Load EnvoyExtensionPolicy in standalone mode by mathetake · Pull Request #5460 · envoyproxy/gateway

mathetake · 2025-03-10T22:17:08Z

Similar to #5431

Release Notes: Yes

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>

codecov · 2025-03-10T22:25:19Z

Codecov Report

Attention: Patch coverage is 0% with 13 lines in your changes missing coverage. Please review.

Project coverage is 65.22%. Comparing base (8b74d01) to head (5543bae).
Report is 10 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/gatewayapi/resource/load.go	0.00%	13 Missing ⚠️

❌ Your patch status has failed because the patch coverage (0.00%) is below the target coverage (60.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5460      +/-   ##
==========================================
- Coverage   65.30%   65.22%   -0.08%     
==========================================
  Files         213      213              
  Lines       33915    33936      +21     
==========================================
- Hits        22147    22135      -12     
- Misses      10438    10467      +29     
- Partials     1330     1334       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>

mathetake · 2025-03-10T22:33:42Z

cc @arkodg

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>

internal/cmd/egctl/testdata/translate/in/backend-endpoint.yaml

Xunzhuo

Generally LGTM

internal/gatewayapi/resource/load.go

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>

arkodg

thanks !

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>

mathetake · 2025-03-11T15:02:08Z

sorry didn't commit the make gen result

mathetake · 2025-03-11T16:19:05Z

idk what's happening to benchmark

arkodg · 2025-03-11T16:42:20Z

yeah we're looking at the benchmark issue #5464

mathetake · 2025-03-11T16:43:45Z

ok so good to go then

mathetake · 2025-03-12T00:41:57Z

ping

* load EnvoyExtensionPolicy in standalone mode Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * more Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * release note Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * review: use a valid target name instead of myapp Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * gen Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> --------- Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> (cherry picked from commit 4be098d) Signed-off-by: Guy Daich <guy.daich@sap.com>

* load EnvoyExtensionPolicy in standalone mode Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * more Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * release note Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * review: use a valid target name instead of myapp Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * gen Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> --------- Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> (cherry picked from commit 4be098d) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* load BackendTLSPolicy in standalone mode (#5431) Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit 4d914ae) Signed-off-by: Guy Daich <guy.daich@sap.com> * Wasm: cache Wasm OCI image permission check results (#5358) * add TTL for wasm permission check Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * change Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * refresh the cache Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * purge the cache Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * refactor Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * on retry on retriable errors Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * add release note Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit 672de8a) Signed-off-by: Guy Daich <guy.daich@sap.com> * Load EnvoyExtensionPolicy in standalone mode (#5460) * load EnvoyExtensionPolicy in standalone mode Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * more Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * release note Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * review: use a valid target name instead of myapp Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * gen Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> --------- Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> (cherry picked from commit 4be098d) Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: check for mirror backendRef in httproute index (#5497) * check for mirror backendRef Signed-off-by: mark winter <mark.winter@thetradedesk.com> (cherry picked from commit 72b72c4) Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: dont return an err when gatewayclass is not accepted (#5524) * bug: dont return an err when gatewayclass is not accepted this is a user generated error, we shouldnt log it as a system error, and return with an error Signed-off-by: Arko Dasgupta <arko@tetrate.io> * release notes Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit 51e87ca) Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: host header should not be allowed to modify (#5533) * host header is not allowed to be modified Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * address comment Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit 54efa34) Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: retrigger reconciliation when backendRef of type ServiceImport is updated (#5461) * fix: retrigger reconilation when backendRef of type ServiceImport is updated Signed-off-by: Teju Nareddy <tejunareddy@gmail.com> (cherry picked from commit e2f8978) Signed-off-by: Guy Daich <guy.daich@sap.com> * pin envoy and ratelimit Signed-off-by: Guy Daich <guy.daich@sap.com> * fix: otel sink json access logging without text field (#5498) * fix otel sink json access logging without text field Signed-off-by: Tomi Juntunen <tomi.juntunen@iki.fi> * use json format as default when format or type is not set Signed-off-by: Tomi Juntunen <tomi.juntunen@iki.fi> * set formatters only if the slice of formatters is not empty Signed-off-by: Tomi Juntunen <tomi.juntunen@iki.fi> --------- Signed-off-by: Tomi Juntunen <tomi.juntunen@iki.fi> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> (cherry picked from commit cb3ffd2) Signed-off-by: Guy Daich <guy.daich@sap.com> * [release/v1.3] v1.3.2 release notes (#5584) v1.3.2 release notes Signed-off-by: Guy Daich <guy.daich@sap.com> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Signed-off-by: mark winter <mark.winter@thetradedesk.com> Signed-off-by: Teju Nareddy <tejunareddy@gmail.com> Signed-off-by: Tomi Juntunen <tomi.juntunen@iki.fi> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Co-authored-by: Mark Winter <wintermarkedward@gmail.com> Co-authored-by: Teju Nareddy <tejunareddy@gmail.com> Co-authored-by: Tomi Juntunen <tomi.juntunen@iki.fi>

* bump envoy to v1.32.4 Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix: host header should not be allowed to modify (#5533) * host header is not allowed to be modified Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * address comment Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit 54efa34) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * add release note Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * bump ratelimit to 0141a24 Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * Wasm: cache Wasm OCI image permission check results (#5358) * add TTL for wasm permission check Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * change Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * refresh the cache Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * purge the cache Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * refactor Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * on retry on retriable errors Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * add release note Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit 672de8a) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * load BackendTLSPolicy in standalone mode (#5431) Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit 4d914ae) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix: check for mirror backendRef in httproute index (#5497) * check for mirror backendRef Signed-off-by: mark winter <mark.winter@thetradedesk.com> (cherry picked from commit 72b72c4) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix: dont return an err when gatewayclass is not accepted (#5524) * bug: dont return an err when gatewayclass is not accepted this is a user generated error, we shouldnt log it as a system error, and return with an error Signed-off-by: Arko Dasgupta <arko@tetrate.io> * release notes Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io> (cherry picked from commit 51e87ca) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update release note Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update reatelimit Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix gen Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * Load EnvoyExtensionPolicy in standalone mode (#5460) * load EnvoyExtensionPolicy in standalone mode Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * more Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * release note Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * review: use a valid target name instead of myapp Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> * gen Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> --------- Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> (cherry picked from commit 4be098d) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * add security update to release note Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix: otel sink json access logging without text field (#5498) * fix otel sink json access logging without text field Signed-off-by: Tomi Juntunen <tomi.juntunen@iki.fi> * use json format as default when format or type is not set Signed-off-by: Tomi Juntunen <tomi.juntunen@iki.fi> * set formatters only if the slice of formatters is not empty Signed-off-by: Tomi Juntunen <tomi.juntunen@iki.fi> --------- Signed-off-by: Tomi Juntunen <tomi.juntunen@iki.fi> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> (cherry picked from commit cb3ffd2) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update release date Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update release date Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: mark winter <mark.winter@thetradedesk.com> Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Signed-off-by: Tomi Juntunen <tomi.juntunen@iki.fi> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: Mark Winter <wintermarkedward@gmail.com> Co-authored-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Co-authored-by: Tomi Juntunen <tomi.juntunen@iki.fi>

load EnvoyExtensionPolicy in standalone mode

a63b2ce

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>

more

17128c6

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>

mathetake marked this pull request as ready for review March 10, 2025 22:33

mathetake requested a review from a team as a code owner March 10, 2025 22:33

mathetake changed the title ~~load EnvoyExtensionPolicy in standalone mode~~ Load EnvoyExtensionPolicy in standalone mode Mar 10, 2025

release note

1d0da19

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>

arkodg added cherrypick/release-v1.2.8 cherrypick/release-v1.3.2 labels Mar 11, 2025

arkodg reviewed Mar 11, 2025

View reviewed changes

internal/cmd/egctl/testdata/translate/in/backend-endpoint.yaml Outdated Show resolved Hide resolved

Xunzhuo reviewed Mar 11, 2025

View reviewed changes

shawnh2 reviewed Mar 11, 2025

View reviewed changes

internal/gatewayapi/resource/load.go Show resolved Hide resolved

review: use a valid target name instead of myapp

2db1ff3

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>

arkodg previously approved these changes Mar 11, 2025

View reviewed changes

arkodg requested review from a team March 11, 2025 15:00

gen

5543bae

Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>

mathetake dismissed arkodg’s stale review via 5543bae March 11, 2025 15:01

arkodg approved these changes Mar 11, 2025

View reviewed changes

arkodg requested review from a team, Xunzhuo and shawnh2 March 11, 2025 21:00

zirain approved these changes Mar 12, 2025

View reviewed changes

arkodg merged commit 4be098d into envoyproxy:main Mar 12, 2025
23 of 25 checks passed

mathetake deleted the envoyextensionpolicy branch March 12, 2025 02:53

arkodg mentioned this pull request Mar 21, 2025

Secret validation error in TLS termination mode with Envoy Gateway Standalone #5575

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Load EnvoyExtensionPolicy in standalone mode#5460

Load EnvoyExtensionPolicy in standalone mode#5460
arkodg merged 5 commits intoenvoyproxy:mainfrom
mathetake:envoyextensionpolicy

mathetake commented Mar 10, 2025 •

edited

Loading

Uh oh!

codecov bot commented Mar 10, 2025 •

edited

Loading

Uh oh!

mathetake commented Mar 10, 2025

Uh oh!

Uh oh!

Xunzhuo left a comment

Uh oh!

Uh oh!

arkodg left a comment

Uh oh!

mathetake commented Mar 11, 2025

Uh oh!

mathetake commented Mar 11, 2025

Uh oh!

arkodg commented Mar 11, 2025

Uh oh!

mathetake commented Mar 11, 2025

Uh oh!

mathetake commented Mar 12, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

mathetake commented Mar 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov bot commented Mar 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

mathetake commented Mar 10, 2025

Uh oh!

Uh oh!

Xunzhuo left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

arkodg left a comment

Choose a reason for hiding this comment

Uh oh!

mathetake commented Mar 11, 2025

Uh oh!

mathetake commented Mar 11, 2025

Uh oh!

arkodg commented Mar 11, 2025

Uh oh!

mathetake commented Mar 11, 2025

Uh oh!

mathetake commented Mar 12, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

mathetake commented Mar 10, 2025 •

edited

Loading

codecov bot commented Mar 10, 2025 •

edited

Loading