mi{LIqw z=~M3T-FLg=!pz+Ae(|Iej$S{1a&mg^hV1x5lZ#7J%WpZe{J{R}JK4OHu|^ioOf4wyG}po|LVsri&K;K-almSnrp*&cE=JN zJpq0+l-Cuh`NdbI|11{TG(2zTDuzd#FwS)qSHTJE4bMAxui<$omxkvaE)CB=;?nSZ z2iN?`GY?MBb(nE}@$|VzCLWwxp5SSIYH|6Iv37r!_CC`Xryp4J;;L+acFn%*%D~tY z^UI4pzocfa`diUe`LA4&R%BXz5yA4+ERDa6j=y+inq1m;%w4%{>eSNl#p!uyVdB)( c^5luh2Nf+*n*aa+ literal 0 HcmV?d00001 diff --git a/examples/static-file-server/go.mod b/examples/static-file-server/go.mod new file mode 100644 index 00000000000..69cc2a932da --- /dev/null +++ b/examples/static-file-server/go.mod @@ -0,0 +1,3 @@ +module github.com/envoyproxy/static-file-server + +go 1.23.3 diff --git a/examples/static-file-server/go.sum b/examples/static-file-server/go.sum new file mode 100644 index 00000000000..e69de29bb2d diff --git a/examples/static-file-server/main.go b/examples/static-file-server/main.go new file mode 100644 index 00000000000..1a82c1ae37f --- /dev/null +++ b/examples/static-file-server/main.go @@ -0,0 +1,39 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package main + +import ( + "flag" + "log" + "net/http" + "os" + "path" +) + +var ( + port string + directory string + certPath string +) + +func main() { + flag.StringVar(&port, "port", "8080", "port to serve on") + flag.StringVar(&directory, "dir", "./files", "the directory of static file to host") + flag.StringVar(&certPath, "certPath", "/etc/certs", "path to extProcServer certificate and private key") + flag.Parse() + + http.Handle("/", http.FileServer(http.Dir(directory))) + + if _, err := os.Stat(path.Join(certPath, "tls.crt")); err != nil { + log.Printf("Serving %s on HTTP port: %s\n", directory, port) + log.Fatal(http.ListenAndServe(":"+port, nil)) + return + } + + log.Printf("Serving %s on HTTPS port: %s\n", directory, port) + log.Fatal(http.ListenAndServeTLS(":"+port, + path.Join(certPath, "tls.crt"), path.Join(certPath, "tls.key"), nil)) +} diff --git a/examples/static-file-server/manifests/http.yaml b/examples/static-file-server/manifests/http.yaml new file mode 100644 index 00000000000..e21fec0179c --- /dev/null +++ b/examples/static-file-server/manifests/http.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: static-file-server +spec: + selector: + app: static-file-server + ports: + - protocol: TCP + port: 443 + targetPort: 8443 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: static-file-server + labels: + app: static-file-server +spec: + replicas: 1 + selector: + matchLabels: + app: static-file-server + template: + metadata: + labels: + app: static-file-server + spec: + containers: + - name: static-file-server + image: envoyproxy/gateway-static-file-server + imagePullPolicy: IfNotPresent diff --git a/examples/static-file-server/manifests/httproute.yaml b/examples/static-file-server/manifests/httproute.yaml new file mode 100644 index 00000000000..beaefdbb423 --- /dev/null +++ b/examples/static-file-server/manifests/httproute.yaml @@ -0,0 +1,22 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: backend +spec: + parentRefs: + - name: eg + rules: + - backendRefs: + - group: "" + kind: Service + name: static-file-server + port: 443 + weight: 1 + matches: + - path: + type: PathPrefix + value: /jwt + - path: + type: PathPrefix + value: /wasm +--- diff --git a/examples/static-file-server/manifests/tls.yaml b/examples/static-file-server/manifests/tls.yaml new file mode 100644 index 00000000000..d277452efd1 --- /dev/null +++ b/examples/static-file-server/manifests/tls.yaml @@ -0,0 +1,95 @@ +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZVENDQWttZ0F3SUJBZ0lSQUpiK2x5QTJqZCtlUmRMTzR4Sm5kWVF3RFFZSktvWklodmNOQVFFTEJRQXcKUWpFVE1CRUdBMVVFQ2hNS1JXNTJiM2xRY205NGVURVFNQTRHQTFVRUN4TUhSMkYwWlhkaGVURVpNQmNHQTFVRQpBeE1RUlc1MmIza2dSMkYwWlhkaGVTQkRRVEFnRncweU5EQXpNVEF4TlRNeU1UZGFHQTh5TVRJME1ETXhNREUyCk16SXhOMW93SkRFUU1BNEdBMVVFQ2hNSFFXTnRaU0JEYnpFUU1BNEdBMVVFQXhNSFpHVm1ZWFZzZERDQ0FTSXcKRFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtGUnI2cVV1WFN1N3J5bHcvVmZXbm1kM0RXWgpTcGxDUFR6QUh1V3NpOVVrbW5rTVhNOXN3Y1VQZFUyd2NNSHd1bDNpNGJwTlRkUGVWRG04K3JUVXNmaHMySWZuCmhHNW9WV0JnTkJXVEYzRnpiUmgvc3orK3p6MlBnZ0Fpb3NjYmEyVm5qaExyOUM3a0Q3QnRYNVlvSENGQ3lhT24Kem9WNVdNSnBBNHNCeGdOdkpXSU5aRUNnOUlmSWxSMDZMTGlNTXJCRTVRS2cvTG5EUkpuTEZEVFZCTDdzallpVQpZdVZtRWczMXJaOVpsNXViZ09xSU9uU2ROM2RNM1hhUnBCTWFGVXg5UDlQcmhjS3l5NVRkQ3g2MHBIYXMvaFIxCmFjcEp5VmdmRFVDdXNUUFphVFo1eXM0cmhib1l3WDN5cnZKN29lMHM4QmRZU2thT1NBTElDaU9PWGtVQ0F3RUEKQWFOdU1Hd3dEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQXdHQTFVZApFd0VCL3dRQ01BQXdId1lEVlIwakJCZ3dGb0FVVXBQMWFaMU0yS0l1UFBXck5QRFYyYzVDbmdvd0ZnWURWUjBSCkJBOHdEWUlMWlhoaGJYQnNaUzVqYjIwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFBMkk1MmhrcEwwTXZmejQKeDk3ZjV6dlR5a1VtRWhDSVowN0g0anM0WVg2a1hLWVBzRDBlaGJFbzZUSWgyMkpWMkpyWnRuaWhMQnRGQStuUQp2Zk9QcE1LRnJMUU1DWVozMk9Na045T1pWbmNyMmpQNzNhaE9SaWloaGVBczJYTUtybHZmVWVKTFJrSlBlSVB6CnR2TlVacWExMmZ4T0Jsdy9hV1NqVk9lRDVMVm5nUStrQksydGRoL08xSjFWRGgzdVU3RHNZUThmRm1UcWR6ZzYKUWhtbjhaTXFIS3lNeitOdkt1d1h5eEtyeFZKVEl1QzJXZHhGWlZZMzdtZzJ5Vm9OdFhpSFNQMXpxVWV4SHNEKwpzUDBsZy9jUDdlaitOY3Q5WnpudUZBc2U4cUNDZnlaL2hPQ2NCblZabG1GUFgzRCtJSEpVWUpGaWVkYndsZHljCmw1eG1jaFU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBb1ZHdnFwUzVkSzd1dktYRDlWOWFlWjNjTlpsS21VSTlQTUFlNWF5TDFTU2FlUXhjCnoyekJ4UTkxVGJCd3dmQzZYZUxodWsxTjA5NVVPYno2dE5TeCtHelloK2VFYm1oVllHQTBGWk1YY1hOdEdIK3oKUDc3UFBZK0NBQ0tpeHh0clpXZU9FdXYwTHVRUHNHMWZsaWdjSVVMSm82Zk9oWGxZd21rRGl3SEdBMjhsWWcxawpRS0QwaDhpVkhUb3N1SXd5c0VUbEFxRDh1Y05FbWNzVU5OVUV2dXlOaUpSaTVXWVNEZld0bjFtWG01dUE2b2c2CmRKMDNkMHpkZHBHa0V4b1ZUSDAvMCt1RndyTExsTjBMSHJTa2RxeitGSFZweWtuSldCOE5RSzZ4TTlscE5ubksKeml1RnVoakJmZkt1OG51aDdTendGMWhLUm81SUFzZ0tJNDVlUlFJREFRQUJBb0lCQVFDVGlZUGh2TGVJa2R6aQpSN0RhbnVTK1NiUDJpVVlDdU9RTXhhRDhhVHhTS1hIbHQzckNjak1kcVMrZFovc1lSTFFOM2N5WWVNN3ZNRzFUCmlSUzVnYlZyQVJGZjZrdmlOaVd2U1EwWmxqZGdtVEp6cjRjZWk4STZDUi9hUTlNZnltSUVraHNNRHlSNkpqWjcKSXV6REJkZ0VTM0xpN0R3ak1vSU0rOEl6eGVGMWpTT1ErTjlLcTB3QzMzVzFuOVdIYXZWcWZvcjI0bmVySG9FcwozNmlUMncvdkU1dFJBTFlEbjh6MFp5YUM1d3Nnb3FyTG5UWXlMcnVKWnNGa1NxN25GWEE3cjhXL0dLQjBoL3ZaCmNzYkRlWU1WMjJNckdRTzhYSlAwM3J0cm9DQWJmUUhRd3lEbnpsTFJ3blNGRmhjV0F5UW9qbkozb0RQbzhZaXoKam1meVd5WlpBb0dCQU0vZGtqMGhFZm05SHBBL1dyTGVEb0V5WWtKL3N1R3RyWlpSNS9INnJieHphQ2FlQ3B0UApZQ25JcnBoMjRVYWFvaXFJY0pnazRXRjBmU3RhRnh0SkxSYXpBVElUUFlCZjF0OEEwYkhjN3UxMExiWlZkMG5uCk1lWVJPYlhzQXlvdmxNcm1ZclBPWWFXSEtJL1oyT3NLeC83UkhTcnEwZm1ZcUFYSXpzK2V1Ryt6QW9HQkFNYXMKem9YdlJwVDZGNndYaU5QemFqamc5MHJFMFhZZ0g3VkEvWHJsbUp5MVFRYy8rZzJ1ZXVYMGJ5aVhYY0FMY3BINAoybFlYcEZaelNPRkd6Z01DMEtuQkJyWmxsYWIweUczbWhsWjRtbkFhbmtSUFh4bWpDdmgvZmtkYStlQ1RCMFdHCjBOY3RQSFVvSk9GNWpLNmtxVy9rWVpkWVRPV1FjczNybURFWCtENG5Bb0dCQUwwdkhRenp6MGRyMzZoTGNRSUEKWmxVaUJSb2UzVERYQUhraWZLYllqMDFJQUErOW9VdXZWNGRQOWRBZnluS1hCR2NQbk9Kc0ZwQzdFN3prRnNtbgp0UmpHdkp6VnRCRGxxVXQzbEdKOEFSMHVzdmdUR3ltdytOSTY5VHBrM3BDRGs3bURLMndZdHZpUFpkUmU0alV4CnI4cDBpa1pvUjhrU0xrSnRmQVNzb1pKUEFvR0FWSTk4bjNrR082WnVxT3FqYkVMd2RTRWJZQkdCYlp1aW8wejAKRm5qZWllU0R0d2c5NzlEUnNrcGxmWXRmZGJ2cG1jT25lbms1a3lvaVhPLzhBMEFSZkE4U1FsUGViRjlIWjY5MApnaDEyN2p3R0hPRURneS9vSFhoMlVQeWgyam42SUZlUFQrYUxFdnB4S0I3S0NCTkJvc1E3M1dUUjVldWpVWTN6CkN3SSt3SVVDZ1lFQXJVQ0k4cng3MVd4S3A0dnNObTJpM2JlT3lYa3dVaFhKUmhmL0cwZk5vc2FhT0RvVEdNT1oKVlRRci9hVWJlQ2pWMlZENTEyVkJEQlZnYUNnZ1ZZS3pSMXpJSDFlMXZzVjhQVjN1Snh0Q2FLT3daTHV4OS9HQQp0QzJOKzFTY05GWkxtU3Z0MzU2WG5EL3VwRUcyeVMydmFURDU1K3FVUlVFWk1TWDlPdFpSL2JBPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= +kind: Secret +metadata: + name: static-file-server-tls +type: kubernetes.io/tls +--- +apiVersion: v1 +kind: Service +metadata: + name: static-file-server +spec: + selector: + app: static-file-server + ports: + - protocol: TCP + port: 443 + targetPort: 8443 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: static-file-server + labels: + app: static-file-server +spec: + replicas: 1 + selector: + matchLabels: + app: static-file-server + template: + metadata: + labels: + app: static-file-server + spec: + containers: + - name: static-file-server + image: envoyproxy/gateway-static-file-server + imagePullPolicy: IfNotPresent + args: + - "--certPath=/app/certs" + - "--port=8443" + volumeMounts: + - name: secret-volume + mountPath: /app/certs + volumes: + - name: secret-volume + secret: + secretName: static-file-server-tls +--- +apiVersion: gateway.networking.k8s.io/v1alpha3 +kind: BackendTLSPolicy +metadata: + name: static-file-server +spec: + targetRefs: + - group: "" + kind: Service + name: static-file-server + sectionName: "443" + validation: + caCertificateRefs: + - name: backend-tls-checks-certificate + group: "" + kind: ConfigMap + hostname: example.com +--- +apiVersion: v1 +data: + ca.crt: | + -----BEGIN CERTIFICATE----- + MIIDQzCCAiugAwIBAgIBATANBgkqhkiG9w0BAQsFADBCMRMwEQYDVQQKEwpFbnZv + eVByb3h5MRAwDgYDVQQLEwdHYXRld2F5MRkwFwYDVQQDExBFbnZveSBHYXRld2F5 + IENBMCAXDTI0MDMxMDE1MzIxN1oYDzIxMjQwMzEwMTYzMjE3WjBCMRMwEQYDVQQK + EwpFbnZveVByb3h5MRAwDgYDVQQLEwdHYXRld2F5MRkwFwYDVQQDExBFbnZveSBH + YXRld2F5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ZFmGB4e + m1KdGEohAZBfqydAEGLDHJ1YyfHWdd+vBAevdW64bZx3pggJOtgCnePuFd02rDQS + dlsJlX/6mFtoQilo6wvxDSJRfaTDbtfTjw+7k8yfd/Jsmh0RWG+UeyI7Na9sXAz7 + b57mpxsCoNowzeK5ETiOGGNWPcjENJkSnBarz5muN00xIZWBU+yN5PLJNxZvxpZJ + Ol/SSI8sno0e0PxAmp3fe7QaXiZj/TAGJPGuTJkUxrHqyZGJtYUxsS8A0dT1zBjj + izA5Dp+b5yzYo23Hh7BgpbZ7X4gsDThFuwCD6fHyepuv2zHPqvSsdqg2hAhDp91R + zrn7a9GxG2VSIwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw + AwEB/zAdBgNVHQ4EFgQUUpP1aZ1M2KIuPPWrNPDV2c5CngowDQYJKoZIhvcNAQEL + BQADggEBAGSEkAVz+Z0qS4FmA0q4SCpIIq64bsdEjiUzev7pK1LEK0/Y28QBPixV + cUXfax18VPR9pls1JgXto9qY+C0hnRZic6611QTJlWK1p6dinQ/eDdYCBC+nv5xx + ssASwmplIxMvj3S1qF6dr7sMI2ZVD5HElTWdO19UBLyhiKKZW2KxDsYj+5NRwGFe + G+JuDgq7njUM8mdyYk0NehefdBUEUUCQtnwUtW95/429XwqQROuRDteGT9kjD+Y5 + ea5mW4mfqLeuGJXZs9bdWjKKdLQPrn9IshPysWqz2Hz8dQ1f7N9/g8UWVSjd4cyx + S5EAolzVv0yB7wHCWCgfG/ckdOTUNnE= + -----END CERTIFICATE----- +kind: ConfigMap +metadata: + name: backend-tls-checks-certificate diff --git a/test/e2e/base/manifests.yaml b/test/e2e/base/manifests.yaml index c7390d6d70d..34ccc08390a 100644 --- a/test/e2e/base/manifests.yaml +++ b/test/e2e/base/manifests.yaml @@ -567,3 +567,38 @@ spec: protocol: TCP port: 19001 targetPort: 19001 +--- +apiVersion: v1 +kind: Service +metadata: + name: static-file-server + namespace: gateway-conformance-infra +spec: + selector: + app: static-file-server + ports: + - protocol: TCP + port: 80 + targetPort: 8080 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: static-file-server + namespace: gateway-conformance-infra + labels: + app: static-file-server +spec: + replicas: 1 + selector: + matchLabels: + app: static-file-server + template: + metadata: + labels: + app: static-file-server + spec: + containers: + - name: static-file-server + image: envoyproxy/gateway-static-file-server + imagePullPolicy: IfNotPresent diff --git a/test/e2e/testdata/authorization-jwt.yaml b/test/e2e/testdata/authorization-jwt.yaml index 5d3e31ea12e..0c1b5e27c66 100644 --- a/test/e2e/testdata/authorization-jwt.yaml +++ b/test/e2e/testdata/authorization-jwt.yaml @@ -64,7 +64,7 @@ spec: - name: example issuer: https://foo.bar.com remoteJWKS: - uri: https://raw.githubusercontent.com/envoyproxy/gateway/refs/heads/main/examples/kubernetes/jwt/jwks.json + uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json authorization: defaultAction: Deny rules: @@ -97,7 +97,7 @@ spec: - name: example issuer: https://foo.bar.com remoteJWKS: - uri: https://raw.githubusercontent.com/envoyproxy/gateway/refs/heads/main/examples/kubernetes/jwt/jwks.json + uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json authorization: defaultAction: Deny rules: @@ -123,7 +123,7 @@ spec: - name: example issuer: https://foo.bar.com remoteJWKS: - uri: https://raw.githubusercontent.com/envoyproxy/gateway/refs/heads/main/examples/kubernetes/jwt/jwks.json + uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json authorization: defaultAction: Deny rules: diff --git a/test/e2e/testdata/jwt-optional.yaml b/test/e2e/testdata/jwt-optional.yaml index d5ca319fa03..1a6d2e01c5c 100644 --- a/test/e2e/testdata/jwt-optional.yaml +++ b/test/e2e/testdata/jwt-optional.yaml @@ -19,7 +19,7 @@ spec: - claim: name header: x-name remoteJWKS: - uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json + uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json optional: true --- apiVersion: gateway.networking.k8s.io/v1 diff --git a/test/e2e/testdata/jwt.yaml b/test/e2e/testdata/jwt.yaml index 01cb370651d..32b1d96dcc0 100644 --- a/test/e2e/testdata/jwt.yaml +++ b/test/e2e/testdata/jwt.yaml @@ -20,7 +20,7 @@ spec: - claim: name header: x-name remoteJWKS: - uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json + uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute diff --git a/test/e2e/testdata/ratelimit-based-jwt-claims.yaml b/test/e2e/testdata/ratelimit-based-jwt-claims.yaml index 2d01996c981..7c72421fed9 100644 --- a/test/e2e/testdata/ratelimit-based-jwt-claims.yaml +++ b/test/e2e/testdata/ratelimit-based-jwt-claims.yaml @@ -12,7 +12,7 @@ spec: providers: - name: example remoteJWKS: - uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json + uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json claimToHeaders: - claim: name header: x-claim-name diff --git a/test/e2e/testdata/wasm-http.yaml b/test/e2e/testdata/wasm-http.yaml index 856d381a517..080fa3e4976 100644 --- a/test/e2e/testdata/wasm-http.yaml +++ b/test/e2e/testdata/wasm-http.yaml @@ -69,7 +69,7 @@ spec: code: type: HTTP http: - url: https://raw.githubusercontent.com/envoyproxy/examples/main/wasm-cc/lib/envoy_filter_http_wasm_example.wasm + url: http://static-file-server.gateway-conformance-infra/wasm/envoy_filter_http_wasm_example.wasm sha256: 79c9f85128bb0177b6511afa85d587224efded376ac0ef76df56595f1e6315c0 --- apiVersion: gateway.envoyproxy.io/v1alpha1 @@ -88,4 +88,4 @@ spec: code: type: HTTP http: - url: https://raw.githubusercontent.com/envoyproxy/examples/main/wasm-cc/lib/envoy_filter_http_wasm_example.wasm + url: http://static-file-server.gateway-conformance-infra/wasm/envoy_filter_http_wasm_example.wasm diff --git a/tools/make/examples.mk b/tools/make/examples.mk index e0e01e190d6..839d376aa19 100644 --- a/tools/make/examples.mk +++ b/tools/make/examples.mk @@ -1,5 +1,5 @@ -EXAMPLE_APPS := grpc-ext-auth envoy-als grpc-ext-proc http-ext-auth preserve-case-backend +EXAMPLE_APPS := grpc-ext-auth envoy-als grpc-ext-proc http-ext-auth preserve-case-backend static-file-server EXAMPLE_IMAGE_PREFIX ?= envoyproxy/gateway- EXAMPLE_TAG ?= latest @@ -26,4 +26,4 @@ go.mod.tidy.examples: pushd $(ROOT_DIR)/examples/$$app; \ go mod tidy -compat=$(GO_VERSION); \ popd; \ - done \ No newline at end of file + done From 37ef109bead660733bcffe52f3b21415f6eee0d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 17:46:39 +0800 Subject: [PATCH 24/47] build(deps): bump the go-opentelemetry-io group across 1 directory with 8 updates (#4693) * build(deps): bump the go-opentelemetry-io group across 1 directory with 8 updates Bumps the go-opentelemetry-io group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.31.0` | `1.32.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.31.0` | `1.32.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://github.com/open-telemetry/opentelemetry-go) | `1.31.0` | `1.32.0` | | [go.opentelemetry.io/otel/exporters/prometheus](https://github.com/open-telemetry/opentelemetry-go) | `0.53.0` | `0.54.0` | | [go.opentelemetry.io/otel/exporters/stdout/stdoutmetric](https://github.com/open-telemetry/opentelemetry-go) | `1.31.0` | `1.32.0` | Updates `go.opentelemetry.io/otel` from 1.31.0 to 1.32.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.31.0 to 1.32.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from 1.31.0 to 1.32.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0) Updates `go.opentelemetry.io/otel/exporters/prometheus` from 0.53.0 to 0.54.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/example/prometheus/v0.53.0...exporters/prometheus/v0.54.0) Updates `go.opentelemetry.io/otel/exporters/stdout/stdoutmetric` from 1.31.0 to 1.32.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0) Updates `go.opentelemetry.io/otel/metric` from 1.31.0 to 1.32.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0) Updates `go.opentelemetry.io/otel/sdk/metric` from 1.31.0 to 1.32.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0) Updates `go.opentelemetry.io/otel/sdk` from 1.31.0 to 1.32.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...v1.32.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-opentelemetry-io - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-opentelemetry-io - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-opentelemetry-io - dependency-name: go.opentelemetry.io/otel/exporters/prometheus dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-opentelemetry-io - dependency-name: go.opentelemetry.io/otel/exporters/stdout/stdoutmetric dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-opentelemetry-io - dependency-name: go.opentelemetry.io/otel/metric dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-opentelemetry-io - dependency-name: go.opentelemetry.io/otel/sdk/metric dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-opentelemetry-io - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-opentelemetry-io ... Signed-off-by: dependabot[bot] * fix test Signed-off-by: zirain --------- Signed-off-by: dependabot[bot] Signed-off-by: zirain Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain --- examples/extension-server/go.mod | 4 +- examples/extension-server/go.sum | 8 ++-- go.mod | 24 +++++----- go.sum | 48 +++++++++---------- internal/metrics/testdata/counter_metric.json | 3 +- internal/metrics/testdata/gauge_metric.json | 3 +- .../metrics/testdata/histogram_metric.json | 3 +- 7 files changed, 48 insertions(+), 45 deletions(-) diff --git a/examples/extension-server/go.mod b/examples/extension-server/go.mod index 24e910c1ddf..6ee602741b3 100644 --- a/examples/extension-server/go.mod +++ b/examples/extension-server/go.mod @@ -34,8 +34,8 @@ require ( golang.org/x/net v0.31.0 // indirect golang.org/x/sys v0.27.0 // indirect golang.org/x/text v0.20.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/examples/extension-server/go.sum b/examples/extension-server/go.sum index c572782b694..023da3e9b9e 100644 --- a/examples/extension-server/go.sum +++ b/examples/extension-server/go.sum @@ -107,10 +107,10 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 h1:T6rh4haD3GVYsgEfWExoCZA2o2FmbNyKpTuAxbEFPTg= -google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= diff --git a/go.mod b/go.mod index 59d3ffde5fb..2519f4ab3e4 100644 --- a/go.mod +++ b/go.mod @@ -34,13 +34,13 @@ require ( github.com/stretchr/testify v1.9.0 github.com/telepresenceio/watchable v0.0.0-20220726211108-9bb86f92afa7 github.com/tsaarni/certyaml v0.10.0 - go.opentelemetry.io/otel v1.31.0 - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.31.0 - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.31.0 - go.opentelemetry.io/otel/exporters/prometheus v0.53.0 - go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.31.0 - go.opentelemetry.io/otel/metric v1.31.0 - go.opentelemetry.io/otel/sdk/metric v1.31.0 + go.opentelemetry.io/otel v1.32.0 + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 + go.opentelemetry.io/otel/exporters/prometheus v0.54.0 + go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0 + go.opentelemetry.io/otel/metric v1.32.0 + go.opentelemetry.io/otel/sdk/metric v1.32.0 go.opentelemetry.io/proto/otlp v1.3.1 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e @@ -246,7 +246,7 @@ require ( github.com/google/uuid v1.6.0 // indirect github.com/gorilla/websocket v1.5.1 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect github.com/imdario/mergo v1.0.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -272,8 +272,8 @@ require ( github.com/sirupsen/logrus v1.9.3 // indirect github.com/tsaarni/x500dn v1.0.0 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.opentelemetry.io/otel/sdk v1.31.0 - go.opentelemetry.io/otel/trace v1.31.0 // indirect + go.opentelemetry.io/otel/sdk v1.32.0 + go.opentelemetry.io/otel/trace v1.32.0 // indirect go.starlark.net v0.0.0-20240520160348-046347dcd104 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/mod v0.21.0 // indirect @@ -285,8 +285,8 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 - google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 + google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/component-base v0.31.2 // indirect diff --git a/go.sum b/go.sum index 449ba4b60db..5d34e722723 100644 --- a/go.sum +++ b/go.sum @@ -447,8 +447,8 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 h1:ad0vkEBuk23VJzZR9nkLVG0YAoN9coASF1GusYX6AlU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0/go.mod h1:igFoXX2ELCW06bol23DWPB5BEWfZISOzSP5K2sbLea0= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -894,32 +894,32 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.5 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= -go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY= -go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.31.0 h1:FZ6ei8GFW7kyPYdxJaV2rgI6M+4tvZzhYsQ2wgyVC08= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.31.0/go.mod h1:MdEu/mC6j3D+tTEfvI15b5Ci2Fn7NneJ71YMoiS3tpI= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.31.0 h1:ZsXq73BERAiNuuFXYqP4MR5hBrjXfMGSO+Cx7qoOZiM= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.31.0/go.mod h1:hg1zaDMpyZJuUzjFxFsRYBoccE86tM9Uf4IqNMUxvrY= +go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= +go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7ZSD+5yn+lo3sGV69nW04rRR0jhYnBwjuX3r0HvnK0= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I= -go.opentelemetry.io/otel/exporters/prometheus v0.53.0 h1:QXobPHrwiGLM4ufrY3EOmDPJpo2P90UuFau4CDPJA/I= -go.opentelemetry.io/otel/exporters/prometheus v0.53.0/go.mod h1:WOAXGr3D00CfzmFxtTV1eR0GpoHuPEu+HJT8UWW2SIU= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.31.0 h1:HZgBIps9wH0RDrwjrmNa3DVbNRW60HEhdzqZFyAp3fI= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.31.0/go.mod h1:RDRhvt6TDG0eIXmonAx5bd9IcwpqCkziwkOClzWKwAQ= +go.opentelemetry.io/otel/exporters/prometheus v0.54.0 h1:rFwzp68QMgtzu9PgP3jm9XaMICI6TsofWWPcBDKwlsU= +go.opentelemetry.io/otel/exporters/prometheus v0.54.0/go.mod h1:QyjcV9qDP6VeK5qPyKETvNjmaaEc7+gqjh4SS0ZYzDU= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0 h1:SZmDnHcgp3zwlPBS2JX2urGYe/jBKEIT6ZedHRUyCz8= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0/go.mod h1:fdWW0HtZJ7+jNpTKUR0GpMEDP69nR8YBJQxNiVCE3jk= go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec= go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E= -go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE= -go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY= -go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk= -go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0= -go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= -go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= -go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys= -go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A= +go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= +go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= +go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4= +go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU= +go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= +go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= +go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= +go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.starlark.net v0.0.0-20240520160348-046347dcd104 h1:3qhteRISupnJvaWshOmeqEUs2y9oc/+/ePPvDh3Eygg= @@ -1088,10 +1088,10 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY= google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= -google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 h1:T6rh4haD3GVYsgEfWExoCZA2o2FmbNyKpTuAxbEFPTg= -google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= diff --git a/internal/metrics/testdata/counter_metric.json b/internal/metrics/testdata/counter_metric.json index 2c1859a3d45..62b17ac82e1 100644 --- a/internal/metrics/testdata/counter_metric.json +++ b/internal/metrics/testdata/counter_metric.json @@ -20,7 +20,8 @@ "Scope": { "Name": "envoy-gateway", "Version": "", - "SchemaURL": "" + "SchemaURL": "", + "Attributes": null }, "Metrics": [ { diff --git a/internal/metrics/testdata/gauge_metric.json b/internal/metrics/testdata/gauge_metric.json index 7641f17cbee..976d5cf3e40 100644 --- a/internal/metrics/testdata/gauge_metric.json +++ b/internal/metrics/testdata/gauge_metric.json @@ -20,7 +20,8 @@ "Scope": { "Name": "envoy-gateway", "Version": "", - "SchemaURL": "" + "SchemaURL": "", + "Attributes": null }, "Metrics": [ { diff --git a/internal/metrics/testdata/histogram_metric.json b/internal/metrics/testdata/histogram_metric.json index 0054be03640..70571a68f2e 100644 --- a/internal/metrics/testdata/histogram_metric.json +++ b/internal/metrics/testdata/histogram_metric.json @@ -20,7 +20,8 @@ "Scope": { "Name": "envoy-gateway", "Version": "", - "SchemaURL": "" + "SchemaURL": "", + "Attributes": null }, "Metrics": [ { From c9ae04525da89f30fc8858d6d8e736ac2b364022 Mon Sep 17 00:00:00 2001 From: Ardika Date: Fri, 15 Nov 2024 16:47:04 +0700 Subject: [PATCH 25/47] fix: loosen JWT issuer validation (#4662) * fix: JWT issuer validation Signed-off-by: Ardika Bagus * docs: add release note Signed-off-by: Ardika Bagus --------- Signed-off-by: Ardika Bagus --- .../validation/securitypolicy_validate.go | 19 ++++++++--- .../securitypolicy_validate_test.go | 32 +++++++++++++++++-- release-notes/current.yaml | 2 +- 3 files changed, 45 insertions(+), 8 deletions(-) diff --git a/api/v1alpha1/validation/securitypolicy_validate.go b/api/v1alpha1/validation/securitypolicy_validate.go index 628d3f80173..64425afdd6a 100644 --- a/api/v1alpha1/validation/securitypolicy_validate.go +++ b/api/v1alpha1/validation/securitypolicy_validate.go @@ -10,6 +10,7 @@ import ( "fmt" "net/mail" "net/url" + "strings" utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/validation" @@ -69,13 +70,21 @@ func ValidateJWTProvider(providers []egv1a1.JWTProvider) error { case len(provider.Name) == 0: errs = append(errs, errors.New("jwt provider cannot be an empty string")) case len(provider.Issuer) != 0: - // Issuer can take the format of a URL or an email address. - if _, err := url.ParseRequestURI(provider.Issuer); err != nil { - _, err := mail.ParseAddress(provider.Issuer) - if err != nil { - errs = append(errs, fmt.Errorf("invalid issuer; must be a URL or email address: %w", err)) + switch { + // Issuer follows StringOrURI format based on https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1. + // Hence, when it contains ':', it MUST be a valid URI. + case strings.Contains(provider.Issuer, ":"): + if _, err := url.ParseRequestURI(provider.Issuer); err != nil { + errs = append(errs, fmt.Errorf("invalid issuer; when issuer contains ':' character, it MUST be a valid URI")) + } + // Adding reserved character for '@', to represent an email address. + // Hence, when it contains '@', it MUST be a valid Email Address. + case strings.Contains(provider.Issuer, "@"): + if _, err := mail.ParseAddress(provider.Issuer); err != nil { + errs = append(errs, fmt.Errorf("invalid issuer; when issuer contains '@' character, it MUST be a valid Email Address format: %w", err)) } } + case len(provider.RemoteJWKS.URI) == 0: errs = append(errs, fmt.Errorf("uri must be set for remote JWKS provider: %s", provider.Name)) } diff --git a/api/v1alpha1/validation/securitypolicy_validate_test.go b/api/v1alpha1/validation/securitypolicy_validate_test.go index 489c7644f8b..460a0edbb79 100644 --- a/api/v1alpha1/validation/securitypolicy_validate_test.go +++ b/api/v1alpha1/validation/securitypolicy_validate_test.go @@ -41,7 +41,7 @@ func TestValidateSecurityPolicy(t *testing.T) { expected: false, }, { - name: "valid security policy with url", + name: "valid security policy with URI issuer", policy: &egv1a1.SecurityPolicy{ TypeMeta: metav1.TypeMeta{ Kind: egv1a1.KindSecurityPolicy, @@ -69,7 +69,7 @@ func TestValidateSecurityPolicy(t *testing.T) { expected: true, }, { - name: "valid security policy with email", + name: "valid security policy with Email issuer", policy: &egv1a1.SecurityPolicy{ TypeMeta: metav1.TypeMeta{ Kind: egv1a1.KindSecurityPolicy, @@ -96,6 +96,34 @@ func TestValidateSecurityPolicy(t *testing.T) { }, expected: true, }, + { + name: "valid security policy with non URI/Email Issuer", + policy: &egv1a1.SecurityPolicy{ + TypeMeta: metav1.TypeMeta{ + Kind: egv1a1.KindSecurityPolicy, + APIVersion: egv1a1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + Name: "test", + }, + Spec: egv1a1.SecurityPolicySpec{ + JWT: &egv1a1.JWT{ + Providers: []egv1a1.JWTProvider{ + { + Name: "test", + Issuer: "foo.bar.local", + Audiences: []string{"foo.bar.local"}, + RemoteJWKS: egv1a1.RemoteJWKS{ + URI: "https://test.local/jwt/public-key/jwks.json", + }, + }, + }, + }, + }, + }, + expected: true, + }, { name: "valid security policy with jwtClaimToHeader", policy: &egv1a1.SecurityPolicy{ diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 2e2df4724ab..8c68e85d4d0 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -27,4 +27,4 @@ deprecations: | # Other notable changes not covered by the above sections. Other changes: | - Add other changes here + [SecurityPolicy] Modify the JWT Provider Issuer validation constraint From 0f68219d191b2b1d5953d59945c5e174db229c1c Mon Sep 17 00:00:00 2001 From: zirain Date: Sat, 16 Nov 2024 00:34:41 +0800 Subject: [PATCH 26/47] e2e: skip some test on IPv6/non-dual (#4726) * skip test Signed-off-by: zirain --- test/e2e/e2e_test.go | 16 +++++++++++++--- test/e2e/tests/backend_dualstack.go | 15 +-------------- test/e2e/tests/httproute_dualstack.go | 16 +--------------- test/e2e/tests/ratelimit.go | 12 ++++++++++++ test/e2e/tests/utils.go | 3 +++ 5 files changed, 30 insertions(+), 32 deletions(-) diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go index 7267bbd2d75..8e980152e3d 100644 --- a/test/e2e/e2e_test.go +++ b/test/e2e/e2e_test.go @@ -39,6 +39,18 @@ func TestE2E(t *testing.T) { *flags.GatewayClassName, *flags.CleanupBaseResources, *flags.ShowDebug) } + skipTests := []string{ + tests.GatewayInfraResourceTest.ShortName, // https://github.com/envoyproxy/gateway/issues/3191 + } + + // Skip test only work on DualStack cluster + if tests.IPFamily != "dual" { + skipTests = append(skipTests, + tests.BackendDualStackTest.ShortName, + tests.HTTPRouteDualStackTest.ShortName, + ) + } + cSuite, err := suite.NewConformanceTestSuite(suite.ConformanceOptions{ Client: c, RestConfig: cfg, @@ -50,9 +62,7 @@ func TestE2E(t *testing.T) { // SupportedFeatures cannot be empty, so we set it to SupportGateway // All e2e tests should leave Features empty. SupportedFeatures: sets.New[features.FeatureName](features.SupportGateway), - SkipTests: []string{ - tests.GatewayInfraResourceTest.ShortName, // https://github.com/envoyproxy/gateway/issues/3191 - }, + SkipTests: skipTests, AllowCRDsMismatch: *flags.AllowCRDsMismatch, }) if err != nil { diff --git a/test/e2e/tests/backend_dualstack.go b/test/e2e/tests/backend_dualstack.go index c7db450824e..63d23f69341 100644 --- a/test/e2e/tests/backend_dualstack.go +++ b/test/e2e/tests/backend_dualstack.go @@ -9,7 +9,6 @@ package tests import ( - "os" "testing" "k8s.io/apimachinery/pkg/types" @@ -20,11 +19,7 @@ import ( // If the environment is not dual, the IPv6 manifest cannot be applied, so the test will be skipped. func init() { - if os.Getenv("IP_FAMILY") == "dual" { - ConformanceTests = append(ConformanceTests, BackendDualStackTest) - } else { - ConformanceTests = append(ConformanceTests, SkipBackendDualStackTest) - } + ConformanceTests = append(ConformanceTests, BackendDualStackTest) } var BackendDualStackTest = suite.ConformanceTest{ @@ -63,11 +58,3 @@ func runBackendDualStackTest(t *testing.T, suite *suite.ConformanceTestSuite, ns http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse) } - -var SkipBackendDualStackTest = suite.ConformanceTest{ - ShortName: "BackendDualStack", - Description: "Skipping BackendDualStack test as IP_FAMILY is not dual", - Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { - t.Skip("Skipping BackendDualStack test as IP_FAMILY is not dual") - }, -} diff --git a/test/e2e/tests/httproute_dualstack.go b/test/e2e/tests/httproute_dualstack.go index 0e969577870..b01fc392a12 100644 --- a/test/e2e/tests/httproute_dualstack.go +++ b/test/e2e/tests/httproute_dualstack.go @@ -9,7 +9,6 @@ package tests import ( - "os" "testing" "k8s.io/apimachinery/pkg/types" @@ -18,13 +17,8 @@ import ( "sigs.k8s.io/gateway-api/conformance/utils/suite" ) -// If the environment is not dual, the IPv6 manifest cannot be applied, so the test will be skipped. func init() { - if os.Getenv("IP_FAMILY") == "dual" { - ConformanceTests = append(ConformanceTests, HTTPRouteDualStackTest) - } else { - ConformanceTests = append(ConformanceTests, SkipHTTPRouteDualStackTest) - } + ConformanceTests = append(ConformanceTests, HTTPRouteDualStackTest) } var HTTPRouteDualStackTest = suite.ConformanceTest{ @@ -63,11 +57,3 @@ func runHTTPRouteTest(t *testing.T, suite *suite.ConformanceTestSuite, ns string http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse) } - -var SkipHTTPRouteDualStackTest = suite.ConformanceTest{ - ShortName: "HTTPRouteDualStack", - Description: "Skipping HTTPRouteDualStack test as IP_FAMILY is not dual", - Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { - t.Skip("Skipping HTTPRouteDualStack test as IP_FAMILY is not dual") - }, -} diff --git a/test/e2e/tests/ratelimit.go b/test/e2e/tests/ratelimit.go index 17ce6d245cf..799b6bbece0 100644 --- a/test/e2e/tests/ratelimit.go +++ b/test/e2e/tests/ratelimit.go @@ -37,6 +37,10 @@ var RateLimitCIDRMatchTest = suite.ConformanceTest{ Description: "Limit all requests that match CIDR", Manifests: []string{"testdata/ratelimit-cidr-match.yaml"}, Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { + if IPFamily == "ipv6" { + t.Skip("Skipping test as IP_FAMILY is IPv6") + } + t.Run("block all ips", func(t *testing.T) { ns := "gateway-conformance-infra" routeNN := types.NamespacedName{Name: "cidr-ratelimit", Namespace: ns} @@ -484,6 +488,10 @@ var RateLimitMultipleListenersTest = suite.ConformanceTest{ Description: "Limit requests on multiple listeners", Manifests: []string{"testdata/ratelimit-multiple-listeners.yaml"}, Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { + if IPFamily == "ipv6" { + t.Skip("Skipping test as IP_FAMILY is IPv6") + } + t.Run("block all ips on listener 80 and 8080", func(t *testing.T) { ns := "gateway-conformance-infra" routeNN := types.NamespacedName{Name: "cidr-ratelimit", Namespace: ns} @@ -549,6 +557,10 @@ var RateLimitHeadersAndCIDRMatchTest = suite.ConformanceTest{ gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) t.Run("all matched both headers and cidr can got limited", func(t *testing.T) { + if IPFamily == "ipv6" { + t.Skip("Skipping test as IP_FAMILY is IPv6") + } + requestHeaders := map[string]string{ "x-user-id": "one", "x-user-org": "acme", diff --git a/test/e2e/tests/utils.go b/test/e2e/tests/utils.go index c63cad1e579..a7834fbaaa3 100644 --- a/test/e2e/tests/utils.go +++ b/test/e2e/tests/utils.go @@ -14,6 +14,7 @@ import ( "net" "net/http" "net/url" + "os" "strconv" "strings" "testing" @@ -44,6 +45,8 @@ import ( tb "github.com/envoyproxy/gateway/internal/troubleshoot" ) +var IPFamily = os.Getenv("IP_FAMILY") + const defaultServiceStartupTimeout = 5 * time.Minute var PodReady = corev1.PodCondition{Type: corev1.PodReady, Status: corev1.ConditionTrue} From 62f5df81f29b3bfc0f0279837fe40d93e9f18e3a Mon Sep 17 00:00:00 2001 From: zirain Date: Sat, 16 Nov 2024 01:23:26 +0800 Subject: [PATCH 27/47] e2e: fix EnvoyGatewayBackend/TLSRouteBackendIP test not working on IPv6 first cluster (#4727) * fix EnvoyGatewayBackend cluter IP test Signed-off-by: zirain --- .../e2e/testdata/httproute-to-backend-ip.yaml | 12 ------- test/e2e/testdata/tlsroute-to-backend-ip.yaml | 14 +------- test/e2e/tests/httproute_with_backend.go | 24 +++++++++++-- test/e2e/tests/tlsroute_with_backend.go | 24 +++++++++++-- test/e2e/tests/utils.go | 36 +++++++++++++++++++ 5 files changed, 81 insertions(+), 29 deletions(-) diff --git a/test/e2e/testdata/httproute-to-backend-ip.yaml b/test/e2e/testdata/httproute-to-backend-ip.yaml index de1116d3f8e..599cbd3b332 100644 --- a/test/e2e/testdata/httproute-to-backend-ip.yaml +++ b/test/e2e/testdata/httproute-to-backend-ip.yaml @@ -6,7 +6,6 @@ metadata: spec: selector: app: infra-backend-v1 - clusterIP: 10.96.96.96 ports: - protocol: TCP port: 8080 @@ -34,14 +33,3 @@ spec: - group: gateway.envoyproxy.io kind: Backend name: backend-ip ---- -apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: Backend -metadata: - name: backend-ip - namespace: gateway-conformance-infra -spec: - endpoints: - - ip: - address: 10.96.96.96 - port: 8080 diff --git a/test/e2e/testdata/tlsroute-to-backend-ip.yaml b/test/e2e/testdata/tlsroute-to-backend-ip.yaml index 7206078e2b5..49a39d61f3f 100644 --- a/test/e2e/testdata/tlsroute-to-backend-ip.yaml +++ b/test/e2e/testdata/tlsroute-to-backend-ip.yaml @@ -13,18 +13,7 @@ spec: - backendRefs: - group: gateway.envoyproxy.io kind: Backend - name: backend-ip ---- -apiVersion: gateway.envoyproxy.io/v1alpha1 -kind: Backend -metadata: - name: backend-ip - namespace: gateway-conformance-infra -spec: - endpoints: - - ip: - address: 10.96.96.96 - port: 443 + name: backend-tls-ip --- apiVersion: v1 kind: Service @@ -34,7 +23,6 @@ metadata: spec: selector: app: tls-backend-2 - clusterIP: 10.96.96.96 ports: - protocol: TCP port: 443 diff --git a/test/e2e/tests/httproute_with_backend.go b/test/e2e/tests/httproute_with_backend.go index 7401e17c2f0..0bd7cc1ead1 100644 --- a/test/e2e/tests/httproute_with_backend.go +++ b/test/e2e/tests/httproute_with_backend.go @@ -21,7 +21,7 @@ func init() { } var EnvoyGatewayBackendTest = suite.ConformanceTest{ - ShortName: "EnvoyGatewayBackendTest", + ShortName: "EnvoyGatewayBackend", Description: "Routes with a backend ref to a backend", Manifests: []string{ "testdata/httproute-to-backend-fqdn.yaml", @@ -51,11 +51,31 @@ var EnvoyGatewayBackendTest = suite.ConformanceTest{ }) t.Run("of type IP", func(t *testing.T) { + svcNN := types.NamespacedName{ + Name: "infra-backend-v1-clusterip", + Namespace: "gateway-conformance-infra", + } + svc, err := GetService(suite.Client, svcNN) + if err != nil { + t.Fatalf("failed to get service %s: %v", svcNN, err) + } + + backendIPName := "backend-ip" ns := "gateway-conformance-infra" + err = CreateBackend(suite.Client, types.NamespacedName{Name: backendIPName, Namespace: ns}, svc.Spec.ClusterIP, 8080) + if err != nil { + t.Fatalf("failed to create backend %s: %v", backendIPName, err) + } + t.Cleanup(func() { + if err := DeleteBackend(suite.Client, types.NamespacedName{Name: backendIPName, Namespace: ns}); err != nil { + t.Fatalf("failed to delete backend %s: %v", backendIPName, err) + } + }) + routeNN := types.NamespacedName{Name: "httproute-to-backend-ip", Namespace: ns} gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns} gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) - BackendMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "backend-ip", Namespace: ns}) + BackendMustBeAccepted(t, suite.Client, types.NamespacedName{Name: backendIPName, Namespace: ns}) expectedResponse := http.ExpectedResponse{ Request: http.Request{ diff --git a/test/e2e/tests/tlsroute_with_backend.go b/test/e2e/tests/tlsroute_with_backend.go index c43162ee94f..34ed2896116 100644 --- a/test/e2e/tests/tlsroute_with_backend.go +++ b/test/e2e/tests/tlsroute_with_backend.go @@ -35,14 +35,34 @@ var TLSRouteBackendFQDNTest = suite.ConformanceTest{ } var TLSRouteBackendIPTest = suite.ConformanceTest{ - ShortName: "TLSRouteBackendIPTest", + ShortName: "TLSRouteBackendIP", Description: "TLSRoutes with a backend ref to a Backend", Manifests: []string{ "testdata/tlsroute-to-backend-ip.yaml", }, Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { t.Run("TLSRoute with a IP type Backend", func(t *testing.T) { - testTLSRouteWithBackend(t, suite, "tlsroute-to-backend-ip", "backend-ip") + svcNN := types.NamespacedName{ + Name: "tls-backend-2-clusterip", + Namespace: "gateway-conformance-infra", + } + svc, err := GetService(suite.Client, svcNN) + if err != nil { + t.Fatalf("failed to get service %s: %v", svcNN, err) + } + + backendIPName := "backend-tls-ip" + ns := "gateway-conformance-infra" + err = CreateBackend(suite.Client, types.NamespacedName{Name: backendIPName, Namespace: ns}, svc.Spec.ClusterIP, 443) + if err != nil { + t.Fatalf("failed to create backend %s: %v", backendIPName, err) + } + t.Cleanup(func() { + if err := DeleteBackend(suite.Client, types.NamespacedName{Name: backendIPName, Namespace: ns}); err != nil { + t.Fatalf("failed to delete backend %s: %v", backendIPName, err) + } + }) + testTLSRouteWithBackend(t, suite, "tlsroute-to-backend-ip", backendIPName) }) }, } diff --git a/test/e2e/tests/utils.go b/test/e2e/tests/utils.go index a7834fbaaa3..484e41922e1 100644 --- a/test/e2e/tests/utils.go +++ b/test/e2e/tests/utils.go @@ -696,3 +696,39 @@ func CollectAndDump(t *testing.T, rest *rest.Config) { tlog.Logf(t, "\ndata: \n%s", data) } } + +func GetService(c client.Client, nn types.NamespacedName) (*corev1.Service, error) { + svc := &corev1.Service{} + if err := c.Get(context.Background(), nn, svc); err != nil { + return nil, err + } + return svc, nil +} + +func CreateBackend(c client.Client, nn types.NamespacedName, clusterIP string, port int32) error { + backend := &egv1a1.Backend{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: nn.Namespace, + Name: nn.Name, + }, + Spec: egv1a1.BackendSpec{ + Endpoints: []egv1a1.BackendEndpoint{ + { + IP: &egv1a1.IPEndpoint{ + Address: clusterIP, + Port: port, + }, + }, + }, + }, + } + return c.Create(context.TODO(), backend) +} + +func DeleteBackend(c client.Client, nn types.NamespacedName) error { + backend := &egv1a1.Backend{} + if err := c.Get(context.Background(), nn, backend); err != nil { + return err + } + return c.Delete(context.Background(), backend) +} From 7699578e222a0c7ce7cafbf8cad96d634e464dfb Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Fri, 15 Nov 2024 18:25:57 -0700 Subject: [PATCH 28/47] update OIDC docs (#4723) Signed-off-by: Huabing Zhao --- site/content/en/docs/tasks/security/oidc.md | 24 ++++++++++--------- site/content/en/latest/tasks/security/oidc.md | 24 ++++++++++--------- site/content/en/v1.2/tasks/security/oidc.md | 24 ++++++++++--------- 3 files changed, 39 insertions(+), 33 deletions(-) diff --git a/site/content/en/docs/tasks/security/oidc.md b/site/content/en/docs/tasks/security/oidc.md index 45adc554a90..f6ad61f8aa1 100644 --- a/site/content/en/docs/tasks/security/oidc.md +++ b/site/content/en/docs/tasks/security/oidc.md @@ -85,7 +85,7 @@ kubectl get httproute/myapp -o yaml ## OIDC Authentication for a HTTPRoute -OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with +OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with the same OIDC configuration, or at the HTTPRoute level to authenticate each HTTPRoute with different OIDC configurations. This section demonstrates how to configure OIDC authentication for a specific HTTPRoute. @@ -117,9 +117,9 @@ kubectl create secret generic my-app-client-secret --from-literal=client-secret= ### Create a SecurityPolicy **Please notice that the `redirectURL` and `logoutPath` must match the target HTTPRoute.** In this example, the target -HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed -with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication -will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed +HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed +with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication +will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed by the OAuth2 filter on that HTTPRoute. Note: please replace the ${CLIENT_ID} in the below yaml snippet with the actual Client ID that you got from the OIDC provider. @@ -200,8 +200,8 @@ Put www.example.com in the /etc/hosts file in your test machine, so we can use t 127.0.0.1 www.example.com ``` -Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google -login page. After you successfully login, you should see the response from the backend service. +Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google +login page. After you successfully login, you should see the response from the backend service. Clean the cookies in the browser and try to access `https://www.example.com:8443/foo` address. You should be able to see this page since the path `/foo` is not protected by the OIDC policy. @@ -284,16 +284,18 @@ kubectl get httproute/foo -o yaml ### Create a SecurityPolicy -Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL` -and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has -three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host -`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes +Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL` +and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has +three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host +`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes can be used to match the `redirectURL` and `logoutPath`. By default, the access token and ID token cookies are set to the host of the request, excluding subdomains. To allow the -token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains, +token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains, the `cookieDomain` field needs to be set to the root domain. In this example, the root domain is `example.com`. +Note: if a `cookieDomain` is added to an existing SecurityPolicy, the cookies in the browser must be cleared before sending a new request to the Gateway, otherwise the cookies with the old subdomain will take precedence and be sent to the Gateway, causing the OIDC authentication to fail. + {{< tabpane text=true >}} {{% tab header="Apply from stdin" %}} diff --git a/site/content/en/latest/tasks/security/oidc.md b/site/content/en/latest/tasks/security/oidc.md index 45adc554a90..f6ad61f8aa1 100644 --- a/site/content/en/latest/tasks/security/oidc.md +++ b/site/content/en/latest/tasks/security/oidc.md @@ -85,7 +85,7 @@ kubectl get httproute/myapp -o yaml ## OIDC Authentication for a HTTPRoute -OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with +OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with the same OIDC configuration, or at the HTTPRoute level to authenticate each HTTPRoute with different OIDC configurations. This section demonstrates how to configure OIDC authentication for a specific HTTPRoute. @@ -117,9 +117,9 @@ kubectl create secret generic my-app-client-secret --from-literal=client-secret= ### Create a SecurityPolicy **Please notice that the `redirectURL` and `logoutPath` must match the target HTTPRoute.** In this example, the target -HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed -with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication -will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed +HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed +with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication +will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed by the OAuth2 filter on that HTTPRoute. Note: please replace the ${CLIENT_ID} in the below yaml snippet with the actual Client ID that you got from the OIDC provider. @@ -200,8 +200,8 @@ Put www.example.com in the /etc/hosts file in your test machine, so we can use t 127.0.0.1 www.example.com ``` -Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google -login page. After you successfully login, you should see the response from the backend service. +Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google +login page. After you successfully login, you should see the response from the backend service. Clean the cookies in the browser and try to access `https://www.example.com:8443/foo` address. You should be able to see this page since the path `/foo` is not protected by the OIDC policy. @@ -284,16 +284,18 @@ kubectl get httproute/foo -o yaml ### Create a SecurityPolicy -Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL` -and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has -three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host -`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes +Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL` +and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has +three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host +`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes can be used to match the `redirectURL` and `logoutPath`. By default, the access token and ID token cookies are set to the host of the request, excluding subdomains. To allow the -token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains, +token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains, the `cookieDomain` field needs to be set to the root domain. In this example, the root domain is `example.com`. +Note: if a `cookieDomain` is added to an existing SecurityPolicy, the cookies in the browser must be cleared before sending a new request to the Gateway, otherwise the cookies with the old subdomain will take precedence and be sent to the Gateway, causing the OIDC authentication to fail. + {{< tabpane text=true >}} {{% tab header="Apply from stdin" %}} diff --git a/site/content/en/v1.2/tasks/security/oidc.md b/site/content/en/v1.2/tasks/security/oidc.md index 45adc554a90..f6ad61f8aa1 100644 --- a/site/content/en/v1.2/tasks/security/oidc.md +++ b/site/content/en/v1.2/tasks/security/oidc.md @@ -85,7 +85,7 @@ kubectl get httproute/myapp -o yaml ## OIDC Authentication for a HTTPRoute -OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with +OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with the same OIDC configuration, or at the HTTPRoute level to authenticate each HTTPRoute with different OIDC configurations. This section demonstrates how to configure OIDC authentication for a specific HTTPRoute. @@ -117,9 +117,9 @@ kubectl create secret generic my-app-client-secret --from-literal=client-secret= ### Create a SecurityPolicy **Please notice that the `redirectURL` and `logoutPath` must match the target HTTPRoute.** In this example, the target -HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed -with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication -will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed +HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed +with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication +will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed by the OAuth2 filter on that HTTPRoute. Note: please replace the ${CLIENT_ID} in the below yaml snippet with the actual Client ID that you got from the OIDC provider. @@ -200,8 +200,8 @@ Put www.example.com in the /etc/hosts file in your test machine, so we can use t 127.0.0.1 www.example.com ``` -Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google -login page. After you successfully login, you should see the response from the backend service. +Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google +login page. After you successfully login, you should see the response from the backend service. Clean the cookies in the browser and try to access `https://www.example.com:8443/foo` address. You should be able to see this page since the path `/foo` is not protected by the OIDC policy. @@ -284,16 +284,18 @@ kubectl get httproute/foo -o yaml ### Create a SecurityPolicy -Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL` -and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has -three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host -`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes +Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL` +and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has +three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host +`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes can be used to match the `redirectURL` and `logoutPath`. By default, the access token and ID token cookies are set to the host of the request, excluding subdomains. To allow the -token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains, +token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains, the `cookieDomain` field needs to be set to the root domain. In this example, the root domain is `example.com`. +Note: if a `cookieDomain` is added to an existing SecurityPolicy, the cookies in the browser must be cleared before sending a new request to the Gateway, otherwise the cookies with the old subdomain will take precedence and be sent to the Gateway, causing the OIDC authentication to fail. + {{< tabpane text=true >}} {{% tab header="Apply from stdin" %}} From 36b1232526fce72a044fb476993b17befbe8acbf Mon Sep 17 00:00:00 2001 From: sh2 Date: Mon, 18 Nov 2024 22:23:37 +0800 Subject: [PATCH 29/47] doc: add standalone deployment doc (#4518) * add standalone deployment doc Signed-off-by: shawnh2 * update standalone deployment doc Signed-off-by: shawnh2 * fix local address for backend Signed-off-by: shawnh2 * update standalone doc Signed-off-by: shawnh2 * address comments Signed-off-by: shawnh2 * fix typo Signed-off-by: shawnh2 * address comment Signed-off-by: shawnh2 --------- Signed-off-by: shawnh2 --- examples/standalone/quickstart.yaml | 46 +++++++ .../operations/standalone-deployment-mode.md | 123 +++++++++++++++++ .../operations/standalone-deployment-mode.md | 130 ++++++++++++++++++ .../operations/standalone-deployment-mode.md | 123 +++++++++++++++++ 4 files changed, 422 insertions(+) create mode 100644 examples/standalone/quickstart.yaml create mode 100644 site/content/en/docs/tasks/operations/standalone-deployment-mode.md create mode 100644 site/content/en/latest/tasks/operations/standalone-deployment-mode.md create mode 100644 site/content/en/v1.2/tasks/operations/standalone-deployment-mode.md diff --git a/examples/standalone/quickstart.yaml b/examples/standalone/quickstart.yaml new file mode 100644 index 00000000000..e7a5cda07e5 --- /dev/null +++ b/examples/standalone/quickstart.yaml @@ -0,0 +1,46 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: eg +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: eg +spec: + gatewayClassName: eg + listeners: + - name: http + protocol: HTTP + port: 8888 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: backend +spec: + parentRefs: + - name: eg + hostnames: + - "www.example.com" + rules: + - backendRefs: + - group: "gateway.envoyproxy.io" + kind: Backend + name: backend + matches: + - path: + type: PathPrefix + value: / +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: backend +spec: + endpoints: + - ip: + address: 0.0.0.0 # this address is for demo purpose only, do not use it in production! + port: 3000 diff --git a/site/content/en/docs/tasks/operations/standalone-deployment-mode.md b/site/content/en/docs/tasks/operations/standalone-deployment-mode.md new file mode 100644 index 00000000000..cc8218a2905 --- /dev/null +++ b/site/content/en/docs/tasks/operations/standalone-deployment-mode.md @@ -0,0 +1,123 @@ +--- +title: "Standalone Deployment Mode" +--- + +{{% alert title="Notice" color="warning" %}} + +Standalone mode is an experimental feature, please **DO NOT** use it in production. + +{{% /alert %}} + +Envoy Gateway also supports running in standalone mode. In this mode, Envoy Gateway +does not need to rely on Kubernetes and can be deployed directly on bare metal or virtual machines. + +Currently, Envoy Gateway only support the file provider and the host infrastructure provider combinations. + +- The file provider will configure the Envoy Gateway to get all gateway-api resources from file system. +- The host infrastructure provider will configure the Envoy Gateway to deploy one Envoy Proxy as a host process. + +## Quick Start + +In this quick-start, we will run Envoy Gateway in standalone mode with the file provider +and the host infrastructure provider. + +### Prerequisites + +Create a local directory just for testing: + +```shell +mkdir -p /tmp/envoy-gateway-test +``` + +Download the Envoy Gateway binary from v1.2.x release. + +### Create Certificates + +All runners in Envoy Gateway are using TLS connection, so create these TLS certificates locally to +ensure the Envoy Gateway works properly. + +```shell +envoy-gateway certgen --local +``` + +### Start Envoy Gateway + +Start Envoy Gateway by the following command: + +```shell +envoy-gateway server --config-path standalone.yaml +``` + +with `standalone.yaml` configuration: + +```yaml +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: EnvoyGateway +gateway: + controllerName: gateway.envoyproxy.io/gatewayclass-controller +provider: + type: Custom + custom: + resource: + type: File + file: + paths: ["/tmp/envoy-gateway-test"] + infrastructure: + type: Host + host: {} +logging: + level: + default: info +extensionApis: + enableBackend: true +``` + +As you can see, we have enabled the [Backend][] API, this API will be used to represent our local endpoints. + +### Trigger an Update + +Any changes under watched `paths` will be considered as an update by the file provider. + +For instance, copying example file into `/tmp/envoy-gateway-test/` will trigger an update of gateway-api resources: + +```shell +cp examples/standalone/quickstart.yaml /tmp/envoy-gateway-test/quickstart.yaml +``` + +From the Envoy Gateway log, you should be able to observe that the Envoy Proxy has been started, and its admin address has been returned. + +### Test Connection + +Starts a simple local server as an endpoint: + +```shell +python3 -m http.server 3000 +``` + +Curl the example server through Envoy Proxy: + +```shell +curl --verbose --header "Host: www.example.com" http://0.0.0.0:8888/ +``` + +```console +* Trying 0.0.0.0:8888... +* Connected to 0.0.0.0 (127.0.0.1) port 8888 (#0) +> GET / HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/7.81.0 +> Accept: */* +> +* Mark bundle as not supporting multiuse +< HTTP/1.1 200 OK +< server: SimpleHTTP/0.6 Python/3.10.12 +< date: Sat, 26 Oct 2024 13:20:34 GMT +< content-type: text/html; charset=utf-8 +< content-length: 1870 +< +... +* Connection #0 to host 0.0.0.0 left intact +``` + + +[Backend]: ../../../api/extension_types#backend diff --git a/site/content/en/latest/tasks/operations/standalone-deployment-mode.md b/site/content/en/latest/tasks/operations/standalone-deployment-mode.md new file mode 100644 index 00000000000..88a5c1b98c2 --- /dev/null +++ b/site/content/en/latest/tasks/operations/standalone-deployment-mode.md @@ -0,0 +1,130 @@ +--- +title: "Standalone Deployment Mode" +--- + +{{% alert title="Notice" color="warning" %}} + +Standalone mode is an experimental feature, please **DO NOT** use it in production. + +{{% /alert %}} + +Envoy Gateway also supports running in standalone mode. In this mode, Envoy Gateway +does not need to rely on Kubernetes and can be deployed directly on bare metal or virtual machines. + +Currently, Envoy Gateway only support the file provider and the host infrastructure provider combinations. + +- The file provider will configure the Envoy Gateway to get all gateway-api resources from file system. +- The host infrastructure provider will configure the Envoy Gateway to deploy one Envoy Proxy as a host process. + +## Quick Start + +In this quick-start, we will run Envoy Gateway in standalone mode with the file provider +and the host infrastructure provider. + +### Prerequisites + +Create a local directory just for testing: + +```shell +mkdir -p /tmp/envoy-gateway-test +``` + +As we do not provide the Envoy Gateway binary in latest release, +you can compile this binary on your own from project by using command: + +```shell +make build +``` + +The compiled binary lies in `bin/{os}/{arch}/envoy-gateway`. + +### Create Certificates + +All runners in Envoy Gateway are using TLS connection, so create these TLS certificates locally to +ensure the Envoy Gateway works properly. + +```shell +envoy-gateway certgen --local +``` + +### Start Envoy Gateway + +Start Envoy Gateway by the following command: + +```shell +envoy-gateway server --config-path standalone.yaml +``` + +with `standalone.yaml` configuration: + +```yaml +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: EnvoyGateway +gateway: + controllerName: gateway.envoyproxy.io/gatewayclass-controller +provider: + type: Custom + custom: + resource: + type: File + file: + paths: ["/tmp/envoy-gateway-test"] + infrastructure: + type: Host + host: {} +logging: + level: + default: info +extensionApis: + enableBackend: true +``` + +As you can see, we have enabled the [Backend][] API, this API will be used to represent our local endpoints. + +### Trigger an Update + +Any changes under watched `paths` will be considered as an update by the file provider. + +For instance, copying example file into `/tmp/envoy-gateway-test/` will trigger an update of gateway-api resources: + +```shell +cp examples/standalone/quickstart.yaml /tmp/envoy-gateway-test/quickstart.yaml +``` + +From the Envoy Gateway log, you should be able to observe that the Envoy Proxy has been started, and its admin address has been returned. + +### Test Connection + +Starts a simple local server as an endpoint: + +```shell +python3 -m http.server 3000 +``` + +Curl the example server through Envoy Proxy: + +```shell +curl --verbose --header "Host: www.example.com" http://0.0.0.0:8888/ +``` + +```console +* Trying 0.0.0.0:8888... +* Connected to 0.0.0.0 (127.0.0.1) port 8888 (#0) +> GET / HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/7.81.0 +> Accept: */* +> +* Mark bundle as not supporting multiuse +< HTTP/1.1 200 OK +< server: SimpleHTTP/0.6 Python/3.10.12 +< date: Sat, 26 Oct 2024 13:20:34 GMT +< content-type: text/html; charset=utf-8 +< content-length: 1870 +< +... +* Connection #0 to host 0.0.0.0 left intact +``` + + +[Backend]: ../../../api/extension_types#backend diff --git a/site/content/en/v1.2/tasks/operations/standalone-deployment-mode.md b/site/content/en/v1.2/tasks/operations/standalone-deployment-mode.md new file mode 100644 index 00000000000..cc8218a2905 --- /dev/null +++ b/site/content/en/v1.2/tasks/operations/standalone-deployment-mode.md @@ -0,0 +1,123 @@ +--- +title: "Standalone Deployment Mode" +--- + +{{% alert title="Notice" color="warning" %}} + +Standalone mode is an experimental feature, please **DO NOT** use it in production. + +{{% /alert %}} + +Envoy Gateway also supports running in standalone mode. In this mode, Envoy Gateway +does not need to rely on Kubernetes and can be deployed directly on bare metal or virtual machines. + +Currently, Envoy Gateway only support the file provider and the host infrastructure provider combinations. + +- The file provider will configure the Envoy Gateway to get all gateway-api resources from file system. +- The host infrastructure provider will configure the Envoy Gateway to deploy one Envoy Proxy as a host process. + +## Quick Start + +In this quick-start, we will run Envoy Gateway in standalone mode with the file provider +and the host infrastructure provider. + +### Prerequisites + +Create a local directory just for testing: + +```shell +mkdir -p /tmp/envoy-gateway-test +``` + +Download the Envoy Gateway binary from v1.2.x release. + +### Create Certificates + +All runners in Envoy Gateway are using TLS connection, so create these TLS certificates locally to +ensure the Envoy Gateway works properly. + +```shell +envoy-gateway certgen --local +``` + +### Start Envoy Gateway + +Start Envoy Gateway by the following command: + +```shell +envoy-gateway server --config-path standalone.yaml +``` + +with `standalone.yaml` configuration: + +```yaml +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: EnvoyGateway +gateway: + controllerName: gateway.envoyproxy.io/gatewayclass-controller +provider: + type: Custom + custom: + resource: + type: File + file: + paths: ["/tmp/envoy-gateway-test"] + infrastructure: + type: Host + host: {} +logging: + level: + default: info +extensionApis: + enableBackend: true +``` + +As you can see, we have enabled the [Backend][] API, this API will be used to represent our local endpoints. + +### Trigger an Update + +Any changes under watched `paths` will be considered as an update by the file provider. + +For instance, copying example file into `/tmp/envoy-gateway-test/` will trigger an update of gateway-api resources: + +```shell +cp examples/standalone/quickstart.yaml /tmp/envoy-gateway-test/quickstart.yaml +``` + +From the Envoy Gateway log, you should be able to observe that the Envoy Proxy has been started, and its admin address has been returned. + +### Test Connection + +Starts a simple local server as an endpoint: + +```shell +python3 -m http.server 3000 +``` + +Curl the example server through Envoy Proxy: + +```shell +curl --verbose --header "Host: www.example.com" http://0.0.0.0:8888/ +``` + +```console +* Trying 0.0.0.0:8888... +* Connected to 0.0.0.0 (127.0.0.1) port 8888 (#0) +> GET / HTTP/1.1 +> Host: www.example.com +> User-Agent: curl/7.81.0 +> Accept: */* +> +* Mark bundle as not supporting multiuse +< HTTP/1.1 200 OK +< server: SimpleHTTP/0.6 Python/3.10.12 +< date: Sat, 26 Oct 2024 13:20:34 GMT +< content-type: text/html; charset=utf-8 +< content-length: 1870 +< +... +* Connection #0 to host 0.0.0.0 left intact +``` + + +[Backend]: ../../../api/extension_types#backend From b7f6e0196650d747d58136923f1e30a46c06c972 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 17:40:17 -0800 Subject: [PATCH 30/47] build(deps): bump github/codeql-action from 3.27.1 to 3.27.4 (#4733) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.1 to 3.27.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4f3212b61783c3c68e8309a0f18a699764811cda...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index faca9d0eb1b..c8c1884c937 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,14 +36,14 @@ jobs: - uses: ./tools/github-actions/setup-deps - name: Initialize CodeQL - uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 79f040fba97..23235a9a5ba 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -40,6 +40,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: sarif_file: results.sarif From 4bcda6c84cc76ab50ff994c2225cd853686e9b34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 17:41:40 -0800 Subject: [PATCH 31/47] build(deps): bump distroless/static from `3a03fc0` to `d71f4b2` in /tools/docker/envoy-gateway (#4730) build(deps): bump distroless/static in /tools/docker/envoy-gateway Bumps distroless/static from `3a03fc0` to `d71f4b2`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/docker/envoy-gateway/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/docker/envoy-gateway/Dockerfile b/tools/docker/envoy-gateway/Dockerfile index 5fef537da10..44fff0beb98 100644 --- a/tools/docker/envoy-gateway/Dockerfile +++ b/tools/docker/envoy-gateway/Dockerfile @@ -4,7 +4,7 @@ RUN mkdir -p /var/lib/eg # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:nonroot@sha256:3a03fc0826340c7deb82d4755ca391bef5adcedb8892e58412e1a6008199fa91 +FROM gcr.io/distroless/static:nonroot@sha256:d71f4b239be2d412017b798a0a401c44c3049a3ca454838473a4c32ed076bfea ARG TARGETPLATFORM COPY $TARGETPLATFORM/envoy-gateway /usr/local/bin/ COPY --from=source --chown=65532:65532 /var/lib /var/lib From 0ba9330b4a8ed17ccce1eb205aa1c97ebd09ebf3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 18:11:12 -0800 Subject: [PATCH 32/47] build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /examples/extension-server (#4737) build(deps): bump google.golang.org/protobuf Bumps google.golang.org/protobuf from 1.35.1 to 1.35.2. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- examples/extension-server/go.mod | 2 +- examples/extension-server/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/extension-server/go.mod b/examples/extension-server/go.mod index 6ee602741b3..b484a19a6b7 100644 --- a/examples/extension-server/go.mod +++ b/examples/extension-server/go.mod @@ -7,7 +7,7 @@ require ( github.com/envoyproxy/go-control-plane v0.13.1 github.com/urfave/cli/v2 v2.27.5 google.golang.org/grpc v1.68.0 - google.golang.org/protobuf v1.35.1 + google.golang.org/protobuf v1.35.2 k8s.io/apimachinery v0.31.2 sigs.k8s.io/controller-runtime v0.19.1 sigs.k8s.io/gateway-api v1.2.0 diff --git a/examples/extension-server/go.sum b/examples/extension-server/go.sum index 023da3e9b9e..8bac1672b4e 100644 --- a/examples/extension-server/go.sum +++ b/examples/extension-server/go.sum @@ -113,8 +113,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1: google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= From c6190913cb0cabd9e4163b03bc5da7db664de3c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 18:15:52 -0800 Subject: [PATCH 33/47] build(deps): bump helm.sh/helm/v3 from 3.16.2 to 3.16.3 (#4736) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.16.2 to 3.16.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.16.2...v3.16.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 2519f4ab3e4..ce1f5d5cdf5 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,7 @@ require ( golang.org/x/sys v0.27.0 google.golang.org/protobuf v1.35.1 gopkg.in/yaml.v3 v3.0.1 - helm.sh/helm/v3 v3.16.2 + helm.sh/helm/v3 v3.16.3 k8s.io/api v0.31.2 k8s.io/apiextensions-apiserver v0.31.2 k8s.io/apimachinery v0.31.2 @@ -95,8 +95,8 @@ require ( github.com/c9s/goprocinfo v0.0.0-20170724085704-0010a05ce49f // indirect github.com/cilium/ebpf v0.16.0 // indirect github.com/containerd/cgroups/v3 v3.0.3 // indirect - github.com/containerd/containerd v1.7.20 // indirect - github.com/containerd/errdefs v0.1.0 // indirect + github.com/containerd/containerd v1.7.23 // indirect + github.com/containerd/errdefs v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect @@ -107,7 +107,7 @@ require ( github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect - github.com/cyphar/filepath-securejoin v0.3.1 // indirect + github.com/cyphar/filepath-securejoin v0.3.4 // indirect github.com/distribution/distribution/v3 v3.0.0-beta.1 // indirect github.com/distribution/reference v0.6.0 // indirect github.com/docker/distribution v2.8.3+incompatible // indirect diff --git a/go.sum b/go.sum index 5d34e722723..fd359d6263c 100644 --- a/go.sum +++ b/go.sum @@ -128,12 +128,12 @@ github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1Ig github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= -github.com/containerd/containerd v1.7.20 h1:Sl6jQYk3TRavaU83h66QMbI2Nqg9Jm6qzwX57Vsn1SQ= -github.com/containerd/containerd v1.7.20/go.mod h1:52GsS5CwquuqPuLncsXwG0t2CiUce+KsNHJZQJvAgR0= +github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= +github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= -github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= -github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= +github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= +github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= @@ -170,8 +170,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE= -github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= +github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= +github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/datawire/dlib v1.3.0 h1:KkmyXU1kwm3oPBk1ypR70YbcOlEXWzEbx5RE0iRXTGk= github.com/datawire/dlib v1.3.0/go.mod h1:NiGDmetmbkBvtznpWSx6C0vA0s0LK9aHna3LJDqjruk= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -1152,8 +1152,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= -helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o= -helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70= +helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY= +helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From 97a5d688639b28b8c5eed761568e9665468bdfe6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 19:02:05 -0800 Subject: [PATCH 34/47] build(deps): bump github.com/bufbuild/buf from 1.46.0 to 1.47.2 in /tools/src/buf (#4738) build(deps): bump github.com/bufbuild/buf in /tools/src/buf Bumps [github.com/bufbuild/buf](https://github.com/bufbuild/buf) from 1.46.0 to 1.47.2. - [Release notes](https://github.com/bufbuild/buf/releases) - [Changelog](https://github.com/bufbuild/buf/blob/main/CHANGELOG.md) - [Commits](https://github.com/bufbuild/buf/compare/v1.46.0...v1.47.2) --- updated-dependencies: - dependency-name: github.com/bufbuild/buf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/src/buf/go.mod | 55 ++++++++++---------- tools/src/buf/go.sum | 116 ++++++++++++++++++++++--------------------- 2 files changed, 88 insertions(+), 83 deletions(-) diff --git a/tools/src/buf/go.mod b/tools/src/buf/go.mod index b276538c15a..1b7b86cdd53 100644 --- a/tools/src/buf/go.mod +++ b/tools/src/buf/go.mod @@ -2,10 +2,10 @@ module local go 1.23.3 -require github.com/bufbuild/buf v1.46.0 +require github.com/bufbuild/buf v1.47.2 require ( - buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241023225133-42bdb4b67625.1 // indirect + buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241031151143-70f632351282.1 // indirect buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.35.1-20240920164238-5a7b106cbb87.1 // indirect buf.build/gen/go/bufbuild/registry/connectrpc/go v1.17.0-20241025140216-aa40f2c93090.1 // indirect buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.35.1-20241025140216-aa40f2c93090.1 // indirect @@ -13,24 +13,26 @@ require ( buf.build/go/bufplugin v0.6.0 // indirect buf.build/go/protoyaml v0.2.0 // indirect buf.build/go/spdx v0.2.0 // indirect + cel.dev/expr v0.18.0 // indirect connectrpc.com/connect v1.17.0 // indirect connectrpc.com/otelconnect v0.7.1 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect - github.com/Microsoft/hcsshim v0.12.7 // indirect + github.com/Microsoft/hcsshim v0.12.9 // indirect github.com/antlr4-go/antlr/v4 v4.13.1 // indirect github.com/bufbuild/protocompile v0.14.1 // indirect github.com/bufbuild/protoplugin v0.0.0-20240911180120-7bb73e41a54a // indirect github.com/bufbuild/protovalidate-go v0.7.3-0.20241015162221-1446f1e1d576 // indirect github.com/containerd/cgroups/v3 v3.0.3 // indirect github.com/containerd/containerd v1.7.23 // indirect - github.com/containerd/continuity v0.4.3 // indirect - github.com/containerd/errdefs v0.3.0 // indirect + github.com/containerd/continuity v0.4.4 // indirect + github.com/containerd/errdefs v1.0.0 // indirect + github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect - github.com/containerd/ttrpc v1.2.5 // indirect - github.com/containerd/typeurl/v2 v2.2.0 // indirect + github.com/containerd/ttrpc v1.2.6 // indirect + github.com/containerd/typeurl/v2 v2.2.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect github.com/distribution/reference v0.6.0 // indirect github.com/docker/cli v27.3.1+incompatible // indirect @@ -48,9 +50,9 @@ require ( github.com/gofrs/flock v0.12.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/google/cel-go v0.21.0 // indirect + github.com/google/cel-go v0.22.0 // indirect github.com/google/go-containerregistry v0.20.2 // indirect - github.com/google/pprof v0.0.0-20241017200806-017d972448fc // indirect + github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 // indirect github.com/google/uuid v1.6.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect @@ -69,7 +71,7 @@ require ( github.com/moby/sys/userns v0.1.0 // indirect github.com/moby/term v0.5.0 // indirect github.com/morikuni/aec v1.0.0 // indirect - github.com/onsi/ginkgo/v2 v2.20.2 // indirect + github.com/onsi/ginkgo/v2 v2.21.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect @@ -94,29 +96,28 @@ require ( go.lsp.dev/protocol v0.12.0 // indirect go.lsp.dev/uri v0.3.0 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect - go.opentelemetry.io/otel v1.31.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect + go.opentelemetry.io/otel v1.32.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect - go.opentelemetry.io/otel/metric v1.31.0 // indirect + go.opentelemetry.io/otel/metric v1.32.0 // indirect go.opentelemetry.io/otel/sdk v1.30.0 // indirect - go.opentelemetry.io/otel/trace v1.31.0 // indirect - go.uber.org/atomic v1.11.0 // indirect + go.opentelemetry.io/otel/trace v1.32.0 // indirect go.uber.org/mock v0.5.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect go.uber.org/zap/exp v0.3.0 // indirect - golang.org/x/crypto v0.28.0 // indirect - golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect - golang.org/x/mod v0.21.0 // indirect - golang.org/x/net v0.30.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/term v0.25.0 // indirect - golang.org/x/text v0.19.0 // indirect - golang.org/x/tools v0.26.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f // indirect - google.golang.org/grpc v1.67.1 // indirect + golang.org/x/crypto v0.29.0 // indirect + golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/net v0.31.0 // indirect + golang.org/x/sync v0.9.0 // indirect + golang.org/x/sys v0.27.0 // indirect + golang.org/x/term v0.26.0 // indirect + golang.org/x/text v0.20.0 // indirect + golang.org/x/tools v0.27.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/grpc v1.68.0 // indirect google.golang.org/protobuf v1.35.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect pluginrpc.com/pluginrpc v0.5.0 // indirect diff --git a/tools/src/buf/go.sum b/tools/src/buf/go.sum index b2a67028e40..9e7bf68b94e 100644 --- a/tools/src/buf/go.sum +++ b/tools/src/buf/go.sum @@ -1,5 +1,5 @@ -buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241023225133-42bdb4b67625.1 h1:O31Hu5Oho5suEWOD7FuMU9vfzeQT07ukTu4YuBVjLbw= -buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241023225133-42bdb4b67625.1/go.mod h1:rYPnjsUZ2lGpoQ/T322HWZQil9/MIZF2njP+/u/0GKg= +buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241031151143-70f632351282.1 h1:APVDdZ4VfUvERVIj//yDjCWV7WezEOiK7+b6gvJ+iAk= +buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241031151143-70f632351282.1/go.mod h1:rYPnjsUZ2lGpoQ/T322HWZQil9/MIZF2njP+/u/0GKg= buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.35.1-20240920164238-5a7b106cbb87.1 h1:9wP6ZZYWnF2Z0TxmII7m3XNykxnP4/w8oXeth6ekcRI= buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.35.1-20240920164238-5a7b106cbb87.1/go.mod h1:Duw/9JoXkXIydyASnLYIiufkzySThoqavOsF+IihqvM= buf.build/gen/go/bufbuild/registry/connectrpc/go v1.17.0-20241025140216-aa40f2c93090.1 h1:FHQXg3T7S2jp8yc7/bQJgqEH1yza/rrDHXITUK2Tm0g= @@ -14,6 +14,8 @@ buf.build/go/protoyaml v0.2.0 h1:2g3OHjtLDqXBREIOjpZGHmQ+U/4mkN1YiQjxNB68Ip8= buf.build/go/protoyaml v0.2.0/go.mod h1:L/9QvTDkTWcDTzAL6HMfN+mYC6CmZRm2KnsUA054iL0= buf.build/go/spdx v0.2.0 h1:IItqM0/cMxvFJJumcBuP8NrsIzMs/UYjp/6WSpq8LTw= buf.build/go/spdx v0.2.0/go.mod h1:bXdwQFem9Si3nsbNy8aJKGPoaPi5DKwdeEp5/ArZ6w8= +cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo= +cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= connectrpc.com/connect v1.17.0 h1:W0ZqMhtVzn9Zhn2yATuUokDLO5N+gIuBWMOnsQrfmZk= connectrpc.com/connect v1.17.0/go.mod h1:0292hj1rnx8oFrStN7cB4jjVBeqs+Yx5yDIC2prWDO8= @@ -26,12 +28,12 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg6 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/Microsoft/hcsshim v0.12.7 h1:MP6R1spmjxTE4EU4J3YsrTxn8CjvN9qwjTKJXldFaRg= -github.com/Microsoft/hcsshim v0.12.7/go.mod h1:HPbAuJ9BvQYYZbB4yEQcyGIsTP5L4yHKeO9XO149AEM= +github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg= +github.com/Microsoft/hcsshim v0.12.9/go.mod h1:fJ0gkFAna6ukt0bLdKB8djt4XIJhF/vEPuoIWYVvZ8Y= github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= -github.com/bufbuild/buf v1.46.0 h1:QqlFiy2l0F+hhyTF9xm7j91E7ovGyZVnneG2y38F0rk= -github.com/bufbuild/buf v1.46.0/go.mod h1:oN16LKwdlgji2eHLn3R07dxnQjxm9Q0pdUor5VXj3H8= +github.com/bufbuild/buf v1.47.2 h1:fA5e2yVQGabxAz7W5aNbO7Fku1P6TpoHhjs1wER1pOc= +github.com/bufbuild/buf v1.47.2/go.mod h1:1Xd0QG0a1uCGk7cODUenpQ8E5l7bj2Ry9tnUfERm1YI= github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= github.com/bufbuild/protoplugin v0.0.0-20240911180120-7bb73e41a54a h1:l3RhVoG0RtC61h6TVWnkniGj4TgBebuyPQRdleFAmTg= @@ -56,20 +58,22 @@ github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGD github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= -github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= -github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= -github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= -github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= +github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII= +github.com/containerd/continuity v0.4.4/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE= +github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= +github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= +github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= +github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU= github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= -github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU= -github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= -github.com/containerd/typeurl/v2 v2.2.0 h1:6NBDbQzr7I5LHgp34xAXYF5DOTQDn05X58lsPEmzLso= -github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g= +github.com/containerd/ttrpc v1.2.6 h1:zG+Kn5EZ6MUYCS1t2Hmt2J4tMVaLSFEJVOraDQwNPC4= +github.com/containerd/ttrpc v1.2.6/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= +github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= +github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -133,8 +137,10 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/google/cel-go v0.21.0 h1:cl6uW/gxN+Hy50tNYvI691+sXxioCnstFzLp2WO4GCI= -github.com/google/cel-go v0.21.0/go.mod h1:rHUlWCcBKgyEk+eV03RPdZUekPp6YcJwV0FxuUksYxc= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/cel-go v0.22.0 h1:b3FJZxpiv1vTMo2/5RDUqAHPxkT8mmMfJIrq1llbf7g= +github.com/google/cel-go v0.22.0/go.mod h1:BuznPXXfQDpXKWQ9sPW3TzlAJN5zzFe+i9tIs0yC4s8= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -147,8 +153,8 @@ github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8= github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg= github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= -github.com/google/pprof v0.0.0-20241017200806-017d972448fc h1:NGyrhhFhwvRAZg02jnYVg3GBQy0qGBKmFQJwaPmpmxs= -github.com/google/pprof v0.0.0-20241017200806-017d972448fc/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 h1:sAGdeJj0bnMgUNVeUpp6AYlVdCt3/GdI3pGRqsNSQLs= +github.com/google/pprof v0.0.0-20241101162523-b92577c0c142/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -199,10 +205,10 @@ github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= -github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= -github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= -github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= -github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= +github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -270,26 +276,24 @@ go.lsp.dev/uri v0.3.0 h1:KcZJmh6nFIBeJzTugn5JTU6OOyG0lDOo3R9KwTxTYbo= go.lsp.dev/uri v0.3.0/go.mod h1:P5sbO1IQR+qySTWOCnhnK7phBx+W3zbLqSMDJNTw88I= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 h1:UP6IpuHFkUgOQL9FFQFrZ+5LiwhhYRbi7VZSIx6Nj5s= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0/go.mod h1:qxuZLtbq5QDtdeSHsS7bcf6EH6uO6jUAgk764zd3rhM= -go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY= -go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94= +go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= +go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= -go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE= -go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY= +go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= +go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= go.opentelemetry.io/otel/sdk v1.30.0 h1:cHdik6irO49R5IysVhdn8oaiR9m8XluDaJAs4DfOrYE= go.opentelemetry.io/otel/sdk v1.30.0/go.mod h1:p14X4Ok8S+sygzblytT1nqG98QG2KYKv++HE0LY/mhg= go.opentelemetry.io/otel/sdk/metric v1.19.0 h1:EJoTO5qysMsYCa+w4UghwFV/ptQgqSL/8Ni+hx+8i1k= go.opentelemetry.io/otel/sdk/metric v1.19.0/go.mod h1:XjG0jQyFJrv2PbMvwND7LwCEhsJzCzV5210euduKcKY= -go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys= -go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A= +go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= +go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= -go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= -go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU= @@ -303,18 +307,18 @@ go.uber.org/zap/exp v0.3.0/go.mod h1:5I384qq7XGxYyByIhHm6jg5CHkGY0nsTfbDLgDDlgJQ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= +golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= +golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY= -golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -324,16 +328,16 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= +golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -344,14 +348,14 @@ golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= +golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= +golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -362,8 +366,8 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= +golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= +golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -373,17 +377,17 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA= -google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f h1:cUMEy+8oS78BWIH9OWazBkzbr090Od9tWBNtZHkOhf0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= -google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= +google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From baaecd126880edeec7014ccb01ba3c2366ff9823 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 20:30:19 -0800 Subject: [PATCH 35/47] build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 (#4735) Bumps google.golang.org/protobuf from 1.35.1 to 1.35.2. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ce1f5d5cdf5..1b902b94405 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e golang.org/x/sys v0.27.0 - google.golang.org/protobuf v1.35.1 + google.golang.org/protobuf v1.35.2 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.16.3 k8s.io/api v0.31.2 diff --git a/go.sum b/go.sum index fd359d6263c..69ff364cba2 100644 --- a/go.sum +++ b/go.sum @@ -1111,8 +1111,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20160105164936-4f90aeace3a2/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From b9c111fe3ac2882552129887afefacc9bf675f97 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 20:30:40 -0800 Subject: [PATCH 36/47] build(deps): bump fortio.org/fortio from 1.67.1 to 1.68.0 (#4734) Bumps [fortio.org/fortio](https://github.com/fortio/fortio) from 1.67.1 to 1.68.0. - [Release notes](https://github.com/fortio/fortio/releases) - [Commits](https://github.com/fortio/fortio/compare/v1.67.1...v1.68.0) --- updated-dependencies: - dependency-name: fortio.org/fortio dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1b902b94405..7d45c395ef0 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.23.3 replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.16 require ( - fortio.org/fortio v1.67.1 + fortio.org/fortio v1.68.0 fortio.org/log v1.17.1 github.com/Masterminds/semver/v3 v3.3.0 github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 diff --git a/go.sum b/go.sum index 69ff364cba2..badf41ee3da 100644 --- a/go.sum +++ b/go.sum @@ -13,8 +13,8 @@ fortio.org/cli v1.9.2 h1:17eJ8QZPjXHcLBpeCe0QMO/0fj5Bw0ZTxVgL7V9jOqc= fortio.org/cli v1.9.2/go.mod h1:7r55OoTV8NXcTvJT4boWk8s3I2LP6TMZh/0LLMJEYw0= fortio.org/dflag v1.7.3 h1:yws+v+/fJ67bYgrgcWpLtgdZPEWkYuwdfqz/WyQ8UXo= fortio.org/dflag v1.7.3/go.mod h1:O1Pk4lKRolw9wwAGyjTo8IsNyqqNRQGKxPOfpOElMqM= -fortio.org/fortio v1.67.1 h1:KAYyeu6z/01d/QwJm2dCVIadAhd8jNsezJHhlkoOMwU= -fortio.org/fortio v1.67.1/go.mod h1:XfrXH/BJ/hhxBXHj9z8FaqvsBbnf46SLyoWtPgopDlU= +fortio.org/fortio v1.68.0 h1:2M9RuitiN+MgW6QlTJCHjW6PJLAPj/YCXegxSCLQ3rw= +fortio.org/fortio v1.68.0/go.mod h1:1IjDaEoT5crHBN7BRLBwrHE24pIT6rOPKrYG3jEIWaA= fortio.org/log v1.17.1 h1:YQoGyZBnXTVIs77/nZw7BppwSOIamP3I092PGBenBZs= fortio.org/log v1.17.1/go.mod h1:t58Spg9njjymvRioh5F6qKGSupEsnMjXLGWIS1i3khE= fortio.org/safecast v1.0.0 h1:dr3131WPX8iS1pTf76+39WeXbTrerDYLvi9s7Oi3wiY= From b7bd5ad485d6d34f8273791a106f3b1a429678fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 20:30:55 -0800 Subject: [PATCH 37/47] build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 (#4731) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.9 to 2.1.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8...01570a1f39cb168c169c802c3bceb9e93fb10974) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/latest_release.yaml | 2 +- .github/workflows/release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/latest_release.yaml b/.github/workflows/latest_release.yaml index 0b709f9fe1a..b6e7d4c6d3f 100644 --- a/.github/workflows/latest_release.yaml +++ b/.github/workflows/latest_release.yaml @@ -107,7 +107,7 @@ jobs: GITHUB_REPOSITORY: ${{ github.repository_owner }}/${{ github.event.repository.name }} - name: Recreate the Latest Release and Tag - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v0.1.15 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v0.1.15 with: draft: false prerelease: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2235d0e573c..7aea9e9d700 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -96,7 +96,7 @@ jobs: tar -zcvf egctl_${{ env.release_tag }}_darwin_arm64.tar.gz bin/darwin/arm64/egctl - name: Upload Release Manifests - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v0.1.15 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v0.1.15 with: files: | release-artifacts/install.yaml From 8a01dd68ae8c352c438292fdb93316d9badd35d8 Mon Sep 17 00:00:00 2001 From: zirain Date: Tue, 19 Nov 2024 15:51:32 +0800 Subject: [PATCH 38/47] e2e: fix some tests (#4729) * e2e: make timeout configurable Signed-off-by: zirain * skip upgrade tests Signed-off-by: zirain * timeout Signed-off-by: zirain --------- Signed-off-by: zirain --- test/e2e/tests/envoy_shutdown.go | 3 ++- test/e2e/upgrade/eg_upgrade_test.go | 10 +++++++++- test/utils/prometheus/prometheus.go | 3 ++- tools/make/kube.mk | 3 ++- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/test/e2e/tests/envoy_shutdown.go b/test/e2e/tests/envoy_shutdown.go index 24e6b334637..7a249e01950 100644 --- a/test/e2e/tests/envoy_shutdown.go +++ b/test/e2e/tests/envoy_shutdown.go @@ -141,7 +141,8 @@ func restartProxyAndWaitForRollout(t *testing.T, timeoutConfig config.TimeoutCon return err } - return wait.PollUntilContextTimeout(ctx, 1*time.Second, timeoutConfig.CreateTimeout, true, func(ctx context.Context) (bool, error) { + // increase timeout for IPv6 first cluster + return wait.PollUntilContextTimeout(ctx, 2*time.Second, 2*timeoutConfig.CreateTimeout, true, func(ctx context.Context) (bool, error) { // wait for replicaset with the same annotation to reach ready status podList := &corev1.PodList{} listOpts := []client.ListOption{ diff --git a/test/e2e/upgrade/eg_upgrade_test.go b/test/e2e/upgrade/eg_upgrade_test.go index b93a3bab0df..6c3b9521e5f 100644 --- a/test/e2e/upgrade/eg_upgrade_test.go +++ b/test/e2e/upgrade/eg_upgrade_test.go @@ -36,6 +36,14 @@ func TestEGUpgrade(t *testing.T) { *flags.GatewayClassName, *flags.CleanupBaseResources, *flags.ShowDebug) } + var skipTests []string + // previous did not support ipv6, so skip upgrade tests for ipv6 + if tests.IPFamily == "ipv6" { + skipTests = append(skipTests, + tests.EGUpgradeTest.ShortName, + ) + } + cSuite, err := suite.NewConformanceTestSuite(suite.ConformanceOptions{ Client: c, RestConfig: cfg, @@ -46,7 +54,7 @@ func TestEGUpgrade(t *testing.T) { RunTest: *flags.RunTest, BaseManifests: "upgrade/manifests.yaml", SupportedFeatures: sets.New[features.FeatureName](features.SupportGateway), - SkipTests: []string{}, + SkipTests: skipTests, }) if err != nil { t.Fatalf("Failed to create test suite: %v", err) diff --git a/test/utils/prometheus/prometheus.go b/test/utils/prometheus/prometheus.go index c59a8f12ebb..bc62da2cc07 100644 --- a/test/utils/prometheus/prometheus.go +++ b/test/utils/prometheus/prometheus.go @@ -8,6 +8,7 @@ package prometheus import ( "context" "fmt" + "net" "time" prom "github.com/prometheus/client_golang/api" @@ -36,7 +37,7 @@ func NewClient(kubeClient client.Client, nn types.NamespacedName) (*Client, erro var addr string for _, ing := range svc.Status.LoadBalancer.Ingress { if len(ing.IP) > 0 { - addr = fmt.Sprintf("http://%s", ing.IP) + addr = fmt.Sprintf("http://%s", net.JoinHostPort(ing.IP, "80")) } } diff --git a/tools/make/kube.mk b/tools/make/kube.mk index d53c1931360..122e089b79e 100644 --- a/tools/make/kube.mk +++ b/tools/make/kube.mk @@ -22,7 +22,8 @@ BENCHMARK_REPORT_DIR ?= benchmark_report E2E_RUN_TEST ?= E2E_CLEANUP ?= true -E2E_TEST_ARGS ?= -v -tags e2e -timeout 20m +E2E_TIMEOUT ?= 20m +E2E_TEST_ARGS ?= -v -tags e2e -timeout $(E2E_TIMEOUT) # Set Kubernetes Resources Directory Path ifeq ($(origin KUBE_PROVIDER_DIR),undefined) From f99c36c80e7da2268f4af00da3cc8f325e2d51e3 Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Wed, 20 Nov 2024 09:26:47 +0800 Subject: [PATCH 39/47] fix: tcp listener is rejected when no route attached (#4681) * fix: tcp listener is rejected when no route attached Signed-off-by: Huabing Zhao * change cluter name Signed-off-by: Huabing Zhao * fix listener connection limit test Signed-off-by: Huabing Zhao * fix listener connetcp keepalive test Signed-off-by: Huabing Zhao * fix tcp endpoint stats test Signed-off-by: Huabing Zhao * fix tcp-route-enable-req-resp-sizes-stats Signed-off-by: Huabing Zhao * fix extensionpolicy-tcp-udp-http test Signed-off-by: Huabing Zhao * fix lint Signed-off-by: Huabing Zhao --------- Signed-off-by: Huabing Zhao --- .../extensionpolicy-tcp-udp-http.yaml | 16 +++++++ .../in/xds-ir/listener-connection-limit.yaml | 34 ++++++++------- .../in/xds-ir/listener-tcp-keepalive.yaml | 34 ++++++++------- .../in/xds-ir/listener-tcp-without-route.yaml | 17 ++++++++ .../in/xds-ir/tcp-endpoint-stats.yaml | 17 ++++---- .../in/xds-ir/tcp-req-resp-sizes-stats.yaml | 17 ++++---- ...extensionpolicy-tcp-udp-http.clusters.yaml | 36 ++++++++++++++++ ...xtensionpolicy-tcp-udp-http.endpoints.yaml | 24 +++++++++++ ...xtensionpolicy-tcp-udp-http.listeners.yaml | 7 ++++ .../extensionpolicy-tcp-udp-http.routes.yaml | 12 ++++++ .../listener-connection-limit.clusters.yaml | 36 ++++++++++++++++ .../listener-connection-limit.endpoints.yaml | 24 +++++++++++ .../listener-connection-limit.listeners.yaml | 32 ++++++++++++++ .../listener-tcp-keepalive.clusters.yaml | 36 ++++++++++++++++ .../listener-tcp-keepalive.endpoints.yaml | 24 +++++++++++ .../listener-tcp-keepalive.listeners.yaml | 21 ++++++++++ .../listener-tcp-without-route.clusters.yaml | 2 + .../listener-tcp-without-route.endpoints.yaml | 1 + .../listener-tcp-without-route.listeners.yaml | 42 +++++++++++++++++++ .../listener-tcp-without-route.routes.yaml | 1 + .../xds-ir/tcp-endpoint-stats.clusters.yaml | 21 +++++++++- .../xds-ir/tcp-endpoint-stats.endpoints.yaml | 19 ++++++++- .../xds-ir/tcp-endpoint-stats.listeners.yaml | 7 ++++ .../tcp-req-resp-sizes-stats.clusters.yaml | 21 +++++++++- .../tcp-req-resp-sizes-stats.endpoints.yaml | 19 ++++++++- .../tcp-req-resp-sizes-stats.listeners.yaml | 7 ++++ internal/xds/translator/translator.go | 31 +++++++++++++- release-notes/current.yaml | 2 +- 28 files changed, 506 insertions(+), 54 deletions(-) create mode 100644 internal/xds/translator/testdata/in/xds-ir/listener-tcp-without-route.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.clusters.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.endpoints.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.listeners.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.routes.yaml diff --git a/internal/xds/translator/testdata/in/extension-xds-ir/extensionpolicy-tcp-udp-http.yaml b/internal/xds/translator/testdata/in/extension-xds-ir/extensionpolicy-tcp-udp-http.yaml index 77ced570f46..6a5d283ee44 100644 --- a/internal/xds/translator/testdata/in/extension-xds-ir/extensionpolicy-tcp-udp-http.yaml +++ b/internal/xds/translator/testdata/in/extension-xds-ir/extensionpolicy-tcp-udp-http.yaml @@ -35,6 +35,15 @@ http: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 + routes: + - name: "http-route" + hostname: "*" + destination: + name: "http-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 tcp: - address: 0.0.0.0 extensionRefs: @@ -66,6 +75,13 @@ tcp: controllerName: gateway.envoyproxy.io/gatewayclass-controller name: envoy-gateway/gateway-1/tcp1 port: 10080 + routes: + - destination: + name: "tcp-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 udp: - address: 0.0.0.0 route: diff --git a/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml b/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml index 049ec905b9a..b8022bc0357 100644 --- a/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml @@ -44,16 +44,17 @@ tcp: connection: limit: value: 3 - tls: - passthrough: - snis: - - bar.com - destination: - name: "tls-route-dest" - settings: - - endpoints: - - host: "1.2.3.4" - port: 50000 + routes: + - tls: + inspector: + snis: + - bar.com + destination: + name: "tls-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 - name: "fourth-listener" address: "0.0.0.0" connection: @@ -61,9 +62,10 @@ tcp: value: 10 closeDelay: 3s port: 10083 - destination: - name: "tcp-route-dest" - settings: - - endpoints: - - host: "1.2.3.4" - port: 50000 + routes: + - destination: + name: "tcp-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 diff --git a/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml b/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml index 9bdaf244912..19d7d3335d5 100644 --- a/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml @@ -43,24 +43,26 @@ tcp: address: "0.0.0.0" port: 10082 tcpKeepalive: {} - tls: - inspector: - snis: - - bar.com - destination: - name: "tls-route-dest" - settings: - - endpoints: - - host: "1.2.3.4" - port: 50000 + routes: + - tls: + inspector: + snis: + - bar.com + destination: + name: "tls-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 - name: "fourth-listener" address: "0.0.0.0" tcpKeepalive: probes: 10 port: 10083 - destination: - name: "tcp-route-dest" - settings: - - endpoints: - - host: "1.2.3.4" - port: 50000 + routes: + - destination: + name: "tcp-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 diff --git a/internal/xds/translator/testdata/in/xds-ir/listener-tcp-without-route.yaml b/internal/xds/translator/testdata/in/xds-ir/listener-tcp-without-route.yaml new file mode 100644 index 00000000000..cc24bfbdf00 --- /dev/null +++ b/internal/xds/translator/testdata/in/xds-ir/listener-tcp-without-route.yaml @@ -0,0 +1,17 @@ +tcp: +- address: 0.0.0.0 + connection: + bufferLimit: 50000000 + limit: + closeDelay: 10s + value: 3 + enableProxyProtocol: true + name: envoy-gateway/gateway-1/tls-1 + port: 10443 + tcpKeepalive: + idleTime: 1200 + interval: 60 + probes: 3 + timeout: + tcp: + idleTimeout: 20m0s diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml index 60176773c96..1bbe5a43371 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml @@ -5,11 +5,12 @@ tcp: - name: "tcp-route-enable-endpoint-stats" address: "0.0.0.0" port: 10080 - destination: - name: "tcp-route-simple-dest" - settings: - - endpoints: - - host: "1.2.3.4" - port: 50000 - - host: "5.6.7.8" - port: 50001 + routes: + - destination: + name: "tcp-route-simple-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 + - host: "5.6.7.8" + port: 50001 diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml index 6d5d7fac73c..5c3cd2be7a0 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml @@ -5,11 +5,12 @@ tcp: - name: "tcp-route-enable-req-resp-sizes-stats" address: "0.0.0.0" port: 10080 - destination: - name: "tcp-route-simple-dest" - settings: - - endpoints: - - host: "1.2.3.4" - port: 50000 - - host: "5.6.7.8" - port: 50001 + routes: + - destination: + name: "tcp-route-simple-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 + - host: "5.6.7.8" + port: 50001 diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml index cdbb352dd54..a6d3c9e969b 100644 --- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml +++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml @@ -1,3 +1,39 @@ +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: http-route-dest + ignoreHealthOnHostRemoval: true + lbPolicy: LEAST_REQUEST + name: http-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: tcp-route-dest + ignoreHealthOnHostRemoval: true + lbPolicy: LEAST_REQUEST + name: tcp-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS - circuitBreakers: thresholds: - maxRetries: 1024 diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.endpoints.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.endpoints.yaml index 8869685de5e..9308c055cfe 100644 --- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.endpoints.yaml +++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.endpoints.yaml @@ -1,3 +1,27 @@ +- clusterName: http-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: http-route-dest/backend/0 +- clusterName: tcp-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: tcp-route-dest/backend/0 - clusterName: udp-route-dest endpoints: - lbEndpoints: diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml index 6901c9c7810..6fbaf5053ec 100644 --- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml +++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml @@ -30,6 +30,13 @@ statPrefix: http-10080 useRemoteAddress: true name: envoy-gateway/gateway-1/http1 + filterChains: + - filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: tcp-route-dest + statPrefix: tcp-10080 name: envoy-gateway/gateway-1/http1 perConnectionBufferLimitBytes: 32768 statPrefix: envoy-gateway/gateway-1/http1 diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.routes.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.routes.yaml index b03ec37faa6..bfcb22e483f 100644 --- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.routes.yaml +++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.routes.yaml @@ -1,2 +1,14 @@ - ignorePortInHostMatching: true name: envoy-gateway/gateway-1/http1 + virtualHosts: + - domains: + - '*' + name: envoy-gateway/gateway-1/http1/* + routes: + - match: + prefix: / + name: http-route + route: + cluster: http-route-dest + upgradeConfigs: + - upgradeType: websocket diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml index 820f85f625b..ddded90e04f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml @@ -34,3 +34,39 @@ outlierDetection: {} perConnectionBufferLimitBytes: 32768 type: EDS +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: tls-route-dest + ignoreHealthOnHostRemoval: true + lbPolicy: LEAST_REQUEST + name: tls-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: tcp-route-dest + ignoreHealthOnHostRemoval: true + lbPolicy: LEAST_REQUEST + name: tcp-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.endpoints.yaml index de95bf555b9..5b4fe89e58c 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.endpoints.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.endpoints.yaml @@ -22,3 +22,27 @@ loadBalancingWeight: 1 locality: region: second-route-dest/backend/0 +- clusterName: tls-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: tls-route-dest/backend/0 +- clusterName: tcp-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: tcp-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml index 49a4bf7dc21..565878b1597 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml @@ -75,11 +75,43 @@ socketAddress: address: 0.0.0.0 portValue: 10082 + filterChains: + - filterChainMatch: + serverNames: + - bar.com + filters: + - name: envoy.filters.network.connection_limit + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.connection_limit.v3.ConnectionLimit + maxConnections: "3" + statPrefix: tls-passthrough-10082 + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: tls-route-dest + statPrefix: tls-passthrough-10082 + listenerFilters: + - name: envoy.filters.listener.tls_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector name: third-listener perConnectionBufferLimitBytes: 32768 - address: socketAddress: address: 0.0.0.0 portValue: 10083 + filterChains: + - filters: + - name: envoy.filters.network.connection_limit + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.connection_limit.v3.ConnectionLimit + delay: 3s + maxConnections: "10" + statPrefix: tcp-10083 + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: tcp-route-dest + statPrefix: tcp-10083 name: fourth-listener perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml index 820f85f625b..ddded90e04f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml @@ -34,3 +34,39 @@ outlierDetection: {} perConnectionBufferLimitBytes: 32768 type: EDS +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: tls-route-dest + ignoreHealthOnHostRemoval: true + lbPolicy: LEAST_REQUEST + name: tls-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: tcp-route-dest + ignoreHealthOnHostRemoval: true + lbPolicy: LEAST_REQUEST + name: tcp-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.endpoints.yaml index de95bf555b9..5b4fe89e58c 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.endpoints.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.endpoints.yaml @@ -22,3 +22,27 @@ loadBalancingWeight: 1 locality: region: second-route-dest/backend/0 +- clusterName: tls-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: tls-route-dest/backend/0 +- clusterName: tcp-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: tcp-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml index 11f91b65a34..06e77d90262 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml @@ -92,6 +92,20 @@ socketAddress: address: 0.0.0.0 portValue: 10082 + filterChains: + - filterChainMatch: + serverNames: + - bar.com + filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: tls-route-dest + statPrefix: tls-passthrough-10082 + listenerFilters: + - name: envoy.filters.listener.tls_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector name: third-listener perConnectionBufferLimitBytes: 32768 socketOptions: @@ -103,6 +117,13 @@ socketAddress: address: 0.0.0.0 portValue: 10083 + filterChains: + - filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: tcp-route-dest + statPrefix: tcp-10083 name: fourth-listener perConnectionBufferLimitBytes: 32768 socketOptions: diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.clusters.yaml new file mode 100644 index 00000000000..0764d46f0ed --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.clusters.yaml @@ -0,0 +1,2 @@ +- name: EmptyCluster + type: STATIC diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.endpoints.yaml new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.endpoints.yaml @@ -0,0 +1 @@ +[] diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.listeners.yaml new file mode 100644 index 00000000000..6539e7588ec --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.listeners.yaml @@ -0,0 +1,42 @@ +- address: + socketAddress: + address: 0.0.0.0 + portValue: 10443 + filterChains: + - filters: + - name: envoy.filters.network.connection_limit + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.connection_limit.v3.ConnectionLimit + delay: 10s + maxConnections: "3" + statPrefix: tcp-10443 + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: EmptyCluster + idleTimeout: 1200s + statPrefix: tcp-10443 + name: EmptyCluster + listenerFilters: + - name: envoy.filters.listener.proxy_protocol + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol + name: envoy-gateway/gateway-1/tls-1 + perConnectionBufferLimitBytes: 50000000 + socketOptions: + - description: socket option to enable tcp keep alive + intValue: "1" + level: "1" + name: "9" + - description: socket option for keep alive probes + intValue: "3" + level: "6" + name: "6" + - description: socket option for keep alive idle time + intValue: "1200" + level: "6" + name: "4" + - description: socket option for keep alive interval + intValue: "60" + level: "6" + name: "5" diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.routes.yaml new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.routes.yaml @@ -0,0 +1 @@ +[] diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml index fe51488c706..c341dab16a6 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml @@ -1 +1,20 @@ -[] +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: tcp-route-simple-dest + ignoreHealthOnHostRemoval: true + lbPolicy: LEAST_REQUEST + name: tcp-route-simple-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + trackClusterStats: + perEndpointStats: true + type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.endpoints.yaml index fe51488c706..7eb06a08f40 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.endpoints.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.endpoints.yaml @@ -1 +1,18 @@ -[] +- clusterName: tcp-route-simple-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + - endpoint: + address: + socketAddress: + address: 5.6.7.8 + portValue: 50001 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: tcp-route-simple-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml index 2e300bdfaad..001e0b017d3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml @@ -2,5 +2,12 @@ socketAddress: address: 0.0.0.0 portValue: 10080 + filterChains: + - filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: tcp-route-simple-dest + statPrefix: tcp-10080 name: tcp-route-enable-endpoint-stats perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml index fe51488c706..5e82e21cc85 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml @@ -1 +1,20 @@ -[] +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: tcp-route-simple-dest + ignoreHealthOnHostRemoval: true + lbPolicy: LEAST_REQUEST + name: tcp-route-simple-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + trackClusterStats: + requestResponseSizes: true + type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.endpoints.yaml index fe51488c706..7eb06a08f40 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.endpoints.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.endpoints.yaml @@ -1 +1,18 @@ -[] +- clusterName: tcp-route-simple-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + - endpoint: + address: + socketAddress: + address: 5.6.7.8 + portValue: 50001 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: tcp-route-simple-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml index 994341e55ec..ec70a00f0ed 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml @@ -2,5 +2,12 @@ socketAddress: address: 0.0.0.0 portValue: 10080 + filterChains: + - filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: tcp-route-simple-dest + statPrefix: tcp-10080 name: tcp-route-enable-req-resp-sizes-stats perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go index 27c0d3c5a04..c06c7195d7c 100644 --- a/internal/xds/translator/translator.go +++ b/internal/xds/translator/translator.go @@ -39,7 +39,11 @@ var ( ErrXdsSecretExists = errors.New("xds secret exists") ) -const AuthorityHeaderKey = ":authority" +const ( + AuthorityHeaderKey = ":authority" + // The dummy cluster for TCP listeners that have no routes + emptyClusterName = "EmptyCluster" +) // Translator translates the xDS IR into xDS resources. type Translator struct { @@ -627,6 +631,31 @@ func (t *Translator) processTCPListenerXdsTranslation( errs = errors.Join(errs, err) } } + + // If there are no routes, add a route without a destination to the listener to create a filter chain + // This is needed because Envoy requires a filter chain to be present in the listener, otherwise it will reject the listener and report a warning + if len(tcpListener.Routes) == 0 { + emptyRouteCluster := &clusterv3.Cluster{ + Name: emptyClusterName, + ClusterDiscoveryType: &clusterv3.Cluster_Type{Type: clusterv3.Cluster_STATIC}, + } + + if findXdsCluster(tCtx, emptyClusterName) == nil { + if err := tCtx.AddXdsResource(resourcev3.ClusterType, emptyRouteCluster); err != nil { + errs = errors.Join(errs, err) + } + } + + emptyRoute := &ir.TCPRoute{ + Name: emptyClusterName, + Destination: &ir.RouteDestination{ + Name: emptyClusterName, + }, + } + if err := addXdsTCPFilterChain(xdsListener, emptyRoute, emptyClusterName, accesslog, tcpListener.Timeout, tcpListener.Connection); err != nil { + errs = errors.Join(errs, err) + } + } } return errs } diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 8c68e85d4d0..bfbed17a9d0 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -14,8 +14,8 @@ new features: | # Fixes for bugs identified in previous versions. bug fixes: | - Add a bug fix here Fixed failed to update SecurityPolicy resources with the `backendRef` field specified + Fixed Envoy rejecting TCP Listeners that have no attached TCPRoutes # Enhancements that improve performance. performance improvements: | From 86d750a16b9a3aeaa01f1e2ed2bfea0c5fc6d4c7 Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Wed, 20 Nov 2024 10:24:31 +0800 Subject: [PATCH 40/47] fix: translator reports errors for existing clusters and secretes (#4707) * fix: existing clusters and secretes Signed-off-by: Huabing Zhao * fix cluster index for SP Signed-off-by: Huabing Zhao * minor change Signed-off-by: Huabing Zhao * minor change Signed-off-by: Huabing Zhao * minor change Signed-off-by: Huabing Zhao * minor change Signed-off-by: Huabing Zhao * fix lint Signed-off-by: Huabing Zhao * add comment Signed-off-by: Huabing Zhao * remove index Signed-off-by: Huabing Zhao * fix lint Signed-off-by: Huabing Zhao --------- Signed-off-by: Huabing Zhao --- internal/gatewayapi/envoyextensionpolicy.go | 2 +- internal/gatewayapi/ext_service.go | 9 +- internal/gatewayapi/securitypolicy.go | 18 +-- ...yextensionpolicy-override-replace.out.yaml | 4 +- ...ith-extproc-with-backendtlspolicy.out.yaml | 4 +- ...extproc-with-multiple-backendrefs.out.yaml | 2 +- ...ith-extproc-with-traffic-features.out.yaml | 2 +- .../envoyproxy-priority-backend.out.yaml | 2 +- ...curitypolicy-with-extauth-backend.out.yaml | 8 +- ...itypolicy-with-extauth-backendref.out.yaml | 6 +- ...policy-with-extauth-recomputation.out.yaml | 4 +- ...ith-extauth-with-backendtlspolicy.out.yaml | 4 +- .../securitypolicy-with-extauth.out.yaml | 6 +- ...typolicy-with-oidc-backendcluster.out.yaml | 2 +- internal/xds/translator/accesslog.go | 5 +- internal/xds/translator/extauth.go | 6 +- internal/xds/translator/extproc.go | 3 +- internal/xds/translator/oidc.go | 9 +- internal/xds/translator/ratelimit.go | 9 +- .../securitypolicy-with-oidc-jwt-authz.yaml | 80 +++++++++++++ ...typolicy-with-oidc-jwt-authz.clusters.yaml | 54 +++++++++ ...ypolicy-with-oidc-jwt-authz.endpoints.yaml | 12 ++ ...ypolicy-with-oidc-jwt-authz.listeners.yaml | 107 ++++++++++++++++++ ...ritypolicy-with-oidc-jwt-authz.routes.yaml | 74 ++++++++++++ ...itypolicy-with-oidc-jwt-authz.secrets.yaml | 8 ++ internal/xds/translator/tracing.go | 8 +- internal/xds/translator/translator.go | 31 +++-- internal/xds/translator/utils.go | 13 +-- release-notes/current.yaml | 1 + 29 files changed, 403 insertions(+), 90 deletions(-) create mode 100644 internal/xds/translator/testdata/in/xds-ir/securitypolicy-with-oidc-jwt-authz.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.endpoints.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.routes.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.secrets.yaml diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index 64e0f9e9a2a..bb5da8be140 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -434,7 +434,7 @@ func (t *Translator) buildExtProc( err error ) - if rd, err = t.translateExtServiceBackendRefs(policy, extProc.BackendRefs, ir.GRPC, resources, envoyProxy, extProcIdx); err != nil { + if rd, err = t.translateExtServiceBackendRefs(policy, extProc.BackendRefs, ir.GRPC, resources, envoyProxy, "extproc", extProcIdx); err != nil { return nil, err } diff --git a/internal/gatewayapi/ext_service.go b/internal/gatewayapi/ext_service.go index e7ab19036ee..39bd5aebe47 100644 --- a/internal/gatewayapi/ext_service.go +++ b/internal/gatewayapi/ext_service.go @@ -29,6 +29,7 @@ func (t *Translator) translateExtServiceBackendRefs( protocol ir.AppProtocol, resources *resource.Resources, envoyProxy *egv1a1.EnvoyProxy, + configType string, index int, // index is used to differentiate between multiple external services in the same policy ) (*ir.RouteDestination, error) { var ( @@ -66,7 +67,7 @@ func (t *Translator) translateExtServiceBackendRefs( } rs = &ir.RouteDestination{ - Name: irIndexedExtServiceDestinationName(pnn, policy.GetObjectKind().GroupVersionKind().Kind, index), + Name: irIndexedExtServiceDestinationName(pnn, policy.GetObjectKind().GroupVersionKind().Kind, configType, index), Settings: ds, } return rs, nil @@ -139,12 +140,12 @@ func (t *Translator) processExtServiceDestination( return ds, nil } -// TODO: also refer to extension type, as Wasm may also introduce destinations -func irIndexedExtServiceDestinationName(policyNamespacedName types.NamespacedName, policyKind string, idx int) string { +func irIndexedExtServiceDestinationName(policyNamespacedName types.NamespacedName, policyKind string, configType string, idx int) string { return strings.ToLower(fmt.Sprintf( - "%s/%s/%s/%d", + "%s/%s/%s/%s/%d", policyKind, policyNamespacedName.Namespace, policyNamespacedName.Name, + configType, idx)) } diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index 8635d216457..3219f816da5 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -373,8 +373,7 @@ func (t *Translator) translateSecurityPolicyForRoute( if extAuth, err = t.buildExtAuth( policy, resources, - gtwCtx.envoyProxy, - ); err != nil { + gtwCtx.envoyProxy); err != nil { err = perr.WithMessage(err, "ExtAuth") errs = errors.Join(errs, err) } @@ -385,7 +384,7 @@ func (t *Translator) translateSecurityPolicyForRoute( if oidc, err = t.buildOIDC( policy, resources, - gtwCtx.envoyProxy); err != nil { + gtwCtx.envoyProxy); err != nil { // TODO zhaohuabing: Only the last EnvoyProxy is used err = perr.WithMessage(err, "OIDC") errs = errors.Join(errs, err) } @@ -468,8 +467,7 @@ func (t *Translator) translateSecurityPolicyForGateway( if extAuth, err = t.buildExtAuth( policy, resources, - gateway.envoyProxy, - ); err != nil { + gateway.envoyProxy); err != nil { err = perr.WithMessage(err, "ExtAuth") errs = errors.Join(errs, err) } @@ -705,7 +703,7 @@ func (t *Translator) buildOIDCProvider(policy *egv1a1.SecurityPolicy, resources } if len(provider.BackendRefs) > 0 { - if rd, err = t.translateExtServiceBackendRefs(policy, provider.BackendRefs, protocol, resources, envoyProxy, 0); err != nil { + if rd, err = t.translateExtServiceBackendRefs(policy, provider.BackendRefs, protocol, resources, envoyProxy, "oidc", 0); err != nil { return nil, err } } @@ -839,7 +837,11 @@ func (t *Translator) buildBasicAuth( }, nil } -func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *resource.Resources, envoyProxy *egv1a1.EnvoyProxy) (*ir.ExtAuth, error) { +func (t *Translator) buildExtAuth( + policy *egv1a1.SecurityPolicy, + resources *resource.Resources, + envoyProxy *egv1a1.EnvoyProxy, +) (*ir.ExtAuth, error) { var ( http = policy.Spec.ExtAuth.HTTP grpc = policy.Spec.ExtAuth.GRPC @@ -893,7 +895,7 @@ func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *reso } } - if rd, err = t.translateExtServiceBackendRefs(policy, backendRefs, protocol, resources, envoyProxy, 0); err != nil { + if rd, err = t.translateExtServiceBackendRefs(policy, backendRefs, protocol, resources, envoyProxy, "extauth", 0); err != nil { return nil, err } diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml index 4f055e7bc4d..2c6b006af93 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml @@ -296,7 +296,7 @@ xdsIR: extProcs: - authority: grpc-backend-2.default:8000 destination: - name: envoyextensionpolicy/default/policy-for-route-1/0 + name: envoyextensionpolicy/default/policy-for-route-1/extproc/0 settings: - protocol: GRPC weight: 1 @@ -325,7 +325,7 @@ xdsIR: extProcs: - authority: grpc-backend.envoy-gateway:9000 destination: - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/0 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/extproc/0 settings: - protocol: GRPC weight: 1 diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml index 6b9ad5ee281..a1d7beec90b 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml @@ -308,7 +308,7 @@ xdsIR: extProcs: - authority: grpc-backend-2.default:9000 destination: - name: envoyextensionpolicy/default/policy-for-http-route/0 + name: envoyextensionpolicy/default/policy-for-http-route/extproc/0 settings: - addressType: IP endpoints: @@ -349,7 +349,7 @@ xdsIR: extProcs: - authority: grpc-backend.envoy-gateway:8000 destination: - name: envoyextensionpolicy/default/policy-for-gateway/0 + name: envoyextensionpolicy/default/policy-for-gateway/extproc/0 settings: - addressType: IP protocol: GRPC diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml index 021ae6a2cd5..a81a7cd4410 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml @@ -308,7 +308,7 @@ xdsIR: extProcs: - authority: grpc-backend.envoy-gateway:8000 destination: - name: envoyextensionpolicy/default/policy-for-http-route/0 + name: envoyextensionpolicy/default/policy-for-http-route/extproc/0 settings: - addressType: IP protocol: GRPC diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml index 4edde355292..21fb5de6103 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml @@ -337,7 +337,7 @@ xdsIR: extProcs: - authority: grpc-backend.envoy-gateway:8000 destination: - name: envoyextensionpolicy/default/policy-for-http-route/0 + name: envoyextensionpolicy/default/policy-for-http-route/extproc/0 settings: - addressType: IP protocol: GRPC diff --git a/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml index fda9d4ccca9..426268f6340 100644 --- a/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml @@ -311,7 +311,7 @@ xdsIR: extProcs: - authority: grpc-backend.envoy-gateway:8000 destination: - name: envoyextensionpolicy/default/policy-for-http-route/0 + name: envoyextensionpolicy/default/policy-for-http-route/extproc/0 settings: - addressType: IP protocol: GRPC diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml index d304f6c13eb..ccdb2458370 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml @@ -390,7 +390,7 @@ xdsIR: grpc: authority: service-2.default:8080 destination: - name: securitypolicy/default/policy-for-http-route-1/0 + name: securitypolicy/default/policy-for-http-route-1/extauth/0 settings: - addressType: IP endpoints: @@ -434,7 +434,7 @@ xdsIR: grpc: authority: service-2.default:8080 destination: - name: securitypolicy/default/policy-for-http-route-1/0 + name: securitypolicy/default/policy-for-http-route-1/extauth/0 settings: - addressType: IP endpoints: @@ -498,7 +498,7 @@ xdsIR: grpc: authority: service-2.default:8080 destination: - name: securitypolicy/default/policy-for-http-route-3--grpc-backendref/0 + name: securitypolicy/default/policy-for-http-route-3--grpc-backendref/extauth/0 settings: - addressType: IP endpoints: @@ -532,7 +532,7 @@ xdsIR: http: authority: primary.foo.com:3000 destination: - name: securitypolicy/default/policy-for-http-route-3-http-backendref/0 + name: securitypolicy/default/policy-for-http-route-3-http-backendref/extauth/0 settings: - addressType: FQDN endpoints: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml index 905b81b3cba..d72cd182896 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml @@ -263,7 +263,7 @@ xdsIR: grpc: authority: grpc-backend.default:9000 destination: - name: securitypolicy/default/policy-for-http-route-1/0 + name: securitypolicy/default/policy-for-http-route-1/extauth/0 settings: - addressType: IP endpoints: @@ -301,7 +301,7 @@ xdsIR: grpc: authority: grpc-backend.default:9000 destination: - name: securitypolicy/default/policy-for-http-route-1/0 + name: securitypolicy/default/policy-for-http-route-1/extauth/0 settings: - addressType: IP endpoints: @@ -339,7 +339,7 @@ xdsIR: http: authority: http-backend.envoy-gateway:80 destination: - name: securitypolicy/default/policy-for-gateway-1/0 + name: securitypolicy/default/policy-for-gateway-1/extauth/0 settings: - addressType: IP endpoints: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml index 94012ec739a..350fc8e908b 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml @@ -246,7 +246,7 @@ xdsIR: grpc: authority: service-2.default:8080 destination: - name: securitypolicy/default/policy-for-http-route-1/0 + name: securitypolicy/default/policy-for-http-route-1/extauth/0 settings: - addressType: IP endpoints: @@ -291,7 +291,7 @@ xdsIR: grpc: authority: service-2.default:8080 destination: - name: securitypolicy/default/policy-for-http-route-1/0 + name: securitypolicy/default/policy-for-http-route-1/extauth/0 settings: - addressType: IP endpoints: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml index 7c4b2ce2739..b87c7992c90 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml @@ -322,7 +322,7 @@ xdsIR: grpc: authority: grpc-backend.default:9000 destination: - name: securitypolicy/default/policy-for-http-route/0 + name: securitypolicy/default/policy-for-http-route/extauth/0 settings: - addressType: IP endpoints: @@ -366,7 +366,7 @@ xdsIR: http: authority: http-backend.envoy-gateway:80 destination: - name: securitypolicy/default/policy-for-gateway/0 + name: securitypolicy/default/policy-for-gateway/extauth/0 settings: - addressType: IP endpoints: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml index 905b81b3cba..d72cd182896 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml @@ -263,7 +263,7 @@ xdsIR: grpc: authority: grpc-backend.default:9000 destination: - name: securitypolicy/default/policy-for-http-route-1/0 + name: securitypolicy/default/policy-for-http-route-1/extauth/0 settings: - addressType: IP endpoints: @@ -301,7 +301,7 @@ xdsIR: grpc: authority: grpc-backend.default:9000 destination: - name: securitypolicy/default/policy-for-http-route-1/0 + name: securitypolicy/default/policy-for-http-route-1/extauth/0 settings: - addressType: IP endpoints: @@ -339,7 +339,7 @@ xdsIR: http: authority: http-backend.envoy-gateway:80 destination: - name: securitypolicy/default/policy-for-gateway-1/0 + name: securitypolicy/default/policy-for-gateway-1/extauth/0 settings: - addressType: IP endpoints: diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml index eb518ba7c3c..d878bcdb505 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml @@ -228,7 +228,7 @@ xdsIR: provider: authorizationEndpoint: https://oauth.foo.com/oauth2/v2/auth destination: - name: securitypolicy/envoy-gateway/policy-for-gateway/0 + name: securitypolicy/envoy-gateway/policy-for-gateway/oidc/0 settings: - addressType: FQDN endpoints: diff --git a/internal/xds/translator/accesslog.go b/internal/xds/translator/accesslog.go index 076eb659d83..265e3ed8a9c 100644 --- a/internal/xds/translator/accesslog.go +++ b/internal/xds/translator/accesslog.go @@ -6,7 +6,6 @@ package translator import ( - "errors" "sort" "strings" @@ -545,7 +544,7 @@ func processClusterForAccessLog(tCtx *types.ResourceVersionTable, al *ir.AccessL backendConnection: traffic.BackendConnection, dns: traffic.DNS, http2Settings: traffic.HTTP2, - }); err != nil && !errors.Is(err, ErrXdsClusterExists) { + }); err != nil { return err } } @@ -573,7 +572,7 @@ func processClusterForAccessLog(tCtx *types.ResourceVersionTable, al *ir.AccessL backendConnection: traffic.BackendConnection, dns: traffic.DNS, http2Settings: traffic.HTTP2, - }); err != nil && !errors.Is(err, ErrXdsClusterExists) { + }); err != nil { return err } } diff --git a/internal/xds/translator/extauth.go b/internal/xds/translator/extauth.go index 7d7cc6a7227..2f8766fe91c 100644 --- a/internal/xds/translator/extauth.go +++ b/internal/xds/translator/extauth.go @@ -226,14 +226,12 @@ func (*extAuth) patchResources(tCtx *types.ResourceVersionTable, } if route.Security.ExtAuth.HTTP != nil { if err := createExtServiceXDSCluster( - &route.Security.ExtAuth.HTTP.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil && !errors.Is( - err, ErrXdsClusterExists) { + &route.Security.ExtAuth.HTTP.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil { errs = errors.Join(errs, err) } } else { if err := createExtServiceXDSCluster( - &route.Security.ExtAuth.GRPC.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil && !errors.Is( - err, ErrXdsClusterExists) { + &route.Security.ExtAuth.GRPC.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil { errs = errors.Join(errs, err) } } diff --git a/internal/xds/translator/extproc.go b/internal/xds/translator/extproc.go index 2bc6c4b6ba6..57cc9634d09 100644 --- a/internal/xds/translator/extproc.go +++ b/internal/xds/translator/extproc.go @@ -173,8 +173,7 @@ func (*extProc) patchResources(tCtx *types.ResourceVersionTable, for i := range route.EnvoyExtensions.ExtProcs { ep := route.EnvoyExtensions.ExtProcs[i] if err := createExtServiceXDSCluster( - &ep.Destination, ep.Traffic, tCtx); err != nil && !errors.Is( - err, ErrXdsClusterExists) { + &ep.Destination, ep.Traffic, tCtx); err != nil { errs = errors.Join(errs, err) } } diff --git a/internal/xds/translator/oidc.go b/internal/xds/translator/oidc.go index a706cae662f..c51bbd75499 100644 --- a/internal/xds/translator/oidc.go +++ b/internal/xds/translator/oidc.go @@ -310,8 +310,7 @@ func createOAuthServerClusters(tCtx *types.ResourceVersionTable, // If the OIDC provider has a destination, use it. if oidc.Provider.Destination != nil && len(oidc.Provider.Destination.Settings) > 0 { if err := createExtServiceXDSCluster( - oidc.Provider.Destination, oidc.Provider.Traffic, tCtx); err != nil && !errors.Is( - err, ErrXdsClusterExists) { + oidc.Provider.Destination, oidc.Provider.Traffic, tCtx); err != nil { errs = errors.Join(errs, err) } } else { @@ -372,11 +371,7 @@ func createOAuth2TokenEndpointCluster(tCtx *types.ResourceVersionTable, clusterArgs.tSocket = tSocket } - if err = addXdsCluster(tCtx, clusterArgs); err != nil && !errors.Is(err, ErrXdsClusterExists) { - return err - } - - return err + return addXdsCluster(tCtx, clusterArgs) } // createOAuth2Secrets creates OAuth2 client and HMAC secrets from the provided diff --git a/internal/xds/translator/ratelimit.go b/internal/xds/translator/ratelimit.go index 06b37bc4589..eb6a1c4a2cd 100644 --- a/internal/xds/translator/ratelimit.go +++ b/internal/xds/translator/ratelimit.go @@ -7,7 +7,6 @@ package translator import ( "bytes" - "errors" "net/url" "strconv" "strings" @@ -492,17 +491,13 @@ func (t *Translator) createRateLimitServiceCluster(tCtx *types.ResourceVersionTa return err } - if err := addXdsCluster(tCtx, &xdsClusterArgs{ + return addXdsCluster(tCtx, &xdsClusterArgs{ name: clusterName, settings: []*ir.DestinationSetting{ds}, tSocket: tSocket, endpointType: EndpointTypeDNS, metrics: metrics, - }); err != nil && !errors.Is(err, ErrXdsClusterExists) { - return err - } - - return nil + }) } func getRouteRuleDescriptor(ruleIndex, matchIndex int) string { diff --git a/internal/xds/translator/testdata/in/xds-ir/securitypolicy-with-oidc-jwt-authz.yaml b/internal/xds/translator/testdata/in/xds-ir/securitypolicy-with-oidc-jwt-authz.yaml new file mode 100644 index 00000000000..fffcb7fd8bd --- /dev/null +++ b/internal/xds/translator/testdata/in/xds-ir/securitypolicy-with-oidc-jwt-authz.yaml @@ -0,0 +1,80 @@ +http: +- name: "envoy-gateway/gateway-1/http" + address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + metadata: + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 + routes: + - destination: + name: httproute/default/httproute-1/rule/0 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: HTTP + weight: 1 + hostname: www.example.com + isHTTP2: false + metadata: + kind: HTTPRoute + name: httproute-1 + namespace: default + name: httproute/default/httproute-1/rule/0/match/0/www_example_com + pathMatch: + distinct: false + name: "" + prefix: /foo + security: + authorization: + defaultAction: Deny + rules: + - action: Allow + name: allow + principal: + jwt: + claims: + - name: groups + valueType: StringArray + values: + - foobar + provider: exjwt + jwt: + providers: + - claimToHeaders: + - claim: email + header: x-user-email + extractFrom: + cookies: + - IdToken + issuer: https://oidc.example.com/auth/realms/example + name: exjwt + remoteJWKS: + uri: https://oidc.example.com/auth/realms/example/protocol/openid-connect/certs + oidc: + clientID: prometheus + clientSecret: '[redacted]' + cookieNameOverrides: + idToken: IdToken + cookieSuffix: 5f93c2e4 + hmacSecret: '[redacted]' + logoutPath: /logout + name: securitypolicy/default/policy-for-http-route + provider: + authorizationEndpoint: https://oidc.example.com/authorize + tokenEndpoint: https://oidc.example.com/oauth/token + redirectPath: /oauth2/callback + redirectURL: '%REQ(x-forwarded-proto)%://%REQ(:authority)%/oauth2/callback' + scopes: + - openid + - email + - profile diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml new file mode 100644 index 00000000000..1535201f87b --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml @@ -0,0 +1,54 @@ +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: httproute/default/httproute-1/rule/0 + ignoreHealthOnHostRemoval: true + lbPolicy: LEAST_REQUEST + name: httproute/default/httproute-1/rule/0 + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + dnsRefreshRate: 30s + lbPolicy: LEAST_REQUEST + loadAssignment: + clusterName: oidc_example_com_443 + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: oidc.example.com + portValue: 443 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: oidc_example_com_443/backend/0 + name: oidc_example_com_443 + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + respectDnsTtl: true + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + validationContext: + trustedCa: + filename: /etc/ssl/certs/ca-certificates.crt + sni: oidc.example.com + type: STRICT_DNS diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.endpoints.yaml new file mode 100644 index 00000000000..29bb6b4e444 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.endpoints.yaml @@ -0,0 +1,12 @@ +- clusterName: httproute/default/httproute-1/rule/0 + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 7.7.7.7 + portValue: 8080 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: httproute/default/httproute-1/rule/0/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml new file mode 100644 index 00000000000..ada9749df63 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml @@ -0,0 +1,107 @@ +- address: + socketAddress: + address: 0.0.0.0 + portValue: 10080 + defaultFilterChain: + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + commonHttpProtocolOptions: + headersWithUnderscoresAction: REJECT_REQUEST + http2ProtocolOptions: + initialConnectionWindowSize: 1048576 + initialStreamWindowSize: 65536 + maxConcurrentStreams: 100 + httpFilters: + - disabled: true + name: envoy.filters.http.oauth2/securitypolicy/default/policy-for-http-route + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2 + config: + authScopes: + - openid + - email + - profile + authType: BASIC_AUTH + authorizationEndpoint: https://oidc.example.com/authorize + credentials: + clientId: prometheus + cookieNames: + bearerToken: AccessToken-5f93c2e4 + idToken: IdToken + oauthExpires: OauthExpires-5f93c2e4 + oauthHmac: OauthHMAC-5f93c2e4 + oauthNonce: OauthNonce-5f93c2e4 + refreshToken: RefreshToken-5f93c2e4 + hmacSecret: + name: oauth2/hmac_secret/securitypolicy/default/policy-for-http-route + sdsConfig: + ads: {} + resourceApiVersion: V3 + tokenSecret: + name: oauth2/client_secret/securitypolicy/default/policy-for-http-route + sdsConfig: + ads: {} + resourceApiVersion: V3 + preserveAuthorizationHeader: true + redirectPathMatcher: + path: + exact: /oauth2/callback + redirectUri: '%REQ(x-forwarded-proto)%://%REQ(:authority)%/oauth2/callback' + signoutPath: + path: + exact: /logout + tokenEndpoint: + cluster: oidc_example_com_443 + timeout: 10s + uri: https://oidc.example.com/oauth/token + useRefreshToken: false + - name: envoy.filters.http.jwt_authn + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication + providers: + httproute/default/httproute-1/rule/0/match/0/www_example_com/exjwt: + claimToHeaders: + - claimName: email + headerName: x-user-email + forward: true + fromCookies: + - IdToken + issuer: https://oidc.example.com/auth/realms/example + normalizePayloadInMetadata: + spaceDelimitedClaims: + - scope + payloadInMetadata: exjwt + remoteJwks: + asyncFetch: {} + cacheDuration: 300s + httpUri: + cluster: oidc_example_com_443 + timeout: 10s + uri: https://oidc.example.com/auth/realms/example/protocol/openid-connect/certs + retryPolicy: {} + requirementMap: + httproute/default/httproute-1/rule/0/match/0/www_example_com: + providerName: httproute/default/httproute-1/rule/0/match/0/www_example_com/exjwt + - name: envoy.filters.http.rbac + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + suppressEnvoyHeaders: true + mergeSlashes: true + normalizePath: true + pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT + rds: + configSource: + ads: {} + resourceApiVersion: V3 + routeConfigName: envoy-gateway/gateway-1/http + serverHeaderTransformation: PASS_THROUGH + statPrefix: http-10080 + useRemoteAddress: true + name: envoy-gateway/gateway-1/http + name: envoy-gateway/gateway-1/http + perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.routes.yaml new file mode 100644 index 00000000000..9c66aad8e61 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.routes.yaml @@ -0,0 +1,74 @@ +- ignorePortInHostMatching: true + name: envoy-gateway/gateway-1/http + virtualHosts: + - domains: + - www.example.com + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http + name: envoy-gateway/gateway-1/http/www_example_com + routes: + - match: + pathSeparatedPrefix: /foo + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: HTTPRoute + name: httproute-1 + namespace: default + name: httproute/default/httproute-1/rule/0/match/0/www_example_com + route: + cluster: httproute/default/httproute-1/rule/0 + upgradeConfigs: + - upgradeType: websocket + typedPerFilterConfig: + envoy.filters.http.jwt_authn: + '@type': type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.PerRouteConfig + requirementName: httproute/default/httproute-1/rule/0/match/0/www_example_com + envoy.filters.http.oauth2/securitypolicy/default/policy-for-http-route: + '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig + config: {} + envoy.filters.http.rbac: + '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBACPerRoute + rbac: + matcher: + matcherList: + matchers: + - onMatch: + action: + name: allow + typedConfig: + '@type': type.googleapis.com/envoy.config.rbac.v3.Action + name: ALLOW + predicate: + singlePredicate: + customMatch: + name: claim_matcher + typedConfig: + '@type': type.googleapis.com/envoy.extensions.matching.input_matchers.metadata.v3.Metadata + value: + listMatch: + oneOf: + stringMatch: + exact: foobar + input: + name: claim + typedConfig: + '@type': type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.DynamicMetadataInput + filter: envoy.filters.http.jwt_authn + path: + - key: exjwt + - key: groups + onNoMatch: + action: + name: default + typedConfig: + '@type': type.googleapis.com/envoy.config.rbac.v3.Action + action: DENY + name: DENY diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.secrets.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.secrets.yaml new file mode 100644 index 00000000000..8e76f23ccd3 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.secrets.yaml @@ -0,0 +1,8 @@ +- genericSecret: + secret: + inlineBytes: W3JlZGFjdGVkXQ== + name: oauth2/client_secret/securitypolicy/default/policy-for-http-route +- genericSecret: + secret: + inlineBytes: W3JlZGFjdGVkXQ== + name: oauth2/hmac_secret/securitypolicy/default/policy-for-http-route diff --git a/internal/xds/translator/tracing.go b/internal/xds/translator/tracing.go index 3e817bad1bf..ee3f4f5e907 100644 --- a/internal/xds/translator/tracing.go +++ b/internal/xds/translator/tracing.go @@ -6,7 +6,6 @@ package translator import ( - "errors" "fmt" "sort" @@ -176,7 +175,7 @@ func processClusterForTracing(tCtx *types.ResourceVersionTable, tracing *ir.Trac if traffic == nil { traffic = &ir.TrafficFeatures{} } - if err := addXdsCluster(tCtx, &xdsClusterArgs{ + return addXdsCluster(tCtx, &xdsClusterArgs{ name: tracing.Destination.Name, settings: tracing.Destination.Settings, tSocket: nil, @@ -191,8 +190,5 @@ func processClusterForTracing(tCtx *types.ResourceVersionTable, tracing *ir.Trac backendConnection: traffic.BackendConnection, dns: traffic.DNS, http2Settings: traffic.HTTP2, - }); err != nil && !errors.Is(err, ErrXdsClusterExists) { - return err - } - return nil + }) } diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go index c06c7195d7c..29bc7d2f5ff 100644 --- a/internal/xds/translator/translator.go +++ b/internal/xds/translator/translator.go @@ -34,11 +34,6 @@ import ( "github.com/envoyproxy/gateway/internal/xds/types" ) -var ( - ErrXdsClusterExists = errors.New("xds cluster exists") - ErrXdsSecretExists = errors.New("xds secret exists") -) - const ( AuthorityHeaderKey = ":authority" // The dummy cluster for TCP listeners that have no routes @@ -491,7 +486,7 @@ func (t *Translator) addRouteToRouteConfig( tSocket: nil, endpointType: EndpointTypeStatic, metrics: metrics, - }); err != nil && !errors.Is(err, ErrXdsClusterExists) { + }); err != nil { errs = errors.Join(errs, err) } } @@ -602,7 +597,7 @@ func (t *Translator) processTCPListenerXdsTranslation( patchProxyProtocolFilter(xdsListener, tcpListener.EnableProxyProtocol) for _, route := range tcpListener.Routes { - if err := processXdsCluster(tCtx, &TCPRouteTranslator{route}, &ExtraArgs{metrics: metrics}); err != nil && !errors.Is(err, ErrXdsClusterExists) { + if err := processXdsCluster(tCtx, &TCPRouteTranslator{route}, &ExtraArgs{metrics: metrics}); err != nil { errs = errors.Join(errs, err) } if route.TLS != nil && route.TLS.Terminate != nil { @@ -689,7 +684,7 @@ func processUDPListenerXdsTranslation( } // 1:1 between IR UDPRoute and xDS Cluster - if err := processXdsCluster(tCtx, &UDPRouteTranslator{route}, &ExtraArgs{metrics: metrics}); err != nil && !errors.Is(err, ErrXdsClusterExists) { + if err := processXdsCluster(tCtx, &UDPRouteTranslator{route}, &ExtraArgs{metrics: metrics}); err != nil { errs = errors.Join(errs, err) } } @@ -783,10 +778,7 @@ func findXdsEndpoint(tCtx *types.ResourceVersionTable, name string) *endpointv3. // processXdsCluster processes xds cluster with args per route. func processXdsCluster(tCtx *types.ResourceVersionTable, route clusterArgs, extras *ExtraArgs) error { - if err := addXdsCluster(tCtx, route.asClusterArgs(extras)); err != nil && !errors.Is(err, ErrXdsClusterExists) { - return err - } - return nil + return addXdsCluster(tCtx, route.asClusterArgs(extras)) } // findXdsSecret finds a xds secret with the same name, and returns nil if there is no match. @@ -805,10 +797,12 @@ func findXdsSecret(tCtx *types.ResourceVersionTable, name string) *tlsv3.Secret return nil } +// addXdsSecret adds a xds secret with args. +// If the secret already exists, it skips adding the secret and returns nil func addXdsSecret(tCtx *types.ResourceVersionTable, secret *tlsv3.Secret) error { - // Return early if cluster with the same name exists + // Return early if secret with the same name exists if c := findXdsSecret(tCtx, secret.Name); c != nil { - return ErrXdsSecretExists + return nil } if err := tCtx.AddXdsResource(resourcev3.SecretType, secret); err != nil { @@ -817,10 +811,15 @@ func addXdsSecret(tCtx *types.ResourceVersionTable, secret *tlsv3.Secret) error return nil } +// addXdsCluster adds a xds cluster with args. +// If the cluster already exists, it skips adding the cluster and returns nil. func addXdsCluster(tCtx *types.ResourceVersionTable, args *xdsClusterArgs) error { - // Return early if cluster with the same name exists + // Return early if cluster with the same name exists. + // All the current callers can all safely assume the xdsClusterArgs is the same for the clusters with the same name. + // If this assumption changes, the callers should call findXdsCluster first to check if the cluster already exists + // before calling addXdsCluster. if c := findXdsCluster(tCtx, args.name); c != nil { - return ErrXdsClusterExists + return nil } xdsCluster := buildXdsCluster(args) diff --git a/internal/xds/translator/utils.go b/internal/xds/translator/utils.go index 23d455edd9c..882d9b1e926 100644 --- a/internal/xds/translator/utils.go +++ b/internal/xds/translator/utils.go @@ -133,7 +133,6 @@ func createExtServiceXDSCluster(rd *ir.RouteDestination, traffic *ir.TrafficFeat var ( endpointType EndpointType tSocket *corev3.TransportSocket - err error ) // Make sure that there are safe defaults for the traffic @@ -148,7 +147,7 @@ func createExtServiceXDSCluster(rd *ir.RouteDestination, traffic *ir.TrafficFeat } else { endpointType = EndpointTypeStatic } - if err = addXdsCluster(tCtx, &xdsClusterArgs{ + return addXdsCluster(tCtx, &xdsClusterArgs{ name: rd.Name, settings: rd.Settings, tSocket: tSocket, @@ -162,10 +161,7 @@ func createExtServiceXDSCluster(rd *ir.RouteDestination, traffic *ir.TrafficFeat endpointType: endpointType, dns: traffic.DNS, http2Settings: traffic.HTTP2, - }); err != nil && !errors.Is(err, ErrXdsClusterExists) { - return err - } - return nil + }) } // addClusterFromURL adds a cluster to the resource version table from the provided URL. @@ -198,8 +194,5 @@ func addClusterFromURL(url string, tCtx *types.ResourceVersionTable) error { clusterArgs.tSocket = tSocket } - if err = addXdsCluster(tCtx, clusterArgs); err != nil && !errors.Is(err, ErrXdsClusterExists) { - return err - } - return nil + return addXdsCluster(tCtx, clusterArgs) } diff --git a/release-notes/current.yaml b/release-notes/current.yaml index bfbed17a9d0..7ede985b9d7 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -16,6 +16,7 @@ new features: | bug fixes: | Fixed failed to update SecurityPolicy resources with the `backendRef` field specified Fixed Envoy rejecting TCP Listeners that have no attached TCPRoutes + Fixed xDS translation failed when oidc tokenEndpoint and jwt remoteJWKS are specified in the same SecurityPolicy and using the same hostname # Enhancements that improve performance. performance improvements: | From a924cec6cc3a1d8cb78be06b61b6d238472c199b Mon Sep 17 00:00:00 2001 From: zirain Date: Wed, 20 Nov 2024 11:51:43 +0800 Subject: [PATCH 41/47] xds: use Cluster_AUTO DnsLookupFamily (#4740) * xds: use Cluster_AUTO DnsLookupFamily Signed-off-by: zirain * nit Signed-off-by: zirain * gen Signed-off-by: zirain --------- Signed-off-by: zirain --- .../translate/out/default-resources.all.yaml | 5 ----- .../translate/out/echo-gateway-api.cluster.yaml | 1 - .../translate/out/from-gateway-api-to-xds.all.json | 5 ----- .../translate/out/from-gateway-api-to-xds.all.yaml | 5 ----- .../out/from-gateway-api-to-xds.cluster.yaml | 5 ----- .../jwt-single-route-single-match-to-xds.all.json | 2 -- .../jwt-single-route-single-match-to-xds.all.yaml | 2 -- ...wt-single-route-single-match-to-xds.cluster.yaml | 2 -- .../translate/out/no-service-cluster-ip.all.yaml | 1 - internal/xds/translator/cluster.go | 13 ++++++++++--- .../extensionpolicy-tcp-udp-http.clusters.yaml | 3 --- .../http-route-extension-filter.clusters.yaml | 1 - .../out/extension-xds-ir/http-route.clusters.yaml | 1 - .../out/xds-ir/accesslog-als-tcp.clusters.yaml | 1 - .../testdata/out/xds-ir/accesslog-cel.clusters.yaml | 2 -- .../xds-ir/accesslog-endpoint-stats.clusters.yaml | 2 -- .../out/xds-ir/accesslog-formatters.clusters.yaml | 2 -- .../out/xds-ir/accesslog-multi-cel.clusters.yaml | 2 -- .../out/xds-ir/accesslog-types.clusters.yaml | 10 ---------- .../xds-ir/accesslog-without-format.clusters.yaml | 3 --- .../testdata/out/xds-ir/accesslog.clusters.yaml | 3 --- .../xds-ir/authorization-client-cidr.clusters.yaml | 3 --- .../xds-ir/authorization-jwt-claim.clusters.yaml | 4 ---- .../xds-ir/authorization-jwt-scope.clusters.yaml | 4 ---- .../authorization-multiple-principals.clusters.yaml | 1 - .../out/xds-ir/backend-buffer-limit.clusters.yaml | 3 --- .../out/xds-ir/backend-priority.clusters.yaml | 3 --- .../testdata/out/xds-ir/basic-auth.clusters.yaml | 3 --- .../out/xds-ir/circuit-breaker.clusters.yaml | 1 - .../out/xds-ir/client-buffer-limit.clusters.yaml | 2 -- .../out/xds-ir/client-ip-detection.clusters.yaml | 3 --- .../out/xds-ir/client-timeout.clusters.yaml | 2 -- .../testdata/out/xds-ir/cors.clusters.yaml | 1 - .../out/xds-ir/custom-filter-order.clusters.yaml | 2 -- .../out/xds-ir/custom-response.clusters.yaml | 1 - .../out/xds-ir/ext-auth-backend.clusters.yaml | 5 ----- .../out/xds-ir/ext-auth-recomputation.clusters.yaml | 5 ----- .../testdata/out/xds-ir/ext-auth.clusters.yaml | 5 ----- .../ext-proc-with-traffic-settings.clusters.yaml | 3 --- .../testdata/out/xds-ir/ext-proc.clusters.yaml | 6 ------ .../out/xds-ir/fault-injection.clusters.yaml | 5 ----- ...headers-with-preserve-x-request-id.clusters.yaml | 2 -- .../headers-with-underscores-action.clusters.yaml | 4 ---- .../testdata/out/xds-ir/health-check.clusters.yaml | 5 ----- .../xds-ir/http-early-header-mutation.clusters.yaml | 2 -- .../out/xds-ir/http-endpoint-stats.clusters.yaml | 1 - .../out/xds-ir/http-health-check.clusters.yaml | 1 - .../http-preserve-client-protocol.clusters.yaml | 1 - .../xds-ir/http-req-resp-sizes-stats.clusters.yaml | 1 - .../xds-ir/http-route-direct-response.clusters.yaml | 1 - .../out/xds-ir/http-route-dns-cluster.clusters.yaml | 1 - .../out/xds-ir/http-route-mirror.clusters.yaml | 1 - .../http-route-multiple-matches.clusters.yaml | 7 ------- .../http-route-multiple-mirrors.clusters.yaml | 3 --- .../xds-ir/http-route-partial-invalid.clusters.yaml | 1 - .../out/xds-ir/http-route-redirect.clusters.yaml | 1 - .../out/xds-ir/http-route-regex.clusters.yaml | 1 - .../xds-ir/http-route-request-headers.clusters.yaml | 1 - .../http-route-response-add-headers.clusters.yaml | 1 - ...-route-response-add-remove-headers.clusters.yaml | 1 - ...http-route-response-remove-headers.clusters.yaml | 1 - ...route-rewrite-root-path-url-prefix.clusters.yaml | 1 - ...write-sufixx-with-slash-url-prefix.clusters.yaml | 1 - .../http-route-rewrite-url-fullpath.clusters.yaml | 1 - .../http-route-rewrite-url-host.clusters.yaml | 1 - .../http-route-rewrite-url-prefix.clusters.yaml | 1 - .../http-route-rewrite-url-regex.clusters.yaml | 1 - .../http-route-session-persistence.clusters.yaml | 1 - .../out/xds-ir/http-route-timeout.clusters.yaml | 3 --- ...http-route-weighted-backend-uds-ip.clusters.yaml | 1 - ...oute-weighted-backend-with-filters.clusters.yaml | 2 -- .../http-route-weighted-backend.clusters.yaml | 1 - ...ttp-route-weighted-invalid-backend.clusters.yaml | 1 - .../xds-ir/http-route-with-clientcert.clusters.yaml | 1 - .../xds-ir/http-route-with-metadata.clusters.yaml | 2 -- ...p-route-with-tls-system-truststore.clusters.yaml | 1 - ...oute-with-tlsbundle-multiple-certs.clusters.yaml | 2 -- .../xds-ir/http-route-with-tlsbundle.clusters.yaml | 1 - .../testdata/out/xds-ir/http-route.clusters.yaml | 1 - .../out/xds-ir/http1-preserve-case.clusters.yaml | 2 -- .../out/xds-ir/http1-trailers.clusters.yaml | 1 - .../testdata/out/xds-ir/http10.clusters.yaml | 1 - .../testdata/out/xds-ir/http2-route.clusters.yaml | 4 ---- .../testdata/out/xds-ir/http2.clusters.yaml | 1 - .../testdata/out/xds-ir/http3.clusters.yaml | 1 - .../xds-ir/jsonpatch-missing-resource.clusters.yaml | 1 - .../xds-ir/jsonpatch-with-jsonpath.clusters.yaml | 2 -- .../testdata/out/xds-ir/jsonpatch.clusters.yaml | 1 - .../out/xds-ir/jwt-custom-extractor.clusters.yaml | 2 -- .../jwt-multi-route-multi-provider.clusters.yaml | 4 ---- .../jwt-multi-route-single-provider.clusters.yaml | 3 --- .../testdata/out/xds-ir/jwt-optional.clusters.yaml | 2 -- .../testdata/out/xds-ir/jwt-ratelimit.clusters.yaml | 5 ----- .../jwt-single-route-single-match.clusters.yaml | 2 -- .../xds-ir/listener-connection-limit.clusters.yaml | 4 ---- .../xds-ir/listener-proxy-protocol.clusters.yaml | 2 -- .../out/xds-ir/listener-tcp-keepalive.clusters.yaml | 4 ---- .../testdata/out/xds-ir/load-balancer.clusters.yaml | 10 ---------- .../out/xds-ir/local-ratelimit.clusters.yaml | 3 --- .../out/xds-ir/metrics-virtual-host.clusters.yaml | 1 - .../out/xds-ir/mixed-tls-jwt-authn.clusters.yaml | 1 - ...s-same-port-with-different-filters.clusters.yaml | 5 ----- .../multiple-listeners-same-port.clusters.yaml | 6 ------ ...ultiple-simple-tcp-route-same-port.clusters.yaml | 5 ----- ...lient-certificate-with-custom-data.clusters.yaml | 5 ----- ...ual-tls-forward-client-certificate.clusters.yaml | 5 ----- ...quired-client-certificate-disabled.clusters.yaml | 2 -- .../testdata/out/xds-ir/mutual-tls.clusters.yaml | 2 -- .../oidc-backend-cluster-provider.clusters.yaml | 2 -- .../testdata/out/xds-ir/oidc.clusters.yaml | 4 ---- .../testdata/out/xds-ir/path-settings.clusters.yaml | 1 - .../xds-ir/proxy-protocol-upstream.clusters.yaml | 1 - .../xds-ir/ratelimit-custom-domain.clusters.yaml | 4 ---- .../xds-ir/ratelimit-disable-headers.clusters.yaml | 4 ---- .../xds-ir/ratelimit-endpoint-stats.clusters.yaml | 4 ---- .../xds-ir/ratelimit-headers-and-cidr.clusters.yaml | 4 ---- .../out/xds-ir/ratelimit-sourceip.clusters.yaml | 5 ----- .../testdata/out/xds-ir/ratelimit.clusters.yaml | 5 ----- .../out/xds-ir/retry-partial-invalid.clusters.yaml | 1 - ...securitypolicy-with-oidc-jwt-authz.clusters.yaml | 2 -- .../testdata/out/xds-ir/simple-tls.clusters.yaml | 1 - .../out/xds-ir/suppress-envoy-headers.clusters.yaml | 1 - .../out/xds-ir/tcp-endpoint-stats.clusters.yaml | 1 - .../out/xds-ir/tcp-listener-ipfamily.clusters.yaml | 1 - .../xds-ir/tcp-req-resp-sizes-stats.clusters.yaml | 1 - .../out/xds-ir/tcp-route-complex.clusters.yaml | 1 - .../out/xds-ir/tcp-route-simple.clusters.yaml | 1 - .../xds-ir/tcp-route-tls-terminate.clusters.yaml | 2 -- .../xds-ir/tcp-route-weighted-backend.clusters.yaml | 1 - .../testdata/out/xds-ir/timeout.clusters.yaml | 1 - .../out/xds-ir/tls-route-passthrough.clusters.yaml | 2 -- .../tls-with-ciphers-versions-alpn.clusters.yaml | 2 -- .../out/xds-ir/tracing-datadog.clusters.yaml | 2 -- .../out/xds-ir/tracing-endpoint-stats.clusters.yaml | 2 -- .../out/xds-ir/tracing-zipkin.clusters.yaml | 2 -- .../testdata/out/xds-ir/tracing.clusters.yaml | 2 -- .../out/xds-ir/udp-endpoint-stats.clusters.yaml | 1 - .../xds-ir/udp-req-resp-sizes-stats.clusters.yaml | 1 - .../testdata/out/xds-ir/udp-route.clusters.yaml | 1 - .../out/xds-ir/upstream-tcpkeepalive.clusters.yaml | 1 - .../testdata/out/xds-ir/wasm.clusters.yaml | 2 -- 141 files changed, 10 insertions(+), 336 deletions(-) diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index 26e42496459..63d685e9cd1 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -772,7 +772,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -792,7 +791,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -819,7 +817,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -839,7 +836,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -859,7 +855,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml index cc99b73a833..9bb0bc2ac1c 100644 --- a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml +++ b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml @@ -100,7 +100,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json index a89e4bcdae3..b0524fac2b6 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json @@ -458,7 +458,6 @@ "localityWeightedLbConfig": {} }, "connectTimeout": "10s", - "dnsLookupFamily": "V4_ONLY", "edsClusterConfig": { "edsConfig": { "ads": {}, @@ -488,7 +487,6 @@ "localityWeightedLbConfig": {} }, "connectTimeout": "10s", - "dnsLookupFamily": "V4_ONLY", "edsClusterConfig": { "edsConfig": { "ads": {}, @@ -529,7 +527,6 @@ "localityWeightedLbConfig": {} }, "connectTimeout": "10s", - "dnsLookupFamily": "V4_ONLY", "edsClusterConfig": { "edsConfig": { "ads": {}, @@ -559,7 +556,6 @@ "localityWeightedLbConfig": {} }, "connectTimeout": "10s", - "dnsLookupFamily": "V4_ONLY", "edsClusterConfig": { "edsConfig": { "ads": {}, @@ -589,7 +585,6 @@ "localityWeightedLbConfig": {} }, "connectTimeout": "10s", - "dnsLookupFamily": "V4_ONLY", "edsClusterConfig": { "edsConfig": { "ads": {}, diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml index fbb1df4f5b0..e4895ddc9df 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml @@ -251,7 +251,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -271,7 +270,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -298,7 +296,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -318,7 +315,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -338,7 +334,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml index 7545c4660d0..aa348c640c9 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml @@ -10,7 +10,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -30,7 +29,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -57,7 +55,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -77,7 +74,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -97,7 +93,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json index 6ce6ee01347..900c70f82ff 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json @@ -350,7 +350,6 @@ "localityWeightedLbConfig": {} }, "connectTimeout": "10s", - "dnsLookupFamily": "V4_ONLY", "edsClusterConfig": { "edsConfig": { "ads": {}, @@ -380,7 +379,6 @@ "localityWeightedLbConfig": {} }, "connectTimeout": "10s", - "dnsLookupFamily": "V4_ONLY", "dnsRefreshRate": "30s", "lbPolicy": "LEAST_REQUEST", "loadAssignment": { diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml index 237f0f3a4ac..a91da546cbb 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml @@ -195,7 +195,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -215,7 +214,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.cluster.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.cluster.yaml index 9d93c93a8a4..ee8af9b7c15 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.cluster.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.cluster.yaml @@ -10,7 +10,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -30,7 +29,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml index 517f3482f9f..3013f6d0a4e 100644 --- a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml @@ -195,7 +195,6 @@ xds: commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/cluster.go b/internal/xds/translator/cluster.go index 5a13076e456..495640ff90a 100644 --- a/internal/xds/translator/cluster.go +++ b/internal/xds/translator/cluster.go @@ -84,9 +84,16 @@ func buildEndpointType(settings []*ir.DestinationSetting) EndpointType { } func buildXdsCluster(args *xdsClusterArgs) *clusterv3.Cluster { - dnsLookupFamily := clusterv3.Cluster_V4_ONLY - if args.ipFamily != nil && *args.ipFamily == egv1a1.DualStack { - dnsLookupFamily = clusterv3.Cluster_ALL + dnsLookupFamily := clusterv3.Cluster_AUTO + if args.ipFamily != nil { + switch *args.ipFamily { + case egv1a1.IPv4: + dnsLookupFamily = clusterv3.Cluster_V4_ONLY + case egv1a1.IPv6: + dnsLookupFamily = clusterv3.Cluster_V6_ONLY + case egv1a1.DualStack: + dnsLookupFamily = clusterv3.Cluster_ALL + } } cluster := &clusterv3.Cluster{ Name: args.name, diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml index a6d3c9e969b..ed3cb77ab01 100644 --- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml +++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.clusters.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.clusters.yaml index f986750be1b..dbfd7c8e2b2 100644 --- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.clusters.yaml +++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.clusters.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.clusters.yaml index f986750be1b..dbfd7c8e2b2 100644 --- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.clusters.yaml +++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml index 9696a28a86c..85a1bf46bac 100755 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml @@ -5,7 +5,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 15s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml index 22d5e08aca3..7faf19f8bb4 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml index 7709f2c4e9c..dae7cbc0d4a 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -24,7 +23,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml index 22d5e08aca3..7faf19f8bb4 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml index 22d5e08aca3..7faf19f8bb4 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml index 5e41cf09397..98d56781cb2 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -47,7 +45,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -72,7 +69,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -97,7 +93,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -122,7 +117,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -147,7 +141,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -172,7 +165,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: @@ -206,7 +198,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: @@ -240,7 +231,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml index dbf145e7d6d..967893fbd41 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -47,7 +45,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml index dbf145e7d6d..967893fbd41 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -47,7 +45,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.clusters.yaml index 0002897cb8d..815e3e469ea 100644 --- a/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.clusters.yaml index f5211bc9922..3e81abb2f4e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: @@ -76,7 +73,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.clusters.yaml index f5211bc9922..3e81abb2f4e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: @@ -76,7 +73,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.clusters.yaml index 1c72d4f070f..a5da3995b99 100644 --- a/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.clusters.yaml index e36a7f976be..ae291870e19 100644 --- a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-priority.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-priority.clusters.yaml index 4088295c2de..64ef05a8795 100644 --- a/internal/xds/translator/testdata/out/xds-ir/backend-priority.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/backend-priority.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/basic-auth.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/basic-auth.clusters.yaml index 1c7cbaf45e0..e170f954954 100644 --- a/internal/xds/translator/testdata/out/xds-ir/basic-auth.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/basic-auth.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.clusters.yaml index 93e5ebb91b6..a39d931e4d8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.clusters.yaml @@ -7,7 +7,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.clusters.yaml index 045afb39e71..53d0ae1b88c 100644 --- a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.clusters.yaml index b7a2badfead..f36c0f1c777 100644 --- a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/client-timeout.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/client-timeout.clusters.yaml index 820f85f625b..b3601621bf2 100644 --- a/internal/xds/translator/testdata/out/xds-ir/client-timeout.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/client-timeout.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/cors.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/cors.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/cors.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/cors.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml index 0e10ab58f0c..7b61aaf5f37 100644 --- a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: @@ -40,7 +39,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-response.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-response.clusters.yaml index 1c72d4f070f..a5da3995b99 100644 --- a/internal/xds/translator/testdata/out/xds-ir/custom-response.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/custom-response.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml index 18846488a59..db4efa180a8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: @@ -92,7 +88,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.clusters.yaml index 18846488a59..db4efa180a8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: @@ -92,7 +88,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml index ba70eb86e94..4b9e2de2200 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -83,7 +79,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.clusters.yaml index 3bac84394be..d885aaddd66 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -41,7 +39,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 15s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml index ede262a5694..6fcc3830e4f 100755 --- a/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -65,7 +62,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -90,7 +86,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -115,7 +110,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/fault-injection.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/fault-injection.clusters.yaml index ff3aedce52a..77dc55a8476 100644 --- a/internal/xds/translator/testdata/out/xds-ir/fault-injection.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/fault-injection.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -76,7 +72,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.clusters.yaml index 820f85f625b..b3601621bf2 100755 --- a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.clusters.yaml index 0a3d6ba340e..754b5ae5d02 100755 --- a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/health-check.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/health-check.clusters.yaml index 09b9396270a..1d42d3495d8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/health-check.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/health-check.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -43,7 +42,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -80,7 +78,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -114,7 +111,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -149,7 +145,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.clusters.yaml index 35b68d18b32..1774ac35006 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -32,7 +31,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.clusters.yaml index f1b16b07b54..8256f58d447 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-health-check.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-health-check.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-health-check.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-health-check.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml index 4f007ff7c47..73c0f3ee8b8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.clusters.yaml index 9b420408aaa..d552d11a437 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.clusters.yaml index 3e4300de532..90ea1e3123d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml index 876e1084c87..d6f92da0027 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.clusters.yaml index 0bd72d2b460..7b147f2cc9e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.clusters.yaml index d76408ee96f..7dee2fae954 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -76,7 +72,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -94,7 +89,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -112,7 +106,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.clusters.yaml index 7be6b0f7ade..af01a8494ca 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.clusters.yaml index 565c93fd5ff..3847b55b7e3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.clusters.yaml index c8dc8147580..2e8d489ec0a 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.clusters.yaml index de1e5ced9a4..c3beb47b89f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.clusters.yaml index 1e0be1f0405..db56b6185c5 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.clusters.yaml index f3b7838ceee..7b45637ccff 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.clusters.yaml index f3b7838ceee..7b45637ccff 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.clusters.yaml index f3b7838ceee..7b45637ccff 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.clusters.yaml index 3041d18c4eb..48272f1f225 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml index 3041d18c4eb..48272f1f225 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.clusters.yaml index 8290c2d1837..03f27845ffe 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.clusters.yaml index 3041d18c4eb..48272f1f225 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.clusters.yaml index 3041d18c4eb..48272f1f225 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.clusters.yaml index 8290c2d1837..03f27845ffe 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.clusters.yaml index de1e5ced9a4..c3beb47b89f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.clusters.yaml index b7a2badfead..f36c0f1c777 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.clusters.yaml index 820f85f625b..b3601621bf2 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.clusters.yaml index a9be418a101..390c26b1ab8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.clusters.yaml index 820f85f625b..b3601621bf2 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.clusters.yaml index fccf18807c5..49c8eebc00e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.clusters.yaml index 51702c7c79b..df5e85c34f2 100755 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -63,7 +62,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.clusters.yaml index 73cb7f276b2..2744cfc19d8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.clusters.yaml index ee7ebf5a19f..4cfa7db1e7e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -32,7 +31,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.clusters.yaml index 7fb571dc42f..1b3c2957d3f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http10.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http10.clusters.yaml index de12099b7de..62a8d033f04 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http10.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http10.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml index 0a2796cd6ac..2c58afdaac7 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -31,7 +30,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -56,7 +54,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -84,7 +81,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http2.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http2.clusters.yaml index 9ada55d6523..ff1dac67640 100755 --- a/internal/xds/translator/testdata/out/xds-ir/http2.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http2.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml index 1c72d4f070f..a5da3995b99 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.clusters.yaml index f9a046becf5..f1725d0f618 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.clusters.yaml index 745719faa2b..009411dcdf4 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.clusters.yaml index 8f5d81ea045..95dbaeaeb9d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.clusters.yaml index 308f92773e8..4af517cab1d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: @@ -67,7 +64,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.clusters.yaml index 8555780dab4..081ef33d842 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.clusters.yaml index 8f5d81ea045..95dbaeaeb9d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml index a5f1527ade9..6701b170b27 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -85,7 +81,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.clusters.yaml index 8f5d81ea045..95dbaeaeb9d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml index ddded90e04f..2f38dd9d3aa 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.clusters.yaml index c21b71ce6c5..6cae3947b35 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml index ddded90e04f..2f38dd9d3aa 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/load-balancer.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/load-balancer.clusters.yaml index 0c2202ce28f..5067244aeba 100644 --- a/internal/xds/translator/testdata/out/xds-ir/load-balancer.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/load-balancer.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -21,7 +20,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -39,7 +37,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -57,7 +54,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -75,7 +71,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -96,7 +91,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -116,7 +110,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -134,7 +127,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -154,7 +146,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -172,7 +163,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.clusters.yaml index b7a2badfead..f36c0f1c777 100644 --- a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.clusters.yaml index c3b0666ab24..21ebdea126b 100755 --- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -76,7 +72,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.clusters.yaml index bd6b6e1ae2e..8d9e43d36cf 100644 --- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -76,7 +72,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -94,7 +89,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.clusters.yaml index 19e6869eb5e..b98d486efea 100644 --- a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -76,7 +72,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.clusters.yaml index ff3aedce52a..77dc55a8476 100644 --- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -76,7 +72,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.clusters.yaml index ff3aedce52a..77dc55a8476 100644 --- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -76,7 +72,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.clusters.yaml index 16f6727a1a1..8d317defa13 100644 --- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.clusters.yaml index 16f6727a1a1..8d317defa13 100644 --- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.clusters.yaml index e467e24db53..ca2d3f5e3fb 100644 --- a/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc.clusters.yaml index f196a3fdd9a..52523fffbb8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/oidc.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/oidc.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: @@ -76,7 +73,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/path-settings.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/path-settings.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/path-settings.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/path-settings.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.clusters.yaml index 47b4007397e..c5555faa87a 100644 --- a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml index 182245f1986..dc5c30ab312 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml index d2577b68f8b..b74141720fa 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml index 4e607e59dbb..4eab9980691 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -24,7 +23,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -44,7 +42,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -64,7 +61,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.clusters.yaml index d2577b68f8b..b74141720fa 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml index 8aff78e3195..a2926d67edd 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -76,7 +72,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml index 8aff78e3195..a2926d67edd 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -40,7 +38,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -58,7 +55,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -76,7 +72,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml index 1535201f87b..f4f58fe1cc9 100644 --- a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/simple-tls.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/simple-tls.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/simple-tls.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/simple-tls.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.clusters.yaml index 9ada55d6523..ff1dac67640 100644 --- a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml index c341dab16a6..d5e5aeaf991 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.clusters.yaml index 1daefb357c5..394a72179b0 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml index 5e82e21cc85..8fd985878cc 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.clusters.yaml index c6291c77dd5..7c294e2efa3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.clusters.yaml index aa8f0b0902b..2653bb96c8d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.clusters.yaml index dbd196ef664..122e0dad7dc 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.clusters.yaml index 2219185b250..da821625c09 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/timeout.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/timeout.clusters.yaml index 4c2749a767a..109e9d1392c 100644 --- a/internal/xds/translator/testdata/out/xds-ir/timeout.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/timeout.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 31s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.clusters.yaml index c2659deb6c9..4cfa1289322 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.clusters.yaml index 16f6727a1a1..8d317defa13 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.clusters.yaml index 7597e1328d9..12088c45682 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml index 7ea8aa936c4..304574452d2 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -24,7 +23,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml index f1a975a6e6a..d1459afe991 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml index 975086f5fff..f211422edc5 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -23,7 +22,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 15s - dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s lbPolicy: LEAST_REQUEST loadAssignment: diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.clusters.yaml index dd47af97cdd..6090f4f8ec2 100644 --- a/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.clusters.yaml index 7ce45648946..2f1ed3604e8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-route.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-route.clusters.yaml index e153c882fd6..14df838b6e6 100644 --- a/internal/xds/translator/testdata/out/xds-ir/udp-route.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/udp-route.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.clusters.yaml index eca236db657..5d663e5665e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml index 408fc9c218e..8e3ac051015 100755 --- a/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml @@ -4,7 +4,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} @@ -22,7 +21,6 @@ commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s - dnsLookupFamily: V4_ONLY edsClusterConfig: edsConfig: ads: {} From 950dde6adea9802e54b0dbf8cc8d5088a46783b5 Mon Sep 17 00:00:00 2001 From: Kebe Date: Wed, 20 Nov 2024 16:32:22 +0800 Subject: [PATCH 42/47] fix: remove container's ports field (#4714) Signed-off-by: Kebe --- .../kubernetes/proxy/resource.go | 21 ------------------- .../testdata/daemonsets/component-level.yaml | 6 ------ .../proxy/testdata/daemonsets/custom.yaml | 6 ------ .../testdata/daemonsets/default-env.yaml | 6 ------ .../proxy/testdata/daemonsets/default.yaml | 6 ------ .../daemonsets/disable-prometheus.yaml | 7 ------- .../testdata/daemonsets/extension-env.yaml | 6 ------ .../override-labels-and-annotations.yaml | 6 ------ .../testdata/daemonsets/patch-daemonset.yaml | 6 ------ .../testdata/daemonsets/shutdown-manager.yaml | 6 ------ .../proxy/testdata/daemonsets/volumes.yaml | 6 ------ .../testdata/daemonsets/with-annotations.yaml | 6 ------ .../testdata/daemonsets/with-concurrency.yaml | 6 ------ .../testdata/daemonsets/with-extra-args.yaml | 6 ------ .../daemonsets/with-image-pull-secrets.yaml | 6 ------ .../proxy/testdata/daemonsets/with-name.yaml | 6 ------ .../daemonsets/with-node-selector.yaml | 6 ------ .../with-topology-spread-constraints.yaml | 6 ------ .../proxy/testdata/deployments/bootstrap.yaml | 6 ------ .../testdata/deployments/component-level.yaml | 6 ------ .../proxy/testdata/deployments/custom.yaml | 6 ------ .../custom_with_initcontainers.yaml | 6 ------ .../testdata/deployments/default-env.yaml | 6 ------ .../proxy/testdata/deployments/default.yaml | 6 ------ .../deployments/disable-prometheus.yaml | 7 ------- .../testdata/deployments/extension-env.yaml | 6 ------ .../override-labels-and-annotations.yaml | 6 ------ .../deployments/patch-deployment.yaml | 6 ------ .../deployments/shutdown-manager.yaml | 6 ------ .../proxy/testdata/deployments/volumes.yaml | 6 ------ .../deployments/with-annotations.yaml | 6 ------ .../deployments/with-concurrency.yaml | 6 ------ .../deployments/with-empty-memory-limits.yaml | 6 ------ .../testdata/deployments/with-extra-args.yaml | 6 ------ .../deployments/with-image-pull-secrets.yaml | 6 ------ .../proxy/testdata/deployments/with-name.yaml | 6 ------ .../deployments/with-node-selector.yaml | 6 ------ .../with-topology-spread-constraints.yaml | 6 ------ release-notes/current.yaml | 2 +- 39 files changed, 1 insertion(+), 246 deletions(-) diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go index aa5a4d64e70..55b3cb10623 100644 --- a/internal/infrastructure/kubernetes/proxy/resource.go +++ b/internal/infrastructure/kubernetes/proxy/resource.go @@ -89,27 +89,6 @@ func expectedProxyContainers(infra *ir.ProxyInfra, // Define slice to hold container ports var ports []corev1.ContainerPort - // Iterate over listeners and ports to get container ports - for _, listener := range infra.Listeners { - for _, p := range listener.Ports { - var protocol corev1.Protocol - switch p.Protocol { - case ir.HTTPProtocolType, ir.HTTPSProtocolType, ir.TLSProtocolType, ir.TCPProtocolType: - protocol = corev1.ProtocolTCP - case ir.UDPProtocolType: - protocol = corev1.ProtocolUDP - default: - return nil, fmt.Errorf("invalid protocol %q", p.Protocol) - } - port := corev1.ContainerPort{ - Name: p.Name, - ContainerPort: p.ContainerPort, - Protocol: protocol, - } - ports = append(ports, port) - } - } - if enablePrometheus(infra) { ports = append(ports, corev1.ContainerPort{ Name: "metrics", diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml index d68b1e56076..5b0f132f0b9 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml @@ -66,12 +66,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml index b3472d7ce4a..c776209328c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml @@ -249,12 +249,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml index 329cb6fcfdb..0b19c488769 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml @@ -248,12 +248,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml index 7fd747bfc54..56a589683bd 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml @@ -233,12 +233,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml index 8de53f5399b..2e0d28b8ae0 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml @@ -206,13 +206,6 @@ spec: port: 19002 scheme: HTTP name: envoy - ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP readinessProbe: failureThreshold: 1 httpGet: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml index ae4f11bf6a4..300ad8663de 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml @@ -252,12 +252,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml index fd9dad594d2..9bd9262b00f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml @@ -242,12 +242,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml index 44303a333ff..9e2901ea793 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml @@ -233,12 +233,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml index f656e51276b..ee53271eedb 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml @@ -233,12 +233,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml index 268a27505a6..31900415e4e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml @@ -252,12 +252,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml index de2cfc52cb5..478248125c1 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml @@ -238,12 +238,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml index 35135058572..409d1ee542d 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml @@ -66,12 +66,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml index bd684b6f4d5..abcf5df5843 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml @@ -235,12 +235,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml index 924d99cee9f..63f4b88837b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml @@ -233,12 +233,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml index 0f6bb5dcb83..00f4cde053f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml @@ -233,12 +233,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml index 69797a95a41..338aee23c5d 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml @@ -233,12 +233,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml index b8cf4d12a6c..65d61d1f79d 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml @@ -233,12 +233,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml index 9cb872f552a..b9d6973e3e5 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml @@ -69,12 +69,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml index 80fa00394ae..30172b63ce8 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml @@ -70,12 +70,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index dff786a3515..a319317f707 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -254,12 +254,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml index 65079b2316e..8d2203c31bb 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml @@ -254,12 +254,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml index 88371d81d1f..b028a291e74 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml @@ -253,12 +253,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml index 57a62e569b5..2dd512c5fcb 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml @@ -237,12 +237,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml index e575a3f3111..e2afb845d04 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml @@ -210,13 +210,6 @@ spec: port: 19002 scheme: HTTP name: envoy - ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP readinessProbe: failureThreshold: 1 httpGet: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml index 9b84c2b4177..2c6bb786992 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml @@ -257,12 +257,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml index 6300b906552..cda0dd531da 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml @@ -246,12 +246,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml index 269909aec48..97c5760f631 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml @@ -237,12 +237,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml index 5774c9dc1d2..81c7fad6ea3 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml @@ -237,12 +237,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml index 9f6f50940c8..a1df598b9fe 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml @@ -257,12 +257,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml index 3924adc4869..e21f0f78ffa 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml @@ -242,12 +242,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml index 2086f2297a9..16df5efe6a3 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml @@ -70,12 +70,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml index ce6f8b7b5de..c2db49a1246 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml @@ -237,12 +237,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml index bc0a7e23a5a..402614eb808 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml @@ -239,12 +239,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml index 360253c560e..5eb37e92d77 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml @@ -237,12 +237,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml index 52ea316c857..5e6bbd62cb7 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml @@ -237,12 +237,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml index 6a8cfb126be..55137dfe205 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml @@ -237,12 +237,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml index 3bdf275ce09..adc7784549e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml @@ -237,12 +237,6 @@ spec: scheme: HTTP name: envoy ports: - - containerPort: 8080 - name: EnvoyHTTPPort - protocol: TCP - - containerPort: 8443 - name: EnvoyHTTPSPort - protocol: TCP - containerPort: 19001 name: metrics protocol: TCP diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 7ede985b9d7..dc452458a21 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -2,7 +2,7 @@ date: Pending # Changes that are expected to cause an incompatibility with previous versions, such as deletions or modifications to existing APIs. breaking changes: | - Add a breaking change here + The Container `ports` field of the gateway instance has been removed, which will cause the gateway Pod to be rebuilt when upgrading the version. # Updates addressing vulnerabilities, security flaws, or compliance requirements. security updates: | From 6c6633c2a8bfc772415ea3bf68e14ef20064cb22 Mon Sep 17 00:00:00 2001 From: Guy Daich Date: Wed, 20 Nov 2024 08:10:52 -0600 Subject: [PATCH 43/47] api: support disable ALPN in CTP (#4515) * support disable ALPN in CTP Signed-off-by: Guy Daich * fix gen Signed-off-by: Guy Daich --------- Signed-off-by: Guy Daich --- api/v1alpha1/tls_types.go | 7 +- ...y.envoyproxy.io_clienttrafficpolicies.yaml | 7 +- .../gateway.envoyproxy.io_envoyproxies.yaml | 7 +- internal/gatewayapi/clienttrafficpolicy.go | 2 +- .../clienttrafficpolicy-tls-settings.in.yaml | 61 +++++ .../clienttrafficpolicy-tls-settings.out.yaml | 229 ++++++++++++++++++ release-notes/current.yaml | 2 + site/content/en/latest/api/extension_types.md | 6 +- site/content/zh/latest/api/extension_types.md | 6 +- 9 files changed, 317 insertions(+), 10 deletions(-) diff --git a/api/v1alpha1/tls_types.go b/api/v1alpha1/tls_types.go index b926558c525..bf2a1f50569 100644 --- a/api/v1alpha1/tls_types.go +++ b/api/v1alpha1/tls_types.go @@ -69,7 +69,12 @@ type TLSSettings struct { SignatureAlgorithms []string `json:"signatureAlgorithms,omitempty"` // ALPNProtocols supplies the list of ALPN protocols that should be - // exposed by the listener. By default h2 and http/1.1 are enabled. + // exposed by the listener or used by the proxy to connect to the backend. + // Defaults: + // 1. HTTPS Routes: h2 and http/1.1 are enabled in listener context. + // 2. Other Routes: ALPN is disabled. + // 3. Backends: proxy uses the appropriate ALPN options for the backend protocol. + // When an empty list is provided, the ALPN TLS extension is disabled. // Supported values are: // - http/1.0 // - http/1.1 diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml index ad17b8101d2..d3afb65b302 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml @@ -689,7 +689,12 @@ spec: alpnProtocols: description: |- ALPNProtocols supplies the list of ALPN protocols that should be - exposed by the listener. By default h2 and http/1.1 are enabled. + exposed by the listener or used by the proxy to connect to the backend. + Defaults: + 1. HTTPS Routes: h2 and http/1.1 are enabled in listener context. + 2. Other Routes: ALPN is disabled. + 3. Backends: proxy uses the appropriate ALPN options for the backend protocol. + When an empty list is provided, the ALPN TLS extension is disabled. Supported values are: - http/1.0 - http/1.1 diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml index 4277092874a..84fb126a79b 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml @@ -51,7 +51,12 @@ spec: alpnProtocols: description: |- ALPNProtocols supplies the list of ALPN protocols that should be - exposed by the listener. By default h2 and http/1.1 are enabled. + exposed by the listener or used by the proxy to connect to the backend. + Defaults: + 1. HTTPS Routes: h2 and http/1.1 are enabled in listener context. + 2. Other Routes: ALPN is disabled. + 3. Backends: proxy uses the appropriate ALPN options for the backend protocol. + When an empty list is provided, the ALPN TLS extension is disabled. Supported values are: - http/1.0 - http/1.1 diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go index bded79d4cf9..1c8d0f8af4a 100644 --- a/internal/gatewayapi/clienttrafficpolicy.go +++ b/internal/gatewayapi/clienttrafficpolicy.go @@ -780,7 +780,7 @@ func (t *Translator) buildListenerTLSParameters(policy *egv1a1.ClientTrafficPoli return irTLSConfig, nil } - if len(tlsParams.ALPNProtocols) > 0 { + if tlsParams.ALPNProtocols != nil { irTLSConfig.ALPNProtocols = make([]string, len(tlsParams.ALPNProtocols)) for i := range tlsParams.ALPNProtocols { irTLSConfig.ALPNProtocols[i] = string(tlsParams.ALPNProtocols[i]) diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.in.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.in.yaml index bc5878a52f0..ffe526627f2 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.in.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.in.yaml @@ -26,6 +26,29 @@ clientTrafficPolicies: resumption: stateless: {} stateful: {} +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + namespace: envoy-gateway + name: target-gateway-2 + spec: + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-2 + tls: + alpnProtocols: [] +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + namespace: envoy-gateway + name: target-gateway-3 + spec: + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-3 + tls: gateways: - apiVersion: gateway.networking.k8s.io/v1 kind: Gateway @@ -52,6 +75,44 @@ gateways: allowedRoutes: namespaces: from: Same +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-2 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http-1 + protocol: HTTPS + port: 443 + allowedRoutes: + namespaces: + from: Same + tls: + mode: Terminate + certificateRefs: + - name: tls-secret-1 + namespace: envoy-gateway +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-3 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http-1 + protocol: HTTPS + port: 443 + allowedRoutes: + namespaces: + from: Same + tls: + mode: Terminate + certificateRefs: + - name: tls-secret-1 + namespace: envoy-gateway secrets: - apiVersion: v1 kind: Secret diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml index ad3ed484f56..e673ed66b7a 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml @@ -41,6 +41,57 @@ clientTrafficPolicies: status: "True" type: Accepted controllerName: gateway.envoyproxy.io/gatewayclass-controller +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + creationTimestamp: null + name: target-gateway-2 + namespace: envoy-gateway + spec: + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-2 + tls: {} + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-2 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + creationTimestamp: null + name: target-gateway-3 + namespace: envoy-gateway + spec: + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-3 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-3 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller gateways: - apiVersion: gateway.networking.k8s.io/v1 kind: Gateway @@ -118,6 +169,100 @@ gateways: kind: HTTPRoute - group: gateway.networking.k8s.io kind: GRPCRoute +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-2 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: Same + name: http-1 + port: 443 + protocol: HTTPS + tls: + certificateRefs: + - group: null + kind: null + name: tls-secret-1 + namespace: envoy-gateway + mode: Terminate + status: + listeners: + - attachedRoutes: 0 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http-1 + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-3 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: Same + name: http-1 + port: 443 + protocol: HTTPS + tls: + certificateRefs: + - group: null + kind: null + name: tls-secret-1 + namespace: envoy-gateway + mode: Terminate + status: + listeners: + - attachedRoutes: 0 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http-1 + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute infraIR: envoy-gateway/gateway-1: proxy: @@ -141,6 +286,36 @@ infraIR: gateway.envoyproxy.io/owning-gateway-name: gateway-1 gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway name: envoy-gateway/gateway-1 + envoy-gateway/gateway-2: + proxy: + listeners: + - address: null + name: envoy-gateway/gateway-2/http-1 + ports: + - containerPort: 10443 + name: https-443 + protocol: HTTPS + servicePort: 443 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-2 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-2 + envoy-gateway/gateway-3: + proxy: + listeners: + - address: null + name: envoy-gateway/gateway-3/http-1 + ports: + - containerPort: 10443 + name: https-443 + protocol: HTTPS + servicePort: 443 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-3 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-3 xdsIR: envoy-gateway/gateway-1: accessLog: @@ -194,3 +369,57 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8080 + envoy-gateway/gateway-2: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + metadata: + kind: Gateway + name: gateway-2 + namespace: envoy-gateway + sectionName: http-1 + name: envoy-gateway/gateway-2/http-1 + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10443 + tls: + alpnProtocols: [] + certificates: + - name: envoy-gateway/tls-secret-1 + privateKey: '[redacted]' + serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= + maxVersion: "1.3" + minVersion: "1.2" + envoy-gateway/gateway-3: + accessLog: + text: + - path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + metadata: + kind: Gateway + name: gateway-3 + namespace: envoy-gateway + sectionName: http-1 + name: envoy-gateway/gateway-3/http-1 + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10443 + tls: + alpnProtocols: null + certificates: + - name: envoy-gateway/tls-secret-1 + privateKey: '[redacted]' + serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= + maxVersion: "1.3" + minVersion: "1.2" diff --git a/release-notes/current.yaml b/release-notes/current.yaml index dc452458a21..9288e5266fc 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -3,6 +3,8 @@ date: Pending # Changes that are expected to cause an incompatibility with previous versions, such as deletions or modifications to existing APIs. breaking changes: | The Container `ports` field of the gateway instance has been removed, which will cause the gateway Pod to be rebuilt when upgrading the version. + ClientTrafficPolicy previously treated an empty TLS ALPNProtocols list as being undefined and applied Envoy Gateway defaults. + An empty TLS ALPNProtocols list is now treated as user-defined disablement of the TLS ALPN extension. # Updates addressing vulnerabilities, security flaws, or compliance requirements. security updates: | diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 77a28384c06..99986f54b1f 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -407,7 +407,7 @@ _Appears in:_ | `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 | | `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 | | `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. | -| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | +| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | #### BackendTrafficPolicy @@ -601,7 +601,7 @@ _Appears in:_ | `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 | | `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 | | `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. | -| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | +| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | | `session` | _[Session](#session)_ | false | Session defines settings related to TLS session management. | @@ -4047,7 +4047,7 @@ _Appears in:_ | `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 | | `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 | | `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. | -| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | +| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | #### TLSVersion diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md index 77a28384c06..99986f54b1f 100644 --- a/site/content/zh/latest/api/extension_types.md +++ b/site/content/zh/latest/api/extension_types.md @@ -407,7 +407,7 @@ _Appears in:_ | `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 | | `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 | | `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. | -| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | +| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | #### BackendTrafficPolicy @@ -601,7 +601,7 @@ _Appears in:_ | `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 | | `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 | | `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. | -| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | +| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | | `session` | _[Session](#session)_ | false | Session defines settings related to TLS session management. | @@ -4047,7 +4047,7 @@ _Appears in:_ | `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 | | `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 | | `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. | -| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | +| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 | #### TLSVersion From 2def6a4d93b18bbfb8b0ed08359897dc14c05df3 Mon Sep 17 00:00:00 2001 From: zirain Date: Thu, 21 Nov 2024 13:20:30 +0800 Subject: [PATCH 44/47] docs: fix wrong description on ALSEnvoyProxyAccessLog (#4751) Signed-off-by: zirain --- api/v1alpha1/accesslogging_types.go | 5 +---- site/content/en/latest/api/extension_types.md | 6 +----- site/content/zh/latest/api/extension_types.md | 6 +----- 3 files changed, 3 insertions(+), 14 deletions(-) diff --git a/api/v1alpha1/accesslogging_types.go b/api/v1alpha1/accesslogging_types.go index 31eac69f122..de34acdcd7d 100644 --- a/api/v1alpha1/accesslogging_types.go +++ b/api/v1alpha1/accesslogging_types.go @@ -138,10 +138,7 @@ const ( // The service must implement the Envoy gRPC Access Log Service streaming API: // https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto // Access log format information is passed in the form of gRPC metadata when the -// stream is established. Specifically, the following metadata is passed: -// -// - `x-accesslog-text` - The access log format string when a Text format is used. -// - `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used. +// stream is established. // // +kubebuilder:validation:XValidation:rule="self.type == 'HTTP' || !has(self.http)",message="The http field may only be set when type is HTTP." // +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 99986f54b1f..80614c2645e 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -52,11 +52,7 @@ ALSEnvoyProxyAccessLog defines the gRPC Access Log Service (ALS) sink. The service must implement the Envoy gRPC Access Log Service streaming API: https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto Access log format information is passed in the form of gRPC metadata when the -stream is established. Specifically, the following metadata is passed: - - -- `x-accesslog-text` - The access log format string when a Text format is used. -- `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used. +stream is established. _Appears in:_ - [ProxyAccessLogSink](#proxyaccesslogsink) diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md index 99986f54b1f..80614c2645e 100644 --- a/site/content/zh/latest/api/extension_types.md +++ b/site/content/zh/latest/api/extension_types.md @@ -52,11 +52,7 @@ ALSEnvoyProxyAccessLog defines the gRPC Access Log Service (ALS) sink. The service must implement the Envoy gRPC Access Log Service streaming API: https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto Access log format information is passed in the form of gRPC metadata when the -stream is established. Specifically, the following metadata is passed: - - -- `x-accesslog-text` - The access log format string when a Text format is used. -- `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used. +stream is established. _Appears in:_ - [ProxyAccessLogSink](#proxyaccesslogsink) From 78da42c495494c43317dfcceb33bca724c34e743 Mon Sep 17 00:00:00 2001 From: zirain Date: Thu, 21 Nov 2024 17:08:14 +0800 Subject: [PATCH 45/47] xds: always use `::` and `IPv4Compact` for dynamic listener (#4743) * enable IPv4Compact Signed-off-by: zirain * fix xds test Signed-off-by: zirain * release-notes Signed-off-by: zirain * nit Signed-off-by: zirain * gen Signed-off-by: zirain --------- Signed-off-by: zirain --- .../translate/out/default-resources.all.yaml | 15 +++++--- .../out/from-gateway-api-to-xds.all.json | 15 +++++--- .../out/from-gateway-api-to-xds.all.yaml | 15 +++++--- .../out/from-gateway-api-to-xds.listener.yaml | 15 +++++--- ...-single-route-single-match-to-xds.all.json | 3 +- ...-single-route-single-match-to-xds.all.yaml | 3 +- ...le-route-single-match-to-xds.listener.yaml | 3 +- .../out/no-service-cluster-ip.all.yaml | 3 +- .../translate/out/quickstart.all.yaml | 2 +- internal/cmd/envoy/shutdown_manager.go | 4 +-- internal/gatewayapi/listener.go | 11 ++++-- .../backend-invalid-feature-disabled.out.yaml | 2 +- .../testdata/backend-with-fallback.out.yaml | 2 +- .../backendtlspolicy-across-ns.out.yaml | 2 +- .../backendtlspolicy-ca-only-secret.out.yaml | 2 +- .../backendtlspolicy-ca-only.out.yaml | 2 +- ...ndtlspolicy-default-ns-targetrefs.out.yaml | 4 +-- .../backendtlspolicy-default-ns.out.yaml | 2 +- .../backendtlspolicy-invalid-ca.out.yaml | 2 +- ...backendtlspolicy-multiple-targets.out.yaml | 2 +- ...ackendtlspolicy-system-truststore.out.yaml | 2 +- ...y-buffer-limit-out-of-range-error.out.yaml | 4 +-- ...y-buffer-limit-with-invalid-value.out.yaml | 4 +-- ...backendtrafficpolicy-buffer-limit.out.yaml | 4 +-- ...endtrafficpolicy-override-replace.out.yaml | 2 +- ...ndtrafficpolicy-status-conditions.out.yaml | 8 ++--- ...fficpolicy-status-fault-injection.out.yaml | 4 +-- ...trafficpolicy-use-client-protocol.out.yaml | 2 +- ...policy-with-circuitbreakers-error.out.yaml | 4 +-- ...rafficpolicy-with-circuitbreakers.out.yaml | 4 +-- ...ndtrafficpolicy-with-dns-settings.out.yaml | 4 +-- ...endtrafficpolicy-with-healthcheck.out.yaml | 4 +-- .../backendtrafficpolicy-with-http2.out.yaml | 4 +-- ...fficpolicy-with-httproute-timeout.out.yaml | 2 +- ...nvalid-consistent-hash-table-size.out.yaml | 2 +- ...ndtrafficpolicy-with-loadbalancer.out.yaml | 4 +-- ...telimit-default-route-level-limit.out.yaml | 2 +- ...ocal-ratelimit-invalid-limit-unit.out.yaml | 2 +- ...ocal-ratelimit-invalid-match-type.out.yaml | 2 +- ...valid-multiple-route-level-limits.out.yaml | 2 +- ...rafficpolicy-with-local-ratelimit.out.yaml | 2 +- ...dtrafficpolicy-with-proxyprotocol.out.yaml | 4 +-- ...ratelimit-invalid-distinct-invert.out.yaml | 2 +- ...licy-with-ratelimit-invalid-regex.out.yaml | 2 +- ...ckendtrafficpolicy-with-ratelimit.out.yaml | 4 +-- ...esponse-override-invalid-valueref.out.yaml | 4 +-- ...fficpolicy-with-response-override.out.yaml | 4 +-- ...backendtrafficpolicy-with-retries.out.yaml | 4 +-- ...olicy-with-same-prefix-httproutes.out.yaml | 2 +- ...cp-udp-listeners-apply-on-gateway.out.yaml | 4 +-- ...-tcp-udp-listeners-apply-on-route.out.yaml | 4 +-- ...ndtrafficpolicy-with-tcpkeepalive.out.yaml | 4 +-- ...dtrafficpolicy-with-timeout-error.out.yaml | 2 +- ...ficpolicy-with-timeout-targetrefs.out.yaml | 4 +-- ...backendtrafficpolicy-with-timeout.out.yaml | 4 +-- ...cy-buffer-limit-with-format-error.out.yaml | 4 +-- ...fer-limit-with-out-of-range-error.out.yaml | 4 +-- .../clienttrafficpolicy-buffer-limit.out.yaml | 4 +-- ...trafficpolicy-client-ip-detection.out.yaml | 8 ++--- ...fficpolicy-connection-limit-error.out.yaml | 4 +-- ...enttrafficpolicy-connection-limit.out.yaml | 4 +-- ...nttrafficpolicy-for-tcp-listeners.out.yaml | 4 +-- ...clienttrafficpolicy-headers-error.out.yaml | 2 +- .../clienttrafficpolicy-headers.out.yaml | 4 +-- ...nttrafficpolicy-http-health-check.out.yaml | 2 +- .../clienttrafficpolicy-http10.out.yaml | 10 +++--- .../clienttrafficpolicy-http2.out.yaml | 4 +-- .../clienttrafficpolicy-http3.out.yaml | 2 +- ...ficpolicy-idle-timeout-with-error.out.yaml | 2 +- .../clienttrafficpolicy-idle-timeout.out.yaml | 4 +-- ...icpolicy-mtls-client-verification.out.yaml | 6 ++-- ...s-forward-client-cert-custom-data.out.yaml | 12 +++---- ...icpolicy-mtls-forward-client-cert.out.yaml | 12 +++---- .../clienttrafficpolicy-mtls.out.yaml | 6 ++-- ...clienttrafficpolicy-path-settings.out.yaml | 4 +-- ...cy-preserve-case-multiple-targets.out.yaml | 6 ++-- ...clienttrafficpolicy-preserve-case.out.yaml | 4 +-- ...clienttrafficpolicy-proxyprotocol.out.yaml | 4 +-- ...enttrafficpolicy-ratelimitheaders.out.yaml | 4 +-- ...nttrafficpolicy-status-conditions.out.yaml | 10 +++--- ...clienttrafficpolicy-tcp-keepalive.out.yaml | 4 +-- ...ttrafficpolicy-timeout-with-error.out.yaml | 2 +- .../clienttrafficpolicy-timeout.out.yaml | 4 +-- .../clienttrafficpolicy-tls-settings.out.yaml | 8 ++--- .../clienttrafficpolicy-trailers.out.yaml | 4 +-- .../testdata/conflicting-policies.out.yaml | 4 +-- .../testdata/custom-filter-order.out.yaml | 2 +- .../testdata/disable-accesslog.out.yaml | 2 +- ...ensionpolicy-invalid-cross-ns-ref.out.yaml | 2 +- ...yextensionpolicy-override-replace.out.yaml | 2 +- ...extensionpolicy-status-conditions.out.yaml | 8 ++--- ...-extproc-invalid-no-matching-port.out.yaml | 2 +- ...licy-with-extproc-invalid-no-port.out.yaml | 2 +- ...xtproc-invalid-no-reference-grant.out.yaml | 2 +- ...y-with-extproc-invalid-no-service.out.yaml | 2 +- ...ith-extproc-with-backendtlspolicy.out.yaml | 2 +- ...extproc-with-multiple-backendrefs.out.yaml | 2 +- ...ith-extproc-with-traffic-features.out.yaml | 2 +- ...xtensionpolicy-with-wasm-env-vars.out.yaml | 2 +- ...ensionpolicy-with-wasm-targetrefs.out.yaml | 2 +- .../envoyextensionpolicy-with-wasm.out.yaml | 2 +- .../envoypatchpolicy-cross-ns-target.out.yaml | 2 +- ...chpolicy-invalid-feature-disabled.out.yaml | 2 +- ...nvalid-target-kind-merge-gateways.out.yaml | 2 +- ...oypatchpolicy-invalid-target-kind.out.yaml | 2 +- ...ypatchpolicy-valid-merge-gateways.out.yaml | 2 +- .../testdata/envoypatchpolicy-valid.out.yaml | 2 +- .../envoyproxy-accesslog-als-json.out.yaml | 2 +- ...oyproxy-accesslog-backend-invalid.out.yaml | 2 +- .../envoyproxy-accesslog-backend.out.yaml | 2 +- ...yproxy-accesslog-cel-with-invalid.out.yaml | 2 +- .../envoyproxy-accesslog-cel.out.yaml | 2 +- ...oxy-accesslog-file-json-no-format.out.yaml | 2 +- .../envoyproxy-accesslog-file-json.out.yaml | 2 +- .../envoyproxy-accesslog-types.out.yaml | 2 +- ...voyproxy-accesslog-with-bad-sinks.out.yaml | 2 +- ...envoyproxy-accesslog-with-traffic.out.yaml | 2 +- ...voyproxy-accesslog-without-format.out.yaml | 2 +- .../testdata/envoyproxy-accesslog.out.yaml | 2 +- ...roxy-endpoint-routing-for-gateway.out.yaml | 2 +- .../envoyproxy-endpoint-routing.out.yaml | 2 +- ...envoyproxy-metric-backend-invalid.out.yaml | 2 +- .../envoyproxy-metric-backend.out.yaml | 2 +- ...envoyproxy-metric-enabled-backend.out.yaml | 2 +- .../envoyproxy-priority-backend.out.yaml | 2 +- ...proxy-service-routing-for-gateway.out.yaml | 2 +- .../envoyproxy-service-routing.out.yaml | 2 +- ...nvoyproxy-tls-settings-invalid-ns.out.yaml | 4 +-- .../envoyproxy-tls-settings-invalid.out.yaml | 4 +-- .../testdata/envoyproxy-tls-settings.out.yaml | 4 +-- ...nvoyproxy-tracing-backend-invalid.out.yaml | 2 +- .../envoyproxy-tracing-backend.out.yaml | 2 +- .../testdata/envoyproxy-valid.out.yaml | 2 +- .../extensionpolicy-tcp-listener.out.yaml | 4 +-- .../extensionpolicy-udp-listener.out.yaml | 4 +-- ...tensionpolicy-with-invalid-target.out.yaml | 4 +-- ...ionpolicy-with-valid-target-array.out.yaml | 4 +-- ...extensionpolicy-with-valid-target.out.yaml | 4 +-- ...th-extension-filter-invalid-group.out.yaml | 2 +- ...ith-non-matching-extension-filter.out.yaml | 2 +- ...with-unsupported-extension-filter.out.yaml | 2 +- ...route-with-valid-extension-filter.out.yaml | 2 +- ...-namespace-with-allowed-httproute.out.yaml | 2 +- ...mespace-with-disallowed-httproute.out.yaml | 2 +- ...stener-with-hostname-intersection.out.yaml | 4 +-- .../testdata/gateway-infrastructure.out.yaml | 2 +- ...way-with-addresses-with-ipaddress.out.yaml | 2 +- ...with-infrastructure-parametersref.out.yaml | 2 +- ...ture-parametersref-does-not-exist.out.yaml | 2 +- ...astructure-parametersref-fallback.out.yaml | 2 +- ...route-with-mismatch-port-protocol.out.yaml | 2 +- ...h-tcproute-with-multiple-backends.out.yaml | 2 +- ...with-tcproute-with-multiple-rules.out.yaml | 2 +- ...her-namespace-allowed-by-refgrant.out.yaml | 2 +- ...ith-tls-terminate-and-passthrough.out.yaml | 4 +-- ...route-with-mismatch-port-protocol.out.yaml | 2 +- ...h-udproute-with-multiple-backends.out.yaml | 2 +- ...with-udproute-with-multiple-rules.out.yaml | 2 +- ...-listener-with-unmatched-tcproute.out.yaml | 2 +- ...-listener-with-unmatched-udproute.out.yaml | 2 +- ...ith-same-algorithm-different-fqdn.out.yaml | 2 +- ...-valid-multiple-tls-configuration.out.yaml | 2 +- ...ener-with-valid-tls-configuration.out.yaml | 2 +- ...with-preexisting-status-condition.out.yaml | 2 +- ...-listener-with-multiple-tcproutes.out.yaml | 2 +- ...-listener-with-multiple-udproutes.out.yaml | 2 +- ...teway-with-stale-status-condition.out.yaml | 2 +- ...listeners-on-same-tcp-or-tls-port.out.yaml | 2 +- ...th-two-listeners-on-same-udp-port.out.yaml | 2 +- ...isteners-with-multiple-httproutes.out.yaml | 4 +-- ...-with-same-port-http-tcp-protocol.out.yaml | 4 +-- ...-with-same-port-http-udp-protocol.out.yaml | 4 +-- ...s-with-tcproutes-with-sectionname.out.yaml | 4 +-- ...ith-tcproutes-without-sectionname.out.yaml | 4 +-- ...s-with-udproutes-with-sectionname.out.yaml | 4 +-- ...ith-udproutes-without-sectionname.out.yaml | 4 +-- .../testdata/grpcroute-with-backend.out.yaml | 2 +- .../grpcroute-with-empty-backends.out.yaml | 2 +- .../grpcroute-with-header-match.out.yaml | 2 +- ...ute-with-method-and-service-match.out.yaml | 2 +- .../grpcroute-with-method-match.out.yaml | 2 +- ...oute-with-request-header-modifier.out.yaml | 2 +- .../grpcroute-with-service-match.out.yaml | 2 +- ...dtrafficpolicy-with-timeout-error.out.yaml | 2 +- ...backendtrafficpolicy-with-timeout.out.yaml | 4 +-- ...way-with-more-different-listeners.out.yaml | 16 ++++----- ...ng-to-gateway-with-more-listeners.out.yaml | 16 ++++----- ...wo-listeners-with-different-ports.out.yaml | 4 +-- ...ing-to-gateway-with-two-listeners.out.yaml | 4 +-- .../httproute-attaching-to-gateway.out.yaml | 2 +- ...taching-to-listener-matching-port.out.yaml | 2 +- ...ner-on-gateway-with-two-listeners.out.yaml | 4 +-- ...with-backend-and-core-backendrefs.out.yaml | 2 +- ...end-backendref-mixed-address-type.out.yaml | 2 +- ...-listener-with-backend-backendref.out.yaml | 2 +- ...end-backendrefs-diff-address-type.out.yaml | 2 +- ...end-backendrefs-same-address-type.out.yaml | 2 +- ...ort-backendrefs-diff-address-type.out.yaml | 2 +- ...ort-backendrefs-same-address-type.out.yaml | 2 +- ...port-backendref-fqdn-address-type.out.yaml | 2 +- ...ort-backendref-mixed-address-type.out.yaml | 2 +- ...ner-with-serviceimport-backendref.out.yaml | 2 +- .../httproute-attaching-to-listener.out.yaml | 2 +- ...httproute-backend-request-timeout.out.yaml | 2 +- ...ing-to-listener-non-matching-port.out.yaml | 2 +- .../httproute-request-timeout.out.yaml | 2 +- ...ith-empty-backends-and-no-filters.out.yaml | 2 +- ...-multiple-backends-and-no-weights.out.yaml | 2 +- ...ith-multiple-backends-and-weights.out.yaml | 2 +- ...ervice-backends-and-app-protocols.out.yaml | 2 +- ...-non-service-backends-and-weights.out.yaml | 2 +- ...h-backendref-add-multiple-filters.out.yaml | 2 +- ...her-namespace-allowed-by-refgrant.out.yaml | 2 +- ...her-namespace-allowed-by-refgrant.out.yaml | 2 +- .../httproute-with-direct-response.out.yaml | 2 +- .../httproute-with-empty-matches.out.yaml | 2 +- ...er-duplicate-add-multiple-filters.out.yaml | 2 +- ...with-header-filter-duplicate-adds.out.yaml | 2 +- ...duplicate-remove-multiple-filters.out.yaml | 2 +- ...h-header-filter-duplicate-removes.out.yaml | 2 +- ...header-filter-empty-header-values.out.yaml | 2 +- ...-with-header-filter-empty-headers.out.yaml | 2 +- ...ith-header-filter-invalid-headers.out.yaml | 2 +- ...ute-with-header-filter-no-headers.out.yaml | 2 +- ...th-header-filter-no-valid-headers.out.yaml | 2 +- ...tproute-with-header-filter-remove.out.yaml | 2 +- ...with-invalid-backend-ref-bad-port.out.yaml | 2 +- ...invalid-backend-ref-invalid-group.out.yaml | 2 +- ...-invalid-backend-ref-invalid-kind.out.yaml | 2 +- ...-with-invalid-backend-ref-no-port.out.yaml | 2 +- ...lid-backend-ref-no-service.import.out.yaml | 2 +- ...th-invalid-backend-ref-no-service.out.yaml | 2 +- ...id-backend-ref-unsupported-filter.out.yaml | 2 +- ...lid-backendref-in-other-namespace.out.yaml | 2 +- .../httproute-with-invalid-regex.out.yaml | 4 +-- .../testdata/httproute-with-metadata.out.yaml | 2 +- ...ute-with-mirror-filter-duplicates.out.yaml | 2 +- ...route-with-mirror-filter-multiple.out.yaml | 2 +- ...ith-mirror-filter-service-no-port.out.yaml | 2 +- ...h-mirror-filter-service-not-found.out.yaml | 2 +- .../httproute-with-mirror-filter.out.yaml | 2 +- ...oute-with-multi-gateways-notmatch.out.yaml | 4 +-- ...ith-multi-gateways-with-same-name.out.yaml | 4 +-- ...ltiple-gateways-from-different-ns.out.yaml | 4 +-- ...th-multiple-gateways-from-same-ns.out.yaml | 4 +-- ...to-gateway-with-wildcard-hostname.out.yaml | 2 +- ...ct-filter-full-path-replace-https.out.yaml | 2 +- ...ute-with-redirect-filter-hostname.out.yaml | 2 +- ...direct-filter-invalid-filter-type.out.yaml | 2 +- ...th-redirect-filter-invalid-scheme.out.yaml | 2 +- ...th-redirect-filter-invalid-status.out.yaml | 2 +- ...ter-prefix-replace-with-port-http.out.yaml | 2 +- ...-with-response-header-filter-adds.out.yaml | 2 +- ...er-duplicate-add-multiple-filters.out.yaml | 2 +- ...onse-header-filter-duplicate-adds.out.yaml | 2 +- ...duplicate-remove-multiple-filters.out.yaml | 2 +- ...e-header-filter-duplicate-removes.out.yaml | 2 +- ...header-filter-empty-header-values.out.yaml | 2 +- ...ponse-header-filter-empty-headers.out.yaml | 2 +- ...nse-header-filter-invalid-headers.out.yaml | 2 +- ...response-header-filter-no-headers.out.yaml | 2 +- ...se-header-filter-no-valid-headers.out.yaml | 2 +- ...ith-response-header-filter-remove.out.yaml | 2 +- ...single-rule-with-exact-path-match.out.yaml | 2 +- ...ingle-rule-with-http-method-match.out.yaml | 2 +- ...h-single-rule-with-multiple-rules.out.yaml | 2 +- ...h-prefix-and-exact-header-matches.out.yaml | 2 +- ...e-invalid-backend-refs-no-service.out.yaml | 2 +- ...to-gateway-with-wildcard-hostname.out.yaml | 2 +- ...to-gateway-with-wildcard-hostname.out.yaml | 2 +- ...ite-filter-full-path-replace-http.out.yaml | 2 +- ...te-filter-hostname-prefix-replace.out.yaml | 2 +- ...e-with-urlrewrite-filter-hostname.out.yaml | 2 +- ...ewrite-filter-invalid-filter-type.out.yaml | 2 +- ...rlrewrite-filter-invalid-hostname.out.yaml | 2 +- ...e-filter-invalid-multiple-filters.out.yaml | 2 +- ...lrewrite-filter-invalid-path-type.out.yaml | 2 +- ...th-urlrewrite-filter-invalid-path.out.yaml | 2 +- ...th-urlrewrite-filter-missing-path.out.yaml | 2 +- ...ewrite-filter-prefix-replace-http.out.yaml | 2 +- ...e-filter-regex-match-replace-http.out.yaml | 2 +- ...ilter-regex-match-replace-invalid.out.yaml | 2 +- ...rlrewrite-hostname-filter-invalid.out.yaml | 2 +- ...e-with-urlrewrite-hostname-filter.out.yaml | 2 +- ...ng-to-gateway-with-unset-hostname.out.yaml | 2 +- .../httproutes-with-multiple-matches.out.yaml | 2 +- .../merge-invalid-multiple-gateways.out.yaml | 4 +-- ...ays-multiple-listeners-same-ports.out.yaml | 8 ++--- ...multiple-gateways-multiple-routes.out.yaml | 6 ++-- .../merge-valid-multiple-gateways.out.yaml | 6 ++-- .../merge-with-isolated-policies-2.out.yaml | 8 ++--- .../merge-with-isolated-policies.out.yaml | 4 +-- ...curitypolicy-invalid-cross-ns-ref.out.yaml | 2 +- .../securitypolicy-override-replace.out.yaml | 2 +- .../securitypolicy-status-conditions.out.yaml | 6 ++-- ...icy-with-authoriztion-client-cidr.out.yaml | 2 +- ...olicy-with-authoriztion-jwt-claim.out.yaml | 2 +- .../securitypolicy-with-basic-auth.out.yaml | 2 +- ...curitypolicy-with-cors-targetrefs.out.yaml | 6 ++-- .../securitypolicy-with-cors.out.yaml | 6 ++-- ...curitypolicy-with-extauth-backend.out.yaml | 2 +- ...itypolicy-with-extauth-backendref.out.yaml | 2 +- ...-extauth-invalid-no-matching-port.out.yaml | 2 +- ...licy-with-extauth-invalid-no-port.out.yaml | 2 +- ...xtauth-invalid-no-reference-grant.out.yaml | 2 +- ...y-with-extauth-invalid-no-service.out.yaml | 2 +- ...policy-with-extauth-recomputation.out.yaml | 2 +- ...ith-extauth-with-backendtlspolicy.out.yaml | 2 +- .../securitypolicy-with-extauth.out.yaml | 2 +- ...ypolicy-with-jwt-and-invalid-oidc.out.yaml | 2 +- .../securitypolicy-with-jwt-optional.out.yaml | 4 +-- ...cy-with-jwt-with-custom-extractor.out.yaml | 4 +-- .../testdata/securitypolicy-with-jwt.out.yaml | 4 +-- ...typolicy-with-oidc-backendcluster.out.yaml | 2 +- ...typolicy-with-oidc-custom-cookies.out.yaml | 2 +- ...typolicy-with-oidc-invalid-issuer.out.yaml | 2 +- ...olicy-with-oidc-invalid-secretref.out.yaml | 6 ++-- .../securitypolicy-with-oidc.out.yaml | 2 +- ...teway-with-listener-tls-terminate.out.yaml | 4 +-- .../testdata/tcproute-with-backend.out.yaml | 2 +- .../tlsroute-attaching-to-gateway.out.yaml | 2 +- .../testdata/tlsroute-multiple.out.yaml | 2 +- .../testdata/tlsroute-with-backend.out.yaml | 2 +- ...her-namespace-allowed-by-refgrant.out.yaml | 2 +- .../tlsroute-with-empty-hostname.out.yaml | 2 +- ...oute-with-empty-listener-hostname.out.yaml | 2 +- .../tracing-merged-multiple-routes.out.yaml | 6 ++-- .../testdata/tracing-multiple-routes.out.yaml | 6 ++-- internal/utils/net/ip.go | 10 ++++++ internal/xds/translator/listener.go | 36 ++----------------- .../testdata/in/xds-ir/accesslog-cel.yaml | 2 +- .../in/xds-ir/accesslog-endpoint-stats.yaml | 2 +- .../in/xds-ir/accesslog-formatters.yaml | 2 +- .../testdata/in/xds-ir/accesslog-invalid.yaml | 2 +- .../in/xds-ir/accesslog-multi-cel.yaml | 2 +- .../in/xds-ir/accesslog-without-format.yaml | 2 +- .../testdata/in/xds-ir/accesslog.yaml | 2 +- .../in/xds-ir/backend-buffer-limit.yaml | 6 ++-- .../testdata/in/xds-ir/circuit-breaker.yaml | 2 +- .../in/xds-ir/client-buffer-limit.yaml | 4 +-- .../in/xds-ir/client-ip-detection.yaml | 6 ++-- .../testdata/in/xds-ir/client-timeout.yaml | 4 +-- .../translator/testdata/in/xds-ir/cors.yaml | 2 +- .../testdata/in/xds-ir/fault-injection.yaml | 2 +- .../headers-with-preserve-x-request-id.yaml | 4 +-- .../headers-with-underscores-action.yaml | 8 ++--- .../testdata/in/xds-ir/health-check.yaml | 2 +- .../in/xds-ir/http-early-header-mutation.yaml | 4 +-- .../in/xds-ir/http-endpoint-stats.yaml | 2 +- .../testdata/in/xds-ir/http-health-check.yaml | 2 +- .../in/xds-ir/http-req-resp-sizes-stats.yaml | 2 +- .../in/xds-ir/http-route-direct-response.yaml | 2 +- .../in/xds-ir/http-route-dns-cluster.yaml | 2 +- .../testdata/in/xds-ir/http-route-mirror.yaml | 2 +- .../xds-ir/http-route-multiple-mirrors.yaml | 2 +- .../in/xds-ir/http-route-partial-invalid.yaml | 2 +- .../in/xds-ir/http-route-redirect.yaml | 2 +- .../testdata/in/xds-ir/http-route-regex.yaml | 2 +- .../in/xds-ir/http-route-request-headers.yaml | 2 +- .../http-route-response-add-headers.yaml | 2 +- ...ttp-route-response-add-remove-headers.yaml | 2 +- .../http-route-response-remove-headers.yaml | 2 +- ...tp-route-rewrite-root-path-url-prefix.yaml | 2 +- ...-rewrite-sufixx-with-slash-url-prefix.yaml | 2 +- .../http-route-rewrite-url-fullpath.yaml | 2 +- .../xds-ir/http-route-rewrite-url-host.yaml | 2 +- .../xds-ir/http-route-rewrite-url-prefix.yaml | 2 +- .../xds-ir/http-route-rewrite-url-regex.yaml | 2 +- .../http-route-session-persistence.yaml | 2 +- .../in/xds-ir/http-route-timeout.yaml | 2 +- .../http-route-weighted-backend-uds-ip.yaml | 2 +- ...p-route-weighted-backend-with-filters.yaml | 2 +- .../xds-ir/http-route-weighted-backend.yaml | 2 +- .../http-route-weighted-invalid-backend.yaml | 2 +- .../testdata/in/xds-ir/http-route.yaml | 2 +- .../in/xds-ir/http1-preserve-case.yaml | 4 +-- .../testdata/in/xds-ir/http1-trailers.yaml | 2 +- .../translator/testdata/in/xds-ir/http10.yaml | 2 +- .../testdata/in/xds-ir/http2-route.yaml | 2 +- .../translator/testdata/in/xds-ir/http2.yaml | 2 +- .../jsonpatch-add-op-empty-jsonpath.yaml | 2 +- .../jsonpatch-add-op-without-value.yaml | 2 +- .../in/xds-ir/jsonpatch-invalid-patch.yaml | 2 +- .../in/xds-ir/jsonpatch-missing-resource.yaml | 2 +- .../xds-ir/jsonpatch-move-op-with-value.yaml | 2 +- .../jsonpatch-with-jsonpath-invalid.yaml | 2 +- .../in/xds-ir/jsonpatch-with-jsonpath.yaml | 2 +- .../testdata/in/xds-ir/jsonpatch.yaml | 2 +- .../in/xds-ir/jwt-custom-extractor.yaml | 2 +- .../jwt-multi-route-multi-provider.yaml | 2 +- .../jwt-multi-route-single-provider.yaml | 2 +- .../testdata/in/xds-ir/jwt-optional.yaml | 2 +- .../testdata/in/xds-ir/jwt-ratelimit.yaml | 2 +- .../xds-ir/jwt-single-route-single-match.yaml | 2 +- .../in/xds-ir/listener-connection-limit.yaml | 8 ++--- .../in/xds-ir/listener-proxy-protocol.yaml | 4 +-- .../in/xds-ir/listener-tcp-keepalive.yaml | 8 ++--- .../testdata/in/xds-ir/load-balancer.yaml | 2 +- .../testdata/in/xds-ir/local-ratelimit.yaml | 2 +- .../in/xds-ir/metrics-virtual-host.yaml | 2 +- .../in/xds-ir/mixed-tls-jwt-authn.yaml | 2 +- .../xds-ir/multiple-listeners-same-port.yaml | 12 +++---- .../multiple-simple-tcp-route-same-port.yaml | 10 +++--- ...d-client-certificate-with-custom-data.yaml | 10 +++--- ...mutual-tls-forward-client-certificate.yaml | 10 +++--- ...-required-client-certificate-disabled.yaml | 4 +-- .../testdata/in/xds-ir/mutual-tls.yaml | 4 +-- .../xds-ir/oidc-backend-cluster-provider.yaml | 2 +- .../translator/testdata/in/xds-ir/oidc.yaml | 2 +- .../testdata/in/xds-ir/path-settings.yaml | 2 +- .../in/xds-ir/proxy-protocol-upstream.yaml | 2 +- .../in/xds-ir/ratelimit-custom-domain.yaml | 2 +- .../in/xds-ir/ratelimit-disable-headers.yaml | 2 +- .../in/xds-ir/ratelimit-endpoint-stats.yaml | 2 +- .../in/xds-ir/ratelimit-headers-and-cidr.yaml | 2 +- .../in/xds-ir/ratelimit-sourceip.yaml | 2 +- .../testdata/in/xds-ir/ratelimit.yaml | 2 +- .../in/xds-ir/retry-partial-invalid.yaml | 2 +- .../testdata/in/xds-ir/simple-tls.yaml | 2 +- .../in/xds-ir/suppress-envoy-headers.yaml | 2 +- .../in/xds-ir/tcp-endpoint-stats.yaml | 2 +- .../in/xds-ir/tcp-req-resp-sizes-stats.yaml | 2 +- .../testdata/in/xds-ir/tcp-route-complex.yaml | 2 +- .../in/xds-ir/tcp-route-invalid-endpoint.yaml | 2 +- .../testdata/in/xds-ir/tcp-route-simple.yaml | 2 +- .../in/xds-ir/tcp-route-tls-terminate.yaml | 4 +-- .../in/xds-ir/tcp-route-weighted-backend.yaml | 2 +- .../testdata/in/xds-ir/timeout.yaml | 2 +- .../in/xds-ir/tls-route-passthrough.yaml | 4 +-- .../tls-with-ciphers-versions-alpn.yaml | 4 +-- .../testdata/in/xds-ir/tracing-datadog.yaml | 2 +- .../in/xds-ir/tracing-endpoint-stats.yaml | 2 +- .../testdata/in/xds-ir/tracing-invalid.yaml | 2 +- .../xds-ir/tracing-unknown-provider-type.yaml | 2 +- .../testdata/in/xds-ir/tracing-zipkin.yaml | 2 +- .../testdata/in/xds-ir/tracing.yaml | 2 +- .../in/xds-ir/udp-endpoint-stats.yaml | 2 +- .../in/xds-ir/udp-req-resp-sizes-stats.yaml | 2 +- .../testdata/in/xds-ir/udp-route.yaml | 2 +- .../in/xds-ir/upstream-tcpkeepalive.yaml | 2 +- ...xtensionpolicy-tcp-udp-http.listeners.yaml | 2 ++ ...http-route-extension-filter.listeners.yaml | 1 + .../http-route.listeners.yaml | 1 + .../listener-policy.listeners.yaml | 1 + .../out/xds-ir/accesslog-cel.listeners.yaml | 3 +- .../accesslog-endpoint-stats.listeners.yaml | 3 +- .../accesslog-formatters.listeners.yaml | 3 +- .../xds-ir/accesslog-multi-cel.listeners.yaml | 3 +- .../out/xds-ir/accesslog-types.listeners.yaml | 1 + .../accesslog-without-format.listeners.yaml | 3 +- .../out/xds-ir/accesslog.listeners.yaml | 3 +- .../authorization-client-cidr.listeners.yaml | 1 + .../authorization-jwt-claim.listeners.yaml | 1 + .../authorization-jwt-scope.listeners.yaml | 1 + ...ization-multiple-principals.listeners.yaml | 1 + .../backend-buffer-limit.listeners.yaml | 9 +++-- .../xds-ir/backend-priority.listeners.yaml | 1 + .../out/xds-ir/basic-auth.listeners.yaml | 1 + .../out/xds-ir/circuit-breaker.listeners.yaml | 3 +- .../xds-ir/client-buffer-limit.listeners.yaml | 6 ++-- .../xds-ir/client-ip-detection.listeners.yaml | 9 +++-- .../out/xds-ir/client-timeout.listeners.yaml | 6 ++-- .../testdata/out/xds-ir/cors.listeners.yaml | 3 +- .../xds-ir/custom-filter-order.listeners.yaml | 1 + .../out/xds-ir/custom-response.listeners.yaml | 1 + .../xds-ir/ext-auth-backend.listeners.yaml | 1 + .../ext-auth-recomputation.listeners.yaml | 1 + .../out/xds-ir/ext-auth.listeners.yaml | 1 + ...-proc-with-traffic-settings.listeners.yaml | 1 + .../out/xds-ir/ext-proc.listeners.yaml | 1 + .../out/xds-ir/fault-injection.listeners.yaml | 3 +- ...-with-preserve-x-request-id.listeners.yaml | 6 ++-- ...ers-with-underscores-action.listeners.yaml | 12 ++++--- .../out/xds-ir/health-check.listeners.yaml | 3 +- .../http-early-header-mutation.listeners.yaml | 6 ++-- .../xds-ir/http-endpoint-stats.listeners.yaml | 3 +- .../xds-ir/http-health-check.listeners.yaml | 3 +- ...tp-preserve-client-protocol.listeners.yaml | 1 + .../http-req-resp-sizes-stats.listeners.yaml | 3 +- .../http-route-direct-response.listeners.yaml | 3 +- .../http-route-dns-cluster.listeners.yaml | 3 +- .../xds-ir/http-route-mirror.listeners.yaml | 3 +- ...http-route-multiple-matches.listeners.yaml | 1 + ...http-route-multiple-mirrors.listeners.yaml | 3 +- .../http-route-partial-invalid.listeners.yaml | 3 +- .../xds-ir/http-route-redirect.listeners.yaml | 3 +- .../xds-ir/http-route-regex.listeners.yaml | 3 +- .../http-route-request-headers.listeners.yaml | 3 +- ...-route-response-add-headers.listeners.yaml | 3 +- ...response-add-remove-headers.listeners.yaml | 3 +- ...ute-response-remove-headers.listeners.yaml | 3 +- ...ewrite-root-path-url-prefix.listeners.yaml | 3 +- ...ufixx-with-slash-url-prefix.listeners.yaml | 3 +- ...-route-rewrite-url-fullpath.listeners.yaml | 3 +- ...http-route-rewrite-url-host.listeners.yaml | 3 +- ...tp-route-rewrite-url-prefix.listeners.yaml | 3 +- ...ttp-route-rewrite-url-regex.listeners.yaml | 3 +- ...p-route-session-persistence.listeners.yaml | 3 +- .../xds-ir/http-route-timeout.listeners.yaml | 3 +- ...ute-weighted-backend-uds-ip.listeners.yaml | 3 +- ...ighted-backend-with-filters.listeners.yaml | 3 +- ...http-route-weighted-backend.listeners.yaml | 3 +- ...te-weighted-invalid-backend.listeners.yaml | 3 +- .../http-route-with-clientcert.listeners.yaml | 1 + .../http-route-with-metadata.listeners.yaml | 1 + ...-with-tls-system-truststore.listeners.yaml | 1 + ...th-tlsbundle-multiple-certs.listeners.yaml | 2 ++ .../http-route-with-tlsbundle.listeners.yaml | 1 + .../out/xds-ir/http-route.listeners.yaml | 3 +- .../xds-ir/http1-preserve-case.listeners.yaml | 6 ++-- .../out/xds-ir/http1-trailers.listeners.yaml | 3 +- .../testdata/out/xds-ir/http10.listeners.yaml | 3 +- .../out/xds-ir/http2-route.listeners.yaml | 3 +- .../testdata/out/xds-ir/http2.listeners.yaml | 3 +- .../testdata/out/xds-ir/http3.listeners.yaml | 2 ++ .../jsonpatch-missing-resource.listeners.yaml | 3 +- .../jsonpatch-with-jsonpath.listeners.yaml | 3 +- .../out/xds-ir/jsonpatch.listeners.yaml | 3 +- .../jwt-custom-extractor.listeners.yaml | 3 +- ...-multi-route-multi-provider.listeners.yaml | 3 +- ...multi-route-single-provider.listeners.yaml | 3 +- .../out/xds-ir/jwt-optional.listeners.yaml | 3 +- .../out/xds-ir/jwt-ratelimit.listeners.yaml | 3 +- ...t-single-route-single-match.listeners.yaml | 3 +- .../listener-connection-limit.listeners.yaml | 12 ++++--- .../listener-proxy-protocol.listeners.yaml | 6 ++-- .../listener-tcp-keepalive.listeners.yaml | 12 ++++--- .../listener-tcp-without-route.listeners.yaml | 1 + .../out/xds-ir/load-balancer.listeners.yaml | 3 +- .../out/xds-ir/local-ratelimit.listeners.yaml | 3 +- .../metrics-virtual-host.listeners.yaml | 3 +- .../xds-ir/mixed-tls-jwt-authn.listeners.yaml | 3 +- ...port-with-different-filters.listeners.yaml | 2 ++ ...ultiple-listeners-same-port.listeners.yaml | 3 +- ...-simple-tcp-route-same-port.listeners.yaml | 3 +- ...ertificate-with-custom-data.listeners.yaml | 15 +++++--- ...-forward-client-certificate.listeners.yaml | 15 +++++--- ...client-certificate-disabled.listeners.yaml | 6 ++-- .../out/xds-ir/mutual-tls.listeners.yaml | 6 ++-- ...dc-backend-cluster-provider.listeners.yaml | 3 +- .../testdata/out/xds-ir/oidc.listeners.yaml | 3 +- .../out/xds-ir/path-settings.listeners.yaml | 3 +- .../proxy-protocol-upstream.listeners.yaml | 3 +- .../ratelimit-custom-domain.listeners.yaml | 3 +- .../ratelimit-disable-headers.listeners.yaml | 3 +- .../ratelimit-endpoint-stats.listeners.yaml | 3 +- .../ratelimit-headers-and-cidr.listeners.yaml | 3 +- .../xds-ir/ratelimit-sourceip.listeners.yaml | 3 +- .../out/xds-ir/ratelimit.listeners.yaml | 3 +- .../retry-partial-invalid.listeners.yaml | 3 +- ...ypolicy-with-oidc-jwt-authz.listeners.yaml | 1 + .../out/xds-ir/simple-tls.listeners.yaml | 3 +- .../suppress-envoy-headers.listeners.yaml | 3 +- .../xds-ir/tcp-endpoint-stats.listeners.yaml | 3 +- .../tcp-listener-ipfamily.listeners.yaml | 8 ++--- .../tcp-req-resp-sizes-stats.listeners.yaml | 3 +- .../xds-ir/tcp-route-complex.listeners.yaml | 3 +- .../xds-ir/tcp-route-simple.listeners.yaml | 3 +- .../tcp-route-tls-terminate.listeners.yaml | 3 +- .../tcp-route-weighted-backend.listeners.yaml | 3 +- .../out/xds-ir/timeout.listeners.yaml | 3 +- .../tls-route-passthrough.listeners.yaml | 6 ++-- ...-with-ciphers-versions-alpn.listeners.yaml | 6 ++-- .../out/xds-ir/tracing-datadog.listeners.yaml | 3 +- .../tracing-endpoint-stats.listeners.yaml | 3 +- .../out/xds-ir/tracing-zipkin.listeners.yaml | 3 +- .../out/xds-ir/tracing.listeners.yaml | 3 +- .../xds-ir/udp-endpoint-stats.listeners.yaml | 3 +- .../udp-req-resp-sizes-stats.listeners.yaml | 3 +- .../out/xds-ir/udp-route.listeners.yaml | 3 +- .../upstream-tcpkeepalive.listeners.yaml | 3 +- .../testdata/out/xds-ir/wasm.listeners.yaml | 1 + internal/xds/translator/translator.go | 4 +-- release-notes/current.yaml | 1 + test/e2e/tests/envoy_shutdown.go | 5 ++- test/e2e/upgrade/eg_upgrade_test.go | 4 +++ 576 files changed, 993 insertions(+), 814 deletions(-) create mode 100644 internal/utils/net/ip.go diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index 63d685e9cd1..e81c777ee74 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -886,7 +886,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -945,7 +946,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8080 defaultFilterChain: filters: @@ -1012,7 +1014,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 1234 filterChains: - filters: @@ -1051,7 +1054,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8443 filterChains: - filterChainMatch: @@ -1097,7 +1101,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 1234 protocol: UDP listenerFilters: diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json index b0524fac2b6..96f794bb456 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json @@ -632,7 +632,8 @@ ], "address": { "socketAddress": { - "address": "0.0.0.0", + "address": "::", + "ipv4Compat": true, "portValue": 10080 } }, @@ -723,7 +724,8 @@ ], "address": { "socketAddress": { - "address": "0.0.0.0", + "address": "::", + "ipv4Compat": true, "portValue": 8080 } }, @@ -828,7 +830,8 @@ ], "address": { "socketAddress": { - "address": "0.0.0.0", + "address": "::", + "ipv4Compat": true, "portValue": 1234 } }, @@ -893,7 +896,8 @@ ], "address": { "socketAddress": { - "address": "0.0.0.0", + "address": "::", + "ipv4Compat": true, "portValue": 8443 } }, @@ -971,7 +975,8 @@ ], "address": { "socketAddress": { - "address": "0.0.0.0", + "address": "::", + "ipv4Compat": true, "portValue": 1234, "protocol": "UDP" } diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml index e4895ddc9df..e4490080e3d 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml @@ -365,7 +365,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -424,7 +425,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8080 defaultFilterChain: filters: @@ -491,7 +493,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 1234 filterChains: - filters: @@ -530,7 +533,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8443 filterChains: - filterChainMatch: @@ -576,7 +580,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 1234 protocol: UDP listenerFilters: diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml index b6c94a95ae8..99b3a3f2cf5 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml @@ -20,7 +20,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -79,7 +80,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8080 defaultFilterChain: filters: @@ -146,7 +148,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 1234 filterChains: - filters: @@ -185,7 +188,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8443 filterChains: - filterChainMatch: @@ -231,7 +235,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 1234 protocol: UDP listenerFilters: diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json index 900c70f82ff..a777f5cdc56 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json @@ -458,7 +458,8 @@ ], "address": { "socketAddress": { - "address": "0.0.0.0", + "address": "::", + "ipv4Compat": true, "portValue": 10080 } }, diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml index a91da546cbb..c3ee0ddf26a 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml @@ -263,7 +263,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml index 347f3302124..ed90fc0e3e2 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml @@ -20,7 +20,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml index 3013f6d0a4e..6edf19677ad 100644 --- a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml @@ -226,7 +226,8 @@ xds: path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml b/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml index de96e757e8e..862c8e8b795 100644 --- a/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml @@ -95,7 +95,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/cmd/envoy/shutdown_manager.go b/internal/cmd/envoy/shutdown_manager.go index 48f624bb67a..e0b8204a61d 100644 --- a/internal/cmd/envoy/shutdown_manager.go +++ b/internal/cmd/envoy/shutdown_manager.go @@ -171,7 +171,7 @@ func Shutdown(drainTimeout time.Duration, minDrainDuration time.Duration, exitAt // postEnvoyAdminAPI sends a POST request to the Envoy admin API func postEnvoyAdminAPI(path string) error { if resp, err := http.Post(fmt.Sprintf("http://%s:%d/%s", - bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil { + "localhost", bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil { return err } else { defer resp.Body.Close() @@ -187,7 +187,7 @@ func postEnvoyAdminAPI(path string) error { func getTotalConnections() (*int, error) { // Send request to Envoy admin API to retrieve server.total_connections stat if resp, err := http.Get(fmt.Sprintf("http://%s:%d//stats?filter=^server\\.total_connections$&format=json", - bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort)); err != nil { + "localhost", bootstrap.EnvoyAdminPort)); err != nil { return nil, err } else { defer resp.Body.Close() diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index 30e75ad6197..71235414814 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -22,6 +22,7 @@ import ( "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/utils" "github.com/envoyproxy/gateway/internal/utils/naming" + "github.com/envoyproxy/gateway/internal/utils/net" ) var _ ListenersTranslator = (*Translator)(nil) @@ -99,6 +100,10 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource if !isReady { continue } + + // EG always use `::` and set ipv4_compact with true to support both IPv4 and IPv6 + address := net.IPv6ListenerAddress + // Add the listener to the Xds IR servicePort := &protocolPort{protocol: listener.Protocol, port: int32(listener.Port)} containerPort := servicePortToContainerPort(int32(listener.Port), gateway.envoyProxy) @@ -107,7 +112,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource irListener := &ir.HTTPListener{ CoreListenerDetails: ir.CoreListenerDetails{ Name: irListenerName(listener), - Address: "0.0.0.0", + Address: address, Port: uint32(containerPort), Metadata: buildListenerMetadata(listener, gateway), IPFamily: getIPFamily(gateway.envoyProxy), @@ -134,7 +139,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource irListener := &ir.TCPListener{ CoreListenerDetails: ir.CoreListenerDetails{ Name: irListenerName(listener), - Address: "0.0.0.0", + Address: address, Port: uint32(containerPort), IPFamily: getIPFamily(gateway.envoyProxy), }, @@ -150,7 +155,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource irListener := &ir.UDPListener{ CoreListenerDetails: ir.CoreListenerDetails{ Name: irListenerName(listener), - Address: "0.0.0.0", + Address: address, Port: uint32(containerPort), }, } diff --git a/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml b/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml index 49d35c60700..496795222d9 100644 --- a/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml +++ b/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml @@ -153,7 +153,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backend-with-fallback.out.yaml b/internal/gatewayapi/testdata/backend-with-fallback.out.yaml index 74bd61795fe..94b4d02065d 100644 --- a/internal/gatewayapi/testdata/backend-with-fallback.out.yaml +++ b/internal/gatewayapi/testdata/backend-with-fallback.out.yaml @@ -138,7 +138,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtlspolicy-across-ns.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-across-ns.out.yaml index fde390c7efe..7d776a1784f 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-across-ns.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-across-ns.out.yaml @@ -121,7 +121,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtlspolicy-ca-only-secret.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-ca-only-secret.out.yaml index a5b87b3fa1f..a65ea66d0ab 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-ca-only-secret.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-ca-only-secret.out.yaml @@ -132,7 +132,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml index 8489f047341..f85b9c73c3f 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml @@ -132,7 +132,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.out.yaml index 9f4874f90f4..3467422f204 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.out.yaml @@ -266,7 +266,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -323,7 +323,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml index 2e2186879f9..c8898169624 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml @@ -227,7 +227,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml index 100efbcab4f..cb968f9a6a0 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml @@ -132,7 +132,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.out.yaml index 8ecd25a2418..207713455e8 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.out.yaml @@ -174,7 +174,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml index f91dc4d768e..8438c8551ce 100644 --- a/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml +++ b/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml @@ -129,7 +129,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-out-of-range-error.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-out-of-range-error.out.yaml index bb171e01da7..b64b9faa39a 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-out-of-range-error.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-out-of-range-error.out.yaml @@ -249,7 +249,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -292,7 +292,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-with-invalid-value.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-with-invalid-value.out.yaml index 654c9bdab4a..b0b46e91d66 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-with-invalid-value.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-with-invalid-value.out.yaml @@ -249,7 +249,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -292,7 +292,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit.out.yaml index d95c8a0fcc0..0db555c1cfd 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit.out.yaml @@ -249,7 +249,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -292,7 +292,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml index 8aafd70c0bb..a956f1b4706 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml @@ -272,7 +272,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml index 1a054712d80..1e671f11044 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml @@ -521,7 +521,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -540,7 +540,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -578,7 +578,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -612,6 +612,6 @@ xdsIR: name: grpcroute/envoy-gateway/grpcroute-1/rule/0/match/0/* traffic: {} tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-2/tcp port: 10053 diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml index 02222719f3f..b263c244b51 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml @@ -329,7 +329,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -373,7 +373,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-use-client-protocol.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-use-client-protocol.out.yaml index 0a13771f373..678fc4dea50 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-use-client-protocol.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-use-client-protocol.out.yaml @@ -127,7 +127,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml index 2b49ea23741..80a166ac5d5 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml @@ -311,7 +311,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -349,7 +349,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml index 575bfca2e1b..a1cf0fa2af5 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml @@ -253,7 +253,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -296,7 +296,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.out.yaml index 12bbf12dbe7..04202343698 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.out.yaml @@ -318,7 +318,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -362,7 +362,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml index 4f964492673..792b473aba5 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml @@ -678,7 +678,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -787,7 +787,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml index 35dbb164bf1..ca5371fc7df 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml @@ -251,7 +251,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -293,7 +293,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-httproute-timeout.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-httproute-timeout.out.yaml index 245739ca233..371a3709c9f 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-httproute-timeout.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-httproute-timeout.out.yaml @@ -130,7 +130,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer-invalid-consistent-hash-table-size.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer-invalid-consistent-hash-table-size.out.yaml index dc2ba7fb3d3..0562588ff18 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer-invalid-consistent-hash-table-size.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer-invalid-consistent-hash-table-size.out.yaml @@ -201,7 +201,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml index b2378edf754..30918a9739b 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml @@ -421,7 +421,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -460,7 +460,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml index d64aea61aee..bc398deeace 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml @@ -150,7 +150,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml index 0be116e1ebf..3097821b6ae 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml @@ -154,7 +154,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml index 21cae9b09f3..f4b263b7c99 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml @@ -150,7 +150,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml index 0fd1f442bd8..f92bea8d0ca 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml @@ -157,7 +157,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml index f05856b9630..5f212860b63 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml @@ -153,7 +153,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml index c65df985ac5..46398f5452d 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml @@ -245,7 +245,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -284,7 +284,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-distinct-invert.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-distinct-invert.out.yaml index 4ea1623c867..75e47abd4ec 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-distinct-invert.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-distinct-invert.out.yaml @@ -134,7 +134,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml index 8b20cbc59c9..a19a2ed3b72 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml @@ -136,7 +136,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml index 07fa997e109..37763d7d92c 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml @@ -268,7 +268,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -321,7 +321,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override-invalid-valueref.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override-invalid-valueref.out.yaml index c1542d9caec..8001e10e433 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override-invalid-valueref.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override-invalid-valueref.out.yaml @@ -294,7 +294,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -332,7 +332,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override.out.yaml index 568a57af484..4f0f13c6740 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override.out.yaml @@ -293,7 +293,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -353,7 +353,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml index 40ae88b602d..2ae6a02c282 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml @@ -264,7 +264,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -310,7 +310,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml index d032b952236..e8d3d65ed90 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml @@ -169,7 +169,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml index 9fa8e7235c9..e96203a9214 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml @@ -233,7 +233,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: default/tcp-gateway/bar port: 8089 routes: @@ -292,7 +292,7 @@ xdsIR: tcp: connectTimeout: 15s udp: - - address: 0.0.0.0 + - address: '::' name: default/tcp-gateway/foo port: 8162 route: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml index 5b1707b6f1a..89f07548c29 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml @@ -306,7 +306,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: default/tcp-gateway/bar port: 8089 routes: @@ -365,7 +365,7 @@ xdsIR: tcp: connectTimeout: 15s udp: - - address: 0.0.0.0 + - address: '::' name: default/tcp-gateway/foo port: 8162 route: diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml index 0213525db48..bf91d10226e 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml @@ -249,7 +249,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -290,7 +290,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml index dc80d9e73a8..ab1c94ff3c9 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml @@ -127,7 +127,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-targetrefs.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-targetrefs.out.yaml index ea546413a59..8a25a4a2fc8 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-targetrefs.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-targetrefs.out.yaml @@ -237,7 +237,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -277,7 +277,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml index 0fad514c5e8..0244bcea667 100644 --- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml +++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml @@ -257,7 +257,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -301,7 +301,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml index a11ad751e08..2f2cc555d95 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml @@ -159,7 +159,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -173,7 +173,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' connection: {} hostnames: - '*' diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml index 9993a11f26d..20191e8b4ba 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml @@ -160,7 +160,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -174,7 +174,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' connection: {} hostnames: - '*' diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml index d897fac8887..bbccfc1a09e 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml @@ -159,7 +159,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' connection: bufferLimit: 50000000 hostnames: @@ -175,7 +175,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' connection: {} hostnames: - '*' diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml index 898d87d0be0..46d7c08e297 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml @@ -262,7 +262,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' clientIPDetection: xForwardedFor: numTrustedHops: 2 @@ -279,7 +279,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8081 - - address: 0.0.0.0 + - address: '::' clientIPDetection: customHeader: failClosed: false @@ -297,7 +297,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8082 - - address: 0.0.0.0 + - address: '::' clientIPDetection: customHeader: failClosed: true @@ -315,7 +315,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8083 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml index 705e23a8d0e..d5d78569444 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml @@ -161,7 +161,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -175,7 +175,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml index e4f163f5963..6f99ddff5b9 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml @@ -161,7 +161,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' connection: limit: closeDelay: 10s @@ -179,7 +179,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' connection: {} hostnames: - '*' diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml index bb695decae7..94a5074c65b 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml @@ -184,7 +184,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' connection: bufferLimit: 50000000 limit: @@ -246,7 +246,7 @@ xdsIR: signatureAlgorithms: - sig1 - sig2 - - address: 0.0.0.0 + - address: '::' connection: bufferLimit: 50000000 limit: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-headers-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-headers-error.out.yaml index 9eee58d7df7..5a27962f198 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-headers-error.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-headers-error.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: enableEnvoyHeaders: true preserveXRequestID: true diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml index 4e66bd91c64..8cc87a5b639 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml @@ -141,7 +141,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: earlyAddRequestHeaders: - append: true @@ -170,7 +170,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' headers: earlyAddRequestHeaders: - append: true diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http-health-check.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http-health-check.out.yaml index f41c8fd3a2c..02f8f67aab8 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-http-health-check.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http-health-check.out.yaml @@ -89,7 +89,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' healthCheck: path: /ready hostnames: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml index 8561d93004a..3343e3028ba 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml @@ -454,7 +454,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http1: @@ -470,7 +470,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' hostnames: - www.example.com http1: @@ -487,7 +487,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8080 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http1: {} @@ -502,7 +502,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8081 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http1: @@ -537,7 +537,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http1: {} diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml index 3de4101c8c6..10aec8cce97 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml @@ -163,7 +163,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http2: @@ -181,7 +181,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' hostnames: - www.example.com http2: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml index c946f22c841..3166e9aa700 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml @@ -131,7 +131,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http3: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml index 94775b0aeab..8052587d753 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml @@ -90,7 +90,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml index e728cd78c63..af9a6f0c389 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml @@ -128,7 +128,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -145,7 +145,7 @@ xdsIR: timeout: http: idleTimeout: 10s - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml index 22692261be3..0846607806c 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml @@ -232,7 +232,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -258,7 +258,7 @@ xdsIR: maxVersion: "1.3" minVersion: "1.2" requireClientCertificate: true - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -277,7 +277,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml index 285a35daf25..f02d213a9c4 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml @@ -544,7 +544,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: @@ -574,7 +574,7 @@ xdsIR: maxVersion: "1.3" minVersion: "1.2" requireClientCertificate: true - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: @@ -597,7 +597,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: @@ -632,7 +632,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: @@ -669,7 +669,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: @@ -708,7 +708,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml index 85042934396..386651702d9 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml @@ -531,7 +531,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: @@ -561,7 +561,7 @@ xdsIR: maxVersion: "1.3" minVersion: "1.2" requireClientCertificate: true - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: @@ -584,7 +584,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: @@ -619,7 +619,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: @@ -654,7 +654,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: @@ -689,7 +689,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: withUnderscoresAction: RejectRequest xForwardedClientCert: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml index 08dcf5bef70..5398303d3cb 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml @@ -231,7 +231,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -257,7 +257,7 @@ xdsIR: maxVersion: "1.3" minVersion: "1.2" requireClientCertificate: true - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -276,7 +276,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml index 2cf85c63b8b..38eeb8b5a52 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml @@ -126,7 +126,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -140,7 +140,7 @@ xdsIR: escapedSlashesAction: KeepUnchanged mergeSlashes: false port: 10080 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case-multiple-targets.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case-multiple-targets.out.yaml index 5f48ea0ed67..80d4350f638 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case-multiple-targets.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case-multiple-targets.out.yaml @@ -198,7 +198,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http1: @@ -220,7 +220,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -234,7 +234,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http1: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml index 4f6bfdbdf97..160cc58044c 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml @@ -126,7 +126,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http1: @@ -143,7 +143,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http1: diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml index 0d88cb4d8fd..bfac33d66db 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml @@ -126,7 +126,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' enableProxyProtocol: true hostnames: - '*' @@ -141,7 +141,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-ratelimitheaders.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-ratelimitheaders.out.yaml index 51e89d7272b..d3daeca2460 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-ratelimitheaders.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-ratelimitheaders.out.yaml @@ -126,7 +126,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' headers: disableRateLimitHeaders: true enableEnvoyHeaders: true @@ -144,7 +144,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' headers: disableRateLimitHeaders: true enableEnvoyHeaders: true diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml index f4fcac96827..726b258d2b0 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml @@ -502,7 +502,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -521,7 +521,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -536,7 +536,7 @@ xdsIR: mergeSlashes: true port: 10080 tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-2/tcp port: 10053 envoy-gateway/gateway-3: @@ -544,7 +544,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -563,7 +563,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml index 8b0e90b3848..b09699c1419 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml @@ -161,7 +161,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -179,7 +179,7 @@ xdsIR: idleTime: 1200 interval: 60 probes: 3 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml index 7d12e8b98ac..4554e319052 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml @@ -90,7 +90,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml index 664f5fe1fc7..97416a04bab 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml @@ -128,7 +128,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -145,7 +145,7 @@ xdsIR: timeout: http: requestReceivedTimeout: 5s - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml index e673ed66b7a..917547923a5 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml @@ -322,7 +322,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -355,7 +355,7 @@ xdsIR: - sig2 statefulSessionResumption: true statelessSessionResumption: true - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -374,7 +374,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -401,7 +401,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml index 114af441730..354cec1af2d 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml @@ -125,7 +125,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http1: @@ -141,7 +141,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' http1: diff --git a/internal/gatewayapi/testdata/conflicting-policies.out.yaml b/internal/gatewayapi/testdata/conflicting-policies.out.yaml index 8acabbca876..6933902b8f9 100644 --- a/internal/gatewayapi/testdata/conflicting-policies.out.yaml +++ b/internal/gatewayapi/testdata/conflicting-policies.out.yaml @@ -265,7 +265,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.192.168.0.15.nip.io' isHTTP2: false @@ -300,7 +300,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - qccbahgo.qccbahgo isHTTP2: false diff --git a/internal/gatewayapi/testdata/custom-filter-order.out.yaml b/internal/gatewayapi/testdata/custom-filter-order.out.yaml index a8c4413a399..c840462f271 100644 --- a/internal/gatewayapi/testdata/custom-filter-order.out.yaml +++ b/internal/gatewayapi/testdata/custom-filter-order.out.yaml @@ -225,7 +225,7 @@ xdsIR: - after: envoy.filters.http.basic_authn name: envoy.filters.http.cors http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/disable-accesslog.out.yaml b/internal/gatewayapi/testdata/disable-accesslog.out.yaml index b0dc0dd4bb1..2f152a026ac 100644 --- a/internal/gatewayapi/testdata/disable-accesslog.out.yaml +++ b/internal/gatewayapi/testdata/disable-accesslog.out.yaml @@ -119,7 +119,7 @@ infraIR: xdsIR: envoy-gateway/gateway-1: http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml index df3a01d780f..85f79b1e55c 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml @@ -79,7 +79,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml index 2c6b006af93..c0b88b42192 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml @@ -268,7 +268,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml index f4cc57f95ba..0db35ca4bb0 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml @@ -521,7 +521,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -540,7 +540,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -578,7 +578,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -612,6 +612,6 @@ xdsIR: namespace: envoy-gateway name: grpcroute/envoy-gateway/grpcroute-1/rule/0/match/0/* tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-2/tcp port: 10053 diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml index beac28da518..2d0a54ff2da 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml @@ -130,7 +130,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml index efd62e1e0ea..53232e5735c 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml @@ -130,7 +130,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml index ba93c2decdc..7a84bb226c8 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml @@ -132,7 +132,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml index 066917dd152..ba22f681a33 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml @@ -131,7 +131,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml index a1d7beec90b..81863d1acdf 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml @@ -280,7 +280,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml index a81a7cd4410..4789f8555e3 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml @@ -280,7 +280,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml index 21fb5de6103..93c24363c31 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml @@ -309,7 +309,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.out.yaml index 4a19852eea0..f0dfd27144d 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.out.yaml @@ -239,7 +239,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml index 8c65fb9cf65..12fad598a5c 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml @@ -207,7 +207,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml index 368c32a4055..71173c47bd0 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml @@ -241,7 +241,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml index e40792057eb..11011a07694 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml @@ -61,7 +61,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml index 4eff002f05f..f2a88d508ed 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml @@ -87,7 +87,7 @@ xdsIR: type: Accepted controllerName: gateway.envoyproxy.io/gatewayclass-controller http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml index e36a5d543ac..694ba5cf0ae 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml @@ -89,7 +89,7 @@ xdsIR: type: Accepted controllerName: gateway.envoyproxy.io/gatewayclass-controller http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml index 14addeb27dc..5e28ec9e9d4 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml @@ -80,7 +80,7 @@ xdsIR: type: Accepted controllerName: gateway.envoyproxy.io/gatewayclass-controller http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml index 315fc208bad..a73b592ca7f 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml @@ -116,7 +116,7 @@ xdsIR: type: Accepted controllerName: gateway.envoyproxy.io/gatewayclass-controller http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml index 6ac0112c140..cb05e3a5858 100644 --- a/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml +++ b/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml @@ -108,7 +108,7 @@ xdsIR: type: Accepted controllerName: gateway.envoyproxy.io/gatewayclass-controller http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-als-json.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-als-json.out.yaml index 8695f47ecfa..eae92fd6677 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-als-json.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-als-json.out.yaml @@ -182,7 +182,7 @@ xdsIR: name: envoy-gateway-system/test type: TCP http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml index 6c3db20cff0..fe87871df9b 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml @@ -142,7 +142,7 @@ infraIR: xdsIR: envoy-gateway/gateway-1: http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml index 94763fd2522..a676d131d70 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml @@ -153,7 +153,7 @@ xdsIR: [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml index ce6e60861fc..4c9774307ba 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml @@ -142,7 +142,7 @@ infraIR: xdsIR: envoy-gateway/gateway-1: http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.out.yaml index 4161575dd8a..6c41786f198 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.out.yaml @@ -177,7 +177,7 @@ xdsIR: [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml index f1fc863b98e..dfa7cb9e73a 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml @@ -126,7 +126,7 @@ xdsIR: envoy-gateway/gateway-1: accessLog: {} http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml index cb2e10fc988..22351893208 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml @@ -134,7 +134,7 @@ xdsIR: protocol: '%PROTOCOL%' path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-types.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-types.out.yaml index 9c2c0d1cf82..481d5d35e0b 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-types.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-types.out.yaml @@ -426,7 +426,7 @@ xdsIR: this is a Global log path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml index db14cc4b8e3..4d25ea17358 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml @@ -128,7 +128,7 @@ xdsIR: envoy-gateway/gateway-1: accessLog: {} http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-traffic.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-traffic.out.yaml index 28ef831b03a..72234e5db1e 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-traffic.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-traffic.out.yaml @@ -310,7 +310,7 @@ xdsIR: [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-without-format.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-without-format.out.yaml index 43505266ec0..f9db0b48736 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-without-format.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-without-format.out.yaml @@ -194,7 +194,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml index 9694dd07ad7..8c2bec37bde 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml @@ -206,7 +206,7 @@ xdsIR: [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml index 1b31bae27e7..0e4a18b66dc 100644 --- a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml @@ -112,7 +112,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.out.yaml b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.out.yaml index 9f058d69051..537a739770c 100644 --- a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml index 0368e1a1a22..dcfabe29f4c 100644 --- a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml @@ -135,7 +135,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-backend.out.yaml index 4bff8f998d5..91706f9afd4 100644 --- a/internal/gatewayapi/testdata/envoyproxy-metric-backend.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-metric-backend.out.yaml @@ -128,7 +128,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-enabled-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-enabled-backend.out.yaml index 7605114bf22..293488ec064 100644 --- a/internal/gatewayapi/testdata/envoyproxy-metric-enabled-backend.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-metric-enabled-backend.out.yaml @@ -131,7 +131,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml index 426268f6340..f5c685bab24 100644 --- a/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml @@ -283,7 +283,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml b/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml index 76859d37624..88618649c7e 100644 --- a/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml @@ -112,7 +112,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-service-routing.out.yaml b/internal/gatewayapi/testdata/envoyproxy-service-routing.out.yaml index a679b4aef60..1602dc38c8b 100644 --- a/internal/gatewayapi/testdata/envoyproxy-service-routing.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-service-routing.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml index 7e86495fc41..578ad17e948 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml @@ -228,7 +228,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -282,7 +282,7 @@ xdsIR: privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-tls/ port: 10445 routes: diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml index 868620d8d74..fc0b655ad12 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml @@ -227,7 +227,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -281,7 +281,7 @@ xdsIR: privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-tls/ port: 10445 routes: diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml index e65df0254f4..1157e1f7c7e 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml @@ -226,7 +226,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -284,7 +284,7 @@ xdsIR: privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-tls/ port: 10445 routes: diff --git a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml index 3506b9a0aba..1a43989014b 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml @@ -135,7 +135,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml index b3a44d78fdc..cb5292b6d20 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml @@ -155,7 +155,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml index 5bd374167ee..6df12542bcc 100644 --- a/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml @@ -119,7 +119,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml index 0095b815fd7..731eebc1c72 100644 --- a/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml +++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml @@ -146,7 +146,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' extensionRefs: - object: apiVersion: foo.example.io/v1alpha1 @@ -204,7 +204,7 @@ xdsIR: controllerName: gateway.envoyproxy.io/gatewayclass-controller name: envoy-gateway/gateway-1/tcp1 port: 10080 - - address: 0.0.0.0 + - address: '::' extensionRefs: - object: apiVersion: foo.example.io/v1alpha1 diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml index 1ff835552d9..71e6d1cdfe6 100644 --- a/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml +++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml @@ -146,7 +146,7 @@ xdsIR: text: - path: /dev/stdout udp: - - address: 0.0.0.0 + - address: '::' extensionRefs: - object: apiVersion: foo.example.io/v1alpha1 @@ -204,7 +204,7 @@ xdsIR: controllerName: gateway.envoyproxy.io/gatewayclass-controller name: envoy-gateway/gateway-1/udp1 port: 10162 - - address: 0.0.0.0 + - address: '::' extensionRefs: - object: apiVersion: foo.example.io/v1alpha1 diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-invalid-target.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-invalid-target.out.yaml index 8140d239ab5..066cd664242 100644 --- a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-invalid-target.out.yaml +++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-invalid-target.out.yaml @@ -97,7 +97,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -111,7 +111,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10081 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml index 5a0b8ef2f97..0ba6cb4868c 100644 --- a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml +++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml @@ -157,7 +157,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' extensionRefs: - object: apiVersion: foo.example.io/v1alpha1 @@ -218,7 +218,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' extensionRefs: - object: apiVersion: foo.example.io/v1alpha1 diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml index 29b482ae554..daa4b7e0095 100644 --- a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml +++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml @@ -150,7 +150,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' extensionRefs: - object: apiVersion: foo.example.io/v1alpha1 @@ -191,7 +191,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10081 - - address: 0.0.0.0 + - address: '::' extensionRefs: - object: apiVersion: foo.example.io/v1alpha1 diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml index 79aeb1f3eeb..069d311948f 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml @@ -109,7 +109,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml index d70cea292b5..f2fcc7a5859 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml index 1af974c72bb..13e693b41de 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml index 1cb405e4dd8..73664fdf291 100644 --- a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml +++ b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml index 2dd68040951..56b396fa4b6 100644 --- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml @@ -96,7 +96,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml index 35383fcb502..6dda7c9d89c 100644 --- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml @@ -96,7 +96,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml index cb47542a1c7..e384db96691 100644 --- a/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml +++ b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml @@ -172,7 +172,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -204,7 +204,7 @@ xdsIR: distinct: false name: "" prefix: /empty-hostname - - address: 0.0.0.0 + - address: '::' hostnames: - '*.example.com' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml b/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml index 0b38b962b89..fc416f75db4 100644 --- a/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml +++ b/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml @@ -114,7 +114,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml b/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml index 798641857cd..2eb3f6ba8ea 100644 --- a/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml @@ -66,6 +66,6 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp port: 10080 diff --git a/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml index 8794f263e57..a4c79fa1d29 100644 --- a/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml @@ -123,7 +123,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml index deed8d261b5..c458d7e982f 100644 --- a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml @@ -106,7 +106,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml index 0ec88f622c9..e9402d144eb 100644 --- a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml @@ -123,7 +123,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml index 866ca1e861a..d6fcc45aa78 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml @@ -91,7 +91,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp port: 10162 routes: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml index cbc01a3d11d..042f236965e 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml @@ -95,7 +95,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp port: 10080 routes: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml index 7e583a73bda..15fcf27bc68 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml @@ -96,6 +96,6 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp port: 10080 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml index 6e35700c58e..cfbff1ff11a 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml @@ -103,7 +103,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml index 9e2db8004e5..3f680237131 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml @@ -172,7 +172,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - foo.bar.com isHTTP2: false @@ -214,7 +214,7 @@ xdsIR: privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tls-passthrough port: 10090 routes: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml index 03cf19502d7..88a7435683f 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml @@ -91,7 +91,7 @@ xdsIR: text: - path: /dev/stdout udp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/udp port: 10162 route: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml index 70a5a2a8599..bf252dfb7e0 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml @@ -95,7 +95,7 @@ xdsIR: text: - path: /dev/stdout udp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/udp port: 10080 route: diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml index 850f9e64cba..c87bc540bd1 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml @@ -96,6 +96,6 @@ xdsIR: text: - path: /dev/stdout udp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/udp port: 10080 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml index 79295aded7b..a44c4ff584c 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml @@ -59,6 +59,6 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp port: 10080 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml index a30d7cf5a5b..00233142fc1 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml @@ -59,6 +59,6 @@ xdsIR: text: - path: /dev/stdout udp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/udp port: 10080 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml index a9939722a0d..4198cb7db1d 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml @@ -105,7 +105,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml index 6fdbe779e25..da63240840e 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml @@ -105,7 +105,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml index 680ff1bf524..a984dbc8a91 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml @@ -102,7 +102,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml index 6598bfde8d4..2575bc79de1 100644 --- a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml @@ -96,7 +96,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml index f7fd4e2752c..7513e60bfb8 100644 --- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml @@ -122,7 +122,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp port: 10162 routes: diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml index 4f4555a87e8..c94a3f623a4 100644 --- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml @@ -122,7 +122,7 @@ xdsIR: text: - path: /dev/stdout udp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/udp port: 10162 route: diff --git a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml index bafbb34668b..30f33008266 100644 --- a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml @@ -102,7 +102,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml index e3bc11e2cc5..3bec02c1f8f 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml @@ -115,7 +115,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp1 port: 10162 routes: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml index 5f904c3de3e..0a76a7d86a6 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml @@ -118,7 +118,7 @@ xdsIR: text: - path: /dev/stdout udp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/udp1 port: 10162 route: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml index d6b31a59f6a..248169c209b 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml @@ -168,7 +168,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - foo.com isHTTP2: false @@ -223,7 +223,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - bar.com isHTTP2: false diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml index 67867078333..0238ba3007e 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml @@ -163,7 +163,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -199,7 +199,7 @@ xdsIR: name: "" prefix: / tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp port: 10080 routes: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml index b7bdac0b389..6d8bd1f0905 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml @@ -163,7 +163,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -199,7 +199,7 @@ xdsIR: name: "" prefix: / udp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/udp port: 10080 route: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml index d2d74cd296e..07e3e01a70c 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml @@ -160,7 +160,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp1 port: 10162 routes: @@ -174,7 +174,7 @@ xdsIR: protocol: TCP weight: 1 name: tcproute/default/tcproute-1 - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp2 port: 10163 routes: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml index 20519f07857..b5a71ddbe5e 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml @@ -156,7 +156,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp1 port: 10161 routes: @@ -170,7 +170,7 @@ xdsIR: protocol: TCP weight: 1 name: tcproute/default/tcproute-1 - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp2 port: 10162 routes: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml index 00a61415035..deac14645ab 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml @@ -160,7 +160,7 @@ xdsIR: text: - path: /dev/stdout udp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/udp1 port: 10162 route: @@ -174,7 +174,7 @@ xdsIR: protocol: UDP weight: 1 name: udproute/default/udproute-1 - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/udp2 port: 10163 route: diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml index f6cb6959c4b..96ca8ca522c 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml @@ -156,7 +156,7 @@ xdsIR: text: - path: /dev/stdout udp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/udp1 port: 10161 route: @@ -170,7 +170,7 @@ xdsIR: protocol: UDP weight: 1 name: udproute/default/udproute-1 - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/udp2 port: 10162 route: diff --git a/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml index 8981d87b085..5b9fe7b3a5f 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml @@ -124,7 +124,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true diff --git a/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml index 2f633cb8a20..8c2660b6324 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml @@ -96,7 +96,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true diff --git a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml index bc7697e2f18..a41913ed8fb 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml @@ -100,7 +100,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml index 765481a5838..fafd1fdbf56 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml @@ -104,7 +104,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml index 38b49dda801..a30cb02b50e 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml @@ -102,7 +102,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true diff --git a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml index 110d404c44f..43ada6439a9 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml @@ -106,7 +106,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true diff --git a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml index b8855487138..639603a07e6 100644 --- a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml +++ b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml @@ -102,7 +102,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true diff --git a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml index bda6f990dda..22a6796814c 100644 --- a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml +++ b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml @@ -134,7 +134,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml index 04843eba9aa..004456773c4 100644 --- a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml @@ -254,7 +254,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -297,7 +297,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml index e532697a7b4..cad7873ad13 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml @@ -356,7 +356,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - foo.com isHTTP2: false @@ -391,7 +391,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - bar.com isHTTP2: false @@ -426,7 +426,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - foo1.com isHTTP2: false @@ -461,7 +461,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - bar1.com isHTTP2: false @@ -496,7 +496,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - foo2.com isHTTP2: false @@ -531,7 +531,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - bar2.com isHTTP2: false @@ -566,7 +566,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - foo3.com isHTTP2: false @@ -601,7 +601,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - bar3.com isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml index 5bc5e17485a..ff94451e5bc 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml @@ -307,7 +307,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - foo.com isHTTP2: false @@ -342,7 +342,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - bar.com isHTTP2: false @@ -377,7 +377,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - foo1.com isHTTP2: false @@ -412,7 +412,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - bar1.com isHTTP2: false @@ -447,7 +447,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - foo2.com isHTTP2: false @@ -482,7 +482,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - bar2.com isHTTP2: false @@ -517,7 +517,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - foo3.com isHTTP2: false @@ -552,7 +552,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - bar3.com isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml index 2b7899d4f75..647d620d729 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml @@ -138,7 +138,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -173,7 +173,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml index 4d3310f2614..07bb66f43b7 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml @@ -127,7 +127,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - foo.com isHTTP2: false @@ -162,7 +162,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - bar.com isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml index 817bc24013a..ee8dccb4256 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml @@ -96,7 +96,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml index 4abbc554d9d..5ce4b0143c2 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml @@ -100,7 +100,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml index 5b4bf8d4bb9..8897f06d841 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml @@ -129,7 +129,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - foo.com isHTTP2: false @@ -143,7 +143,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' hostnames: - bar.com isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-and-core-backendrefs.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-and-core-backendrefs.out.yaml index 484fe119154..f4a6b3f6334 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-and-core-backendrefs.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-and-core-backendrefs.out.yaml @@ -202,7 +202,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref-mixed-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref-mixed-address-type.out.yaml index 80b6f6627b2..f5bf64e50d7 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref-mixed-address-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref-mixed-address-type.out.yaml @@ -259,7 +259,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref.out.yaml index cdbbe788086..f4b38eead2f 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref.out.yaml @@ -342,7 +342,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-diff-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-diff-address-type.out.yaml index 3b5ddfa6298..e758629820c 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-diff-address-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-diff-address-type.out.yaml @@ -281,7 +281,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-same-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-same-address-type.out.yaml index 5a413ae4630..8f302d19c11 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-same-address-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-same-address-type.out.yaml @@ -290,7 +290,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml index 7b2b55fe1c0..a673d3342dd 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml @@ -104,7 +104,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml index 5667491636e..8c02b288f1d 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml @@ -104,7 +104,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml index e29f978c85e..73f0582b114 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml @@ -100,7 +100,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml index 38c70c4a8d2..6de22de9901 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml @@ -100,7 +100,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml index 144ccbd3c57..7efbce03645 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml @@ -100,7 +100,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml index 3bdc7cc4697..865bc78af93 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml @@ -98,7 +98,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml index c49d551e867..99d9d4f7725 100644 --- a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml @@ -100,7 +100,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml b/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml index 9cd60408345..3138c613b78 100644 --- a/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml @@ -99,7 +99,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - foo.com isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml index dc1c9cb950d..242028fb5bc 100644 --- a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml +++ b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml @@ -100,7 +100,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml index c7fd7b9e40e..ddc5eec76b5 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml @@ -93,7 +93,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml index 11634b9f050..dbd5d70f62f 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml @@ -100,7 +100,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml index e9a785e0d1b..2f4fc1349a0 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml @@ -106,7 +106,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-app-protocols.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-app-protocols.out.yaml index 4c5fcd5e8e2..5e89675b3e5 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-app-protocols.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-app-protocols.out.yaml @@ -175,7 +175,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-weights.out.yaml index d56407b0dd9..3e9f0b780d4 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-weights.out.yaml @@ -173,7 +173,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml index 122d09efdeb..3828541e423 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml @@ -121,7 +121,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml index d708b748380..290787479f9 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml @@ -98,7 +98,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml index 9b175f032c4..58c0c38d89d 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml @@ -100,7 +100,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-direct-response.out.yaml b/internal/gatewayapi/testdata/httproute-with-direct-response.out.yaml index 29b6b051366..8be2bc8a4e6 100644 --- a/internal/gatewayapi/testdata/httproute-with-direct-response.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-direct-response.out.yaml @@ -153,7 +153,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml index 6853b8172b3..6b21dddcd4e 100644 --- a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml @@ -95,7 +95,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml index 605aa384f3e..3ab8edd3fb0 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml @@ -116,7 +116,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml index f122fc17d5b..0f06a777a42 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml @@ -126,7 +126,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml index e3ea3d5158b..92a45ab8ea5 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml @@ -112,7 +112,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml index 23567e22077..5b8b7e76f2f 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml index 67c14e133a7..af3f6e189d5 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml @@ -110,7 +110,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml index 7549c52cbb1..f49fa9e41e9 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml @@ -112,7 +112,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml index 5405ad66246..2b0623b7710 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml @@ -113,7 +113,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml index a8986f5d429..faaa608b996 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml @@ -104,7 +104,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml index 36f621f095c..9a73541ccec 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml @@ -108,7 +108,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml index b111af6e08b..f345d70ae45 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml @@ -108,7 +108,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml index 2ca033356bb..6c390846d3a 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml @@ -97,7 +97,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml index e7c2869de1c..26bffbc4231 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml @@ -101,7 +101,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml index a1c5683d27a..818ac56cde8 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml @@ -99,7 +99,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml index ed62f94f257..fb9ee9fbe2d 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml @@ -97,7 +97,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml index 794a5d87c3a..b26a993bf21 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml @@ -99,7 +99,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml index 18019d56e70..f0af70dfcd6 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml @@ -97,7 +97,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml index f9ee3bb21fa..10fbc26ad4f 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml @@ -104,7 +104,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml index 3500d3be9cc..e52f15b3ac1 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml @@ -98,7 +98,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml index 05617ca8192..07e602727f7 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml @@ -148,7 +148,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -167,7 +167,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml b/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml index 9049ebe41de..fedcd5f5181 100644 --- a/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml @@ -108,7 +108,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml index 29d9dd320a5..7b213e66450 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml @@ -114,7 +114,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml index c6e534c9c63..7251228643b 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml @@ -126,7 +126,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml index 50105a1e054..ad035eb7c47 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml @@ -108,7 +108,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml index c0c193e034a..44ab3461292 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml @@ -108,7 +108,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml index e9f94617b4e..e1f711349e6 100644 --- a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml @@ -108,7 +108,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-multi-gateways-notmatch.out.yaml b/internal/gatewayapi/testdata/httproute-with-multi-gateways-notmatch.out.yaml index c7801a560d0..d0f71d4d6a1 100644 --- a/internal/gatewayapi/testdata/httproute-with-multi-gateways-notmatch.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-multi-gateways-notmatch.out.yaml @@ -116,7 +116,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -135,7 +135,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-multi-gateways-with-same-name.out.yaml b/internal/gatewayapi/testdata/httproute-with-multi-gateways-with-same-name.out.yaml index f3c1a6b1ed4..84dae610113 100644 --- a/internal/gatewayapi/testdata/httproute-with-multi-gateways-with-same-name.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-multi-gateways-with-same-name.out.yaml @@ -149,7 +149,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -189,7 +189,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-different-ns.out.yaml b/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-different-ns.out.yaml index ba2f58b8667..61b67c75d89 100644 --- a/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-different-ns.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-different-ns.out.yaml @@ -178,7 +178,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.a.example.com' isHTTP2: false @@ -215,7 +215,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.b.example.com' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-same-ns.out.yaml b/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-same-ns.out.yaml index 4e6bef64b9e..03f487b3aa4 100644 --- a/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-same-ns.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-same-ns.out.yaml @@ -176,7 +176,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.a.example.com' isHTTP2: false @@ -213,7 +213,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.b.example.com' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml index 810a78ccb87..878e6bd1574 100644 --- a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -100,7 +100,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml index d40408b2b02..9cdddc09c08 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml @@ -106,7 +106,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml index d7496698338..9d122032e5e 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml @@ -104,7 +104,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml index 63b32e64bb8..06dc740e0f6 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml index 43ca155587d..440d12ac4a3 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml @@ -104,7 +104,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml index 588877b155e..104daac410d 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml @@ -103,7 +103,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml index 9676b5d7688..265050323ef 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml index 6dcb4b28779..636bcf1289e 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml @@ -122,7 +122,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml index 47d61c9fcfa..f89d8bdc91a 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml @@ -116,7 +116,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml index 1d2f4f7124c..5e03bbf8f52 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml @@ -126,7 +126,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml index b0dbd71c18d..a5915c1f9d1 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml @@ -112,7 +112,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml index 893ce8cc969..7b6b7508258 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml index 723cabbe6f7..0a032d52b85 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml @@ -110,7 +110,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml index 6c8c063716d..17b26b97dc9 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml @@ -112,7 +112,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml index f46e5ae3977..b3c0c252310 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml @@ -113,7 +113,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml index e8d2f720d19..f50cbfec103 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml @@ -104,7 +104,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml index cd89f06e995..6a8bec12323 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml @@ -108,7 +108,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml index e0f78c08c9d..aff1b276aa8 100644 --- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml @@ -108,7 +108,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml index a73f169aad1..0e7d3803555 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml @@ -97,7 +97,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml index d4bf9af1612..c1005576fe9 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml @@ -95,7 +95,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml index 48706fbfb0c..ab30a3cb5db 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml @@ -123,7 +123,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml index 0be3cbea1d2..75b4de50088 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml @@ -101,7 +101,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml index ff9f5d272a8..97753e5fcee 100644 --- a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml @@ -101,7 +101,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml index 34ec33802bf..291ce9105ae 100644 --- a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -99,7 +99,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml index 2213aa315cb..4e4afb6be35 100644 --- a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -100,7 +100,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml index 3d8c69a6178..5b9bb7fd74d 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml index 8e3079c9bbe..4aed1840d42 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml @@ -108,7 +108,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml index c0d8cce8b8a..7dc2cb30469 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml @@ -105,7 +105,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml index 7cbff74f25b..0c8665dc24d 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml @@ -105,7 +105,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml index e1905ea7933..f30c9859523 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml @@ -111,7 +111,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml index 3dcffc8edbb..46d54b18956 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml @@ -113,7 +113,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml index c51f0b56107..fcb1f1ea710 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml @@ -109,7 +109,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml index 25991b658fa..20023c84cf8 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml @@ -108,7 +108,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml index 86b8fce36bd..9e55e63c72a 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml @@ -106,7 +106,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml index dd20383d2ea..d6c093778ea 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml @@ -107,7 +107,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-http.out.yaml index c42f3934568..bb60b64605c 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-http.out.yaml @@ -245,7 +245,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-invalid.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-invalid.out.yaml index 17ffc680f52..24f1e8043f8 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-invalid.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-invalid.out.yaml @@ -342,7 +342,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter-invalid.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter-invalid.out.yaml index ab24ec0e81d..93a4d218056 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter-invalid.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter-invalid.out.yaml @@ -348,7 +348,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter.out.yaml index 916f7d0cefe..2979fabc641 100644 --- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter.out.yaml @@ -249,7 +249,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml index 821a30d4cb3..636d864e709 100644 --- a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml @@ -98,7 +98,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml index a21561696f2..ec627ecda95 100644 --- a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml @@ -283,7 +283,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml index d8d24642dd3..33ab0632ce2 100644 --- a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml +++ b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml @@ -136,7 +136,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -151,6 +151,6 @@ xdsIR: mergeSlashes: true port: 10080 udp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-2/udp port: 10080 diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml index 0e015155214..27f75da25ec 100644 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml @@ -172,7 +172,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -186,7 +186,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' hostnames: - company.com isHTTP2: false @@ -200,7 +200,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8888 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -214,7 +214,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8888 - - address: 0.0.0.0 + - address: '::' hostnames: - example.com isHTTP2: false diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml index 4c48dd68694..dba5580e6a7 100644 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml @@ -223,7 +223,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false @@ -258,7 +258,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -272,7 +272,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8888 - - address: 0.0.0.0 + - address: '::' hostnames: - example.com isHTTP2: false diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml index 7afe665224b..b5fb3b7915b 100644 --- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml +++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml @@ -145,7 +145,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -159,7 +159,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 10080 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -173,7 +173,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8888 - - address: 0.0.0.0 + - address: '::' hostnames: - example.com isHTTP2: false diff --git a/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml b/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml index b0e8b627fe8..1c828fc13bf 100644 --- a/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml +++ b/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml @@ -501,7 +501,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - bar.example.com isHTTP2: false @@ -560,7 +560,7 @@ xdsIR: timeout: http: requestReceivedTimeout: 5s - - address: 0.0.0.0 + - address: '::' hostnames: - foo.example.com isHTTP2: false @@ -619,7 +619,7 @@ xdsIR: timeout: http: requestReceivedTimeout: 5s - - address: 0.0.0.0 + - address: '::' hostnames: - bar.example.com isHTTP2: false @@ -670,7 +670,7 @@ xdsIR: - x-header-7 - x-header-8 maxAge: 33m20s - - address: 0.0.0.0 + - address: '::' hostnames: - foo.example.com isHTTP2: false diff --git a/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml b/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml index 8e62bb597d5..92ca64456d4 100644 --- a/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml +++ b/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml @@ -293,7 +293,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -349,7 +349,7 @@ xdsIR: idleTime: 1200 interval: 60 probes: 3 - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml b/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml index 5ce63e62453..d1f9b18c250 100644 --- a/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml @@ -90,7 +90,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml b/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml index c6f72065531..7b56ed6a0f9 100644 --- a/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml @@ -300,7 +300,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml index 607330a824c..e4898317537 100644 --- a/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml @@ -406,7 +406,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -444,7 +444,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -478,6 +478,6 @@ xdsIR: name: grpcroute/envoy-gateway/grpcroute-1/rule/0/match/0/* security: {} tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-2/tcp port: 10053 diff --git a/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-client-cidr.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-client-cidr.out.yaml index 82281af294a..01a3b8426dc 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-client-cidr.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-client-cidr.out.yaml @@ -285,7 +285,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-jwt-claim.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-jwt-claim.out.yaml index ed422e70031..95885020f69 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-jwt-claim.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-jwt-claim.out.yaml @@ -154,7 +154,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml index 02fd1a6ddd1..3c0d7e09c02 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml @@ -212,7 +212,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-cors-targetrefs.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-cors-targetrefs.out.yaml index 789da05196b..2842832ec14 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-cors-targetrefs.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-cors-targetrefs.out.yaml @@ -339,7 +339,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -394,7 +394,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -431,7 +431,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml index 3f58304e886..ad7f13fd7bb 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml @@ -402,7 +402,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -460,7 +460,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -519,7 +519,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml index ccdb2458370..a2128bd6085 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml @@ -349,7 +349,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml index d72cd182896..ded079e5c9c 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml @@ -222,7 +222,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml index c5bf4237f52..d27a3cb2db2 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml @@ -136,7 +136,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml index 3f5e60f11e8..2bab8201c1d 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml @@ -136,7 +136,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml index 1f8fd280ad6..c85015431dc 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml @@ -137,7 +137,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml index 294267b90e0..fecdfd343c3 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml @@ -136,7 +136,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml index 350fc8e908b..8485328ac78 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml @@ -205,7 +205,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml index b87c7992c90..4eca64d1a07 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml @@ -281,7 +281,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml index d72cd182896..ded079e5c9c 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml @@ -222,7 +222,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml index d5731870d17..37aa96f24a1 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml @@ -234,7 +234,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml index 711d30f0d14..fcbe359dce5 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml @@ -281,7 +281,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -338,7 +338,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml index c892bef7e4f..180b40be7f3 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml @@ -280,7 +280,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -337,7 +337,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml index 704961a0476..54a652f4e27 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml @@ -272,7 +272,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: true @@ -329,7 +329,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml index d878bcdb505..092a2169ed7 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml @@ -179,7 +179,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml index a42e482a758..4f58b2a71f4 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml @@ -140,7 +140,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml index caf951bcc40..4c64216743a 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml @@ -97,7 +97,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml index 319d6bcfe58..d5025efe61f 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml @@ -281,7 +281,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -300,7 +300,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -319,7 +319,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml index 1d9093a8d38..edba4b82b0d 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml @@ -235,7 +235,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false diff --git a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml index d3a6e8bdc19..acb5295b43b 100644 --- a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml +++ b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml @@ -166,7 +166,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tls port: 10090 routes: @@ -193,7 +193,7 @@ xdsIR: - name: envoy-gateway/tls-secret-1 privateKey: '[redacted]' serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tls-hostname port: 10090 routes: diff --git a/internal/gatewayapi/testdata/tcproute-with-backend.out.yaml b/internal/gatewayapi/testdata/tcproute-with-backend.out.yaml index 29a124844e5..5bf2c388a30 100644 --- a/internal/gatewayapi/testdata/tcproute-with-backend.out.yaml +++ b/internal/gatewayapi/testdata/tcproute-with-backend.out.yaml @@ -112,7 +112,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tcp port: 10090 routes: diff --git a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml index a3dc7519ecd..12021806303 100644 --- a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml @@ -94,7 +94,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tls port: 10090 routes: diff --git a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml index 5a065e6d6bb..802c84636ad 100644 --- a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml @@ -128,7 +128,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tls port: 10091 routes: diff --git a/internal/gatewayapi/testdata/tlsroute-with-backend.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-backend.out.yaml index 97bce6d0acf..48e11662a57 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-backend.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-backend.out.yaml @@ -114,7 +114,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tls port: 10090 routes: diff --git a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml index 1f8515c6532..072357e7937 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml @@ -95,7 +95,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tls port: 10090 routes: diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml index 09664c0e41c..dbb35bfecef 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml @@ -93,7 +93,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tls port: 10091 routes: diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml index d40d0927396..f696db74016 100644 --- a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml +++ b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml @@ -95,7 +95,7 @@ xdsIR: text: - path: /dev/stdout tcp: - - address: 0.0.0.0 + - address: '::' name: envoy-gateway/gateway-1/tls port: 10091 routes: diff --git a/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml b/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml index 9c0610b4051..4ed723d6985 100644 --- a/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml +++ b/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml @@ -230,7 +230,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false @@ -265,7 +265,7 @@ xdsIR: distinct: false name: "" prefix: / - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -279,7 +279,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8888 - - address: 0.0.0.0 + - address: '::' hostnames: - example.com isHTTP2: false diff --git a/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml b/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml index 4bd1415e464..d51b333e647 100644 --- a/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml +++ b/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml @@ -255,7 +255,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*.envoyproxy.io' isHTTP2: false @@ -311,7 +311,7 @@ xdsIR: text: - path: /dev/stdout http: - - address: 0.0.0.0 + - address: '::' hostnames: - '*' isHTTP2: false @@ -325,7 +325,7 @@ xdsIR: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true port: 8888 - - address: 0.0.0.0 + - address: '::' hostnames: - example.com isHTTP2: false diff --git a/internal/utils/net/ip.go b/internal/utils/net/ip.go new file mode 100644 index 00000000000..4c496936801 --- /dev/null +++ b/internal/utils/net/ip.go @@ -0,0 +1,10 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package net + +const ( + IPv6ListenerAddress = "::" +) diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go index 9a68c5f3c1f..098cc896145 100644 --- a/internal/xds/translator/listener.go +++ b/internal/xds/translator/listener.go @@ -146,42 +146,11 @@ func originalIPDetectionExtensions(clientIPDetection *ir.ClientIPDetectionSettin return extensionConfig } -func setAddressByIPFamily(socketAddress *corev3.SocketAddress, ipFamily *ir.IPFamily, port uint32) []*listenerv3.AdditionalAddress { - if ipFamily == nil { - return nil - } - switch *ipFamily { - case ir.IPv4: - socketAddress.Address = "0.0.0.0" - case ir.IPv6: - socketAddress.Address = "::" - case ir.Dualstack: - socketAddress.Address = "0.0.0.0" - return []*listenerv3.AdditionalAddress{ - { - Address: &corev3.Address{ - Address: &corev3.Address_SocketAddress{ - SocketAddress: &corev3.SocketAddress{ - Protocol: socketAddress.Protocol, - Address: "::", - PortSpecifier: &corev3.SocketAddress_PortValue{ - PortValue: port, - }, - }, - }, - }, - }, - } - } - return nil -} - // buildXdsTCPListener creates a xds Listener resource // TODO: Improve function parameters func buildXdsTCPListener( name, address string, port uint32, - ipFamily *ir.IPFamily, keepalive *ir.TCPKeepalive, connection *ir.ClientConnection, accesslog *ir.AccessLog, @@ -205,13 +174,12 @@ func buildXdsTCPListener( PortSpecifier: &corev3.SocketAddress_PortValue{ PortValue: port, }, + Ipv4Compat: true, }, }, }, } - socketAddress := listener.Address.GetSocketAddress() - listener.AdditionalAddresses = setAddressByIPFamily(socketAddress, ipFamily, port) return listener, nil } @@ -239,6 +207,7 @@ func buildXdsQuicListener(name, address string, port uint32, accesslog *ir.Acces PortSpecifier: &corev3.SocketAddress_PortValue{ PortValue: port, }, + Ipv4Compat: true, }, }, }, @@ -880,6 +849,7 @@ func buildXdsUDPListener(clusterName string, udpListener *ir.UDPListener, access PortSpecifier: &corev3.SocketAddress_PortValue{ PortValue: udpListener.Port, }, + Ipv4Compat: true, }, }, }, diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-cel.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-cel.yaml index 405c2372d91..8a0497c3fb8 100644 --- a/internal/xds/translator/testdata/in/xds-ir/accesslog-cel.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-cel.yaml @@ -35,7 +35,7 @@ accesslog: protocol: "GRPC" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-endpoint-stats.yaml index 2355c6504cf..623c3b6d594 100644 --- a/internal/xds/translator/testdata/in/xds-ir/accesslog-endpoint-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-endpoint-stats.yaml @@ -31,7 +31,7 @@ accesslog: protocol: "GRPC" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-formatters.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-formatters.yaml index e4e088d349b..4ba42ea82bb 100644 --- a/internal/xds/translator/testdata/in/xds-ir/accesslog-formatters.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-formatters.yaml @@ -39,7 +39,7 @@ accesslog: protocol: "GRPC" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-invalid.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-invalid.yaml index 10768da4354..8c8161e2e33 100644 --- a/internal/xds/translator/testdata/in/xds-ir/accesslog-invalid.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-invalid.yaml @@ -27,7 +27,7 @@ accesslog: port: 4317 http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-multi-cel.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-multi-cel.yaml index 95b4971cd39..d84151866f2 100644 --- a/internal/xds/translator/testdata/in/xds-ir/accesslog-multi-cel.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-multi-cel.yaml @@ -39,7 +39,7 @@ accesslog: protocol: "GRPC" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-without-format.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-without-format.yaml index 434f2fb524c..1492b397569 100644 --- a/internal/xds/translator/testdata/in/xds-ir/accesslog-without-format.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-without-format.yaml @@ -44,7 +44,7 @@ accesslog: protocol: "GRPC" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog.yaml index 3f84816fdcf..38d5e8a74be 100644 --- a/internal/xds/translator/testdata/in/xds-ir/accesslog.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/accesslog.yaml @@ -53,7 +53,7 @@ accesslog: protocol: "GRPC" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/backend-buffer-limit.yaml b/internal/xds/translator/testdata/in/xds-ir/backend-buffer-limit.yaml index 493180389ad..4cb9541775b 100644 --- a/internal/xds/translator/testdata/in/xds-ir/backend-buffer-limit.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/backend-buffer-limit.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" @@ -21,7 +21,7 @@ http: bufferLimit: 100000000 tcp: - name: "second-listener" - address: "0.0.0.0" + address: "::" connection: bufferLimit: 1500 port: 10081 @@ -37,7 +37,7 @@ tcp: bufferLimit: 100000000 udp: - name: "udp-route" - address: "0.0.0.0" + address: "::" port: 10080 route: name: "udp-route" diff --git a/internal/xds/translator/testdata/in/xds-ir/circuit-breaker.yaml b/internal/xds/translator/testdata/in/xds-ir/circuit-breaker.yaml index f4dd3bbaa99..1eb6f7b7010 100644 --- a/internal/xds/translator/testdata/in/xds-ir/circuit-breaker.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/circuit-breaker.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/client-buffer-limit.yaml b/internal/xds/translator/testdata/in/xds-ir/client-buffer-limit.yaml index c7af759ecf9..6604d37dc47 100644 --- a/internal/xds/translator/testdata/in/xds-ir/client-buffer-limit.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/client-buffer-limit.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" @@ -20,7 +20,7 @@ http: bufferLimit: 1500 tcp: - name: "second-listener" - address: "0.0.0.0" + address: "::" connection: bufferLimit: 1500 port: 10081 diff --git a/internal/xds/translator/testdata/in/xds-ir/client-ip-detection.yaml b/internal/xds/translator/testdata/in/xds-ir/client-ip-detection.yaml index de3236a8622..1894902a0ba 100644 --- a/internal/xds/translator/testdata/in/xds-ir/client-ip-detection.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/client-ip-detection.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 8081 hostnames: - "*" @@ -17,7 +17,7 @@ http: xForwardedFor: numTrustedHops: 2 - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 8082 hostnames: - "*" @@ -35,7 +35,7 @@ http: name: "x-my-custom-header" failClosed: false - name: "third-listener" - address: "0.0.0.0" + address: "::" port: 8083 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/client-timeout.yaml b/internal/xds/translator/testdata/in/xds-ir/client-timeout.yaml index 741f2d46451..6ce11179029 100644 --- a/internal/xds/translator/testdata/in/xds-ir/client-timeout.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/client-timeout.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" @@ -22,7 +22,7 @@ http: idleTimeout: "10s" tcp: - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10081 routes: - name: "second-route" diff --git a/internal/xds/translator/testdata/in/xds-ir/cors.yaml b/internal/xds/translator/testdata/in/xds-ir/cors.yaml index 0e046110a00..2d7fedf0513 100644 --- a/internal/xds/translator/testdata/in/xds-ir/cors.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/cors.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/fault-injection.yaml b/internal/xds/translator/testdata/in/xds-ir/fault-injection.yaml index 39b351eb6ec..163e3507cae 100644 --- a/internal/xds/translator/testdata/in/xds-ir/fault-injection.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/fault-injection.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 path: mergeSlashes: true diff --git a/internal/xds/translator/testdata/in/xds-ir/headers-with-preserve-x-request-id.yaml b/internal/xds/translator/testdata/in/xds-ir/headers-with-preserve-x-request-id.yaml index 1376be42e14..d2599bc005c 100644 --- a/internal/xds/translator/testdata/in/xds-ir/headers-with-preserve-x-request-id.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/headers-with-preserve-x-request-id.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 8081 hostnames: - "*" @@ -16,7 +16,7 @@ http: headers: preserveXRequestID: true - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 8082 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/headers-with-underscores-action.yaml b/internal/xds/translator/testdata/in/xds-ir/headers-with-underscores-action.yaml index 53b7076925c..0787ec0780a 100644 --- a/internal/xds/translator/testdata/in/xds-ir/headers-with-underscores-action.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/headers-with-underscores-action.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 8081 hostnames: - "*" @@ -14,7 +14,7 @@ http: - host: "1.1.1.1" port: 8081 - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 8082 hostnames: - "*" @@ -30,7 +30,7 @@ http: headers: withUnderscoresAction: Allow - name: "third-listener" - address: "0.0.0.0" + address: "::" port: 8083 hostnames: - "*" @@ -46,7 +46,7 @@ http: headers: withUnderscoresAction: RejectRequest - name: "fourth-listener" - address: "0.0.0.0" + address: "::" port: 8084 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/health-check.yaml b/internal/xds/translator/testdata/in/xds-ir/health-check.yaml index 12f62f86414..b78270a421a 100644 --- a/internal/xds/translator/testdata/in/xds-ir/health-check.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/health-check.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" path: mergeSlashes: true escapedSlashesAction: UnescapeAndRedirect diff --git a/internal/xds/translator/testdata/in/xds-ir/http-early-header-mutation.yaml b/internal/xds/translator/testdata/in/xds-ir/http-early-header-mutation.yaml index 6301153cd1c..84b0e2f5673 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-early-header-mutation.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-early-header-mutation.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" @@ -19,7 +19,7 @@ http: - host: "1.2.3.4" port: 50000 - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10081 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/http-endpoint-stats.yaml index 12fc177bde8..076e1427e39 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-endpoint-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-endpoint-stats.yaml @@ -3,7 +3,7 @@ metrics: enablePerEndpointStats: true http: - name: "listener-enable-endpoint-stats" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-health-check.yaml b/internal/xds/translator/testdata/in/xds-ir/http-health-check.yaml index a4bdd70a384..2a22775b7c0 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-health-check.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-health-check.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-req-resp-sizes-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/http-req-resp-sizes-stats.yaml index 5c174e363ef..3831d1a6bd4 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-req-resp-sizes-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-req-resp-sizes-stats.yaml @@ -3,7 +3,7 @@ metrics: enableRequestResponseSizesStats: true http: - name: "listener-enable-req-resp-sizes-stats" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-direct-response.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-direct-response.yaml index 9db15c7fb9d..c51cf53a389 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-direct-response.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-direct-response.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml index 1cb0be3ec26..12986c3ed86 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-mirror.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-mirror.yaml index b00449b384f..5d000b85bdf 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-mirror.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-mirror.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-multiple-mirrors.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-multiple-mirrors.yaml index 3d13de381be..02724f765d7 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-multiple-mirrors.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-multiple-mirrors.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-partial-invalid.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-partial-invalid.yaml index d72ec1d2c68..ad06367ef75 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-partial-invalid.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-partial-invalid.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-redirect.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-redirect.yaml index 1c541a9caac..dd2a5aaeb1c 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-redirect.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-redirect.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-regex.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-regex.yaml index d9558ad99a2..cfa271c3e98 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-regex.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-regex.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml index fb45b8db724..7bd5a5013cf 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml index 3cfaf5e4945..c27f02da065 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml index c97d927dff6..d04cc086e90 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-response-remove-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-response-remove-headers.yaml index f7b30b3d7d6..8ecd2bb4c74 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-response-remove-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-response-remove-headers.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-root-path-url-prefix.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-root-path-url-prefix.yaml index f4307644514..97e92bd1f25 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-root-path-url-prefix.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-root-path-url-prefix.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml index 97d0b5457cd..3dce5f3d6a9 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-fullpath.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-fullpath.yaml index 4d08acb93ee..a3c9eef83cf 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-fullpath.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-fullpath.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-host.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-host.yaml index 525a22210b9..7e971a596c6 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-host.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-host.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-prefix.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-prefix.yaml index df4f2e9c2bf..de751b8680b 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-prefix.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-prefix.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-regex.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-regex.yaml index 0389201186e..531ac4a2941 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-regex.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-regex.yaml @@ -1,7 +1,7 @@ name: "http-route" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-session-persistence.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-session-persistence.yaml index 536c5ad50cb..d5cfffa0e4b 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-session-persistence.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-session-persistence.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-timeout.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-timeout.yaml index 746d4922542..b3ab173f745 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-timeout.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-timeout.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-uds-ip.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-uds-ip.yaml index 711913d4dfd..90bf39f5ad0 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-uds-ip.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-uds-ip.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml index 8745e9893bc..5789434790e 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" hostnames: - '*' path: diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend.yaml index 2540dec625a..3a3df9cd596 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-invalid-backend.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-invalid-backend.yaml index d883bac1fa1..c342dc30383 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-invalid-backend.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-invalid-backend.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route.yaml index 0c89d5a1840..dff106a6ff1 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http-route.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http-route.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http1-preserve-case.yaml b/internal/xds/translator/testdata/in/xds-ir/http1-preserve-case.yaml index f857ac8f854..1b6382fc71a 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http1-preserve-case.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http1-preserve-case.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" @@ -19,7 +19,7 @@ http: - host: "1.2.3.4" port: 50000 - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10081 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http1-trailers.yaml b/internal/xds/translator/testdata/in/xds-ir/http1-trailers.yaml index 51174744979..83fa599cfd0 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http1-trailers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http1-trailers.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http10.yaml b/internal/xds/translator/testdata/in/xds-ir/http10.yaml index 47f57a04422..fea6bafa0e5 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http10.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http10.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "foo.com" diff --git a/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml b/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml index 5d271080918..1f11535ee18 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/http2.yaml b/internal/xds/translator/testdata/in/xds-ir/http2.yaml index c95bc0442c0..ffa5e487a7a 100644 --- a/internal/xds/translator/testdata/in/xds-ir/http2.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/http2.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "foo.com" diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-empty-jsonpath.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-empty-jsonpath.yaml index 9c248772920..8d78880b81b 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-empty-jsonpath.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-empty-jsonpath.yaml @@ -28,7 +28,7 @@ envoyPatchPolicies: region: second-route-dest/backend/0 http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-without-value.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-without-value.yaml index b4659755214..2dea53dcc3c 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-without-value.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-without-value.yaml @@ -33,7 +33,7 @@ envoyPatchPolicies: path: "/virtual_hosts/0/rate_limits" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-invalid-patch.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-invalid-patch.yaml index 551bdd6dda6..70ae0f10710 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-invalid-patch.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-invalid-patch.yaml @@ -28,7 +28,7 @@ envoyPatchPolicies: transport_api_version: V3 http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-missing-resource.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-missing-resource.yaml index 3f50ddf7aaf..f10bf20addc 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-missing-resource.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-missing-resource.yaml @@ -28,7 +28,7 @@ envoyPatchPolicies: transport_api_version: V3 http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-move-op-with-value.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-move-op-with-value.yaml index d66eaa633db..dd586aec3ea 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-move-op-with-value.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-move-op-with-value.yaml @@ -36,7 +36,7 @@ envoyPatchPolicies: test: "abc" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath-invalid.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath-invalid.yaml index 5b677788a22..9b0d7b4937b 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath-invalid.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath-invalid.yaml @@ -17,7 +17,7 @@ envoyPatchPolicies: value: "50" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath.yaml index a02cad99d67..34ca0aff98c 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath.yaml @@ -121,7 +121,7 @@ envoyPatchPolicies: path: "/endpoints/0/load_balancing_weight" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch.yaml index 1aa76efdfab..04b88fca088 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch.yaml @@ -109,7 +109,7 @@ envoyPatchPolicies: path: "/endpoints/0/load_balancing_weight" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-custom-extractor.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-custom-extractor.yaml index 8d24373fd6a..1f0ff2189ec 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jwt-custom-extractor.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jwt-custom-extractor.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-multi-provider.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-multi-provider.yaml index 88f88f5aa35..3d52645831e 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-multi-provider.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-multi-provider.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-single-provider.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-single-provider.yaml index 324f54d9311..1e0a31975d4 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-single-provider.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-single-provider.yaml @@ -3,7 +3,7 @@ accesslog: - path: "/dev/stdout" http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-optional.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-optional.yaml index b43dd005257..7ab85e6928e 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jwt-optional.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jwt-optional.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-ratelimit.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-ratelimit.yaml index 008b5b9bde6..18957afe903 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jwt-ratelimit.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jwt-ratelimit.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-single-route-single-match.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-single-route-single-match.yaml index a5b72e0ff53..4df3cf34798 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jwt-single-route-single-match.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jwt-single-route-single-match.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml b/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml index b8022bc0357..b758db9918b 100644 --- a/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "foo.com" @@ -18,7 +18,7 @@ http: - host: "1.2.3.4" port: 50000 - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10081 hostnames: - "foo.net" @@ -39,7 +39,7 @@ http: port: 50000 tcp: - name: "third-listener" - address: "0.0.0.0" + address: "::" port: 10082 connection: limit: @@ -56,7 +56,7 @@ tcp: - host: "1.2.3.4" port: 50000 - name: "fourth-listener" - address: "0.0.0.0" + address: "::" connection: limit: value: 10 diff --git a/internal/xds/translator/testdata/in/xds-ir/listener-proxy-protocol.yaml b/internal/xds/translator/testdata/in/xds-ir/listener-proxy-protocol.yaml index 35f4e744093..f9f26a8103a 100644 --- a/internal/xds/translator/testdata/in/xds-ir/listener-proxy-protocol.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/listener-proxy-protocol.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "foo.com" @@ -32,7 +32,7 @@ http: port: 50000 tcp: - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10081 enableProxyProtocol: true routes: diff --git a/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml b/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml index 19d7d3335d5..e9da0aa245f 100644 --- a/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "foo.com" @@ -18,7 +18,7 @@ http: - host: "1.2.3.4" port: 50000 - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10081 hostnames: - "foo.net" @@ -40,7 +40,7 @@ http: port: 50000 tcp: - name: "third-listener" - address: "0.0.0.0" + address: "::" port: 10082 tcpKeepalive: {} routes: @@ -55,7 +55,7 @@ tcp: - host: "1.2.3.4" port: 50000 - name: "fourth-listener" - address: "0.0.0.0" + address: "::" tcpKeepalive: probes: 10 port: 10083 diff --git a/internal/xds/translator/testdata/in/xds-ir/load-balancer.yaml b/internal/xds/translator/testdata/in/xds-ir/load-balancer.yaml index d2b754bf16b..17a09c845b5 100644 --- a/internal/xds/translator/testdata/in/xds-ir/load-balancer.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/load-balancer.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/local-ratelimit.yaml b/internal/xds/translator/testdata/in/xds-ir/local-ratelimit.yaml index fb7baf05cd6..8299d0f0823 100644 --- a/internal/xds/translator/testdata/in/xds-ir/local-ratelimit.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/local-ratelimit.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/metrics-virtual-host.yaml b/internal/xds/translator/testdata/in/xds-ir/metrics-virtual-host.yaml index 39f1a23dc7f..e326e5667cf 100644 --- a/internal/xds/translator/testdata/in/xds-ir/metrics-virtual-host.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/metrics-virtual-host.yaml @@ -3,7 +3,7 @@ metrics: enableVirtualHostStats: true http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/mixed-tls-jwt-authn.yaml b/internal/xds/translator/testdata/in/xds-ir/mixed-tls-jwt-authn.yaml index e77e1262245..e1d7f0658fb 100644 --- a/internal/xds/translator/testdata/in/xds-ir/mixed-tls-jwt-authn.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/mixed-tls-jwt-authn.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/multiple-listeners-same-port.yaml b/internal/xds/translator/testdata/in/xds-ir/multiple-listeners-same-port.yaml index b694ac5aab0..3aca8e48b0b 100644 --- a/internal/xds/translator/testdata/in/xds-ir/multiple-listeners-same-port.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/multiple-listeners-same-port.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "foo.com" @@ -27,7 +27,7 @@ http: - host: "1.2.3.4" port: 50000 - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "foo.net" @@ -54,7 +54,7 @@ http: - host: "1.2.3.4" port: 50000 - name: "third-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "example.com" @@ -71,7 +71,7 @@ http: - host: "1.2.3.4" port: 50000 - name: "fourth-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "example.net" @@ -89,7 +89,7 @@ http: port: 50000 tcp: - name: "fifth-listener" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "fifth-route" @@ -104,7 +104,7 @@ tcp: - host: "1.2.3.4" port: 50000 - name: "sixth-listener" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "sixth-route" diff --git a/internal/xds/translator/testdata/in/xds-ir/multiple-simple-tcp-route-same-port.yaml b/internal/xds/translator/testdata/in/xds-ir/multiple-simple-tcp-route-same-port.yaml index 19ad6357e9a..ba1eff21400 100644 --- a/internal/xds/translator/testdata/in/xds-ir/multiple-simple-tcp-route-same-port.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/multiple-simple-tcp-route-same-port.yaml @@ -1,6 +1,6 @@ tcp: - name: "tcp-listener-simple" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "tcp-route-simple" @@ -13,7 +13,7 @@ tcp: - host: "5.6.7.8" port: 50001 - name: "tcp-listener-simple-1" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "tcp-route-simple-1" @@ -26,7 +26,7 @@ tcp: - host: "5.6.7.8" port: 50001 - name: "tcp-listener-simple-2" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "tcp-route-simple-2" @@ -39,7 +39,7 @@ tcp: - host: "5.6.7.8" port: 50001 - name: "tcp-listener-simple-3" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "tcp-route-simple-3" @@ -52,7 +52,7 @@ tcp: - host: "5.6.7.8" port: 50001 - name: "tcp-listener-simple-4" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "tcp-route-simple-4" diff --git a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.yaml b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.yaml index aac60cf7c41..b975466c27a 100644 --- a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10001 hostnames: - "*" @@ -36,7 +36,7 @@ http: - host: "10.0.0.1" port: 10001 - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10002 hostnames: - "*" @@ -73,7 +73,7 @@ http: - host: "10.0.0.1" port: 10002 - name: "third-listener" - address: "0.0.0.0" + address: "::" port: 10003 hostnames: - "*" @@ -111,7 +111,7 @@ http: - host: "10.0.0.1" port: 10003 - name: "fourth-listener" - address: "0.0.0.0" + address: "::" port: 10004 hostnames: - "*" @@ -151,7 +151,7 @@ http: - host: "10.0.0.1" port: 10004 - name: "fifth-listener" - address: "0.0.0.0" + address: "::" port: 10005 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate.yaml b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate.yaml index 72eaea1f58e..5f50492e526 100644 --- a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10001 hostnames: - "*" @@ -36,7 +36,7 @@ http: - host: "10.0.0.1" port: 10001 - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10002 hostnames: - "*" @@ -72,7 +72,7 @@ http: - host: "10.0.0.1" port: 10002 - name: "third-listener" - address: "0.0.0.0" + address: "::" port: 10003 hostnames: - "*" @@ -108,7 +108,7 @@ http: - host: "10.0.0.1" port: 10003 - name: "fourth-listener" - address: "0.0.0.0" + address: "::" port: 10004 hostnames: - "*" @@ -144,7 +144,7 @@ http: - host: "10.0.0.1" port: 10004 - name: "fifth-listener" - address: "0.0.0.0" + address: "::" port: 10005 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-required-client-certificate-disabled.yaml b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-required-client-certificate-disabled.yaml index 61f67998deb..cfe94ba32f3 100644 --- a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-required-client-certificate-disabled.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-required-client-certificate-disabled.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" @@ -35,7 +35,7 @@ http: port: 50000 tcp: - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10081 tls: certificates: diff --git a/internal/xds/translator/testdata/in/xds-ir/mutual-tls.yaml b/internal/xds/translator/testdata/in/xds-ir/mutual-tls.yaml index 01103c9e5ec..d4ba0f617e9 100644 --- a/internal/xds/translator/testdata/in/xds-ir/mutual-tls.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/mutual-tls.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" @@ -35,7 +35,7 @@ http: port: 50000 tcp: - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10081 tls: certificates: diff --git a/internal/xds/translator/testdata/in/xds-ir/oidc-backend-cluster-provider.yaml b/internal/xds/translator/testdata/in/xds-ir/oidc-backend-cluster-provider.yaml index 6fc9a045bca..993f775947a 100644 --- a/internal/xds/translator/testdata/in/xds-ir/oidc-backend-cluster-provider.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/oidc-backend-cluster-provider.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/oidc.yaml b/internal/xds/translator/testdata/in/xds-ir/oidc.yaml index 828da7c2fb1..c2e75b916d0 100644 --- a/internal/xds/translator/testdata/in/xds-ir/oidc.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/oidc.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/path-settings.yaml b/internal/xds/translator/testdata/in/xds-ir/path-settings.yaml index 1eddbaab253..e3752799fc6 100644 --- a/internal/xds/translator/testdata/in/xds-ir/path-settings.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/path-settings.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/proxy-protocol-upstream.yaml b/internal/xds/translator/testdata/in/xds-ir/proxy-protocol-upstream.yaml index 47df0026b9f..c1e4c9dd632 100644 --- a/internal/xds/translator/testdata/in/xds-ir/proxy-protocol-upstream.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/proxy-protocol-upstream.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml index 271d39cfdcb..663dda6eb06 100644 --- a/internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-disable-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-disable-headers.yaml index 7c48e227ecc..56028c4162c 100644 --- a/internal/xds/translator/testdata/in/xds-ir/ratelimit-disable-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit-disable-headers.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-endpoint-stats.yaml index 32f95117283..d7e2dea2ac1 100644 --- a/internal/xds/translator/testdata/in/xds-ir/ratelimit-endpoint-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit-endpoint-stats.yaml @@ -2,7 +2,7 @@ metrics: enablePerEndpointStats: true http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-headers-and-cidr.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-headers-and-cidr.yaml index fa9b6f31ae5..d6b6a9b3245 100644 --- a/internal/xds/translator/testdata/in/xds-ir/ratelimit-headers-and-cidr.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit-headers-and-cidr.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-sourceip.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-sourceip.yaml index 495fa9b7a1f..289104b1df3 100644 --- a/internal/xds/translator/testdata/in/xds-ir/ratelimit-sourceip.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit-sourceip.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit.yaml index 2279315caed..7af166fca4d 100644 --- a/internal/xds/translator/testdata/in/xds-ir/ratelimit.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/retry-partial-invalid.yaml b/internal/xds/translator/testdata/in/xds-ir/retry-partial-invalid.yaml index 7483356722d..cb883565f8c 100644 --- a/internal/xds/translator/testdata/in/xds-ir/retry-partial-invalid.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/retry-partial-invalid.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/simple-tls.yaml b/internal/xds/translator/testdata/in/xds-ir/simple-tls.yaml index 7309020334a..fd1408fdf2d 100644 --- a/internal/xds/translator/testdata/in/xds-ir/simple-tls.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/simple-tls.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/suppress-envoy-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/suppress-envoy-headers.yaml index f26d13b084e..d01294ed199 100644 --- a/internal/xds/translator/testdata/in/xds-ir/suppress-envoy-headers.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/suppress-envoy-headers.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "foo.com" diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml index 1bbe5a43371..28ee60724bf 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml @@ -3,7 +3,7 @@ metrics: enablePerEndpointStats: true tcp: - name: "tcp-route-enable-endpoint-stats" - address: "0.0.0.0" + address: "::" port: 10080 routes: - destination: diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml index 5c3cd2be7a0..1b915c58433 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml @@ -3,7 +3,7 @@ metrics: enableRequestResponseSizesStats: true tcp: - name: "tcp-route-enable-req-resp-sizes-stats" - address: "0.0.0.0" + address: "::" port: 10080 routes: - destination: diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-route-complex.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-route-complex.yaml index 901c0f66f40..48f58cd84dc 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tcp-route-complex.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tcp-route-complex.yaml @@ -1,6 +1,6 @@ tcp: - name: "tcp-listener-complex" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "tcp-route-complex" diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-route-invalid-endpoint.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-route-invalid-endpoint.yaml index 427472d6832..80511b12899 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tcp-route-invalid-endpoint.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tcp-route-invalid-endpoint.yaml @@ -1,6 +1,6 @@ tcp: - name: "tcp-listener-simple" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "tcp-route-simple" diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-route-simple.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-route-simple.yaml index 58f1ec03892..ae3ab3fc127 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tcp-route-simple.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tcp-route-simple.yaml @@ -1,6 +1,6 @@ tcp: - name: "tcp-listener-simple" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "tcp-route-simple" diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-route-tls-terminate.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-route-tls-terminate.yaml index 2acfdc391ea..86d0101d657 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tcp-route-tls-terminate.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tcp-route-tls-terminate.yaml @@ -1,6 +1,6 @@ tcp: - name: "tls-listener-terminate" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "tls-route-terminate" @@ -20,7 +20,7 @@ tcp: - host: "5.6.7.8" port: 50001 - name: "tls-terminate-hostname" - address: "0.0.0.0" + address: "::" port: 10080 tls: inspector: diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-route-weighted-backend.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-route-weighted-backend.yaml index 73081048864..2e5e133bc25 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tcp-route-weighted-backend.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tcp-route-weighted-backend.yaml @@ -1,6 +1,6 @@ tcp: - name: "tcp-listener-weighted-backend" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "tcp-route-weighted-backend" diff --git a/internal/xds/translator/testdata/in/xds-ir/timeout.yaml b/internal/xds/translator/testdata/in/xds-ir/timeout.yaml index 8abc0af3cdd..f33270a0dd5 100644 --- a/internal/xds/translator/testdata/in/xds-ir/timeout.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/timeout.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/tls-route-passthrough.yaml b/internal/xds/translator/testdata/in/xds-ir/tls-route-passthrough.yaml index 285927c9017..54da9ebef28 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tls-route-passthrough.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tls-route-passthrough.yaml @@ -1,6 +1,6 @@ tcp: - name: "tls-passthrough-foo" - address: "0.0.0.0" + address: "::" port: 10080 routes: - name: "tls-route-passthrough-foo" @@ -17,7 +17,7 @@ tcp: - host: "5.6.7.8" port: 50001 - name: "tls-passthrough-bar" - address: "0.0.0.0" + address: "::" port: 10081 routes: - name: "tls-route-passthrough-bar" diff --git a/internal/xds/translator/testdata/in/xds-ir/tls-with-ciphers-versions-alpn.yaml b/internal/xds/translator/testdata/in/xds-ir/tls-with-ciphers-versions-alpn.yaml index afcf3322715..6e70e3afba0 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tls-with-ciphers-versions-alpn.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tls-with-ciphers-versions-alpn.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" path: escapedSlashesAction: UnescapeAndRedirect mergeSlashes: true @@ -51,7 +51,7 @@ http: port: 50000 tcp: - name: "second-listener" - address: "0.0.0.0" + address: "::" port: 10081 tls: ciphers: diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-datadog.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-datadog.yaml index 1ed5b3aef3c..55c83e0bd0d 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tracing-datadog.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tracing-datadog.yaml @@ -28,7 +28,7 @@ tracing: type: Datadog http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml index 1d8c4b7a338..c5ddea6b9ab 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml @@ -33,7 +33,7 @@ tracing: type: OpenTelemetry http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-invalid.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-invalid.yaml index d8b23c5d21e..3a9a50904f6 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tracing-invalid.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tracing-invalid.yaml @@ -22,7 +22,7 @@ tracing: port: 4317 http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-unknown-provider-type.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-unknown-provider-type.yaml index 02623bc0c7a..dad1fdba41b 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tracing-unknown-provider-type.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tracing-unknown-provider-type.yaml @@ -30,7 +30,7 @@ tracing: type: AwesomeTelemetry http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-zipkin.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-zipkin.yaml index dded17dd193..52f559c907b 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tracing-zipkin.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tracing-zipkin.yaml @@ -34,7 +34,7 @@ tracing: disableSharedSpanContext: true http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing.yaml index b5cccf6dbab..7762d44b525 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tracing.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tracing.yaml @@ -52,7 +52,7 @@ tracing: type: OpenTelemetry http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/in/xds-ir/udp-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/udp-endpoint-stats.yaml index fc597f28928..9e27ffc95aa 100644 --- a/internal/xds/translator/testdata/in/xds-ir/udp-endpoint-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/udp-endpoint-stats.yaml @@ -3,7 +3,7 @@ metrics: enablePerEndpointStats: true udp: - name: "udp-route-enable-endpoint-stats" - address: "0.0.0.0" + address: "::" port: 10080 route: name: "udp-route" diff --git a/internal/xds/translator/testdata/in/xds-ir/udp-req-resp-sizes-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/udp-req-resp-sizes-stats.yaml index 1e7e0d9fb53..39f7cf99cf2 100644 --- a/internal/xds/translator/testdata/in/xds-ir/udp-req-resp-sizes-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/udp-req-resp-sizes-stats.yaml @@ -3,7 +3,7 @@ metrics: enableRequestResponseSizesStats: true udp: - name: "udp-route-enable-req-resp-sizes-stats" - address: "0.0.0.0" + address: "::" port: 10080 route: name: "udp-route" diff --git a/internal/xds/translator/testdata/in/xds-ir/udp-route.yaml b/internal/xds/translator/testdata/in/xds-ir/udp-route.yaml index a933bdd78a4..8f59089835b 100644 --- a/internal/xds/translator/testdata/in/xds-ir/udp-route.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/udp-route.yaml @@ -1,6 +1,6 @@ udp: - name: "udp-route" - address: "0.0.0.0" + address: "::" port: 10080 route: name: "udp-route" diff --git a/internal/xds/translator/testdata/in/xds-ir/upstream-tcpkeepalive.yaml b/internal/xds/translator/testdata/in/xds-ir/upstream-tcpkeepalive.yaml index b00f5e55a3b..c66533226d8 100644 --- a/internal/xds/translator/testdata/in/xds-ir/upstream-tcpkeepalive.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/upstream-tcpkeepalive.yaml @@ -1,6 +1,6 @@ http: - name: "first-listener" - address: "0.0.0.0" + address: "::" port: 10080 hostnames: - "*" diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml index 6fbaf5053ec..026cd70e650 100644 --- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml +++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -43,6 +44,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10162 protocol: UDP listenerFilters: diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml index e6777ebece3..507aaab00f5 100644 --- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml +++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml index c3fb113017a..9c25f196445 100644 --- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml +++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml index 7837e1509fc..5b2e1a6719a 100644 --- a/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml +++ b/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10081 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml index d9795d2be43..1bb613cbfcd 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml @@ -82,7 +82,8 @@ stringValue: cluster1 address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml index 6a7ebeda5c3..78d5f7abe9f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml @@ -61,7 +61,8 @@ stringValue: cluster1 address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml index cb6e3ef7759..2532b596f44 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml @@ -105,7 +105,8 @@ stringValue: cluster1 address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml index 3677e6bec6b..713a4137c31 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml @@ -97,7 +97,8 @@ stringValue: cluster1 address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml index dbb30726378..8bdbfafa21e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml @@ -142,6 +142,7 @@ address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml index 9df135e671c..27da99342c3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml @@ -80,7 +80,8 @@ stringValue: cluster1 address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml index 0ef9cdc5fab..c43406cbaea 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml @@ -80,7 +80,8 @@ stringValue: cluster1 address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.listeners.yaml index 907d28f78b7..1a6a6c94ebf 100644 --- a/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml index f34bcbe362f..c3144002dc5 100644 --- a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml index f34bcbe362f..c3144002dc5 100644 --- a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.listeners.yaml index 907d28f78b7..1a6a6c94ebf 100644 --- a/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml index 1fadbe977d8..39d16f0162e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -34,7 +35,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 filterChains: - filters: @@ -48,7 +50,8 @@ perConnectionBufferLimitBytes: 1500 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 protocol: UDP listenerFilters: diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml index 55e2fde715b..fec7e1ade2f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml index a7accc0ef6c..3f5b5976eb0 100644 --- a/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml index 96f06388ed3..91c886e41b1 100644 --- a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -34,7 +35,8 @@ perConnectionBufferLimitBytes: 1500 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml index 885e958a3e6..76e8d8b7cf5 100644 --- a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8081 defaultFilterChain: filters: @@ -33,7 +34,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8082 defaultFilterChain: filters: @@ -71,7 +73,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8083 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml index 03fe43687b2..0becefcb07b 100644 --- a/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -36,7 +37,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml index 03c1932b68e..d4b97c1941b 100644 --- a/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml index 0a50c1bb280..7a61b6197b2 100644 --- a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml index 19c56586960..29be8f0b25c 100644 --- a/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.listeners.yaml index 0ccea8c2bcb..4f7cd0b8af7 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.listeners.yaml index e2054562760..71ebe76cb1e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml index 84b95081c80..167e96f53e0 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml index 55e2fde715b..fec7e1ade2f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml index acf4c0a40f6..1f010cbb726 100755 --- a/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml index 5053c959bfc..6c1a233f5b2 100644 --- a/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml index 5041136d090..f9ce7d84e7c 100644 --- a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8081 defaultFilterChain: filters: @@ -33,7 +34,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8082 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml index f9b4ee27bf6..f89d388819d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8081 defaultFilterChain: filters: @@ -32,7 +33,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8082 defaultFilterChain: filters: @@ -63,7 +65,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8083 defaultFilterChain: filters: @@ -95,7 +98,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 8084 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.listeners.yaml index 4a3daf7b5eb..93320e1347b 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -40,7 +41,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml index cc61653cdf6..6c2ec38ab4f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml index 13b18487b29..858a6a99df5 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml index 09426a31773..cc24216073a 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.listeners.yaml index 2d688753f05..cefa3f8fcfd 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml index c3fb113017a..9c25f196445 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.listeners.yaml index 3c8062f0a29..a857be906cd 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml index 657d2b42a82..725b879b355 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml index c3fb113017a..9c25f196445 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml index 657d2b42a82..725b879b355 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml index 5a43997887d..09c1f7373da 100755 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -35,6 +36,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10081 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml index 657d2b42a82..725b879b355 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml index 87cd9f2a9d7..7d466743074 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -40,7 +41,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml index 7efdb2940f8..952475f29ec 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml index 7935c97f7f4..39cef2f193b 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml index fc499431884..ba98a10f789 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml index 25230ccd9b5..d150efd0384 100755 --- a/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml index 49a651da85e..98b2a58f8ef 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10443 protocol: UDP drainType: MODIFY_ONLY @@ -56,6 +57,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10443 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.listeners.yaml index fb7bceafa22..1825eb14ab6 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml index fb7bceafa22..1825eb14ab6 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml index 9172af8519b..25c76bcef2f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml index bbfa00a53ea..0ac893c74ea 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml index a48a09b2dd7..82dbfaae02c 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml @@ -13,7 +13,8 @@ path: /dev/stdout address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml index 51d778b9cea..393caa96eb5 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml index ead8b20d402..15f08c52173 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml index c839763d975..1eb896e1a7d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml index 565878b1597..7286927497c 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -34,7 +35,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 defaultFilterChain: filters: @@ -73,7 +75,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10082 filterChains: - filterChainMatch: @@ -98,7 +101,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10083 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml index 210069d7019..016786b37f5 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filterChainMatch: @@ -63,7 +64,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml index 06e77d90262..8b7b4013e4f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: @@ -39,7 +40,8 @@ name: "9" - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 defaultFilterChain: filters: @@ -90,7 +92,8 @@ name: "5" - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10082 filterChains: - filterChainMatch: @@ -115,7 +118,8 @@ name: "9" - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10083 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.listeners.yaml index 6539e7588ec..93a9663d159 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10443 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml index 1f27366aa32..d23d6e5323a 100644 --- a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml index 1426aeaa71f..565ad98228f 100644 --- a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml index 39bfe9f587b..44ffd11e130 100755 --- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 protocol: UDP defaultFilterChain: @@ -66,6 +67,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml index 86002534182..bfed5797031 100644 --- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml index 2df07dabd56..cf89025ba17 100644 --- a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml index 7d177b2e092..8cc49659b0a 100644 --- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10001 filterChains: - filters: @@ -59,7 +60,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10002 filterChains: - filters: @@ -119,7 +121,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10003 filterChains: - filters: @@ -181,7 +184,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10004 filterChains: - filters: @@ -245,7 +249,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10005 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml index 33262561948..5404e9c4612 100644 --- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10001 filterChains: - filters: @@ -59,7 +60,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10002 filterChains: - filters: @@ -119,7 +121,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10003 filterChains: - filters: @@ -179,7 +182,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10004 filterChains: - filters: @@ -239,7 +243,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10005 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml index bae66f2ff21..ff623ed0918 100644 --- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filters: @@ -59,7 +60,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml index cdb0e351dec..5322382f349 100644 --- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filters: @@ -59,7 +60,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.listeners.yaml index 3addb294484..995d70e1811 100644 --- a/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml index 37178ddfe5f..f02d5214210 100644 --- a/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml index c8eda3875ed..11e2a389c0d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml index a80f448f017..2f68d5d848d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml index 973d90913b4..821bf6ee840 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml index a80f448f017..2f68d5d848d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.listeners.yaml index a80f448f017..2f68d5d848d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml index a80f448f017..2f68d5d848d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml index a80f448f017..2f68d5d848d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml index ada9749df63..d8e6bbf9091 100644 --- a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml index 3d65ed1a895..9f852cd8701 100644 --- a/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml index 4c624b8788f..2488a8f083c 100644 --- a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filterChainMatch: diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml index 001e0b017d3..12011f9ae49 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml index 0615ffcff8a..33d35dcfdbc 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml @@ -1,11 +1,7 @@ -- additionalAddresses: - - address: - socketAddress: - address: '::' - portValue: 8082 - address: +- address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 8082 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml index ec70a00f0ed..c70b6728097 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml index 336e84c9eab..5023b077b09 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filterChainMatch: diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml index 4dc8055463a..72f40213b1b 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml index b3f30d194ed..4423eb58f5b 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml index 7c84083a0ba..4ec20d0cc11 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filterChainMatch: diff --git a/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml index d5d32d6ee55..dab6fe543f3 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filterChainMatch: @@ -21,7 +22,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 filterChains: - filterChainMatch: diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml index 7eee7e167c0..64028f1420d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 filterChains: - filterChainMatch: @@ -79,7 +80,8 @@ perConnectionBufferLimitBytes: 32768 - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10081 filterChains: - filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.listeners.yaml index 07a3d581575..7f41a9bed98 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml index a98dfd0d9d4..e19a79d30dc 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml index 6efe38a6b12..e5532223241 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml index 599eb3b58af..5832f199bc9 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.listeners.yaml index 8d9eaea1141..09c7681d79e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 protocol: UDP listenerFilters: diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.listeners.yaml index 6bf13465916..cc92fbd6ed6 100644 --- a/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 protocol: UDP listenerFilters: diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-route.listeners.yaml index 317a7ddc4dd..71f29a0035a 100644 --- a/internal/xds/translator/testdata/out/xds-ir/udp-route.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/udp-route.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 protocol: UDP listenerFilters: diff --git a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml index c3fb113017a..a9b9065d238 100644 --- a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: - address: 0.0.0.0 + address: '::' + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml index e3a679d1ae0..bbb4b7109a8 100755 --- a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml @@ -1,6 +1,7 @@ - address: socketAddress: address: 0.0.0.0 + ipv4Compat: true portValue: 10080 defaultFilterChain: filters: diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go index 29bc7d2f5ff..a76382dd569 100644 --- a/internal/xds/translator/translator.go +++ b/internal/xds/translator/translator.go @@ -229,7 +229,7 @@ func (t *Translator) processHTTPListenerXdsTranslation( // Create a new TCP listener for HTTP1/HTTP2 traffic. if tcpXDSListener, err = buildXdsTCPListener( - httpListener.Name, httpListener.Address, httpListener.Port, httpListener.IPFamily, + httpListener.Name, httpListener.Address, httpListener.Port, httpListener.TCPKeepalive, httpListener.Connection, accessLog); err != nil { errs = errors.Join(errs, err) continue @@ -575,7 +575,7 @@ func (t *Translator) processTCPListenerXdsTranslation( xdsListener := findXdsListenerByHostPort(tCtx, tcpListener.Address, tcpListener.Port, corev3.SocketAddress_TCP) if xdsListener == nil { if xdsListener, err = buildXdsTCPListener( - tcpListener.Name, tcpListener.Address, tcpListener.Port, tcpListener.IPFamily, + tcpListener.Name, tcpListener.Address, tcpListener.Port, tcpListener.TCPKeepalive, tcpListener.Connection, accesslog); err != nil { // skip this listener if failed to build xds listener errs = errors.Join(errs, err) diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 9288e5266fc..c0f8dfc0e5b 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -5,6 +5,7 @@ breaking changes: | The Container `ports` field of the gateway instance has been removed, which will cause the gateway Pod to be rebuilt when upgrading the version. ClientTrafficPolicy previously treated an empty TLS ALPNProtocols list as being undefined and applied Envoy Gateway defaults. An empty TLS ALPNProtocols list is now treated as user-defined disablement of the TLS ALPN extension. + Always use `::` and `IPv4Compact` enabled on dynamic listeners. # Updates addressing vulnerabilities, security flaws, or compliance requirements. security updates: | diff --git a/test/e2e/tests/envoy_shutdown.go b/test/e2e/tests/envoy_shutdown.go index 7a249e01950..14a223ddef5 100644 --- a/test/e2e/tests/envoy_shutdown.go +++ b/test/e2e/tests/envoy_shutdown.go @@ -51,6 +51,9 @@ var EnvoyShutdownTest = suite.ConformanceTest{ t.Errorf("Failed to get proxy deployment") } + // Wait for the grpc ext auth service pod to be ready + WaitForPods(t, suite.Client, "envoy-gateway-system", map[string]string{"gateway.envoyproxy.io/owning-gateway-name": name}, corev1.PodRunning, PodReady) + // wait for route to be programmed on envoy expectedResponse := http.ExpectedResponse{ Request: http.Request{ @@ -79,7 +82,7 @@ var EnvoyShutdownTest = suite.ConformanceTest{ aborter.Abort(false) // abort the load either way if err != nil { - t.Errorf("Failed to rollout proxy deployment") + t.Errorf("Failed to rollout proxy deployment: %v", err) } // Wait for the goroutine to finish diff --git a/test/e2e/upgrade/eg_upgrade_test.go b/test/e2e/upgrade/eg_upgrade_test.go index 6c3b9521e5f..9af99c81c90 100644 --- a/test/e2e/upgrade/eg_upgrade_test.go +++ b/test/e2e/upgrade/eg_upgrade_test.go @@ -10,9 +10,12 @@ package upgrade import ( "flag" "io/fs" + "os" "testing" "k8s.io/apimachinery/pkg/util/sets" + "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/log/zap" "sigs.k8s.io/gateway-api/conformance/utils/flags" "sigs.k8s.io/gateway-api/conformance/utils/suite" "sigs.k8s.io/gateway-api/conformance/utils/tlog" @@ -25,6 +28,7 @@ import ( func TestEGUpgrade(t *testing.T) { flag.Parse() + log.SetLogger(zap.New(zap.WriteTo(os.Stderr), zap.UseDevMode(true))) c, cfg := kubetest.NewClient(t) From f8c7056378043cc422552d5728a1bfb76a6711b1 Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Thu, 21 Nov 2024 16:43:03 -0800 Subject: [PATCH 46/47] dont run docs workflows on release branches (#4755) Docs are based off `main` Signed-off-by: Arko Dasgupta --- .github/workflows/docs.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 22437cb9cd8..b147f5e5cf0 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -3,14 +3,12 @@ on: push: branches: - "main" - - "release/v*" paths: - 'site/**' - 'tools/make/docs.mk' pull_request: branches: - "main" - - "release/v*" paths: - 'site/**' - 'tools/make/docs.mk' From 71c0b5408f7f80ef8b9d1e0bcf511891839edecd Mon Sep 17 00:00:00 2001 From: zirain Date: Fri, 22 Nov 2024 11:05:12 +0800 Subject: [PATCH 47/47] chore: fix unchanged files with check annotations (#4763) chore: fix github warning Signed-off-by: zirain --- examples/standalone/quickstart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/standalone/quickstart.yaml b/examples/standalone/quickstart.yaml index e7a5cda07e5..4ccf2ce8efd 100644 --- a/examples/standalone/quickstart.yaml +++ b/examples/standalone/quickstart.yaml @@ -42,5 +42,5 @@ metadata: spec: endpoints: - ip: - address: 0.0.0.0 # this address is for demo purpose only, do not use it in production! + address: 0.0.0.0 # this address is for demo purpose only, do not use it in production! port: 3000