-
Notifications
You must be signed in to change notification settings - Fork 356
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[release/v1.1] v1.1.4 cherry pick (#4789)
* fix: BackendTlsPolicy specify multiple targetRefs of the same service, only one will work (#4630) * add tests Signed-off-by: Huabing Zhao <[email protected]> * fix matching comparison Signed-off-by: Huabing Zhao <[email protected]> * add release note Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> (cherry picked from commit 44c2f74) Signed-off-by: Guy Daich <[email protected]> * fix: tcp listener is rejected when no route attached (#4681) * fix: tcp listener is rejected when no route attached Signed-off-by: Huabing Zhao <[email protected]> * change cluter name Signed-off-by: Huabing Zhao <[email protected]> * fix listener connection limit test Signed-off-by: Huabing Zhao <[email protected]> * fix listener connetcp keepalive test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp endpoint stats test Signed-off-by: Huabing Zhao <[email protected]> * fix tcp-route-enable-req-resp-sizes-stats Signed-off-by: Huabing Zhao <[email protected]> * fix extensionpolicy-tcp-udp-http test Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> (cherry picked from commit f99c36c) Signed-off-by: Guy Daich <[email protected]> * Fix: frequent 503 errors when connecting to a Service experiencing high Pod churn (#4754) * Revert "fix: some status updates are discarded by the status updater (#4337)" This reverts commit 14830c7. Signed-off-by: Huabing Zhao <[email protected]> * store update events and process it later Signed-off-by: Huabing Zhao <[email protected]> * rename method Signed-off-by: Huabing Zhao <[email protected]> * add release note Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> (cherry picked from commit 8ec3095) Signed-off-by: Guy Daich <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Guy Daich <[email protected]> Co-authored-by: Huabing Zhao <[email protected]>
- Loading branch information
1 parent
b1b1e8d
commit d2d60c3
Showing
27 changed files
with
856 additions
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
123 changes: 123 additions & 0 deletions
123
internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.in.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,123 @@ | ||
gateways: | ||
- apiVersion: gateway.networking.k8s.io/v1 | ||
kind: Gateway | ||
metadata: | ||
name: gateway-btls | ||
namespace: envoy-gateway | ||
spec: | ||
gatewayClassName: envoy-gateway-class | ||
listeners: | ||
- name: http | ||
protocol: HTTP | ||
port: 80 | ||
allowedRoutes: | ||
namespaces: | ||
from: All | ||
|
||
httpRoutes: | ||
- apiVersion: gateway.networking.k8s.io/v1 | ||
kind: HTTPRoute | ||
metadata: | ||
name: httproute-btls-1 | ||
namespace: envoy-gateway | ||
spec: | ||
parentRefs: | ||
- namespace: envoy-gateway | ||
name: gateway-btls | ||
sectionName: http | ||
rules: | ||
- matches: | ||
- path: | ||
type: Exact | ||
value: "/exact-1" | ||
backendRefs: | ||
- name: http-backend | ||
namespace: envoy-gateway | ||
port: 8080 | ||
- apiVersion: gateway.networking.k8s.io/v1 | ||
kind: HTTPRoute | ||
metadata: | ||
name: httproute-btls-2 | ||
namespace: envoy-gateway | ||
spec: | ||
parentRefs: | ||
- namespace: envoy-gateway | ||
name: gateway-btls | ||
sectionName: http | ||
rules: | ||
- matches: | ||
- path: | ||
type: Exact | ||
value: "/exact-2" | ||
backendRefs: | ||
- name: http-backend | ||
namespace: envoy-gateway | ||
port: 8081 | ||
|
||
services: | ||
- apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: http-backend | ||
namespace: envoy-gateway | ||
spec: | ||
clusterIP: 10.11.12.13 | ||
ports: | ||
- port: 8080 | ||
name: http | ||
protocol: TCP | ||
targetPort: 8080 | ||
- port: 8081 | ||
name: http | ||
protocol: TCP | ||
targetPort: 8081 | ||
|
||
configMaps: | ||
- apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: ca-cmap | ||
namespace: envoy-gateway | ||
data: | ||
ca.crt: | | ||
-----BEGIN CERTIFICATE----- | ||
MIIDJzCCAg+gAwIBAgIUAl6UKIuKmzte81cllz5PfdN2IlIwDQYJKoZIhvcNAQEL | ||
BQAwIzEQMA4GA1UEAwwHbXljaWVudDEPMA0GA1UECgwGa3ViZWRiMB4XDTIzMTAw | ||
MjA1NDE1N1oXDTI0MTAwMTA1NDE1N1owIzEQMA4GA1UEAwwHbXljaWVudDEPMA0G | ||
A1UECgwGa3ViZWRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSTc | ||
1yj8HW62nynkFbXo4VXKv2jC0PM7dPVky87FweZcTKLoWQVPQE2p2kLDK6OEszmM | ||
yyr+xxWtyiveremrWqnKkNTYhLfYPhgQkczib7eUalmFjUbhWdLvHakbEgCodn3b | ||
kz57mInX2VpiDOKg4kyHfiuXWpiBqrCx0KNLpxo3DEQcFcsQTeTHzh4752GV04RU | ||
Ti/GEWyzIsl4Rg7tGtAwmcIPgUNUfY2Q390FGqdH4ahn+mw/6aFbW31W63d9YJVq | ||
ioyOVcaMIpM5B/c7Qc8SuhCI1YGhUyg4cRHLEw5VtikioyE3X04kna3jQAj54YbR | ||
bpEhc35apKLB21HOUQIDAQABo1MwUTAdBgNVHQ4EFgQUyvl0VI5vJVSuYFXu7B48 | ||
6PbMEAowHwYDVR0jBBgwFoAUyvl0VI5vJVSuYFXu7B486PbMEAowDwYDVR0TAQH/ | ||
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAMLxrgFVMuNRq2wAwcBt7SnNR5Cfz | ||
2MvXq5EUmuawIUi9kaYjwdViDREGSjk7JW17vl576HjDkdfRwi4E28SydRInZf6J | ||
i8HZcZ7caH6DxR335fgHVzLi5NiTce/OjNBQzQ2MJXVDd8DBmG5fyatJiOJQ4bWE | ||
A7FlP0RdP3CO3GWE0M5iXOB2m1qWkE2eyO4UHvwTqNQLdrdAXgDQlbam9e4BG3Gg | ||
d/6thAkWDbt/QNT+EJHDCvhDRKh1RuGHyg+Y+/nebTWWrFWsktRrbOoHCZiCpXI1 | ||
3eXE6nt0YkgtDxG22KqnhpAg9gUSs2hlhoxyvkzyF0mu6NhPlwAgnq7+/Q== | ||
-----END CERTIFICATE----- | ||
backendTLSPolicies: | ||
- apiVersion: gateway.networking.k8s.io/v1alpha2 | ||
kind: BackendTLSPolicy | ||
metadata: | ||
name: policy-btls | ||
namespace: envoy-gateway | ||
spec: | ||
targetRefs: | ||
- group: "" | ||
kind: Service | ||
name: http-backend | ||
sectionName: "8080" | ||
- group: "" | ||
kind: Service | ||
name: http-backend | ||
sectionName: "8081" | ||
validation: | ||
caCertificateRefs: | ||
- name: ca-cmap | ||
group: "" | ||
kind: ConfigMap | ||
hostname: example.com |
237 changes: 237 additions & 0 deletions
237
internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.out.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,237 @@ | ||
backendTLSPolicies: | ||
- apiVersion: gateway.networking.k8s.io/v1alpha2 | ||
kind: BackendTLSPolicy | ||
metadata: | ||
creationTimestamp: null | ||
name: policy-btls | ||
namespace: envoy-gateway | ||
spec: | ||
targetRefs: | ||
- group: "" | ||
kind: Service | ||
name: http-backend | ||
sectionName: "8080" | ||
- group: "" | ||
kind: Service | ||
name: http-backend | ||
sectionName: "8081" | ||
validation: | ||
caCertificateRefs: | ||
- group: "" | ||
kind: ConfigMap | ||
name: ca-cmap | ||
hostname: example.com | ||
status: | ||
ancestors: | ||
- ancestorRef: | ||
name: gateway-btls | ||
namespace: envoy-gateway | ||
sectionName: http | ||
conditions: | ||
- lastTransitionTime: null | ||
message: Policy has been accepted. | ||
reason: Accepted | ||
status: "True" | ||
type: Accepted | ||
controllerName: gateway.envoyproxy.io/gatewayclass-controller | ||
gateways: | ||
- apiVersion: gateway.networking.k8s.io/v1 | ||
kind: Gateway | ||
metadata: | ||
creationTimestamp: null | ||
name: gateway-btls | ||
namespace: envoy-gateway | ||
spec: | ||
gatewayClassName: envoy-gateway-class | ||
listeners: | ||
- allowedRoutes: | ||
namespaces: | ||
from: All | ||
name: http | ||
port: 80 | ||
protocol: HTTP | ||
status: | ||
listeners: | ||
- attachedRoutes: 2 | ||
conditions: | ||
- lastTransitionTime: null | ||
message: Sending translated listener configuration to the data plane | ||
reason: Programmed | ||
status: "True" | ||
type: Programmed | ||
- lastTransitionTime: null | ||
message: Listener has been successfully translated | ||
reason: Accepted | ||
status: "True" | ||
type: Accepted | ||
- lastTransitionTime: null | ||
message: Listener references have been resolved | ||
reason: ResolvedRefs | ||
status: "True" | ||
type: ResolvedRefs | ||
name: http | ||
supportedKinds: | ||
- group: gateway.networking.k8s.io | ||
kind: HTTPRoute | ||
- group: gateway.networking.k8s.io | ||
kind: GRPCRoute | ||
httpRoutes: | ||
- apiVersion: gateway.networking.k8s.io/v1 | ||
kind: HTTPRoute | ||
metadata: | ||
creationTimestamp: null | ||
name: httproute-btls-1 | ||
namespace: envoy-gateway | ||
spec: | ||
parentRefs: | ||
- name: gateway-btls | ||
namespace: envoy-gateway | ||
sectionName: http | ||
rules: | ||
- backendRefs: | ||
- name: http-backend | ||
namespace: envoy-gateway | ||
port: 8080 | ||
matches: | ||
- path: | ||
type: Exact | ||
value: /exact-1 | ||
status: | ||
parents: | ||
- conditions: | ||
- lastTransitionTime: null | ||
message: Route is accepted | ||
reason: Accepted | ||
status: "True" | ||
type: Accepted | ||
- lastTransitionTime: null | ||
message: Resolved all the Object references for the Route | ||
reason: ResolvedRefs | ||
status: "True" | ||
type: ResolvedRefs | ||
controllerName: gateway.envoyproxy.io/gatewayclass-controller | ||
parentRef: | ||
name: gateway-btls | ||
namespace: envoy-gateway | ||
sectionName: http | ||
- apiVersion: gateway.networking.k8s.io/v1 | ||
kind: HTTPRoute | ||
metadata: | ||
creationTimestamp: null | ||
name: httproute-btls-2 | ||
namespace: envoy-gateway | ||
spec: | ||
parentRefs: | ||
- name: gateway-btls | ||
namespace: envoy-gateway | ||
sectionName: http | ||
rules: | ||
- backendRefs: | ||
- name: http-backend | ||
namespace: envoy-gateway | ||
port: 8081 | ||
matches: | ||
- path: | ||
type: Exact | ||
value: /exact-2 | ||
status: | ||
parents: | ||
- conditions: | ||
- lastTransitionTime: null | ||
message: Route is accepted | ||
reason: Accepted | ||
status: "True" | ||
type: Accepted | ||
- lastTransitionTime: null | ||
message: Resolved all the Object references for the Route | ||
reason: ResolvedRefs | ||
status: "True" | ||
type: ResolvedRefs | ||
controllerName: gateway.envoyproxy.io/gatewayclass-controller | ||
parentRef: | ||
name: gateway-btls | ||
namespace: envoy-gateway | ||
sectionName: http | ||
infraIR: | ||
envoy-gateway/gateway-btls: | ||
proxy: | ||
listeners: | ||
- address: null | ||
name: envoy-gateway/gateway-btls/http | ||
ports: | ||
- containerPort: 10080 | ||
name: http-80 | ||
protocol: HTTP | ||
servicePort: 80 | ||
metadata: | ||
labels: | ||
gateway.envoyproxy.io/owning-gateway-name: gateway-btls | ||
gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway | ||
name: envoy-gateway/gateway-btls | ||
xdsIR: | ||
envoy-gateway/gateway-btls: | ||
accessLog: | ||
text: | ||
- path: /dev/stdout | ||
http: | ||
- address: 0.0.0.0 | ||
hostnames: | ||
- '*' | ||
isHTTP2: false | ||
metadata: | ||
kind: Gateway | ||
name: gateway-btls | ||
namespace: envoy-gateway | ||
sectionName: http | ||
name: envoy-gateway/gateway-btls/http | ||
path: | ||
escapedSlashesAction: UnescapeAndRedirect | ||
mergeSlashes: true | ||
port: 10080 | ||
routes: | ||
- destination: | ||
name: httproute/envoy-gateway/httproute-btls-1/rule/0 | ||
settings: | ||
- protocol: HTTP | ||
tls: | ||
caCertificate: | ||
certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKekNDQWcrZ0F3SUJBZ0lVQWw2VUtJdUttenRlODFjbGx6NVBmZE4ySWxJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0l6RVFNQTRHQTFVRUF3d0hiWGxqYVdWdWRERVBNQTBHQTFVRUNnd0dhM1ZpWldSaU1CNFhEVEl6TVRBdwpNakExTkRFMU4xb1hEVEkwTVRBd01UQTFOREUxTjFvd0l6RVFNQTRHQTFVRUF3d0hiWGxqYVdWdWRERVBNQTBHCkExVUVDZ3dHYTNWaVpXUmlNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdTVGMKMXlqOEhXNjJueW5rRmJYbzRWWEt2MmpDMFBNN2RQVmt5ODdGd2VaY1RLTG9XUVZQUUUycDJrTERLNk9Fc3ptTQp5eXIreHhXdHlpdmVyZW1yV3FuS2tOVFloTGZZUGhnUWtjemliN2VVYWxtRmpVYmhXZEx2SGFrYkVnQ29kbjNiCmt6NTdtSW5YMlZwaURPS2c0a3lIZml1WFdwaUJxckN4MEtOTHB4bzNERVFjRmNzUVRlVEh6aDQ3NTJHVjA0UlUKVGkvR0VXeXpJc2w0Umc3dEd0QXdtY0lQZ1VOVWZZMlEzOTBGR3FkSDRhaG4rbXcvNmFGYlczMVc2M2Q5WUpWcQppb3lPVmNhTUlwTTVCL2M3UWM4U3VoQ0kxWUdoVXlnNGNSSExFdzVWdGlraW95RTNYMDRrbmEzalFBajU0WWJSCmJwRWhjMzVhcEtMQjIxSE9VUUlEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeXZsMFZJNXZKVlN1WUZYdTdCNDgKNlBiTUVBb3dId1lEVlIwakJCZ3dGb0FVeXZsMFZJNXZKVlN1WUZYdTdCNDg2UGJNRUFvd0R3WURWUjBUQVFILwpCQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFNTHhyZ0ZWTXVOUnEyd0F3Y0J0N1NuTlI1Q2Z6CjJNdlhxNUVVbXVhd0lVaTlrYVlqd2RWaURSRUdTams3SlcxN3ZsNTc2SGpEa2RmUndpNEUyOFN5ZFJJblpmNkoKaThIWmNaN2NhSDZEeFIzMzVmZ0hWekxpNU5pVGNlL09qTkJRelEyTUpYVkRkOERCbUc1ZnlhdEppT0pRNGJXRQpBN0ZsUDBSZFAzQ08zR1dFME01aVhPQjJtMXFXa0UyZXlPNFVIdndUcU5RTGRyZEFYZ0RRbGJhbTllNEJHM0dnCmQvNnRoQWtXRGJ0L1FOVCtFSkhEQ3ZoRFJLaDFSdUdIeWcrWSsvbmViVFdXckZXc2t0UnJiT29IQ1ppQ3BYSTEKM2VYRTZudDBZa2d0RHhHMjJLcW5ocEFnOWdVU3MyaGxob3h5dmt6eUYwbXU2TmhQbHdBZ25xNysvUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | ||
name: policy-btls/envoy-gateway-ca | ||
sni: example.com | ||
weight: 1 | ||
directResponse: | ||
statusCode: 500 | ||
hostname: '*' | ||
isHTTP2: false | ||
metadata: | ||
kind: HTTPRoute | ||
name: httproute-btls-1 | ||
namespace: envoy-gateway | ||
name: httproute/envoy-gateway/httproute-btls-1/rule/0/match/0/* | ||
pathMatch: | ||
distinct: false | ||
exact: /exact-1 | ||
name: "" | ||
- destination: | ||
name: httproute/envoy-gateway/httproute-btls-2/rule/0 | ||
settings: | ||
- protocol: HTTP | ||
tls: | ||
caCertificate: | ||
certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKekNDQWcrZ0F3SUJBZ0lVQWw2VUtJdUttenRlODFjbGx6NVBmZE4ySWxJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0l6RVFNQTRHQTFVRUF3d0hiWGxqYVdWdWRERVBNQTBHQTFVRUNnd0dhM1ZpWldSaU1CNFhEVEl6TVRBdwpNakExTkRFMU4xb1hEVEkwTVRBd01UQTFOREUxTjFvd0l6RVFNQTRHQTFVRUF3d0hiWGxqYVdWdWRERVBNQTBHCkExVUVDZ3dHYTNWaVpXUmlNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdTVGMKMXlqOEhXNjJueW5rRmJYbzRWWEt2MmpDMFBNN2RQVmt5ODdGd2VaY1RLTG9XUVZQUUUycDJrTERLNk9Fc3ptTQp5eXIreHhXdHlpdmVyZW1yV3FuS2tOVFloTGZZUGhnUWtjemliN2VVYWxtRmpVYmhXZEx2SGFrYkVnQ29kbjNiCmt6NTdtSW5YMlZwaURPS2c0a3lIZml1WFdwaUJxckN4MEtOTHB4bzNERVFjRmNzUVRlVEh6aDQ3NTJHVjA0UlUKVGkvR0VXeXpJc2w0Umc3dEd0QXdtY0lQZ1VOVWZZMlEzOTBGR3FkSDRhaG4rbXcvNmFGYlczMVc2M2Q5WUpWcQppb3lPVmNhTUlwTTVCL2M3UWM4U3VoQ0kxWUdoVXlnNGNSSExFdzVWdGlraW95RTNYMDRrbmEzalFBajU0WWJSCmJwRWhjMzVhcEtMQjIxSE9VUUlEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeXZsMFZJNXZKVlN1WUZYdTdCNDgKNlBiTUVBb3dId1lEVlIwakJCZ3dGb0FVeXZsMFZJNXZKVlN1WUZYdTdCNDg2UGJNRUFvd0R3WURWUjBUQVFILwpCQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFNTHhyZ0ZWTXVOUnEyd0F3Y0J0N1NuTlI1Q2Z6CjJNdlhxNUVVbXVhd0lVaTlrYVlqd2RWaURSRUdTams3SlcxN3ZsNTc2SGpEa2RmUndpNEUyOFN5ZFJJblpmNkoKaThIWmNaN2NhSDZEeFIzMzVmZ0hWekxpNU5pVGNlL09qTkJRelEyTUpYVkRkOERCbUc1ZnlhdEppT0pRNGJXRQpBN0ZsUDBSZFAzQ08zR1dFME01aVhPQjJtMXFXa0UyZXlPNFVIdndUcU5RTGRyZEFYZ0RRbGJhbTllNEJHM0dnCmQvNnRoQWtXRGJ0L1FOVCtFSkhEQ3ZoRFJLaDFSdUdIeWcrWSsvbmViVFdXckZXc2t0UnJiT29IQ1ppQ3BYSTEKM2VYRTZudDBZa2d0RHhHMjJLcW5ocEFnOWdVU3MyaGxob3h5dmt6eUYwbXU2TmhQbHdBZ25xNysvUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | ||
name: policy-btls/envoy-gateway-ca | ||
sni: example.com | ||
weight: 1 | ||
directResponse: | ||
statusCode: 500 | ||
hostname: '*' | ||
isHTTP2: false | ||
metadata: | ||
kind: HTTPRoute | ||
name: httproute-btls-2 | ||
namespace: envoy-gateway | ||
name: httproute/envoy-gateway/httproute-btls-2/rule/0/match/0/* | ||
pathMatch: | ||
distinct: false | ||
exact: /exact-2 | ||
name: "" |
Oops, something went wrong.