diff --git a/internal/cmd/xdstest.go b/internal/cmd/xdstest.go index 50b6c980fd..9361c671ea 100644 --- a/internal/cmd/xdstest.go +++ b/internal/cmd/xdstest.go @@ -187,19 +187,19 @@ func xDSTest() error { for { time.Sleep(10 * time.Second) logger.Info("Updating the cache for first-listener with first-route") - err := snapCache.GenerateNewSnapshot(cacheVersion1.GetXdsResources()) + err := snapCache.GenerateNewSnapshot("", cacheVersion1.GetXdsResources()) if err != nil { logger.Error(err, "Something went wrong with generating a snapshot") } time.Sleep(10 * time.Second) logger.Info("Updating the cache for first-listener with second-route") - err = snapCache.GenerateNewSnapshot(cacheVersion2.GetXdsResources()) + err = snapCache.GenerateNewSnapshot("", cacheVersion2.GetXdsResources()) if err != nil { logger.Error(err, "Something went wrong with generating a snapshot") } time.Sleep(10 * time.Second) logger.Info("Updating the cache for second-listener with second-route") - err = snapCache.GenerateNewSnapshot(cacheVersion3.GetXdsResources()) + err = snapCache.GenerateNewSnapshot("", cacheVersion3.GetXdsResources()) if err != nil { logger.Error(err, "Something went wrong with generating a snapshot") } diff --git a/internal/crypto/certgen.go b/internal/crypto/certgen.go index 4b703cba42..406a485552 100644 --- a/internal/crypto/certgen.go +++ b/internal/crypto/certgen.go @@ -21,7 +21,7 @@ const ( DefaultEnvoyGatewayDNSPrefix = config.EnvoyGatewayServiceName // DefaultEnvoyDNSPrefix defines the default Envoy DNS prefix. - DefaultEnvoyDNSPrefix = config.EnvoyServiceName + DefaultEnvoyDNSPrefix = "*" // DefaultNamespace is the default Namespace name where Envoy Gateway is running. DefaultNamespace = config.EnvoyGatewayNamespace @@ -112,7 +112,7 @@ func GenerateCerts(egCfg *v1alpha1.EnvoyGateway) (*Certificates, error) { switch egProvider { case v1alpha1.ProviderTypeKubernetes: egDNSNames = kubeServiceNames(DefaultEnvoyGatewayDNSPrefix, DefaultNamespace, DefaultDNSSuffix) - envoyDNSNames = kubeServiceNames(DefaultEnvoyDNSPrefix, DefaultNamespace, DefaultDNSSuffix) + envoyDNSNames = append(envoyDNSNames, fmt.Sprintf("*.%s", DefaultNamespace)) default: // Kubernetes is the only supported Envoy Gateway provider. return nil, fmt.Errorf("unsupported provider type %v", egProvider) diff --git a/internal/crypto/certgen_test.go b/internal/crypto/certgen_test.go index 294b7fd2fa..01dea266d3 100644 --- a/internal/crypto/certgen_test.go +++ b/internal/crypto/certgen_test.go @@ -47,7 +47,7 @@ func TestGenerateCerts(t *testing.T) { run(t, "no configuration - use defaults", testcase{ certConfig: &Configuration{}, wantEnvoyGatewayDNSName: "envoy-gateway", - wantEnvoyDNSName: "envoy", + wantEnvoyDNSName: "*.envoy-gateway-system", }) } diff --git a/internal/envoygateway/config/config.go b/internal/envoygateway/config/config.go index 16a4cd549d..fb0b8915d5 100644 --- a/internal/envoygateway/config/config.go +++ b/internal/envoygateway/config/config.go @@ -12,12 +12,12 @@ const ( EnvoyGatewayNamespace = "envoy-gateway-system" // EnvoyGatewayServiceName is the name of the Envoy Gateway service. EnvoyGatewayServiceName = "envoy-gateway" - // EnvoyServiceName is the name of the Envoy Service. - EnvoyServiceName = "envoy" - // EnvoyDeploymentName is the name of the Envoy Deployment. - EnvoyDeploymentName = "envoy" // EnvoyConfigMapName is the name of the Envoy ConfigMap. EnvoyConfigMapName = "envoy" + // EnvoyServicePrefix is the prefix applied to the Envoy Service. + EnvoyServicePrefix = "envoy" + // EnvoyDeploymentPrefix is the prefix applied to the Envoy Deployment. + EnvoyDeploymentPrefix = "envoy" ) // Server wraps the EnvoyGateway configuration and additional parameters diff --git a/internal/gatewayapi/runner/runner.go b/internal/gatewayapi/runner/runner.go index 8c8cd88303..c89543bd61 100644 --- a/internal/gatewayapi/runner/runner.go +++ b/internal/gatewayapi/runner/runner.go @@ -95,22 +95,24 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) { yamlInfraIR, _ := yaml.Marshal(&result.InfraIR) r.Logger.WithValues("output", "infra-ir").Info(string(yamlInfraIR)) - // Publish the IRs. Use the service name as the key - // to ensure there is always one element in the map. + // Publish the IRs. // Also validate the ir before sending it. - if err := result.InfraIR.Validate(); err != nil { - r.Logger.Error(err, "unable to validate infra ir, skipped sending it") - } else { - r.InfraIR.Store(r.Name(), result.InfraIR) + for key, val := range result.InfraIR { + if err := val.Validate(); err != nil { + r.Logger.Error(err, "unable to validate infra ir, skipped sending it") + } else { + r.InfraIR.Store(key, val) + } } - // Wait until all HTTPRoutes have been reconciled , else the translation // result will be incomplete, and might cause churn in the data plane. if r.xdsIRReady { - if err := result.XdsIR.Validate(); err != nil { - r.Logger.Error(err, "unable to validate xds ir, skipped sending it") - } else { - r.XdsIR.Store(r.Name(), result.XdsIR) + for key, val := range result.XdsIR { + if err := val.Validate(); err != nil { + r.Logger.Error(err, "unable to validate xds ir, skipped sending it") + } else { + r.XdsIR.Store(key, val) + } } } diff --git a/internal/gatewayapi/runner/runner_test.go b/internal/gatewayapi/runner/runner_test.go index 3f888a0b35..0389bc78f5 100644 --- a/internal/gatewayapi/runner/runner_test.go +++ b/internal/gatewayapi/runner/runner_test.go @@ -7,6 +7,7 @@ import ( "time" "github.com/stretchr/testify/require" + "k8s.io/apimachinery/pkg/types" "github.com/envoyproxy/gateway/internal/envoygateway/config" "github.com/envoyproxy/gateway/internal/ir" @@ -32,21 +33,22 @@ func TestRunner(t *testing.T) { require.NoError(t, err) // IR is nil at start - require.Equal(t, (*ir.Xds)(nil), xdsIR.Get()) - require.Equal(t, (*ir.Infra)(nil), infraIR.Get()) + require.Equal(t, map[string]*ir.Xds{}, xdsIR.LoadAll()) + require.Equal(t, map[string]*ir.Infra{}, infraIR.LoadAll()) // TODO: pass valid provider resources - // Reset gatewayclass slice and update with a nil gatewayclass to trigger a delete - pResources.DeleteGatewayClasses() - pResources.GatewayClasses.Store("test", nil) + // Reset gateway slice and update with a nil gateway to trigger a delete. + pResources.DeleteGateways() + key := types.NamespacedName{Namespace: "test", Name: "test"} + pResources.Gateways.Store(key, nil) require.Eventually(t, func() bool { - out := xdsIR.Get() + out := xdsIR.LoadAll() if out == nil { return false } // Ensure ir is empty - return (reflect.DeepEqual(*xdsIR.Get(), ir.Xds{})) && (reflect.DeepEqual(*infraIR.Get(), ir.Infra{Proxy: nil})) + return (reflect.DeepEqual(xdsIR.LoadAll(), map[string]*ir.Xds{})) && (reflect.DeepEqual(infraIR.LoadAll(), map[string]*ir.Infra{})) }, time.Second*1, time.Millisecond*20) } diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml index 937ee4b2c1..6b645267f3 100644 --- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml @@ -54,31 +54,33 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*" - routes: - - name: envoy-gateway-httproute-1-rule-0-match-0-* - pathMatch: - prefix: "/" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*" + routes: + - name: envoy-gateway-httproute-1-rule-0-match-0-* + pathMatch: + prefix: "/" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml index d4fc43a0c0..24458a5ab6 100644 --- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml +++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml @@ -54,23 +54,25 @@ httpRoutes: reason: NotAllowedByListeners message: No listeners included by this parent ref allowed this attachment. xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - hostnames: - - "*" - port: 10080 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + hostnames: + - "*" + port: 10080 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml index 39f31e2354..e0170e016f 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-namespaces-selector.out.yaml @@ -59,13 +59,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml index 9908e3c50b..abbda77ca6 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-group.out.yaml @@ -57,13 +57,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml index e80155f70a..46c8633f91 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-allowed-routes-kind.out.yaml @@ -57,13 +57,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml index 4962b33186..8675429344 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-invalid-mode.out.yaml @@ -57,13 +57,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml index 1544add649..244824850e 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-no-certificate-refs.out.yaml @@ -55,13 +55,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml index 3b6a1fb9b9..df289e773a 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-does-not-exist.out.yaml @@ -61,13 +61,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml index eb6cc1dfc6..4fa66aef6d 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-in-other-namespace.out.yaml @@ -62,13 +62,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml index d8a42d17ea..ec6aaa35b2 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-invalid-tls-configuration-secret-is-not-valid.out.yaml @@ -61,13 +61,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml index 54e5f46dd0..493fbe7851 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-missing-allowed-namespaces-selector.out.yaml @@ -53,13 +53,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml index 2764121338..6c56235c9e 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml @@ -59,34 +59,36 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-tls - address: 0.0.0.0 - port: 10443 - hostnames: - - "*" - tls: - serverCertificate: Zm9vCg== - privateKey: YmFyCg== - routes: - - name: default-httproute-1-rule-0-match-0-* - pathMatch: - prefix: "/" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-tls + address: 0.0.0.0 + port: 10443 + hostnames: + - "*" + tls: + serverCertificate: Zm9vCg== + privateKey: YmFyCg== + routes: + - name: default-httproute-1-rule-0-match-0-* + pathMatch: + prefix: "/" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTPS" - servicePort: 443 - containerPort: 10443 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTPS" + servicePort: 443 + containerPort: 10443 diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml index e929f0546e..fd2744efa9 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unsupported-protocol.out.yaml @@ -54,13 +54,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml index 2cefc02205..88a051f1de 100644 --- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml @@ -58,34 +58,36 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-tls - address: 0.0.0.0 - port: 10443 - hostnames: - - "*" - tls: - serverCertificate: Zm9vCg== - privateKey: YmFyCg== - routes: - - name: default-httproute-1-rule-0-match-0-* - pathMatch: - prefix: "/" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-tls + address: 0.0.0.0 + port: 10443 + hostnames: + - "*" + tls: + serverCertificate: Zm9vCg== + privateKey: YmFyCg== + routes: + - name: default-httproute-1-rule-0-match-0-* + pathMatch: + prefix: "/" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTPS" - servicePort: 443 - containerPort: 10443 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTPS" + servicePort: 443 + containerPort: 10443 diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml index bde9164e50..e5f8cabee8 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-hostname.out.yaml @@ -77,13 +77,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml index ca0b4767d0..f47176faf5 100644 --- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-and-incompatible-protocol.out.yaml @@ -77,13 +77,15 @@ httpRoutes: status: "False" reason: NoReadyListeners message: There are no ready listeners for this parent ref -xdsIR: {} +xdsIR: + envoy-gateway-gateway-1: {} infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml index 05d5c82db0..5fd4e6f76f 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml @@ -72,44 +72,46 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http-1 - address: 0.0.0.0 - port: 10080 - hostnames: - - foo.com - routes: - - name: default-httproute-1-rule-0-match-0-foo.com - pathMatch: - prefix: "/" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - - name: envoy-gateway-gateway-1-http-2 - address: 0.0.0.0 - port: 10080 - hostnames: - - bar.com - routes: - - name: default-httproute-1-rule-0-match-0-bar.com - pathMatch: - prefix: "/" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http-1 + address: 0.0.0.0 + port: 10080 + hostnames: + - foo.com + routes: + - name: default-httproute-1-rule-0-match-0-foo.com + pathMatch: + prefix: "/" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + - name: envoy-gateway-gateway-1-http-2 + address: 0.0.0.0 + port: 10080 + hostnames: + - bar.com + routes: + - name: default-httproute-1-rule-0-match-0-bar.com + pathMatch: + prefix: "/" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml index d134bd1a1c..15c683e961 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml @@ -54,31 +54,33 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*" - routes: - - name: default-httproute-1-rule-0-match-0-* - pathMatch: - prefix: "/" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*" + routes: + - name: default-httproute-1-rule-0-match-0-* + pathMatch: + prefix: "/" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml index 87ef923afa..1210f0662b 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml @@ -74,36 +74,38 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http-1 - address: 0.0.0.0 - port: 10080 - hostnames: - - foo.com - - name: envoy-gateway-gateway-1-http-2 - address: 0.0.0.0 - port: 10080 - hostnames: - - bar.com - routes: - - name: default-httproute-1-rule-0-match-0-bar.com - pathMatch: - prefix: "/" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http-1 + address: 0.0.0.0 + port: 10080 + hostnames: + - foo.com + - name: envoy-gateway-gateway-1-http-2 + address: 0.0.0.0 + port: 10080 + hostnames: + - bar.com + routes: + - name: default-httproute-1-rule-0-match-0-bar.com + pathMatch: + prefix: "/" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml index 7879890e96..f01e97ea7f 100644 --- a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml +++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml @@ -56,31 +56,33 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*" - routes: - - name: default-httproute-1-rule-0-match-0-* - pathMatch: - prefix: "/" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*" + routes: + - name: default-httproute-1-rule-0-match-0-* + pathMatch: + prefix: "/" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml index 2e9074d250..b6c1fc5f1a 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml @@ -58,37 +58,39 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*" - routes: - - name: default-httproute-1-rule-0-match-0-* - pathMatch: - prefix: "/" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - - host: 7.7.7.7 - port: 8080 - weight: 1 - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*" + routes: + - name: default-httproute-1-rule-0-match-0-* + pathMatch: + prefix: "/" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + - host: 7.7.7.7 + port: 8080 + weight: 1 + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml index c8ad7613fd..9fb181dfc4 100644 --- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml +++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml @@ -61,37 +61,39 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*" - routes: - - name: default-httproute-1-rule-0-match-0-* - pathMatch: - prefix: "/" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - - host: 7.7.7.7 - port: 8080 - weight: 2 - - host: 7.7.7.7 - port: 8080 - weight: 3 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*" + routes: + - name: default-httproute-1-rule-0-match-0-* + pathMatch: + prefix: "/" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + - host: 7.7.7.7 + port: 8080 + weight: 2 + - host: 7.7.7.7 + port: 8080 + weight: 3 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml index bb3e1a88c1..c27d340ad9 100644 --- a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml @@ -56,31 +56,33 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*" - routes: - - name: default-httproute-1-rule-0-match-0-* - pathMatch: - exact: "/exact" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*" + routes: + - name: default-httproute-1-rule-0-match-0-* + pathMatch: + exact: "/exact" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml index 4acdfca4f6..2944172150 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml @@ -78,44 +78,46 @@ httpRoutes: reason: UnsupportedValue message: "RequestHeaderModifier Filter already configures request header: add-header-1 to be added, ignoring second entry" xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - addRequestHeaders: - - name: "add-header-1" - value: "some-value" - append: true - - name: "add-header-2" - value: "some-value" - append: true - - name: "add-header-3" - value: "some-value" - append: true + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + addRequestHeaders: + - name: "add-header-1" + value: "some-value" + append: true + - name: "add-header-2" + value: "some-value" + append: true + - name: "add-header-3" + value: "some-value" + append: true infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml index 2179d92cbe..3b94e9128c 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml @@ -89,50 +89,52 @@ httpRoutes: # Currently only one invalid value status will be set. If there are multiple, then only the latest is displayed until that issue is resolved. message: "RequestHeaderModifier Filter already configures request header: set-header-4 to be added/set, ignoring second entry" xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - addRequestHeaders: - - name: "Set-Header-1" - value: "some-value" - append: true - - name: "set-header-2" - value: "some-value" - append: true - - name: "set-header-3" - value: "some-value" - append: true - - name: "set-header-5" - value: "some-value" - append: true - - name: "set-header-4" - value: "some-value" - append: false + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + addRequestHeaders: + - name: "Set-Header-1" + value: "some-value" + append: true + - name: "set-header-2" + value: "some-value" + append: true + - name: "set-header-3" + value: "some-value" + append: true + - name: "set-header-5" + value: "some-value" + append: true + - name: "set-header-4" + value: "some-value" + append: false infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml index 10d4f082ca..7c3c9e4f69 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml @@ -74,38 +74,40 @@ httpRoutes: reason: UnsupportedValue message: "RequestHeaderModifier Filter already configures request header: rem-header-1 to be removed, ignoring second entry" xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - removeRequestHeaders: - - "rem-header-1" - - "rem-header-2" - - "rem-header-3" + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + removeRequestHeaders: + - "rem-header-1" + - "rem-header-2" + - "rem-header-3" infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml index 1414b8c732..c29f14dc45 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml @@ -69,36 +69,38 @@ httpRoutes: reason: UnsupportedValue message: "RequestHeaderModifier Filter already configures request header: some-header-1 to be removed, ignoring second entry" xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - removeRequestHeaders: - - "some-header-1" + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + removeRequestHeaders: + - "some-header-1" infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml index e64bd10595..a3b89fe242 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml @@ -68,41 +68,43 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - addRequestHeaders: - - name: "example-header-2" - value: "" - append: true - - name: "example-header-1" - value: "" - append: false + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + addRequestHeaders: + - name: "example-header-2" + value: "" + append: true + - name: "example-header-1" + value: "" + append: false infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml index e3914888ae..ad249bb78e 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml @@ -74,38 +74,40 @@ httpRoutes: reason: UnsupportedValue message: "RequestHeaderModifier Filter cannot set a header with an empty name" xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - addRequestHeaders: - - name: "good-header" - value: "some-value" - append: true + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + addRequestHeaders: + - name: "good-header" + value: "some-value" + append: true infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml index 3c92110619..4dd03607c5 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml @@ -74,38 +74,40 @@ httpRoutes: reason: UnsupportedValue message: "RequestHeaderModifier Filter cannot set headers with a '/' or ':' character in them. Header: 'example:1'" xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - addRequestHeaders: - - name: "good-header" - value: "some-value" - append: false + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + addRequestHeaders: + - name: "good-header" + value: "some-value" + append: false infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml index 1657a0e0ad..8970d75f96 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml @@ -65,34 +65,36 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml index 91e7b181a4..0287143784 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml @@ -69,34 +69,36 @@ httpRoutes: reason: UnsupportedValue message: "RequestHeaderModifier Filter did not provide valid configuration to add/set/remove any headers" xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml index 1d7b448ea3..ba3ab2c843 100644 --- a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml @@ -66,38 +66,40 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - removeRequestHeaders: - - "example-header-1" - - "example-header-2" - - "example-header-3" + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + removeRequestHeaders: + - "example-header-1" + - "example-header-2" + - "example-header-3" infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml index 77ef0db36d..6496f8dfed 100644 --- a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml @@ -60,29 +60,31 @@ httpRoutes: reason: RefNotPermitted message: Backend ref to service backends/service-1 not permitted by any ReferenceGrant xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*" - routes: - - name: default-httproute-1-rule-0-match-0-* - pathMatch: - exact: "/exact" - # TODO this should change when the correct behavior for invalid backend refs is implemented - destinations: + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*" + routes: + - name: default-httproute-1-rule-0-match-0-* + pathMatch: + exact: "/exact" + # TODO this should change when the correct behavior for invalid backend refs is implemented + destinations: infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml index 4a0ec6ee04..c1cd355c70 100644 --- a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -57,23 +57,25 @@ httpRoutes: reason: NoMatchingListenerHostname message: There were no hostname intersections between the HTTPRoute and this parent ref's Listener(s). xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml index 28871a2c7b..643e7548e0 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml @@ -67,39 +67,41 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - redirect: - scheme: https - statusCode: 301 - path: - fullReplace: /redirected + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + redirect: + scheme: https + statusCode: 301 + path: + fullReplace: /redirected infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml index 751e10fbc3..e53f6d5b60 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml @@ -65,38 +65,40 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - redirect: - scheme: https - statusCode: 301 - hostname: "redirected.com" + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + redirect: + scheme: https + statusCode: 301 + hostname: "redirected.com" infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml index 935109f1f9..0b5fd5f6e0 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml @@ -68,39 +68,41 @@ httpRoutes: reason: UnsupportedValue message: "Unknown custom filter type: UnsupportedType" xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - # I believe the correct way to handle an invalid filter should be to allow the HTTPRoute to function - # normally but leave out the filter config and set the status, but this behaviour can be changed. - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - directResponse: - body: "Unknown custom filter type: UnsupportedType" - statusCode: 500 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + # I believe the correct way to handle an invalid filter should be to allow the HTTPRoute to function + # normally but leave out the filter config and set the status, but this behaviour can be changed. + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + directResponse: + body: "Unknown custom filter type: UnsupportedType" + statusCode: 500 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml index 0fc2176fd5..01a6edcdb8 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml @@ -68,36 +68,38 @@ httpRoutes: reason: UnsupportedValue message: "Scheme: unknown is unsupported, only 'https' and 'http' are supported" xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - # I believe the correct way to handle an invalid filter should be to allow the HTTPRoute to function - # normally but leave out the filter config and set the status, but this behaviour can be changed. - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + # I believe the correct way to handle an invalid filter should be to allow the HTTPRoute to function + # normally but leave out the filter config and set the status, but this behaviour can be changed. + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml index dcfdb856ee..c6c8aed145 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml @@ -68,36 +68,38 @@ httpRoutes: reason: UnsupportedValue message: "Status code 666 is invalid, only 302 and 301 are supported" xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - # I believe the correct way to handle an invalid filter should be to allow the HTTPRoute to function - # normally but leave out the filter config and set the status, but this behaviour can be changed. - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + # I believe the correct way to handle an invalid filter should be to allow the HTTPRoute to function + # normally but leave out the filter config and set the status, but this behaviour can be changed. + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml index 9999700157..84cf6b197c 100644 --- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml @@ -68,40 +68,42 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - redirect: - scheme: http - statusCode: 302 - port: 8080 - path: - prefixMatchReplace: /redirected + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + redirect: + scheme: http + statusCode: 302 + port: 8080 + path: + prefixMatchReplace: /redirected infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - containerPort: 10080 - servicePort: 80 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + containerPort: 10080 + servicePort: 80 diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml index df17605bd8..abdf8e129a 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml @@ -55,31 +55,33 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*" - routes: - - name: default-httproute-1-rule-0-match-0-* - pathMatch: - exact: "/exact" - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*" + routes: + - name: default-httproute-1-rule-0-match-0-* + pathMatch: + exact: "/exact" + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml index 334e70f3e6..2ccb19ebe9 100644 --- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml @@ -59,36 +59,38 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*" - routes: - - name: default-httproute-1-rule-0-match-0-* - pathMatch: - prefix: "/pathprefix" - headerMatches: - - name: Header-1 - exact: Val-1 - - name: Header-2 - exact: Val-2 - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*" + routes: + - name: default-httproute-1-rule-0-match-0-* + pathMatch: + prefix: "/pathprefix" + headerMatches: + - name: Header-1 + exact: Val-1 + - name: Header-2 + exact: Val-2 + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - serviceport: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + serviceport: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml index 16e2144bf3..57dcacb37a 100644 --- a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -57,34 +57,36 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml index 637ca9335d..fd299c84a9 100644 --- a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml +++ b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml @@ -58,44 +58,46 @@ httpRoutes: reason: Accepted message: Route is accepted xdsIR: - http: - - name: envoy-gateway-gateway-1-http - address: 0.0.0.0 - port: 10080 - hostnames: - - "*.envoyproxy.io" - routes: - - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: gateway.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 - - name: default-httproute-1-rule-0-match-0-whales.envoyproxy.io - pathMatch: - prefix: "/" - headerMatches: - - name: ":authority" - exact: whales.envoyproxy.io - destinations: - - host: 7.7.7.7 - port: 8080 - weight: 1 + envoy-gateway-gateway-1: + http: + - name: envoy-gateway-gateway-1-http + address: 0.0.0.0 + port: 10080 + hostnames: + - "*.envoyproxy.io" + routes: + - name: default-httproute-1-rule-0-match-0-gateway.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: gateway.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 + - name: default-httproute-1-rule-0-match-0-whales.envoyproxy.io + pathMatch: + prefix: "/" + headerMatches: + - name: ":authority" + exact: whales.envoyproxy.io + destinations: + - host: 7.7.7.7 + port: 8080 + weight: 1 infraIR: - proxy: - metadata: - labels: - gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class - name: envoy-gateway-class - image: envoyproxy/envoy:v1.23-latest - listeners: - - address: "" - ports: - - name: envoy-gateway-gateway-1 - protocol: "HTTP" - servicePort: 80 - containerPort: 10080 + envoy-gateway-gateway-1: + proxy: + metadata: + labels: + gateway.envoyproxy.io/owning-gateway: gateway-1 + name: envoy-gateway-gateway-1 + image: envoyproxy/envoy:v1.23-latest + listeners: + - address: "" + ports: + - name: envoy-gateway-gateway-1 + protocol: "HTTP" + servicePort: 80 + containerPort: 10080 diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index 0421e25255..b71e3e5a37 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -3,6 +3,7 @@ package gatewayapi import ( "fmt" "net/netip" + "sort" "strings" "golang.org/x/exp/slices" @@ -22,9 +23,9 @@ const ( KindService = "Service" KindSecret = "Secret" - // OwningGatewayClassLabel is the owner reference label used for managed infra. - // The value should be the name of the accepted Envoy GatewayClass. - OwningGatewayClassLabel = "gateway.envoyproxy.io/owning-gatewayclass" + // OwningGatewayLabel is the owner reference label used for managed infra. + // The value should be the name of the accepted Envoy Gateway. + OwningGatewayLabel = "gateway.envoyproxy.io/owning-gateway" // minEphemeralPort is the first port in the ephemeral port range. minEphemeralPort = 1024 @@ -33,6 +34,9 @@ const ( wellKnownPortShift = 10000 ) +type XdsIRMap map[string]*ir.Xds +type InfraIRMap map[string]*ir.Infra + // Resources holds the Gateway API and related // resources that the translators needs as inputs. type Resources struct { @@ -83,11 +87,11 @@ type Translator struct { type TranslateResult struct { Gateways []*v1beta1.Gateway HTTPRoutes []*v1beta1.HTTPRoute - XdsIR *ir.Xds - InfraIR *ir.Infra + XdsIR XdsIRMap + InfraIR InfraIRMap } -func newTranslateResult(gateways []*GatewayContext, httpRoutes []*HTTPRouteContext, xdsIR *ir.Xds, infraIR *ir.Infra) *TranslateResult { +func newTranslateResult(gateways []*GatewayContext, httpRoutes []*HTTPRouteContext, xdsIR XdsIRMap, infraIR InfraIRMap) *TranslateResult { translateResult := &TranslateResult{ XdsIR: xdsIR, InfraIR: infraIR, @@ -104,11 +108,8 @@ func newTranslateResult(gateways []*GatewayContext, httpRoutes []*HTTPRouteConte } func (t *Translator) Translate(resources *Resources) *TranslateResult { - xdsIR := &ir.Xds{} - - infraIR := ir.NewInfra() - infraIR.Proxy.Name = string(t.GatewayClassName) - infraIR.Proxy.GetProxyMetadata().Labels = GatewayClassOwnerLabel(string(t.GatewayClassName)) + xdsIR := make(XdsIRMap) + infraIR := make(InfraIRMap) // Get Gateways belonging to our GatewayClass. gateways := t.GetRelevantGateways(resources.Gateways) @@ -129,6 +130,7 @@ func (t *Translator) GetRelevantGateways(gateways []*v1beta1.Gateway) []*Gateway if gateway == nil { panic("received nil gateway") } + if gateway.Spec.GatewayClassName == t.GatewayClassName { gc := &GatewayContext{ Gateway: gateway.DeepCopy(), @@ -153,12 +155,12 @@ type portListeners struct { hostnames map[string]int } -func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR *ir.Xds, infraIR *ir.Infra, resources *Resources) { - portListenerInfo := map[v1beta1.PortNumber]*portListeners{} +func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap, infraIR InfraIRMap, resources *Resources) { // Iterate through all listeners and collect info about protocols // and hostnames per port. for _, gateway := range gateways { + portListenerInfo := map[v1beta1.PortNumber]*portListeners{} for _, listener := range gateway.listeners { if portListenerInfo[listener.Port] == nil { portListenerInfo[listener.Port] = &portListeners{ @@ -186,43 +188,53 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR *ir.Xds, portListenerInfo[listener.Port].hostnames[hostname]++ } - } - // Set Conflicted conditions for any listeners with conflicting specs. - for _, info := range portListenerInfo { - for _, listener := range info.listeners { - if len(info.protocols) > 1 { - listener.SetCondition( - v1beta1.ListenerConditionConflicted, - metav1.ConditionTrue, - v1beta1.ListenerReasonProtocolConflict, - "All listeners for a given port must use a compatible protocol", - ) - } + // Set Conflicted conditions for any listeners with conflicting specs. + for _, info := range portListenerInfo { + for _, listener := range info.listeners { + if len(info.protocols) > 1 { + listener.SetCondition( + v1beta1.ListenerConditionConflicted, + metav1.ConditionTrue, + v1beta1.ListenerReasonProtocolConflict, + "All listeners for a given port must use a compatible protocol", + ) + } - var hostname string - if listener.Hostname != nil { - hostname = string(*listener.Hostname) - } + var hostname string + if listener.Hostname != nil { + hostname = string(*listener.Hostname) + } - if info.hostnames[hostname] > 1 { - listener.SetCondition( - v1beta1.ListenerConditionConflicted, - metav1.ConditionTrue, - v1beta1.ListenerReasonHostnameConflict, - "All listeners for a given port must use a unique hostname", - ) + if info.hostnames[hostname] > 1 { + listener.SetCondition( + v1beta1.ListenerConditionConflicted, + metav1.ConditionTrue, + v1beta1.ListenerReasonHostnameConflict, + "All listeners for a given port must use a unique hostname", + ) + } } } } - // Infra IR proxy ports must be unique. - var foundPorts []int32 - // Iterate through all listeners to validate spec // and compute status for each, and add valid ones // to the Xds IR. for _, gateway := range gateways { + // init IR per gateway + irKey := irStringKey(gateway.Gateway) + gwXdsIR := &ir.Xds{} + gwInfraIR := ir.NewInfra() + gwInfraIR.Proxy.Name = irKey + gwInfraIR.Proxy.GetProxyMetadata().Labels = GatewayOwnerLabel(gateway.Name) + // save the IR references in the map before the translation starts + xdsIR[irKey] = gwXdsIR + infraIR[irKey] = gwInfraIR + + // Infra IR proxy ports must be unique. + var foundPorts []int32 + for _, listener := range gateway.listeners { // Process protocol & supported kinds switch listener.Protocol { @@ -456,7 +468,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR *ir.Xds, // see more https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.Listener. irListener.Hostnames = append(irListener.Hostnames, "*") } - xdsIR.HTTP = append(xdsIR.HTTP, irListener) + gwXdsIR.HTTP = append(gwXdsIR.HTTP, irListener) // Add the listener to the Infra IR. Infra IR ports must have a unique port number. if !slices.Contains(foundPorts, servicePort) { @@ -472,9 +484,11 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR *ir.Xds, ContainerPort: containerPort, } // Only 1 listener is supported. - infraIR.Proxy.Listeners[0].Ports = append(infraIR.Proxy.Listeners[0].Ports, infraPort) + gwInfraIR.Proxy.Listeners[0].Ports = append(gwInfraIR.Proxy.Listeners[0].Ports, infraPort) } } + // sort result to ensure translation does not change across reboots. + sort.Slice(xdsIR[irKey].HTTP, func(i, j int) bool { return xdsIR[irKey].HTTP[i].Name < xdsIR[irKey].HTTP[j].Name }) } } @@ -491,7 +505,7 @@ func servicePortToContainerPort(servicePort int32) int32 { return servicePort } -func (t *Translator) ProcessHTTPRoutes(httpRoutes []*v1beta1.HTTPRoute, gateways []*GatewayContext, resources *Resources, xdsIR *ir.Xds) []*HTTPRouteContext { +func (t *Translator) ProcessHTTPRoutes(httpRoutes []*v1beta1.HTTPRoute, gateways []*GatewayContext, resources *Resources, xdsIR XdsIRMap) []*HTTPRouteContext { var relevantHTTPRoutes []*HTTPRouteContext for _, h := range httpRoutes { @@ -1044,7 +1058,8 @@ func (t *Translator) ProcessHTTPRoutes(httpRoutes []*v1beta1.HTTPRoute, gateways } } - irListener := xdsIR.GetListener(irListenerName(listener)) + irKey := irStringKey(listener.gateway) + irListener := xdsIR[irKey].GetListener(irListenerName(listener)) if irListener != nil { irListener.Routes = append(irListener.Routes, perHostRoutes...) } @@ -1161,6 +1176,10 @@ func isValidHostname(hostname string) error { return nil } +func irStringKey(gateway *v1beta1.Gateway) string { + return fmt.Sprintf("%s-%s", gateway.Namespace, gateway.Name) +} + func irListenerName(listener *ListenerContext) string { return fmt.Sprintf("%s-%s-%s", listener.gateway.Namespace, listener.gateway.Name, listener.Name) } @@ -1184,8 +1203,8 @@ func irTLSConfig(tlsSecret *v1.Secret) *ir.TLSListenerConfig { } } -// GatewayClassOwnerLabel returns the GatewayCLass Owner label using +// GatewayOwnerLabel returns the Gateway Owner label using // the provided name as the value. -func GatewayClassOwnerLabel(name string) map[string]string { - return map[string]string{OwningGatewayClassLabel: name} +func GatewayOwnerLabel(name string) map[string]string { + return map[string]string{OwningGatewayLabel: name} } diff --git a/internal/gatewayapi/translator_test.go b/internal/gatewayapi/translator_test.go index 90c199a2f9..b62664e1e8 100644 --- a/internal/gatewayapi/translator_test.go +++ b/internal/gatewayapi/translator_test.go @@ -4,7 +4,6 @@ import ( "fmt" "os" "path/filepath" - "sort" "strconv" "strings" "testing" @@ -77,7 +76,6 @@ func TestTranslate(t *testing.T) { got := translator.Translate(resources) - sort.Slice(got.XdsIR.HTTP, func(i, j int) bool { return got.XdsIR.HTTP[i].Name < got.XdsIR.HTTP[j].Name }) opts := cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime") require.Empty(t, cmp.Diff(want, got, opts)) }) diff --git a/internal/infrastructure/kubernetes/deployment.go b/internal/infrastructure/kubernetes/deployment.go index 3334d5c8af..6abf23f466 100644 --- a/internal/infrastructure/kubernetes/deployment.go +++ b/internal/infrastructure/kubernetes/deployment.go @@ -93,6 +93,10 @@ func (b *bootstrapConfig) render() error { return nil } +func expectedDeploymentName(proxyName string) string { + return fmt.Sprintf("%s-%s", config.EnvoyDeploymentPrefix, proxyName) +} + // expectedDeployment returns the expected Deployment based on the provided infra. func (i *Infra) expectedDeployment(infra *ir.Infra) (*appsv1.Deployment, error) { containers, err := expectedContainers(infra) @@ -102,8 +106,8 @@ func (i *Infra) expectedDeployment(infra *ir.Infra) (*appsv1.Deployment, error) // Set the labels based on the owning gatewayclass name. labels := envoyLabels(infra.GetProxyInfra().GetProxyMetadata().Labels) - if _, ok := labels[gatewayapi.OwningGatewayClassLabel]; !ok { - return nil, fmt.Errorf("missing owning gatewayclass label") + if _, ok := labels[gatewayapi.OwningGatewayLabel]; !ok { + return nil, fmt.Errorf("missing owning gateway label") } deployment := &appsv1.Deployment{ @@ -113,7 +117,7 @@ func (i *Infra) expectedDeployment(infra *ir.Infra) (*appsv1.Deployment, error) }, ObjectMeta: metav1.ObjectMeta{ Namespace: i.Namespace, - Name: config.EnvoyDeploymentName, + Name: expectedDeploymentName(infra.Proxy.Name), Labels: labels, }, Spec: appsv1.DeploymentSpec{ @@ -125,7 +129,7 @@ func (i *Infra) expectedDeployment(infra *ir.Infra) (*appsv1.Deployment, error) }, Spec: corev1.PodSpec{ Containers: containers, - ServiceAccountName: envoyServiceAccountName, + ServiceAccountName: expectedServiceAccountName(infra.Proxy.Name), AutomountServiceAccountToken: pointer.BoolPtr(false), TerminationGracePeriodSeconds: pointer.Int64Ptr(int64(300)), DNSPolicy: corev1.DNSClusterFirst, @@ -211,7 +215,7 @@ func expectedContainers(infra *ir.Infra) ([]corev1.Container, error) { "envoy", }, Args: []string{ - fmt.Sprintf("--service-cluster $(%s)", envoyNsEnvVar), + fmt.Sprintf("--service-cluster %s", infra.Proxy.Name), fmt.Sprintf("--service-node $(%s)", envoyPodEnvVar), fmt.Sprintf("--config-yaml %s", cfg.rendered), "--log-level info", @@ -267,7 +271,7 @@ func (i *Infra) createOrUpdateDeployment(ctx context.Context, infra *ir.Infra) e current := &appsv1.Deployment{} key := types.NamespacedName{ Namespace: i.Namespace, - Name: config.EnvoyDeploymentName, + Name: expectedDeploymentName(infra.Proxy.Name), } if err := i.Client.Get(ctx, key, current); err != nil { @@ -295,12 +299,12 @@ func (i *Infra) createOrUpdateDeployment(ctx context.Context, infra *ir.Infra) e return nil } -// deleteService deletes the Envoy Deployment in the kube api server, if it exists. -func (i *Infra) deleteDeployment(ctx context.Context) error { +// deleteDeployment deletes the Envoy Deployment in the kube api server, if it exists. +func (i *Infra) deleteDeployment(ctx context.Context, infra *ir.Infra) error { deploy := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Namespace: i.Namespace, - Name: config.EnvoyDeploymentName, + Name: expectedDeploymentName(infra.Proxy.Name), }, } diff --git a/internal/infrastructure/kubernetes/deployment_test.go b/internal/infrastructure/kubernetes/deployment_test.go index cda4bac0fb..0c7174c93c 100644 --- a/internal/infrastructure/kubernetes/deployment_test.go +++ b/internal/infrastructure/kubernetes/deployment_test.go @@ -6,6 +6,7 @@ import ( "sync" "testing" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -103,10 +104,13 @@ func TestExpectedDeployment(t *testing.T) { cli := fakeclient.NewClientBuilder().WithScheme(envoygateway.GetScheme()).WithObjects().Build() kube := NewInfra(cli) infra := ir.NewInfra() - infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayClassLabel] = "test-gc" + infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayLabel] = infra.Proxy.Name deploy, err := kube.expectedDeployment(infra) require.NoError(t, err) + // Check the deployment name is as expected. + assert.Equal(t, deploy.Name, expectedDeploymentName(infra.Proxy.Name)) + // Check container details, i.e. env vars, labels, etc. for the deployment are as expected. container := checkContainer(t, deploy, envoyContainerName, true) checkContainerImage(t, container, ir.DefaultProxyImage) @@ -152,7 +156,7 @@ func deploymentWithImage(deploy *appsv1.Deployment, image string) *appsv1.Deploy func TestCreateOrUpdateDeployment(t *testing.T) { kube := NewInfra(nil) infra := ir.NewInfra() - infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayClassLabel] = "test-gc" + infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayLabel] = infra.Proxy.Name deploy, err := kube.expectedDeployment(infra) require.NoError(t, err) @@ -182,7 +186,7 @@ func TestCreateOrUpdateDeployment(t *testing.T) { in: &ir.Infra{ Proxy: &ir.ProxyInfra{ Metadata: &ir.InfraMetadata{ - Labels: map[string]string{gatewayapi.OwningGatewayClassLabel: "test-gc"}, + Labels: map[string]string{gatewayapi.OwningGatewayLabel: infra.Proxy.Name}, }, Name: ir.DefaultProxyName, Image: "envoyproxy/gateway-dev:v1.2.3", @@ -231,7 +235,8 @@ func TestDeleteDeployment(t *testing.T) { mu: sync.Mutex{}, Namespace: "test", } - err := kube.deleteDeployment(context.Background()) + infra := ir.NewInfra() + err := kube.deleteDeployment(context.Background(), infra) require.NoError(t, err) }) } diff --git a/internal/infrastructure/kubernetes/infra.go b/internal/infrastructure/kubernetes/infra.go index d2adc1c415..abd9ed951b 100644 --- a/internal/infrastructure/kubernetes/infra.go +++ b/internal/infrastructure/kubernetes/infra.go @@ -117,11 +117,11 @@ func (i *Infra) DeleteInfra(ctx context.Context, infra *ir.Infra) error { return errors.New("infra ir is nil") } - if err := i.deleteService(ctx); err != nil { + if err := i.deleteService(ctx, infra); err != nil { return err } - if err := i.deleteDeployment(ctx); err != nil { + if err := i.deleteDeployment(ctx, infra); err != nil { return err } @@ -129,7 +129,7 @@ func (i *Infra) DeleteInfra(ctx context.Context, infra *ir.Infra) error { return err } - if err := i.deleteServiceAccount(ctx); err != nil { + if err := i.deleteServiceAccount(ctx, infra); err != nil { return err } diff --git a/internal/infrastructure/kubernetes/infra_test.go b/internal/infrastructure/kubernetes/infra_test.go index 7111a28968..dad1b72b4b 100644 --- a/internal/infrastructure/kubernetes/infra_test.go +++ b/internal/infrastructure/kubernetes/infra_test.go @@ -20,7 +20,7 @@ func TestCreateInfra(t *testing.T) { expected := ir.NewInfra() // Apply the expected labels to the proxy infra. expected.GetProxyInfra().GetProxyMetadata().Labels = envoyAppLabel() - expected.GetProxyInfra().GetProxyMetadata().Labels[gatewayapi.OwningGatewayClassLabel] = "test-gc" + expected.GetProxyInfra().GetProxyMetadata().Labels[gatewayapi.OwningGatewayLabel] = "test-gw" testCases := []struct { name string @@ -58,7 +58,7 @@ func TestCreateInfra(t *testing.T) { }, ObjectMeta: metav1.ObjectMeta{ Namespace: "default", - Name: "envoy", + Name: "envoy-default", ResourceVersion: "1", }, }, diff --git a/internal/infrastructure/kubernetes/service.go b/internal/infrastructure/kubernetes/service.go index 47c3e34d81..b73f2548c1 100644 --- a/internal/infrastructure/kubernetes/service.go +++ b/internal/infrastructure/kubernetes/service.go @@ -16,6 +16,10 @@ import ( "github.com/envoyproxy/gateway/internal/ir" ) +func expectedServiceName(proxyName string) string { + return fmt.Sprintf("%s-%s", config.EnvoyServicePrefix, proxyName) +} + // expectedService returns the expected Service based on the provided infra. func (i *Infra) expectedService(infra *ir.Infra) (*corev1.Service, error) { var ports []corev1.ServicePort @@ -34,14 +38,14 @@ func (i *Infra) expectedService(infra *ir.Infra) (*corev1.Service, error) { // Set the labels based on the owning gatewayclass name. labels := envoyLabels(infra.GetProxyInfra().GetProxyMetadata().Labels) - if _, ok := labels[gatewayapi.OwningGatewayClassLabel]; !ok { - return nil, fmt.Errorf("missing owning gatewayclass label") + if _, ok := labels[gatewayapi.OwningGatewayLabel]; !ok { + return nil, fmt.Errorf("missing owning gateway label") } svc := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Namespace: i.Namespace, - Name: config.EnvoyServiceName, + Name: expectedServiceName(infra.Proxy.Name), Labels: labels, }, Spec: corev1.ServiceSpec{ @@ -68,7 +72,7 @@ func (i *Infra) createOrUpdateService(ctx context.Context, infra *ir.Infra) erro current := &corev1.Service{} key := types.NamespacedName{ Namespace: i.Namespace, - Name: config.EnvoyServiceName, + Name: expectedServiceName(infra.Proxy.Name), } if err := i.Client.Get(ctx, key, current); err != nil { @@ -97,11 +101,11 @@ func (i *Infra) createOrUpdateService(ctx context.Context, infra *ir.Infra) erro } // deleteService deletes the Envoy Service in the kube api server, if it exists. -func (i *Infra) deleteService(ctx context.Context) error { +func (i *Infra) deleteService(ctx context.Context, infra *ir.Infra) error { svc := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Namespace: i.Namespace, - Name: config.EnvoyServiceName, + Name: expectedServiceName(infra.Proxy.Name), }, } diff --git a/internal/infrastructure/kubernetes/service_test.go b/internal/infrastructure/kubernetes/service_test.go index 29cd821fb6..d5af20d74e 100644 --- a/internal/infrastructure/kubernetes/service_test.go +++ b/internal/infrastructure/kubernetes/service_test.go @@ -5,6 +5,7 @@ import ( "sync" "testing" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" @@ -64,7 +65,7 @@ func TestDesiredService(t *testing.T) { cli := fakeclient.NewClientBuilder().WithScheme(envoygateway.GetScheme()).WithObjects().Build() kube := NewInfra(cli) infra := ir.NewInfra() - infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayClassLabel] = "test-gc" + infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayLabel] = infra.Proxy.Name infra.Proxy.Listeners[0].Ports = []ir.ListenerPort{ { Name: "gateway-system-gateway-1", @@ -82,6 +83,9 @@ func TestDesiredService(t *testing.T) { svc, err := kube.expectedService(infra) require.NoError(t, err) + // Check the service name is as expected. + assert.Equal(t, svc.Name, expectedDeploymentName(infra.Proxy.Name)) + checkServiceHasPort(t, svc, 80) checkServiceHasPort(t, svc, 443) checkServiceHasTargetPort(t, svc, 2080) @@ -89,7 +93,7 @@ func TestDesiredService(t *testing.T) { // Ensure the Envoy service has the expected labels. lbls := envoyAppLabel() - lbls[gatewayapi.OwningGatewayClassLabel] = "test-gc" + lbls[gatewayapi.OwningGatewayLabel] = infra.Proxy.Name checkServiceHasLabels(t, svc, lbls) for _, port := range infra.Proxy.Listeners[0].Ports { @@ -114,7 +118,8 @@ func TestDeleteService(t *testing.T) { mu: sync.Mutex{}, Namespace: "test", } - err := kube.deleteService(context.Background()) + infra := ir.NewInfra() + err := kube.deleteService(context.Background(), infra) require.NoError(t, err) }) } diff --git a/internal/infrastructure/kubernetes/serviceaccount.go b/internal/infrastructure/kubernetes/serviceaccount.go index e392ea93cf..e8448899c8 100644 --- a/internal/infrastructure/kubernetes/serviceaccount.go +++ b/internal/infrastructure/kubernetes/serviceaccount.go @@ -13,11 +13,15 @@ import ( ) const ( - envoyServiceAccountName = "envoy" + envoyServiceAccountPrefix = "envoy" ) +func expectedServiceAccountName(proxyName string) string { + return fmt.Sprintf("%s-%s", envoyServiceAccountPrefix, proxyName) +} + // expectedServiceAccount returns the expected proxy serviceAccount. -func (i *Infra) expectedServiceAccount() *corev1.ServiceAccount { +func (i *Infra) expectedServiceAccount(infra *ir.Infra) *corev1.ServiceAccount { return &corev1.ServiceAccount{ TypeMeta: metav1.TypeMeta{ Kind: "ServiceAccount", @@ -25,20 +29,20 @@ func (i *Infra) expectedServiceAccount() *corev1.ServiceAccount { }, ObjectMeta: metav1.ObjectMeta{ Namespace: i.Namespace, - Name: envoyServiceAccountName, + Name: expectedServiceAccountName(infra.Proxy.Name), }, } } // createOrUpdateServiceAccount creates the Envoy ServiceAccount in the kube api server, // if it doesn't exist and updates it if it does. -func (i *Infra) createOrUpdateServiceAccount(ctx context.Context, _ *ir.Infra) error { - sa := i.expectedServiceAccount() +func (i *Infra) createOrUpdateServiceAccount(ctx context.Context, infra *ir.Infra) error { + sa := i.expectedServiceAccount(infra) current := &corev1.ServiceAccount{} key := types.NamespacedName{ Namespace: i.Namespace, - Name: envoyServiceAccountName, + Name: expectedServiceAccountName(infra.Proxy.Name), } if err := i.Client.Get(ctx, key, current); err != nil { @@ -67,11 +71,11 @@ func (i *Infra) createOrUpdateServiceAccount(ctx context.Context, _ *ir.Infra) e // deleteServiceAccount deletes the Envoy ServiceAccount in the kube api server, // if it exists. -func (i *Infra) deleteServiceAccount(ctx context.Context) error { +func (i *Infra) deleteServiceAccount(ctx context.Context, infra *ir.Infra) error { sa := &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Namespace: i.Namespace, - Name: envoyServiceAccountName, + Name: expectedServiceAccountName(infra.Proxy.Name), }, } if err := i.Client.Delete(ctx, sa); err != nil { diff --git a/internal/infrastructure/kubernetes/serviceaccount_test.go b/internal/infrastructure/kubernetes/serviceaccount_test.go index b08317f08d..67423f6948 100644 --- a/internal/infrastructure/kubernetes/serviceaccount_test.go +++ b/internal/infrastructure/kubernetes/serviceaccount_test.go @@ -14,9 +14,21 @@ import ( fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake" "github.com/envoyproxy/gateway/internal/envoygateway" + "github.com/envoyproxy/gateway/internal/gatewayapi" "github.com/envoyproxy/gateway/internal/ir" ) +func TestExpectedServiceAccount(t *testing.T) { + cli := fakeclient.NewClientBuilder().WithScheme(envoygateway.GetScheme()).WithObjects().Build() + kube := NewInfra(cli) + infra := ir.NewInfra() + infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayLabel] = infra.Proxy.Name + sa := kube.expectedServiceAccount(infra) + + // Check the serviceaccount name is as expected. + assert.Equal(t, sa.Name, expectedServiceAccountName(infra.Proxy.Name)) +} + func TestCreateOrUpdateServiceAccount(t *testing.T) { testCases := []struct { name string @@ -41,7 +53,7 @@ func TestCreateOrUpdateServiceAccount(t *testing.T) { }, ObjectMeta: metav1.ObjectMeta{ Namespace: "test", - Name: "envoy", + Name: "envoy-test", }, }, }, @@ -61,7 +73,7 @@ func TestCreateOrUpdateServiceAccount(t *testing.T) { }, ObjectMeta: metav1.ObjectMeta{ Namespace: "test", - Name: "envoy", + Name: "envoy-test", }, }, out: &Resources{ @@ -72,7 +84,7 @@ func TestCreateOrUpdateServiceAccount(t *testing.T) { }, ObjectMeta: metav1.ObjectMeta{ Namespace: "test", - Name: "envoy", + Name: "envoy-test", }, }, }, @@ -119,7 +131,8 @@ func TestDeleteServiceAccount(t *testing.T) { mu: sync.Mutex{}, Namespace: "test", } - err := kube.deleteServiceAccount(context.Background()) + infra := ir.NewInfra() + err := kube.deleteServiceAccount(context.Background(), infra) require.NoError(t, err) }) } diff --git a/internal/infrastructure/runner/runner.go b/internal/infrastructure/runner/runner.go index 101a31d8ab..aa831770e3 100644 --- a/internal/infrastructure/runner/runner.go +++ b/internal/infrastructure/runner/runner.go @@ -43,23 +43,23 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) { // Subscribe to resources for range r.InfraIR.Subscribe(ctx) { r.Logger.Info("received a notification") - in := r.InfraIR.Get() - switch { - case in == nil: - // The resource map is nil at startup. - r.Logger.Info("infra ir is nil, skipping") - continue - case in.Proxy == nil: - if err := r.mgr.DeleteInfra(ctx, in); err != nil { - r.Logger.Error(err, "failed to delete infra") - } - default: - // Manage the proxy infra. - if err := r.mgr.CreateInfra(ctx, in); err != nil { - r.Logger.Error(err, "failed to create new infra") + for _, in := range r.InfraIR.LoadAll() { + switch { + case in == nil: + // The resource map is nil at startup. + r.Logger.Info("infra ir is nil, skipping") + continue + case in.Proxy == nil: + if err := r.mgr.DeleteInfra(ctx, in); err != nil { + r.Logger.Error(err, "failed to delete infra") + } + default: + // Manage the proxy infra. + if err := r.mgr.CreateInfra(ctx, in); err != nil { + r.Logger.Error(err, "failed to create new infra") + } } } + r.Logger.Info("subscriber shutting down") } - - r.Logger.Info("subscriber shutting down") } diff --git a/internal/message/types.go b/internal/message/types.go index b42e7896da..8dc8f29f14 100644 --- a/internal/message/types.go +++ b/internal/message/types.go @@ -34,6 +34,12 @@ func (p *ProviderResources) DeleteGatewayClasses() { } } +func (p *ProviderResources) DeleteGateways() { + for k := range p.Gateways.LoadAll() { + p.Gateways.Delete(k) + } +} + func (p *ProviderResources) GetGatewayClasses() []*gwapiv1b1.GatewayClass { if p.GatewayClasses.Len() == 0 { return nil @@ -96,36 +102,12 @@ type XdsIR struct { watchable.Map[string, *ir.Xds] } -func (x *XdsIR) Get() *ir.Xds { - // Iterate and return the first element - for _, v := range x.LoadAll() { - return v - } - return nil -} - // InfraIR message type InfraIR struct { watchable.Map[string, *ir.Infra] } -func (i *InfraIR) Get() *ir.Infra { - // Iterate and return the first element - for _, v := range i.LoadAll() { - return v - } - return nil -} - // Xds message type Xds struct { watchable.Map[string, *xdstypes.ResourceVersionTable] } - -func (x *Xds) Get() *xdstypes.ResourceVersionTable { - // Iterate and return the first element - for _, v := range x.LoadAll() { - return v - } - return nil -} diff --git a/internal/message/types_test.go b/internal/message/types_test.go index 0bdbfd93b1..66080298d0 100644 --- a/internal/message/types_test.go +++ b/internal/message/types_test.go @@ -3,20 +3,11 @@ package message import ( "testing" - "github.com/google/go-cmp/cmp" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "google.golang.org/protobuf/testing/protocmp" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1" - - "github.com/envoyproxy/gateway/internal/ir" - xdstypes "github.com/envoyproxy/gateway/internal/xds/types" - listenerv3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - xdscachetypes "github.com/envoyproxy/go-control-plane/pkg/cache/types" - resourcev3 "github.com/envoyproxy/go-control-plane/pkg/resource/v3" ) func TestProviderResources(t *testing.T) { @@ -166,36 +157,3 @@ func TestProviderResources(t *testing.T) { resources.DeleteGatewayClasses() assert.Nil(t, resources.GetGatewayClasses()) } - -func TestXdsIR(t *testing.T) { - msg := new(XdsIR) - assert.Nil(t, msg.Get()) - in := &ir.Xds{ - HTTP: []*ir.HTTPListener{{Name: "test"}}, - } - msg.Store("xds-ir", in) - assert.Equal(t, msg.Get(), in) -} - -func TestInfraIR(t *testing.T) { - msg := new(InfraIR) - assert.Nil(t, msg.Get()) - in := &ir.Infra{ - Proxy: &ir.ProxyInfra{Name: "test"}, - } - msg.Store("infra-ir", in) - assert.Equal(t, msg.Get(), in) -} - -func TestXds(t *testing.T) { - msg := new(Xds) - assert.Nil(t, msg.Get()) - in := &xdstypes.ResourceVersionTable{ - XdsResources: xdstypes.XdsResources{ - resourcev3.ListenerType: []xdscachetypes.Resource{&listenerv3.Listener{Name: "test"}}, - }, - } - msg.Store("xds", in) - diff := cmp.Diff(in, msg.Get(), protocmp.Transform()) - require.Empty(t, diff) -} diff --git a/internal/provider/kubernetes/gateway.go b/internal/provider/kubernetes/gateway.go index 8980395f3f..e7fef58c98 100644 --- a/internal/provider/kubernetes/gateway.go +++ b/internal/provider/kubernetes/gateway.go @@ -117,7 +117,7 @@ func (r *gatewayReconciler) hasMatchingController(obj client.Object) bool { func (r *gatewayReconciler) enqueueRequestForOwningGatewayClass() handler.EventHandler { return handler.EnqueueRequestsFromMapFunc(func(a client.Object) []reconcile.Request { labels := a.GetLabels() - gcName, found := labels[gatewayapi.OwningGatewayClassLabel] + gcName, found := labels[gatewayapi.OwningGatewayLabel] if found { var reqs []reconcile.Request for _, gw := range r.resources.Gateways.LoadAll() { @@ -200,14 +200,14 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Req gw := acceptedGateways[i] // Get the status of the Gateway's associated Envoy Deployment. - deployment, err := r.envoyDeploymentForGateway(ctx) + deployment, err := r.envoyDeploymentForGateway(ctx, &gw) if err != nil { r.log.Info("failed to get deployment for gateway", "namespace", gw.Namespace, "name", gw.Name) } // Get the status address of the Gateway's associated Envoy Service. - svc, err := r.envoyServiceForGateway(ctx) + svc, err := r.envoyServiceForGateway(ctx, &gw) if err != nil { r.log.Info("failed to get service for gateway", "namespace", gw.Namespace, "name", gw.Name) @@ -272,10 +272,10 @@ func gatewaysOfClass(gc *gwapiv1b1.GatewayClass, gwList *gwapiv1b1.GatewayList) } // envoyServiceForGateway returns the Envoy service, returning nil if the service doesn't exist. -func (r *gatewayReconciler) envoyServiceForGateway(ctx context.Context) (*corev1.Service, error) { +func (r *gatewayReconciler) envoyServiceForGateway(ctx context.Context, gateway *gwapiv1b1.Gateway) (*corev1.Service, error) { key := types.NamespacedName{ Namespace: config.EnvoyGatewayNamespace, - Name: config.EnvoyServiceName, + Name: infraServiceName(gateway), } svc := new(corev1.Service) if err := r.client.Get(ctx, key, svc); err != nil { @@ -312,10 +312,10 @@ func (r *gatewayReconciler) removeFinalizer(ctx context.Context, gc *gwapiv1b1.G } // envoyDeploymentForGateway returns the Envoy Deployment, returning nil if the Deployment doesn't exist. -func (r *gatewayReconciler) envoyDeploymentForGateway(ctx context.Context) (*appsv1.Deployment, error) { +func (r *gatewayReconciler) envoyDeploymentForGateway(ctx context.Context, gateway *gwapiv1b1.Gateway) (*appsv1.Deployment, error) { key := types.NamespacedName{ Namespace: config.EnvoyGatewayNamespace, - Name: config.EnvoyDeploymentName, + Name: infraDeploymentName(gateway), } deployment := new(appsv1.Deployment) if err := r.client.Get(ctx, key, deployment); err != nil { @@ -360,3 +360,11 @@ func (r *gatewayReconciler) subscribeAndUpdateStatus(ctx context.Context) { } r.log.Info("status subscriber shutting down") } + +func infraServiceName(gateway *gwapiv1b1.Gateway) string { + return fmt.Sprintf("%s-%s-%s", config.EnvoyServicePrefix, gateway.Namespace, gateway.Name) +} + +func infraDeploymentName(gateway *gwapiv1b1.Gateway) string { + return fmt.Sprintf("%s-%s-%s", config.EnvoyDeploymentPrefix, gateway.Namespace, gateway.Name) +} diff --git a/internal/xds/cache/snapshotcache.go b/internal/xds/cache/snapshotcache.go index 5b6997cd98..5bef693724 100644 --- a/internal/xds/cache/snapshotcache.go +++ b/internal/xds/cache/snapshotcache.go @@ -10,6 +10,7 @@ import ( "strconv" "sync" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" envoy_cache_v3 "github.com/envoyproxy/go-control-plane/pkg/cache/v3" envoy_server_v3 "github.com/envoyproxy/go-control-plane/pkg/server/v3" @@ -32,26 +33,25 @@ var Hash = envoy_cache_v3.IDHash{} type SnapshotCacheWithCallbacks interface { envoy_cache_v3.SnapshotCache envoy_server_v3.Callbacks - GenerateNewSnapshot(types.XdsResources) error + GenerateNewSnapshot(string, types.XdsResources) error } -type snapshotcache struct { - envoy_cache_v3.SnapshotCache - - lastSnapshot *envoy_cache_v3.Snapshot - - log *LogrWrapper +type snapshotMap map[string]*envoy_cache_v3.Snapshot - streamIDNodeID map[int64]string +type nodeInfoMap map[int64]*envoy_config_core_v3.Node - snapshotVersion int64 - - mu sync.Mutex +type snapshotcache struct { + envoy_cache_v3.SnapshotCache + streamIDNodeInfo nodeInfoMap + snapshotVersion int64 + lastSnapshot snapshotMap + log *LogrWrapper + mu sync.Mutex } // GenerateNewSnapshot takes a table of resources (the output from the IR->xDS // translator) and updates the snapshot version. -func (s *snapshotcache) GenerateNewSnapshot(resources types.XdsResources) error { +func (s *snapshotcache) GenerateNewSnapshot(irKey string, resources types.XdsResources) error { s.mu.Lock() defer s.mu.Unlock() @@ -67,9 +67,9 @@ func (s *snapshotcache) GenerateNewSnapshot(resources types.XdsResources) error return err } - s.lastSnapshot = snapshot + s.lastSnapshot[irKey] = snapshot - for _, node := range s.getNodeIDs() { + for _, node := range s.getNodeIDs(irKey) { s.log.Debugf("Generating a snapshot with Node %s", node) err := s.SetSnapshot(context.TODO(), node, snapshot) if err != nil { @@ -102,20 +102,21 @@ func NewSnapshotCache(ads bool, logger logr.Logger) SnapshotCacheWithCallbacks { // Set up the nasty wrapper hack. wrappedLogger := NewLogrWrapper(logger) return &snapshotcache{ - SnapshotCache: envoy_cache_v3.NewSnapshotCache(ads, &Hash, wrappedLogger), - log: wrappedLogger, - streamIDNodeID: make(map[int64]string), + SnapshotCache: envoy_cache_v3.NewSnapshotCache(ads, &Hash, wrappedLogger), + log: wrappedLogger, + lastSnapshot: make(snapshotMap), + streamIDNodeInfo: make(nodeInfoMap), } } -func (s *snapshotcache) getNodeIDs() []string { - +// getNodeIDs retrieves the node ids from the node info map whose +// cluster field matches the ir key +func (s *snapshotcache) getNodeIDs(irKey string) []string { var nodeIDs []string - - for _, node := range s.streamIDNodeID { - - nodeIDs = append(nodeIDs, node) - + for _, node := range s.streamIDNodeInfo { + if node.Cluster == irKey { + nodeIDs = append(nodeIDs, node.Id) + } } return nodeIDs @@ -129,7 +130,7 @@ func (s *snapshotcache) OnStreamOpen(ctx context.Context, streamID int64, typeUR s.mu.Lock() defer s.mu.Unlock() - s.streamIDNodeID[streamID] = "" + s.streamIDNodeInfo[streamID] = nil return nil } @@ -139,7 +140,7 @@ func (s *snapshotcache) OnStreamClosed(streamID int64) { s.mu.Lock() defer s.mu.Unlock() - delete(s.streamIDNodeID, streamID) + delete(s.streamIDNodeInfo, streamID) } @@ -153,15 +154,15 @@ func (s *snapshotcache) OnStreamRequest(streamID int64, req *envoy_service_disco // It's possible that only the first discovery request will have a node ID set. // We also need to save the node ID to the node list anyway. // So check if we have a nodeID for this stream already, then set it if not. - nodeID := s.streamIDNodeID[streamID] - if nodeID == "" { - nodeID = Hash.ID(req.Node) - if nodeID == "" { - return fmt.Errorf("couldn't hash the node ID from the first discovery request on stream %d", streamID) + if s.streamIDNodeInfo[streamID] == nil { + if req.Node.Id == "" { + return fmt.Errorf("couldn't get the node ID from the first discovery request on stream %d", streamID) } - s.log.Debugf("First discovery request on stream %d, got nodeID %s", streamID, nodeID) - s.streamIDNodeID[streamID] = nodeID + s.log.Debugf("First discovery request on stream %d, got nodeID %s", streamID, req.Node.Id) + s.streamIDNodeInfo[streamID] = req.Node } + nodeID := s.streamIDNodeInfo[streamID].Id + cluster := s.streamIDNodeInfo[streamID].Cluster var nodeVersion string @@ -170,13 +171,13 @@ func (s *snapshotcache) OnStreamRequest(streamID int64, req *envoy_service_disco // If no snapshot has been generated yet, we can't do anything, so don't mess with this request. // go-control-plane will respond with an empty response, then send an update when a snapshot is generated. - if s.lastSnapshot == nil { + if s.lastSnapshot[cluster] == nil { return nil } _, err := s.GetSnapshot(nodeID) if err != nil { - err = s.SetSnapshot(context.TODO(), nodeID, s.lastSnapshot) + err = s.SetSnapshot(context.TODO(), nodeID, s.lastSnapshot[cluster]) if err != nil { return err } @@ -208,13 +209,12 @@ func (s *snapshotcache) OnStreamRequest(streamID int64, req *envoy_service_disco func (s *snapshotcache) OnStreamResponse(ctx context.Context, streamID int64, req *envoy_service_discovery_v3.DiscoveryRequest, resp *envoy_service_discovery_v3.DiscoveryResponse) { // No mutex lock required here because no writing to the cache. - - nodeID := s.streamIDNodeID[streamID] - if nodeID == "" { + node := s.streamIDNodeInfo[streamID] + if node == nil { s.log.Errorf("Tried to send a response to a node we haven't seen yet on stream %d", streamID) + } else { + s.log.Debugf("Sending Response on stream %d to node %s", streamID, node.Id) } - - s.log.Debugf("Sending Response on stream %d to node %s", streamID, nodeID) } // OnDeltaStreamOpen and the other OnDeltaStream*/OnStreamDelta* functions implement @@ -226,7 +226,7 @@ func (s *snapshotcache) OnDeltaStreamOpen(ctx context.Context, streamID int64, t defer s.mu.Unlock() // Ensure that we're adding the streamID to the Node ID list. - s.streamIDNodeID[streamID] = "" + s.streamIDNodeInfo[streamID] = nil return nil } @@ -236,53 +236,50 @@ func (s *snapshotcache) OnDeltaStreamClosed(streamID int64) { s.mu.Lock() defer s.mu.Unlock() - delete(s.streamIDNodeID, streamID) + delete(s.streamIDNodeInfo, streamID) } func (s *snapshotcache) OnStreamDeltaRequest(streamID int64, req *envoy_service_discovery_v3.DeltaDiscoveryRequest) error { - s.mu.Lock() // We could do this a little earlier than with a defer, since the last half of this func is logging // but that seemed like a premature optimization. defer s.mu.Unlock() var nodeVersion string - var errorCode int32 var errorMessage string // It's possible that only the first incremental discovery request will have a node ID set. // We also need to save the node ID to the node list anyway. // So check if we have a nodeID for this stream already, then set it if not. - nodeID := s.streamIDNodeID[streamID] - if nodeID == "" { - nodeID = Hash.ID(req.Node) - if nodeID == "" { - return fmt.Errorf("couldn't hash the node ID from the first incremental discovery request on stream %d", streamID) + node := s.streamIDNodeInfo[streamID] + if node == nil { + if req.Node.Id == "" { + return fmt.Errorf("couldn't get the node ID from the first incremental discovery request on stream %d", streamID) } - s.log.Debugf("First incremental discovery request on stream %d, got nodeID %s", streamID, nodeID) - s.streamIDNodeID[streamID] = nodeID + s.log.Debugf("First incremental discovery request on stream %d, got nodeID %s", streamID, req.Node.Id) + s.streamIDNodeInfo[streamID] = req.Node } + nodeID := s.streamIDNodeInfo[streamID].Id + cluster := s.streamIDNodeInfo[streamID].Cluster // If no snapshot has been written into the snapshotcache yet, we can't do anything, so don't mess with // this request. go-control-plane will respond with an empty response, then send an update when a // snapshot is generated. - if s.lastSnapshot == nil { + if s.lastSnapshot[cluster] == nil { return nil } _, err := s.GetSnapshot(nodeID) if err != nil { - err = s.SetSnapshot(context.TODO(), nodeID, s.lastSnapshot) + err = s.SetSnapshot(context.TODO(), nodeID, s.lastSnapshot[cluster]) if err != nil { return err } - } if req.Node != nil { - if bv := req.Node.GetUserAgentBuildVersion(); bv != nil && bv.Version != nil { nodeVersion = fmt.Sprintf("v%d.%d.%d", bv.Version.MajorNumber, bv.Version.MinorNumber, bv.Version.Patch) } @@ -290,14 +287,12 @@ func (s *snapshotcache) OnStreamDeltaRequest(streamID int64, req *envoy_service_ s.log.Debugf("Got a new request, response_nonce %s, nodeID %s, node_version %s", req.ResponseNonce, nodeID, nodeVersion) - if status := req.ErrorDetail; status != nil { // if Envoy rejected the last update log the details here. // TODO(youngnick): Handle NACK properly errorCode = status.Code errorMessage = status.Message } - s.log.Debugf("handling v3 xDS resource request, response_nonce %s, nodeID %s, node_version %s, resource_names_subscribe %v, resource_names_unsubscribe %v, type_url %s, errorCode %d, errorMessage %s", req.ResponseNonce, nodeID, nodeVersion, @@ -309,23 +304,18 @@ func (s *snapshotcache) OnStreamDeltaRequest(streamID int64, req *envoy_service_ } func (s *snapshotcache) OnStreamDeltaResponse(streamID int64, req *envoy_service_discovery_v3.DeltaDiscoveryRequest, resp *envoy_service_discovery_v3.DeltaDiscoveryResponse) { - // No mutex lock required here because no writing to the cache. - - nodeID := s.streamIDNodeID[streamID] - if nodeID == "" { + node := s.streamIDNodeInfo[streamID] + if node == nil { s.log.Errorf("Tried to send a response to a node we haven't seen yet on stream %d", streamID) + } else { + s.log.Debugf("Sending Incremental Response on stream %d to node %s", streamID, node.Id) } - - s.log.Debugf("Sending Incremental Response on stream %d to node %s", streamID, nodeID) - } func (s *snapshotcache) OnFetchRequest(ctx context.Context, req *envoy_service_discovery_v3.DiscoveryRequest) error { - return nil } func (s *snapshotcache) OnFetchResponse(req *envoy_service_discovery_v3.DiscoveryRequest, resp *envoy_service_discovery_v3.DiscoveryResponse) { - } diff --git a/internal/xds/server/runner/runner.go b/internal/xds/server/runner/runner.go index 80717cd4e6..16d3c9647d 100644 --- a/internal/xds/server/runner/runner.go +++ b/internal/xds/server/runner/runner.go @@ -115,15 +115,16 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) { for range r.Xds.Subscribe(ctx) { r.Logger.Info("received a notification") // Load all resources required for translation - xds := r.Xds.Get() - if xds == nil { - r.Logger.Info("xds is nil, skipping") - continue - } - // Update snapshot cache - err := r.cache.GenerateNewSnapshot(xds.XdsResources) - if err != nil { - r.Logger.Error(err, "failed to generate a snapshot") + for key, xds := range r.Xds.LoadAll() { + if xds == nil { + r.Logger.Info("xds is nil, skipping") + continue + } + // Update snapshot cache + err := r.cache.GenerateNewSnapshot(key, xds.XdsResources) + if err != nil { + r.Logger.Error(err, "failed to generate a snapshot") + } } } diff --git a/internal/xds/translator/runner/runner.go b/internal/xds/translator/runner/runner.go index 3d560fc8f4..54a55664f1 100644 --- a/internal/xds/translator/runner/runner.go +++ b/internal/xds/translator/runner/runner.go @@ -38,20 +38,19 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) { // Subscribe to resources for range r.XdsIR.Subscribe(ctx) { r.Logger.Info("received a notification") - ir := r.XdsIR.Get() - if ir == nil { - r.Logger.Info("xds ir is nil, skipping") - continue - } - // Translate to xds resources - result, err := translator.Translate(ir) - if err != nil { - r.Logger.Error(err, "failed to translate xds ir") - } else { - // Publish - // There should always be a single element in the map - // Use the service name as the key for now - r.Xds.Store(r.Name(), result) + for key, ir := range r.XdsIR.LoadAll() { + if ir == nil { + r.Logger.Info("xds ir is nil, skipping") + continue + } + // Translate to xds resources + result, err := translator.Translate(ir) + if err != nil { + r.Logger.Error(err, "failed to translate xds ir") + } else { + // Publish + r.Xds.Store(key, result) + } } } r.Logger.Info("subscriber shutting down") diff --git a/internal/xds/translator/runner/runner_test.go b/internal/xds/translator/runner/runner_test.go index f458e876bf..0611d599e7 100644 --- a/internal/xds/translator/runner/runner_test.go +++ b/internal/xds/translator/runner/runner_test.go @@ -10,7 +10,6 @@ import ( "github.com/envoyproxy/gateway/internal/envoygateway/config" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/message" - xdstypes "github.com/envoyproxy/gateway/internal/xds/types" resourcev3 "github.com/envoyproxy/go-control-plane/pkg/resource/v3" ) @@ -32,7 +31,7 @@ func TestRunner(t *testing.T) { require.NoError(t, err) // xDS is nil at start - require.Equal(t, (*xdstypes.ResourceVersionTable)(nil), xds.Get()) + require.Equal(t, map[string]*ir.Xds{}, xdsIR.LoadAll()) // test translation path := "example" @@ -62,23 +61,23 @@ func TestRunner(t *testing.T) { } xdsIR.Store("test", &res) require.Eventually(t, func() bool { - out := xds.Get() + out := xds.LoadAll() if out == nil { return false } // Ensure an xds listener is created - return len(out.XdsResources[resourcev3.ListenerType]) == 1 + return len(out["test"].XdsResources[resourcev3.ListenerType]) == 1 }, time.Second*1, time.Millisecond*20) // Update with an empty IR triggering a delete xdsIR.Store("test", &ir.Xds{}) require.Eventually(t, func() bool { - out := xds.Get() + out := xds.LoadAll() if out == nil { return false } // Ensure no xds listener exists - return len(out.XdsResources[resourcev3.ListenerType]) == 0 + return len(out["test"].XdsResources[resourcev3.ListenerType]) == 0 }, time.Second*1, time.Millisecond*20) }