diff --git a/api/v1alpha1/envoygateway_types.go b/api/v1alpha1/envoygateway_types.go
index 4d83f18e42..dd69dc7844 100644
--- a/api/v1alpha1/envoygateway_types.go
+++ b/api/v1alpha1/envoygateway_types.go
@@ -290,10 +290,10 @@ type KubernetesWatchMode struct {
const (
// KubernetesDeployModeTypeControllerNamespace indicates that the controller namespace is used for the infra proxy deployments.
- KubernetesDeployModeTypeControllerNamespace = "ControllerNamespace"
+ KubernetesDeployModeTypeControllerNamespace KubernetesDeployModeType = "ControllerNamespace"
// KubernetesDeployModeTypeGatewayNamespace indicates that the gateway namespace is used for the infra proxy deployments.
- KubernetesDeployModeTypeGatewayNamespace = "GatewayNamespace"
+ KubernetesDeployModeTypeGatewayNamespace KubernetesDeployModeType = "GatewayNamespace"
)
// KubernetesDeployModeType defines the type of KubernetesDeployMode
diff --git a/internal/gatewayapi/testdata/gateway-namespace-mode-infra-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-namespace-mode-infra-httproute.out.yaml
index ecdd8f6dfe..4f63b9aa46 100644
--- a/internal/gatewayapi/testdata/gateway-namespace-mode-infra-httproute.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-namespace-mode-infra-httproute.out.yaml
@@ -243,7 +243,7 @@ infraIR:
ownerReference:
kind: Gateway
name: gateway-1
- name: default/gateway-1
+ name: gateway-1
namespace: default
default/gateway-2:
proxy:
@@ -262,7 +262,7 @@ infraIR:
ownerReference:
kind: Gateway
name: gateway-2
- name: default/gateway-2
+ name: gateway-2
namespace: default
test-ns/gateway-3:
proxy:
@@ -281,7 +281,7 @@ infraIR:
ownerReference:
kind: Gateway
name: gateway-3
- name: test-ns/gateway-3
+ name: gateway-3
namespace: test-ns
xdsIR:
default/gateway-1:
diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go
index f4bf96d018..2111dd7eb7 100644
--- a/internal/gatewayapi/translator.go
+++ b/internal/gatewayapi/translator.go
@@ -318,6 +318,7 @@ func (t *Translator) InitIRs(gateways []*GatewayContext) (map[string]*ir.Xds, ma
gwInfraIR.Proxy.Name = irKey
gwInfraIR.Proxy.Namespace = t.ControllerNamespace
if t.GatewayNamespaceMode {
+ gwInfraIR.Proxy.Name = gateway.Name
gwInfraIR.Proxy.Namespace = gateway.Namespace
gwInfraIR.Proxy.GetProxyMetadata().OwnerReference = &ir.ResourceMetadata{
Kind: resource.KindGateway,
diff --git a/internal/infrastructure/common/proxy_args.go b/internal/infrastructure/common/proxy_args.go
index 1b971686f6..78544b6366 100644
--- a/internal/infrastructure/common/proxy_args.go
+++ b/internal/infrastructure/common/proxy_args.go
@@ -51,8 +51,13 @@ func BuildProxyArgs(
logging := infra.Config.Spec.Logging
+ serviceCluster := infra.Name
+ if gatewayNamespaceMode {
+ serviceCluster = fmt.Sprintf("%s/%s", infra.Namespace, infra.Name)
+ }
+
args := []string{
- fmt.Sprintf("--service-cluster %s", infra.Name),
+ fmt.Sprintf("--service-cluster %s", serviceCluster),
fmt.Sprintf("--service-node %s", serviceNode),
fmt.Sprintf("--config-yaml %s", bootstrapConfigurations),
fmt.Sprintf("--log-level %s", logging.DefaultEnvoyProxyLoggingLevel()),
diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go
index 481427ec00..7ecd3c4410 100644
--- a/internal/infrastructure/kubernetes/proxy/resource.go
+++ b/internal/infrastructure/kubernetes/proxy/resource.go
@@ -35,6 +35,7 @@ const (
)
// ExpectedResourceHashedName returns expected resource hashed name including up to the 48 characters of the original name.
+// WARNING: DO NOT USE THIS FUNCTION IN MOST OF THE CASES. Use ResourceRender.Name() instead.
func ExpectedResourceHashedName(name string) string {
hashedName := utils.GetHashedName(name, 48)
return fmt.Sprintf("%s-%s", config.EnvoyPrefix, hashedName)
@@ -308,7 +309,7 @@ func expectedContainerVolumeMounts(containerSpec *egv1a1.KubernetesContainerSpec
}
// expectedVolumes returns expected proxy deployment volumes.
-func expectedVolumes(name string, gatewayNamespacedMode bool, pod *egv1a1.KubernetesPodSpec, dnsDomain, controllerNamespace string) []corev1.Volume {
+func (r *ResourceRender) expectedVolumes(pod *egv1a1.KubernetesPodSpec) []corev1.Volume {
var volumes []corev1.Volume
certsVolume := corev1.Volume{
Name: "certs",
@@ -320,13 +321,13 @@ func expectedVolumes(name string, gatewayNamespacedMode bool, pod *egv1a1.Kubern
},
}
- if gatewayNamespacedMode {
+ if r.GatewayNamespaceMode {
certsVolume = corev1.Volume{
Name: "certs",
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{
- Name: ExpectedResourceHashedName(name),
+ Name: r.Name(),
},
Items: []corev1.KeyToPath{
{
@@ -339,7 +340,7 @@ func expectedVolumes(name string, gatewayNamespacedMode bool, pod *egv1a1.Kubern
},
},
}
- saAudience := fmt.Sprintf("%s.%s.svc.%s", config.EnvoyGatewayServiceName, controllerNamespace, dnsDomain)
+ saAudience := fmt.Sprintf("%s.%s.svc.%s", config.EnvoyGatewayServiceName, r.ControllerNamespace(), r.DNSDomain)
saTokenProjectedVolume := corev1.Volume{
Name: "sa-token",
VolumeSource: corev1.VolumeSource{
@@ -367,45 +368,39 @@ func expectedVolumes(name string, gatewayNamespacedMode bool, pod *egv1a1.Kubern
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{
- Name: ExpectedResourceHashedName(name),
- },
- Items: []corev1.KeyToPath{
- {
- Key: common.SdsCAFilename,
- Path: common.SdsCAFilename,
- },
- {
- Key: common.SdsCertFilename,
- Path: common.SdsCertFilename,
- },
+ Name: r.Name(),
},
+ Items: sdsConfigMapItems(r.GatewayNamespaceMode),
DefaultMode: ptr.To[int32](420),
Optional: ptr.To(false),
},
},
}
- if gatewayNamespacedMode {
- sdsVolume = corev1.Volume{
- Name: "sds",
- VolumeSource: corev1.VolumeSource{
- ConfigMap: &corev1.ConfigMapVolumeSource{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: ExpectedResourceHashedName(name),
- },
- Items: []corev1.KeyToPath{
- {
- Key: common.SdsCAFilename,
- Path: common.SdsCAFilename,
- },
- },
- DefaultMode: ptr.To[int32](420),
- Optional: ptr.To(false),
- },
+
+ volumes = append(volumes, sdsVolume)
+ return resource.ExpectedVolumes(pod, volumes)
+}
+
+func sdsConfigMapItems(gatewayNamespaceMode bool) []corev1.KeyToPath {
+ if gatewayNamespaceMode {
+ return []corev1.KeyToPath{
+ {
+ Key: common.SdsCAFilename,
+ Path: common.SdsCAFilename,
},
}
}
- volumes = append(volumes, sdsVolume)
- return resource.ExpectedVolumes(pod, volumes)
+
+ return []corev1.KeyToPath{
+ {
+ Key: common.SdsCAFilename,
+ Path: common.SdsCAFilename,
+ },
+ {
+ Key: common.SdsCertFilename,
+ Path: common.SdsCertFilename,
+ },
+ }
}
// expectedContainerEnv returns expected proxy container envs.
diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go
index b83b9002b7..5dbea52302 100644
--- a/internal/infrastructure/kubernetes/proxy/resource_provider.go
+++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go
@@ -96,6 +96,10 @@ func NewResourceRender(ctx context.Context, kubernetesInfra KubernetesInfraProvi
}
func (r *ResourceRender) Name() string {
+ if r.GatewayNamespaceMode {
+ return r.infra.Name
+ }
+
return ExpectedResourceHashedName(r.infra.Name)
}
@@ -380,7 +384,7 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) {
SecurityContext: deploymentConfig.Pod.SecurityContext,
Affinity: deploymentConfig.Pod.Affinity,
Tolerations: deploymentConfig.Pod.Tolerations,
- Volumes: expectedVolumes(r.infra.Name, r.GatewayNamespaceMode, deploymentConfig.Pod, r.DNSDomain, r.controllerNamespace),
+ Volumes: r.expectedVolumes(deploymentConfig.Pod),
ImagePullSecrets: deploymentConfig.Pod.ImagePullSecrets,
NodeSelector: deploymentConfig.Pod.NodeSelector,
TopologySpreadConstraints: deploymentConfig.Pod.TopologySpreadConstraints,
@@ -598,7 +602,7 @@ func (r *ResourceRender) getPodSpec(
return corev1.PodSpec{
Containers: containers,
InitContainers: initContainers,
- ServiceAccountName: ExpectedResourceHashedName(r.infra.Name),
+ ServiceAccountName: r.Name(),
TerminationGracePeriodSeconds: expectedTerminationGracePeriodSeconds(proxyConfig.Spec.Shutdown),
DNSPolicy: corev1.DNSClusterFirst,
RestartPolicy: corev1.RestartPolicyAlways,
@@ -606,7 +610,7 @@ func (r *ResourceRender) getPodSpec(
SecurityContext: pod.SecurityContext,
Affinity: pod.Affinity,
Tolerations: pod.Tolerations,
- Volumes: expectedVolumes(r.infra.Name, r.GatewayNamespaceMode, pod, r.DNSDomain, r.controllerNamespace),
+ Volumes: r.expectedVolumes(pod),
ImagePullSecrets: pod.ImagePullSecrets,
NodeSelector: pod.NodeSelector,
TopologySpreadConstraints: pod.TopologySpreadConstraints,
diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go
index d99fd82be4..bd3929fbbb 100644
--- a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go
+++ b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go
@@ -85,15 +85,15 @@ func newTestInfra() *ir.Infra {
return newTestInfraWithAnnotations(nil)
}
-func newTestInfraWithNamespaceName(namespace, name, proxyName string) *ir.Infra {
+func newTestInfraWithNamespacedName(gwNN types.NamespacedName) *ir.Infra {
i := newTestInfraWithAnnotations(nil)
- i.Proxy.Name = proxyName
- i.Proxy.Namespace = namespace
- i.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = namespace
- i.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = name
+ i.Proxy.Name = gwNN.Name
+ i.Proxy.Namespace = gwNN.Namespace
+ i.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = gwNN.Namespace
+ i.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = gwNN.Name
i.Proxy.GetProxyMetadata().OwnerReference = &ir.ResourceMetadata{
Kind: "Gateway",
- Name: name,
+ Name: gwNN.Name,
}
return i
@@ -617,7 +617,7 @@ func TestDeployment(t *testing.T) {
},
{
caseName: "gateway-namespace-mode",
- infra: newTestInfraWithNamespaceName("ns1", "gateway-1", "ns1/gateway-1"),
+ infra: newTestInfraWithNamespacedName(types.NamespacedName{Namespace: "ns1", Name: "gateway-1"}),
deploy: nil,
gatewayNamespaceMode: true,
},
@@ -666,12 +666,11 @@ func TestDeployment(t *testing.T) {
tc.infra.Proxy.Config.Spec.ExtraArgs = tc.extraArgs
}
if tc.gatewayNamespaceMode {
- deployType := egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)
cfg.EnvoyGateway.Provider = &egv1a1.EnvoyGatewayProvider{
Type: egv1a1.ProviderTypeKubernetes,
Kubernetes: &egv1a1.EnvoyGatewayKubernetesProvider{
Deploy: &egv1a1.KubernetesDeployMode{
- Type: &deployType,
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
},
},
}
@@ -1066,7 +1065,7 @@ func TestDaemonSet(t *testing.T) {
},
{
caseName: "gateway-namespace-mode",
- infra: newTestInfraWithNamespaceName("ns1", "gateway-1", "ns1/gateway-1"),
+ infra: newTestInfraWithNamespacedName(types.NamespacedName{Namespace: "ns1", Name: "gateway-1"}),
daemonset: nil,
gatewayNamespaceMode: true,
},
@@ -1074,12 +1073,11 @@ func TestDaemonSet(t *testing.T) {
for _, tc := range cases {
t.Run(tc.caseName, func(t *testing.T) {
if tc.gatewayNamespaceMode {
- deployType := egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)
cfg.EnvoyGateway.Provider = &egv1a1.EnvoyGatewayProvider{
Type: egv1a1.ProviderTypeKubernetes,
Kubernetes: &egv1a1.EnvoyGatewayKubernetesProvider{
Deploy: &egv1a1.KubernetesDeployMode{
- Type: &deployType,
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
},
},
}
@@ -1287,7 +1285,7 @@ func TestService(t *testing.T) {
},
{
caseName: "gateway-namespace-mode",
- infra: newTestInfraWithNamespaceName("ns1", "gateway-1", "ns1/gateway-1"),
+ infra: newTestInfraWithNamespacedName(types.NamespacedName{Namespace: "ns1", Name: "gateway-1"}),
service: nil,
gatewayNamespaceMode: true,
},
@@ -1295,12 +1293,11 @@ func TestService(t *testing.T) {
for _, tc := range cases {
t.Run(tc.caseName, func(t *testing.T) {
if tc.gatewayNamespaceMode {
- deployType := egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)
cfg.EnvoyGateway.Provider = &egv1a1.EnvoyGatewayProvider{
Type: egv1a1.ProviderTypeKubernetes,
Kubernetes: &egv1a1.EnvoyGatewayKubernetesProvider{
Deploy: &egv1a1.KubernetesDeployMode{
- Type: &deployType,
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
},
},
}
@@ -1316,6 +1313,14 @@ func TestService(t *testing.T) {
svc, err := r.Service()
require.NoError(t, err)
+ if test.OverrideTestData() {
+ data, err := yaml.Marshal(svc)
+ require.NoError(t, err)
+ err = os.WriteFile(fmt.Sprintf("testdata/services/%s.yaml", tc.caseName), data, 0o600)
+ require.NoError(t, err)
+ return
+ }
+
expected, err := loadService(tc.caseName)
require.NoError(t, err)
@@ -1355,7 +1360,7 @@ func TestConfigMap(t *testing.T) {
},
{
name: "gateway-namespace-mode",
- infra: newTestInfraWithNamespaceName("ns1", "gateway-1", "ns1/gateway-1"),
+ infra: newTestInfraWithNamespacedName(types.NamespacedName{Namespace: "ns1", Name: "gateway-1"}),
gatewayNamespaceMode: true,
},
}
@@ -1363,12 +1368,11 @@ func TestConfigMap(t *testing.T) {
for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {
if tc.gatewayNamespaceMode {
- deployType := egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)
cfg.EnvoyGateway.Provider = &egv1a1.EnvoyGatewayProvider{
Type: egv1a1.ProviderTypeKubernetes,
Kubernetes: &egv1a1.EnvoyGatewayKubernetesProvider{
Deploy: &egv1a1.KubernetesDeployMode{
- Type: &deployType,
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
},
},
}
@@ -1378,9 +1382,16 @@ func TestConfigMap(t *testing.T) {
cm, err := r.ConfigMap("")
require.NoError(t, err)
+ if test.OverrideTestData() {
+ data, err := yaml.Marshal(cm)
+ require.NoError(t, err)
+ err = os.WriteFile(fmt.Sprintf("testdata/configmap/%s.yaml", tc.name), data, 0o600)
+ require.NoError(t, err)
+ return
+ }
+
expected, err := loadConfigmap(tc.name)
require.NoError(t, err)
-
assert.Equal(t, expected, cm)
})
}
@@ -1417,7 +1428,7 @@ func TestServiceAccount(t *testing.T) {
},
{
name: "gateway-namespace-mode",
- infra: newTestInfraWithNamespaceName("ns1", "gateway-1", "ns1/gateway-1"),
+ infra: newTestInfraWithNamespacedName(types.NamespacedName{Namespace: "ns1", Name: "gateway-1"}),
gatewayNamespaceMode: true,
},
}
@@ -1425,12 +1436,11 @@ func TestServiceAccount(t *testing.T) {
for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {
if tc.gatewayNamespaceMode {
- deployType := egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)
cfg.EnvoyGateway.Provider = &egv1a1.EnvoyGatewayProvider{
Type: egv1a1.ProviderTypeKubernetes,
Kubernetes: &egv1a1.EnvoyGatewayKubernetesProvider{
Deploy: &egv1a1.KubernetesDeployMode{
- Type: &deployType,
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
},
},
}
@@ -1443,8 +1453,7 @@ func TestServiceAccount(t *testing.T) {
if test.OverrideTestData() {
saYAML, err := yaml.Marshal(sa)
require.NoError(t, err)
- // nolint: gosec
- err = os.WriteFile(fmt.Sprintf("testdata/serviceaccount/%s.yaml", tc.name), saYAML, 0o644)
+ err = os.WriteFile(fmt.Sprintf("testdata/serviceaccount/%s.yaml", tc.name), saYAML, 0o600)
require.NoError(t, err)
return
}
@@ -1546,7 +1555,7 @@ func TestPDB(t *testing.T) {
},
{
caseName: "gateway-namespace-mode",
- infra: newTestInfraWithNamespaceName("ns1", "gateway-1", "ns1/gateway-1"),
+ infra: newTestInfraWithNamespacedName(types.NamespacedName{Namespace: "ns1", Name: "gateway-1"}),
pdb: &egv1a1.KubernetesPodDisruptionBudgetSpec{
MinAvailable: ptr.To(intstr.IntOrString{Type: intstr.Int, IntVal: 1}),
},
@@ -1557,12 +1566,11 @@ func TestPDB(t *testing.T) {
for _, tc := range cases {
t.Run(tc.caseName, func(t *testing.T) {
if tc.gatewayNamespaceMode {
- deployType := egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)
cfg.EnvoyGateway.Provider = &egv1a1.EnvoyGatewayProvider{
Type: egv1a1.ProviderTypeKubernetes,
Kubernetes: &egv1a1.EnvoyGatewayKubernetesProvider{
Deploy: &egv1a1.KubernetesDeployMode{
- Type: &deployType,
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
},
},
}
@@ -1587,9 +1595,16 @@ func TestPDB(t *testing.T) {
pdb, err := r.PodDisruptionBudget()
require.NoError(t, err)
+ if test.OverrideTestData() {
+ data, err := yaml.Marshal(pdb)
+ require.NoError(t, err)
+ err = os.WriteFile(fmt.Sprintf("testdata/pdb/%s.yaml", tc.caseName), data, 0o600)
+ require.NoError(t, err)
+ return
+ }
+
podPDBExpected, err := loadPDB(tc.caseName)
require.NoError(t, err)
-
assert.Equal(t, podPDBExpected, pdb)
})
}
@@ -1682,7 +1697,7 @@ func TestHorizontalPodAutoscaler(t *testing.T) {
},
{
caseName: "gateway-namespace-mode",
- infra: newTestInfraWithNamespaceName("ns1", "gateway-1", "ns1/gateway-1"),
+ infra: newTestInfraWithNamespacedName(types.NamespacedName{Namespace: "ns1", Name: "gateway-1"}),
hpa: &egv1a1.KubernetesHorizontalPodAutoscalerSpec{
MaxReplicas: ptr.To[int32](1),
},
@@ -1693,12 +1708,11 @@ func TestHorizontalPodAutoscaler(t *testing.T) {
for _, tc := range cases {
t.Run(tc.caseName, func(t *testing.T) {
if tc.gatewayNamespaceMode {
- deployType := egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)
cfg.EnvoyGateway.Provider = &egv1a1.EnvoyGatewayProvider{
Type: egv1a1.ProviderTypeKubernetes,
Kubernetes: &egv1a1.EnvoyGatewayKubernetesProvider{
Deploy: &egv1a1.KubernetesDeployMode{
- Type: &deployType,
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
},
},
}
@@ -1720,9 +1734,16 @@ func TestHorizontalPodAutoscaler(t *testing.T) {
hpa, err := r.HorizontalPodAutoscaler()
require.NoError(t, err)
+ if test.OverrideTestData() {
+ data, err := yaml.Marshal(hpa)
+ require.NoError(t, err)
+ err = os.WriteFile(fmt.Sprintf("testdata/hpa/%s.yaml", tc.caseName), data, 0o600)
+ require.NoError(t, err)
+ return
+ }
+
want, err := loadHPA(tc.caseName)
require.NoError(t, err)
-
assert.Equal(t, want, hpa)
})
}
@@ -1850,19 +1871,18 @@ func TestGatewayNamespaceModeMultipleResources(t *testing.T) {
require.NoError(t, err)
// Configure gateway namespace mode
- deployType := egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)
cfg.EnvoyGateway.Provider = &egv1a1.EnvoyGatewayProvider{
Type: egv1a1.ProviderTypeKubernetes,
Kubernetes: &egv1a1.EnvoyGatewayKubernetesProvider{
Deploy: &egv1a1.KubernetesDeployMode{
- Type: &deployType,
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
},
},
}
// Create test infra with multiple namespaces
var infraList []*ir.Infra
- infra1 := newTestInfraWithNamespaceName("namespace-1", "gateway-1", "namespace-1/gateway-1")
+ infra1 := newTestInfraWithNamespacedName(types.NamespacedName{Namespace: "namespace-1", Name: "gateway-1"})
// Add HPA config to first infra
if infra1.Proxy.Config == nil {
infra1.Proxy.Config = &egv1a1.EnvoyProxy{Spec: egv1a1.EnvoyProxySpec{}}
@@ -1879,7 +1899,7 @@ func TestGatewayNamespaceModeMultipleResources(t *testing.T) {
MaxReplicas: ptr.To[int32](3),
}
- infra2 := newTestInfraWithNamespaceName("namespace-2", "gateway-2", "namespace-2/gateway-2")
+ infra2 := newTestInfraWithNamespacedName(types.NamespacedName{Namespace: "namespace-2", Name: "gateway-2"})
// Add HPA config to second infra
if infra2.Proxy.Config == nil {
infra2.Proxy.Config = &egv1a1.EnvoyProxy{Spec: egv1a1.EnvoyProxySpec{}}
@@ -1966,7 +1986,7 @@ func TestGatewayNamespaceModeMultipleResources(t *testing.T) {
for i, infra := range infraList {
expectedNamespace := infra.GetProxyInfra().Namespace
- expectedName := ExpectedResourceHashedName(infra.GetProxyInfra().Name)
+ expectedName := infra.GetProxyInfra().Name
require.Equal(t, expectedNamespace, deployments[i].Namespace)
require.Equal(t, expectedName, deployments[i].Name)
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/configmap/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/configmap/default.yaml
index 536dec8b77..1b151ac821 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/configmap/default.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/configmap/default.yaml
@@ -1,14 +1,15 @@
apiVersion: v1
+data:
+ xds-certificate.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_certificate","tls_certificate":{"certificate_chain":{"filename":"/certs/tls.crt"},"private_key":{"filename":"/certs/tls.key"}}}]}'
+ xds-trusted-ca.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_trusted_ca","validation_context":{"trusted_ca":{"filename":"/certs/ca.crt"},"match_typed_subject_alt_names":[{"san_type":"DNS","matcher":{"exact":"envoy-gateway"}}]}}]}'
kind: ConfigMap
metadata:
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: envoy-default-37a8eec1
namespace: envoy-gateway-system
-data:
- xds-certificate.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_certificate","tls_certificate":{"certificate_chain":{"filename":"/certs/tls.crt"},"private_key":{"filename":"/certs/tls.key"}}}]}'
- xds-trusted-ca.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_trusted_ca","validation_context":{"trusted_ca":{"filename":"/certs/ca.crt"},"match_typed_subject_alt_names":[{"san_type":"DNS","matcher":{"exact":"envoy-gateway"}}]}}]}'
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/configmap/gateway-namespace-mode.yaml b/internal/infrastructure/kubernetes/proxy/testdata/configmap/gateway-namespace-mode.yaml
index 69cf6c2adb..bd07d4abb4 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/configmap/gateway-namespace-mode.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/configmap/gateway-namespace-mode.yaml
@@ -1,19 +1,20 @@
apiVersion: v1
+data:
+ xds-certificate.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_certificate","tls_certificate":{"certificate_chain":{"filename":"/certs/tls.crt"},"private_key":{"filename":"/certs/tls.key"}}}]}'
+ xds-trusted-ca.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_trusted_ca","validation_context":{"trusted_ca":{"filename":"/certs/ca.crt"},"match_typed_subject_alt_names":[{"san_type":"DNS","matcher":{"exact":"envoy-gateway"}}]}}]}'
kind: ConfigMap
metadata:
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: ns1
+ name: gateway-1
+ namespace: ns1
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
name: gateway-1
uid: test-owner-reference-uid-for-gateway
- name: envoy-ns1-gateway-1-02ae0474
- namespace: ns1
-data:
- xds-certificate.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_certificate","tls_certificate":{"certificate_chain":{"filename":"/certs/tls.crt"},"private_key":{"filename":"/certs/tls.key"}}}]}'
- xds-trusted-ca.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_trusted_ca","validation_context":{"trusted_ca":{"filename":"/certs/ca.crt"},"match_typed_subject_alt_names":[{"san_type":"DNS","matcher":{"exact":"envoy-gateway"}}]}}]}'
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/configmap/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/configmap/with-annotations.yaml
index 4435e134a5..95b4ffdd5e 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/configmap/with-annotations.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/configmap/with-annotations.yaml
@@ -1,17 +1,18 @@
apiVersion: v1
+data:
+ xds-certificate.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_certificate","tls_certificate":{"certificate_chain":{"filename":"/certs/tls.crt"},"private_key":{"filename":"/certs/tls.key"}}}]}'
+ xds-trusted-ca.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_trusted_ca","validation_context":{"trusted_ca":{"filename":"/certs/ca.crt"},"match_typed_subject_alt_names":[{"san_type":"DNS","matcher":{"exact":"envoy-gateway"}}]}}]}'
kind: ConfigMap
metadata:
annotations:
anno1: value1
anno2: value2
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: envoy-default-37a8eec1
namespace: envoy-gateway-system
-data:
- xds-certificate.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_certificate","tls_certificate":{"certificate_chain":{"filename":"/certs/tls.crt"},"private_key":{"filename":"/certs/tls.key"}}}]}'
- xds-trusted-ca.json: '{"resources":[{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret","name":"xds_trusted_ca","validation_context":{"trusted_ca":{"filename":"/certs/ca.crt"},"match_typed_subject_alt_names":[{"san_type":"DNS","matcher":{"exact":"envoy-gateway"}}]}}]}'
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/gateway-namespace-mode.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/gateway-namespace-mode.yaml
index 5e83597797..336705faa8 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/gateway-namespace-mode.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/gateway-namespace-mode.yaml
@@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: ns1
- name: envoy-ns1-gateway-1-02ae0474
+ name: gateway-1
namespace: ns1
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
@@ -369,7 +369,7 @@ spec:
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
- serviceAccountName: envoy-ns1-gateway-1-02ae0474
+ serviceAccountName: gateway-1
terminationGracePeriodSeconds: 360
volumes:
- name: sa-token
@@ -385,7 +385,7 @@ spec:
items:
- key: ca.crt
path: ca.crt
- name: envoy-ns1-gateway-1-02ae0474
+ name: gateway-1
optional: false
name: certs
- configMap:
@@ -393,7 +393,7 @@ spec:
items:
- key: xds-trusted-ca.json
path: xds-trusted-ca.json
- name: envoy-ns1-gateway-1-02ae0474
+ name: gateway-1
optional: false
name: sds
updateStrategy:
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/gateway-namespace-mode.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/gateway-namespace-mode.yaml
index ded8d79668..c32da9e94b 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/gateway-namespace-mode.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/gateway-namespace-mode.yaml
@@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: ns1
- name: envoy-ns1-gateway-1-02ae0474
+ name: gateway-1
namespace: ns1
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
@@ -373,7 +373,7 @@ spec:
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
- serviceAccountName: envoy-ns1-gateway-1-02ae0474
+ serviceAccountName: gateway-1
terminationGracePeriodSeconds: 360
volumes:
- name: sa-token
@@ -389,7 +389,7 @@ spec:
items:
- key: ca.crt
path: ca.crt
- name: envoy-ns1-gateway-1-02ae0474
+ name: gateway-1
optional: false
name: certs
- configMap:
@@ -397,7 +397,7 @@ spec:
items:
- key: xds-trusted-ca.json
path: xds-trusted-ca.json
- name: envoy-ns1-gateway-1-02ae0474
+ name: gateway-1
optional: false
name: sds
status: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/deployment.yaml b/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/deployment.yaml
index d5e1c8be85..0483bd7fd8 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/deployment.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/deployment.yaml
@@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: namespace-1
- name: envoy-namespace-1-gateway-1-e2117e41
+ name: gateway-1
namespace: namespace-1
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
@@ -373,7 +373,7 @@ spec:
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
- serviceAccountName: envoy-namespace-1-gateway-1-e2117e41
+ serviceAccountName: gateway-1
terminationGracePeriodSeconds: 360
volumes:
- name: sa-token
@@ -389,7 +389,7 @@ spec:
items:
- key: ca.crt
path: ca.crt
- name: envoy-namespace-1-gateway-1-e2117e41
+ name: gateway-1
optional: false
name: certs
- configMap:
@@ -397,7 +397,7 @@ spec:
items:
- key: xds-trusted-ca.json
path: xds-trusted-ca.json
- name: envoy-namespace-1-gateway-1-e2117e41
+ name: gateway-1
optional: false
name: sds
status: {}
@@ -412,7 +412,7 @@ metadata:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-2
gateway.envoyproxy.io/owning-gateway-namespace: namespace-2
- name: envoy-namespace-2-gateway-2-107e8cb2
+ name: gateway-2
namespace: namespace-2
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
@@ -777,7 +777,7 @@ spec:
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
- serviceAccountName: envoy-namespace-2-gateway-2-107e8cb2
+ serviceAccountName: gateway-2
terminationGracePeriodSeconds: 360
volumes:
- name: sa-token
@@ -793,7 +793,7 @@ spec:
items:
- key: ca.crt
path: ca.crt
- name: envoy-namespace-2-gateway-2-107e8cb2
+ name: gateway-2
optional: false
name: certs
- configMap:
@@ -801,7 +801,7 @@ spec:
items:
- key: xds-trusted-ca.json
path: xds-trusted-ca.json
- name: envoy-namespace-2-gateway-2-107e8cb2
+ name: gateway-2
optional: false
name: sds
status: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/hpa.yaml b/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/hpa.yaml
index 2c1be83e01..62dfb49192 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/hpa.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/hpa.yaml
@@ -5,7 +5,7 @@ metadata:
labels:
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: namespace-1
- name: envoy-namespace-1-gateway-1-e2117e41
+ name: gateway-1
namespace: namespace-1
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
@@ -25,7 +25,7 @@ spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
- name: envoy-namespace-1-gateway-1-e2117e41
+ name: gateway-1
status:
currentMetrics: null
desiredReplicas: 0
@@ -37,7 +37,7 @@ metadata:
labels:
gateway.envoyproxy.io/owning-gateway-name: gateway-2
gateway.envoyproxy.io/owning-gateway-namespace: namespace-2
- name: envoy-namespace-2-gateway-2-107e8cb2
+ name: gateway-2
namespace: namespace-2
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
@@ -57,7 +57,7 @@ spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
- name: envoy-namespace-2-gateway-2-107e8cb2
+ name: gateway-2
status:
currentMetrics: null
desiredReplicas: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/service.yaml b/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/service.yaml
index db0d815079..c126d287fb 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/service.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/service.yaml
@@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: namespace-1
- name: envoy-namespace-1-gateway-1-e2117e41
+ name: gateway-1
namespace: namespace-1
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
@@ -47,7 +47,7 @@ metadata:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-2
gateway.envoyproxy.io/owning-gateway-namespace: namespace-2
- name: envoy-namespace-2-gateway-2-107e8cb2
+ name: gateway-2
namespace: namespace-2
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/serviceaccount.yaml b/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/serviceaccount.yaml
index 13d5c8e03e..81e1b6d136 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/serviceaccount.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/gateway-namespace-mode/serviceaccount.yaml
@@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: namespace-1
- name: envoy-namespace-1-gateway-1-e2117e41
+ name: gateway-1
namespace: namespace-1
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
@@ -26,7 +26,7 @@ metadata:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-2
gateway.envoyproxy.io/owning-gateway-namespace: namespace-2
- name: envoy-namespace-2-gateway-2-107e8cb2
+ name: gateway-2
namespace: namespace-2
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml
index 6827dec996..4bd8a1e635 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/hpa/custom.yaml
@@ -1,6 +1,7 @@
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
+ creationTimestamp: null
labels:
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
@@ -26,3 +27,6 @@ spec:
apiVersion: apps/v1
kind: Deployment
name: envoy-default-37a8eec1
+status:
+ currentMetrics: null
+ desiredReplicas: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml
index 4c5446c2d3..8269a7bb16 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/hpa/default.yaml
@@ -1,12 +1,14 @@
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
+ creationTimestamp: null
labels:
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: envoy-default-37a8eec1
namespace: envoy-gateway-system
spec:
+ maxReplicas: 1
metrics:
- resource:
name: cpu
@@ -14,8 +16,10 @@ spec:
averageUtilization: 80
type: Utilization
type: Resource
- maxReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: envoy-default-37a8eec1
+status:
+ currentMetrics: null
+ desiredReplicas: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/hpa/gateway-namespace-mode.yaml b/internal/infrastructure/kubernetes/proxy/testdata/hpa/gateway-namespace-mode.yaml
index b449c891a7..e7faf3ff26 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/hpa/gateway-namespace-mode.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/hpa/gateway-namespace-mode.yaml
@@ -1,17 +1,19 @@
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
+ creationTimestamp: null
labels:
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: ns1
+ name: gateway-1
+ namespace: ns1
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
name: gateway-1
uid: test-owner-reference-uid-for-gateway
- name: envoy-ns1-gateway-1-02ae0474
- namespace: ns1
spec:
+ maxReplicas: 1
metrics:
- resource:
name: cpu
@@ -19,8 +21,10 @@ spec:
averageUtilization: 80
type: Utilization
type: Resource
- maxReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
- name: envoy-ns1-gateway-1-02ae0474
+ name: gateway-1
+status:
+ currentMetrics: null
+ desiredReplicas: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/hpa/patch-json-hpa.yaml b/internal/infrastructure/kubernetes/proxy/testdata/hpa/patch-json-hpa.yaml
index 38d3d474d8..911871acfc 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/hpa/patch-json-hpa.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/hpa/patch-json-hpa.yaml
@@ -1,12 +1,14 @@
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
+ creationTimestamp: null
labels:
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: foo
namespace: envoy-gateway-system
spec:
+ maxReplicas: 1
metrics:
- resource:
name: cpu
@@ -14,8 +16,10 @@ spec:
averageUtilization: 80
type: Utilization
type: Resource
- maxReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: bar
+status:
+ currentMetrics: null
+ desiredReplicas: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/hpa/patch-strategic-hpa.yaml b/internal/infrastructure/kubernetes/proxy/testdata/hpa/patch-strategic-hpa.yaml
index 24a9f6f3a1..8b93e44dbf 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/hpa/patch-strategic-hpa.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/hpa/patch-strategic-hpa.yaml
@@ -1,12 +1,14 @@
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
+ creationTimestamp: null
labels:
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: foo
namespace: envoy-gateway-system
spec:
+ maxReplicas: 1
metrics:
- resource:
name: cpu
@@ -14,8 +16,10 @@ spec:
averageUtilization: 50
type: Utilization
type: Resource
- maxReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: envoy-default-37a8eec1
+status:
+ currentMetrics: null
+ desiredReplicas: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/hpa/with-deployment-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/hpa/with-deployment-name.yaml
index b421873f68..2b4471e571 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/hpa/with-deployment-name.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/hpa/with-deployment-name.yaml
@@ -1,12 +1,14 @@
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
+ creationTimestamp: null
labels:
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: envoy-default-37a8eec1
namespace: envoy-gateway-system
spec:
+ maxReplicas: 10
metrics:
- resource:
name: cpu
@@ -15,8 +17,10 @@ spec:
type: Utilization
type: Resource
minReplicas: 5
- maxReplicas: 10
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: custom-deployment-name
+status:
+ currentMetrics: null
+ desiredReplicas: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/pdb/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/pdb/default.yaml
index 4ae1bb1ab9..a70845d2d2 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/pdb/default.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/pdb/default.yaml
@@ -1,6 +1,7 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
+ creationTimestamp: null
name: envoy-default-37a8eec1
namespace: envoy-gateway-system
spec:
@@ -12,3 +13,8 @@ spec:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
+status:
+ currentHealthy: 0
+ desiredHealthy: 0
+ disruptionsAllowed: 0
+ expectedPods: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/pdb/gateway-namespace-mode.yaml b/internal/infrastructure/kubernetes/proxy/testdata/pdb/gateway-namespace-mode.yaml
index 9689d80f74..3ef7913d1a 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/pdb/gateway-namespace-mode.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/pdb/gateway-namespace-mode.yaml
@@ -1,7 +1,8 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
- name: envoy-ns1-gateway-1-02ae0474
+ creationTimestamp: null
+ name: gateway-1
namespace: ns1
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
@@ -17,3 +18,8 @@ spec:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: ns1
+status:
+ currentHealthy: 0
+ desiredHealthy: 0
+ disruptionsAllowed: 0
+ expectedPods: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/pdb/max-unavailable-percent.yaml b/internal/infrastructure/kubernetes/proxy/testdata/pdb/max-unavailable-percent.yaml
index c13ce64c01..d87a29841d 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/pdb/max-unavailable-percent.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/pdb/max-unavailable-percent.yaml
@@ -1,6 +1,7 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
+ creationTimestamp: null
name: envoy-default-37a8eec1
namespace: envoy-gateway-system
spec:
@@ -12,3 +13,8 @@ spec:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
+status:
+ currentHealthy: 0
+ desiredHealthy: 0
+ disruptionsAllowed: 0
+ expectedPods: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/pdb/max-unavailable.yaml b/internal/infrastructure/kubernetes/proxy/testdata/pdb/max-unavailable.yaml
index 4d35159a70..867ce44f35 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/pdb/max-unavailable.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/pdb/max-unavailable.yaml
@@ -1,6 +1,7 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
+ creationTimestamp: null
name: envoy-default-37a8eec1
namespace: envoy-gateway-system
spec:
@@ -12,3 +13,8 @@ spec:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
+status:
+ currentHealthy: 0
+ desiredHealthy: 0
+ disruptionsAllowed: 0
+ expectedPods: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/pdb/min-available-percent.yaml b/internal/infrastructure/kubernetes/proxy/testdata/pdb/min-available-percent.yaml
index 89cb99397a..c732db38bf 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/pdb/min-available-percent.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/pdb/min-available-percent.yaml
@@ -1,6 +1,7 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
+ creationTimestamp: null
name: envoy-default-37a8eec1
namespace: envoy-gateway-system
spec:
@@ -12,3 +13,8 @@ spec:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
+status:
+ currentHealthy: 0
+ desiredHealthy: 0
+ disruptionsAllowed: 0
+ expectedPods: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-json-pdb.yaml b/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-json-pdb.yaml
index cc4aa47333..fb5b7228e1 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-json-pdb.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-json-pdb.yaml
@@ -1,6 +1,7 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
+ creationTimestamp: null
name: foo
namespace: envoy-gateway-system
spec:
@@ -13,3 +14,8 @@ spec:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
+status:
+ currentHealthy: 0
+ desiredHealthy: 0
+ disruptionsAllowed: 0
+ expectedPods: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-pdb-no-minmax.yaml b/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-pdb-no-minmax.yaml
index 20a25b7e1b..22c05a8163 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-pdb-no-minmax.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-pdb-no-minmax.yaml
@@ -1,6 +1,7 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
+ creationTimestamp: null
name: foo
namespace: envoy-gateway-system
spec:
@@ -8,3 +9,8 @@ spec:
selector:
matchLabels:
app: bar
+status:
+ currentHealthy: 0
+ desiredHealthy: 0
+ disruptionsAllowed: 0
+ expectedPods: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-strategic-pdb.yaml b/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-strategic-pdb.yaml
index 20a25b7e1b..22c05a8163 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-strategic-pdb.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/pdb/patch-strategic-pdb.yaml
@@ -1,6 +1,7 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
+ creationTimestamp: null
name: foo
namespace: envoy-gateway-system
spec:
@@ -8,3 +9,8 @@ spec:
selector:
matchLabels:
app: bar
+status:
+ currentHealthy: 0
+ desiredHealthy: 0
+ disruptionsAllowed: 0
+ expectedPods: 0
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/serviceaccount/gateway-namespace-mode.yaml b/internal/infrastructure/kubernetes/proxy/testdata/serviceaccount/gateway-namespace-mode.yaml
index 484e1f7068..83d1b95c8b 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/serviceaccount/gateway-namespace-mode.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/serviceaccount/gateway-namespace-mode.yaml
@@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: ns1
- name: envoy-ns1-gateway-1-02ae0474
+ name: gateway-1
namespace: ns1
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/clusterIP-custom-addresses.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/clusterIP-custom-addresses.yaml
index f6730ec043..9c4a5bb748 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/clusterIP-custom-addresses.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/clusterIP-custom-addresses.yaml
@@ -1,10 +1,11 @@
apiVersion: v1
kind: Service
metadata:
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: envoy-default-37a8eec1
@@ -12,21 +13,23 @@ metadata:
spec:
clusterIP: 10.102.168.100
clusterIPs:
- - 10.102.168.100
+ - 10.102.168.100
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
sessionAffinity: None
type: ClusterIP
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml
index d087bf24bf..2854ec0687 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/custom.yaml
@@ -3,30 +3,33 @@ kind: Service
metadata:
annotations:
key1: value1
+ creationTimestamp: null
labels:
- key1: value1
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
+ key1: value1
name: envoy-default-37a8eec1
namespace: envoy-gateway-system
spec:
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
sessionAffinity: None
type: ClusterIP
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml
index 8b4bd40b87..b83522e185 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/default.yaml
@@ -1,10 +1,11 @@
apiVersion: v1
kind: Service
metadata:
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: envoy-default-37a8eec1
@@ -12,19 +13,21 @@ metadata:
spec:
externalTrafficPolicy: Local
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
sessionAffinity: None
type: LoadBalancer
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/dualstack.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/dualstack.yaml
index 963062b79c..b640bb60b1 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/dualstack.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/dualstack.yaml
@@ -1,10 +1,11 @@
apiVersion: v1
kind: Service
metadata:
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: envoy-default-37a8eec1
@@ -12,23 +13,25 @@ metadata:
spec:
externalTrafficPolicy: Local
ipFamilies:
- - IPv4
- - IPv6
+ - IPv4
+ - IPv6
ipFamilyPolicy: RequireDualStack
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
sessionAffinity: None
type: LoadBalancer
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/gateway-namespace-mode.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/gateway-namespace-mode.yaml
index e063df2a05..05b5c75be1 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/gateway-namespace-mode.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/gateway-namespace-mode.yaml
@@ -1,19 +1,20 @@
apiVersion: v1
kind: Service
metadata:
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: ns1
+ name: gateway-1
+ namespace: ns1
ownerReferences:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
name: gateway-1
uid: test-owner-reference-uid-for-gateway
- name: envoy-ns1-gateway-1-02ae0474
- namespace: ns1
spec:
externalTrafficPolicy: Local
ports:
@@ -26,10 +27,12 @@ spec:
protocol: TCP
targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: ns1
sessionAffinity: None
type: LoadBalancer
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml
index 8b4bd40b87..b83522e185 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/ipv4-singlestack.yaml
@@ -1,10 +1,11 @@
apiVersion: v1
kind: Service
metadata:
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: envoy-default-37a8eec1
@@ -12,19 +13,21 @@ metadata:
spec:
externalTrafficPolicy: Local
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
sessionAffinity: None
type: LoadBalancer
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/ipv6-singlestack.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/ipv6-singlestack.yaml
index 4793632cf7..6946fcb818 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/ipv6-singlestack.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/ipv6-singlestack.yaml
@@ -1,10 +1,11 @@
apiVersion: v1
kind: Service
metadata:
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: envoy-default-37a8eec1
@@ -12,22 +13,24 @@ metadata:
spec:
externalTrafficPolicy: Local
ipFamilies:
- - IPv6
+ - IPv6
ipFamilyPolicy: SingleStack
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
sessionAffinity: None
type: LoadBalancer
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml
index be487a5f96..2b6c898231 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/override-annotations.yaml
@@ -4,10 +4,11 @@ metadata:
annotations:
anno1: value1-override
anno2: value2
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
label1: value1
@@ -17,21 +18,23 @@ metadata:
spec:
externalTrafficPolicy: Local
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
label1: value1
label2: value2
sessionAffinity: None
type: LoadBalancer
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/override-labels.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/override-labels.yaml
index 6f60f58176..9b038a569d 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/override-labels.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/override-labels.yaml
@@ -4,10 +4,11 @@ metadata:
annotations:
anno1: value1
anno2: value2
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
label1: value1-override
@@ -17,21 +18,23 @@ metadata:
spec:
externalTrafficPolicy: Local
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
label1: value1
label2: value2
sessionAffinity: None
type: LoadBalancer
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/patch-service.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/patch-service.yaml
index 8d904a9eb6..25e78fea67 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/patch-service.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/patch-service.yaml
@@ -1,10 +1,11 @@
apiVersion: v1
kind: Service
metadata:
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: foo
@@ -12,19 +13,21 @@ metadata:
spec:
externalTrafficPolicy: Local
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
sessionAffinity: None
type: LoadBalancer
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml
index 9121cf5fe7..6b1df69aa1 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/with-annotations.yaml
@@ -4,10 +4,11 @@ metadata:
annotations:
anno1: value1
anno2: value2
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: envoy-default-37a8eec1
@@ -15,19 +16,21 @@ metadata:
spec:
externalTrafficPolicy: Local
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
sessionAffinity: None
type: LoadBalancer
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/with-name.yaml
index 150fd62b5b..0988418aef 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/with-name.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/with-name.yaml
@@ -1,10 +1,11 @@
apiVersion: v1
kind: Service
metadata:
+ creationTimestamp: null
labels:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
name: custom-service-name
@@ -12,19 +13,21 @@ metadata:
spec:
externalTrafficPolicy: Local
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
sessionAffinity: None
type: LoadBalancer
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/services/with-svc-labels.yaml b/internal/infrastructure/kubernetes/proxy/testdata/services/with-svc-labels.yaml
index 8ff9e5bb31..c67cf8fa01 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/services/with-svc-labels.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/services/with-svc-labels.yaml
@@ -1,32 +1,35 @@
apiVersion: v1
kind: Service
metadata:
+ creationTimestamp: null
labels:
- label1: value1
- label2: value2
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
+ label1: value1
+ label2: value2
name: envoy-default-37a8eec1
namespace: envoy-gateway-system
spec:
externalTrafficPolicy: Local
ports:
- - name: EnvoyHTTPPort
- port: 0
- protocol: TCP
- targetPort: 8080
- - name: EnvoyHTTPSPort
- port: 0
- protocol: TCP
- targetPort: 8443
+ - name: EnvoyHTTPPort
+ port: 0
+ protocol: TCP
+ targetPort: 8080
+ - name: EnvoyHTTPSPort
+ port: 0
+ protocol: TCP
+ targetPort: 8443
selector:
- app.kubernetes.io/name: envoy
app.kubernetes.io/component: proxy
app.kubernetes.io/managed-by: envoy-gateway
+ app.kubernetes.io/name: envoy
gateway.envoyproxy.io/owning-gateway-name: default
gateway.envoyproxy.io/owning-gateway-namespace: default
sessionAffinity: None
type: LoadBalancer
+status:
+ loadBalancer: {}
diff --git a/internal/infrastructure/kubernetes/proxy_configmap_test.go b/internal/infrastructure/kubernetes/proxy_configmap_test.go
index 660a3cfc6d..35626c8858 100644
--- a/internal/infrastructure/kubernetes/proxy_configmap_test.go
+++ b/internal/infrastructure/kubernetes/proxy_configmap_test.go
@@ -129,7 +129,7 @@ func TestCreateOrUpdateProxyConfigMap(t *testing.T) {
ns: "test",
in: &ir.Infra{
Proxy: &ir.ProxyInfra{
- Name: "ns1/gateway-1",
+ Name: "gateway-1",
Namespace: "ns1",
Metadata: &ir.InfraMetadata{
Labels: map[string]string{
@@ -151,7 +151,7 @@ func TestCreateOrUpdateProxyConfigMap(t *testing.T) {
},
ObjectMeta: metav1.ObjectMeta{
Namespace: "ns1",
- Name: "envoy-ns1-gateway-1-02ae0474",
+ Name: "gateway-1",
Labels: map[string]string{
"app.kubernetes.io/name": "envoy",
"app.kubernetes.io/component": "proxy",
@@ -199,7 +199,7 @@ func TestCreateOrUpdateProxyConfigMap(t *testing.T) {
kube := NewInfra(cli, cfg)
if tc.gatewayNamespaceMode {
kube.EnvoyGateway.Provider.Kubernetes.Deploy = &egv1a1.KubernetesDeployMode{
- Type: ptr.To(egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)),
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
}
require.NoError(t, createGatewayForGatewayNamespaceMode(ctx, kube.Client))
}
diff --git a/internal/infrastructure/kubernetes/proxy_daemonset_test.go b/internal/infrastructure/kubernetes/proxy_daemonset_test.go
index 1b060338b7..a51ffb9936 100644
--- a/internal/infrastructure/kubernetes/proxy_daemonset_test.go
+++ b/internal/infrastructure/kubernetes/proxy_daemonset_test.go
@@ -86,9 +86,9 @@ func setupCreateOrUpdateProxyDaemonSet(gatewayNamespaceMode bool) (*appsv1.Daemo
if gatewayNamespaceMode {
cfg.EnvoyGateway.Provider.Kubernetes.Deploy = &egv1a1.KubernetesDeployMode{
- Type: ptr.To(egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)),
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
}
- infra.Proxy.Name = "ns1/gateway-1"
+ infra.Proxy.Name = "gateway-1"
infra.Proxy.Namespace = "ns1"
infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "ns1"
infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = "gateway-1"
@@ -327,7 +327,7 @@ func TestCreateOrUpdateProxyDaemonSet(t *testing.T) {
actual := &appsv1.DaemonSet{
ObjectMeta: metav1.ObjectMeta{
Namespace: kube.GetResourceNamespace(tc.in),
- Name: proxy.ExpectedResourceHashedName(tc.in.Proxy.Name),
+ Name: expectedName(tc.in.Proxy, tc.gatewayNamespaceMode),
},
}
require.NoError(t, kube.Client.Get(ctx, client.ObjectKeyFromObject(actual), actual))
@@ -336,3 +336,11 @@ func TestCreateOrUpdateProxyDaemonSet(t *testing.T) {
})
}
}
+
+func expectedName(proxyInfra *ir.ProxyInfra, isGatewayNamespaceMode bool) string {
+ if isGatewayNamespaceMode {
+ return proxyInfra.Name
+ }
+
+ return proxy.ExpectedResourceHashedName(proxyInfra.Name)
+}
diff --git a/internal/infrastructure/kubernetes/proxy_deployment_test.go b/internal/infrastructure/kubernetes/proxy_deployment_test.go
index b4528cb448..db9daf77d6 100644
--- a/internal/infrastructure/kubernetes/proxy_deployment_test.go
+++ b/internal/infrastructure/kubernetes/proxy_deployment_test.go
@@ -79,9 +79,9 @@ func setupCreateOrUpdateProxyDeployment(gatewayNamespaceMode bool) (*appsv1.Depl
if gatewayNamespaceMode {
cfg.EnvoyGateway.Provider.Kubernetes.Deploy = &egv1a1.KubernetesDeployMode{
- Type: ptr.To(egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)),
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
}
- infra.Proxy.Name = "ns1/gateway-1"
+ infra.Proxy.Name = "gateway-1"
infra.Proxy.Namespace = "ns1"
infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "ns1"
infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = "gateway-1"
@@ -320,7 +320,7 @@ func TestCreateOrUpdateProxyDeployment(t *testing.T) {
actual := &appsv1.Deployment{
ObjectMeta: metav1.ObjectMeta{
Namespace: kube.GetResourceNamespace(tc.in),
- Name: proxy.ExpectedResourceHashedName(tc.in.Proxy.Name),
+ Name: expectedName(tc.in.Proxy, tc.gatewayNamespaceMode),
},
}
require.NoError(t, kube.Client.Get(ctx, client.ObjectKeyFromObject(actual), actual))
diff --git a/internal/infrastructure/kubernetes/proxy_infra_test.go b/internal/infrastructure/kubernetes/proxy_infra_test.go
index d2630a07ff..bd907b2853 100644
--- a/internal/infrastructure/kubernetes/proxy_infra_test.go
+++ b/internal/infrastructure/kubernetes/proxy_infra_test.go
@@ -158,7 +158,7 @@ func TestCreateProxyInfra(t *testing.T) {
sa := &corev1.ServiceAccount{
ObjectMeta: metav1.ObjectMeta{
Namespace: kube.ControllerNamespace,
- Name: proxy.ExpectedResourceHashedName(tc.in.Proxy.Name),
+ Name: expectedName(tc.in.Proxy, false),
},
}
require.NoError(t, kube.Client.Get(context.Background(), client.ObjectKeyFromObject(sa), sa))
@@ -166,7 +166,7 @@ func TestCreateProxyInfra(t *testing.T) {
cm := &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{
Namespace: kube.ControllerNamespace,
- Name: proxy.ExpectedResourceHashedName(tc.in.Proxy.Name),
+ Name: expectedName(tc.in.Proxy, false),
},
}
require.NoError(t, kube.Client.Get(context.Background(), client.ObjectKeyFromObject(cm), cm))
@@ -174,7 +174,7 @@ func TestCreateProxyInfra(t *testing.T) {
deploy := &appsv1.Deployment{
ObjectMeta: metav1.ObjectMeta{
Namespace: kube.ControllerNamespace,
- Name: proxy.ExpectedResourceHashedName(tc.in.Proxy.Name),
+ Name: expectedName(tc.in.Proxy, false),
},
}
require.NoError(t, kube.Client.Get(context.Background(), client.ObjectKeyFromObject(deploy), deploy))
@@ -182,7 +182,7 @@ func TestCreateProxyInfra(t *testing.T) {
svc := &corev1.Service{
ObjectMeta: metav1.ObjectMeta{
Namespace: kube.ControllerNamespace,
- Name: proxy.ExpectedResourceHashedName(tc.in.Proxy.Name),
+ Name: expectedName(tc.in.Proxy, false),
},
}
require.NoError(t, kube.Client.Get(context.Background(), client.ObjectKeyFromObject(svc), svc))
diff --git a/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go b/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go
index 62c1b4963c..5b7b739cdd 100644
--- a/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go
+++ b/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go
@@ -12,7 +12,6 @@ import (
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
- "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -172,7 +171,7 @@ func TestCreateOrUpdateProxyServiceAccount(t *testing.T) {
ns: "test",
in: &ir.Infra{
Proxy: &ir.ProxyInfra{
- Name: "ns1/gateway-1",
+ Name: "gateway-1",
Namespace: "ns1",
Metadata: &ir.InfraMetadata{
Labels: map[string]string{
@@ -194,7 +193,7 @@ func TestCreateOrUpdateProxyServiceAccount(t *testing.T) {
},
ObjectMeta: metav1.ObjectMeta{
Namespace: "ns1",
- Name: "envoy-ns1-gateway-1-02ae0474",
+ Name: "gateway-1",
Labels: map[string]string{
"app.kubernetes.io/name": "envoy",
"app.kubernetes.io/component": "proxy",
@@ -239,7 +238,7 @@ func TestCreateOrUpdateProxyServiceAccount(t *testing.T) {
kube := NewInfra(cli, cfg)
if tc.gatewayNamespaceMode {
kube.EnvoyGateway.Provider.Kubernetes.Deploy = &egv1a1.KubernetesDeployMode{
- Type: ptr.To(egv1a1.KubernetesDeployModeType(egv1a1.KubernetesDeployModeTypeGatewayNamespace)),
+ Type: ptr.To(egv1a1.KubernetesDeployModeTypeGatewayNamespace),
}
require.NoError(t, createGatewayForGatewayNamespaceMode(ctx, kube.Client))
}
@@ -252,13 +251,13 @@ func TestCreateOrUpdateProxyServiceAccount(t *testing.T) {
actual := &corev1.ServiceAccount{
ObjectMeta: metav1.ObjectMeta{
Namespace: kube.GetResourceNamespace(tc.in),
- Name: proxy.ExpectedResourceHashedName(tc.in.Proxy.Name),
+ Name: expectedName(tc.in.Proxy, tc.gatewayNamespaceMode),
},
}
require.NoError(t, kube.Client.Get(ctx, client.ObjectKeyFromObject(actual), actual))
opts := cmpopts.IgnoreFields(metav1.ObjectMeta{}, "ResourceVersion")
- assert.True(t, cmp.Equal(tc.want, actual, opts))
+ require.Empty(t, cmp.Diff(tc.want, actual, opts))
})
}
}
diff --git a/internal/xds/server/kubejwt/jwtinterceptor.go b/internal/xds/server/kubejwt/jwtinterceptor.go
index 6962f9ea25..fcd8722ac5 100644
--- a/internal/xds/server/kubejwt/jwtinterceptor.go
+++ b/internal/xds/server/kubejwt/jwtinterceptor.go
@@ -15,6 +15,7 @@ import (
"google.golang.org/grpc/metadata"
"k8s.io/client-go/kubernetes"
+ "github.com/envoyproxy/gateway/internal/logging"
"github.com/envoyproxy/gateway/internal/xds/cache"
)
@@ -24,15 +25,17 @@ type JWTAuthInterceptor struct {
issuer string
audience string
cache cache.SnapshotCacheWithCallbacks
+ logger logging.Logger
}
// NewJWTAuthInterceptor initializes a new JWTAuthInterceptor.
-func NewJWTAuthInterceptor(clientset *kubernetes.Clientset, issuer, audience string, cache cache.SnapshotCacheWithCallbacks) *JWTAuthInterceptor {
+func NewJWTAuthInterceptor(logger logging.Logger, clientset *kubernetes.Clientset, issuer, audience string, cache cache.SnapshotCacheWithCallbacks) *JWTAuthInterceptor {
return &JWTAuthInterceptor{
clientset: clientset,
issuer: issuer,
audience: audience,
cache: cache,
+ logger: logger.WithName("jwt-auth-interceptor"),
}
}
@@ -68,6 +71,7 @@ func (w *wrappedStream) RecvMsg(m any) error {
token := strings.TrimPrefix(authHeader[0], "Bearer ")
if err := w.interceptor.validateKubeJWT(w.ctx, token, nodeID); err != nil {
+ w.interceptor.logger.Error(err, "failed to validate token")
return fmt.Errorf("failed to validate token: %w", err)
}
diff --git a/internal/xds/server/kubejwt/tokenreview.go b/internal/xds/server/kubejwt/tokenreview.go
index efed1e7239..1a3a596127 100644
--- a/internal/xds/server/kubejwt/tokenreview.go
+++ b/internal/xds/server/kubejwt/tokenreview.go
@@ -13,12 +13,10 @@ import (
authenticationv1 "k8s.io/api/authentication/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/types"
"k8s.io/apiserver/pkg/authentication/serviceaccount"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
-
- "github.com/envoyproxy/gateway/internal/envoygateway/config"
- "github.com/envoyproxy/gateway/internal/utils"
)
// GetKubernetesClient creates a Kubernetes client using in-cluster configuration.
@@ -71,25 +69,37 @@ func (i *JWTAuthInterceptor) validateKubeJWT(ctx context.Context, token, nodeID
}
// Check if the service account name in the JWT token exists in the cache.
- // This is used to verify that the token belongs to a valid Enovy managed by Envoy Gateway.
+ // This is used to verify that the token belongs to a valid Envoy managed by Envoy Gateway.
// example: "system:serviceaccount:default:envoy-default-eg-e41e7b31"
parts := strings.Split(tokenReview.Status.User.Username, ":")
if len(parts) != 4 {
return fmt.Errorf("invalid username format: %s", tokenReview.Status.User.Username)
}
- sa := parts[3]
+ ns, sa := parts[2], parts[3]
irKeys := i.cache.GetIrKeys()
for _, irKey := range irKeys {
- if irKey2ServiceAccountName(irKey) == sa {
+ nn := irKey2ServiceAccountName(irKey)
+ if nn.Name == sa && nn.Namespace == ns {
return nil
}
}
- return fmt.Errorf("Envoy service account %s not found in the cache", sa)
+ return fmt.Errorf("service account for Envoy %s not found in the cache", sa)
}
// this is the same logic used in infra pkg func ExpectedResourceHashedName to generate the resource name.
-func irKey2ServiceAccountName(irKey string) string {
- hashedName := utils.GetHashedName(irKey, 48)
- return fmt.Sprintf("%s-%s", config.EnvoyPrefix, hashedName)
+func irKey2ServiceAccountName(irKey string) types.NamespacedName {
+ names := strings.Split(irKey, "/")
+ if len(names) == 2 {
+ return types.NamespacedName{
+ Namespace: names[0],
+ Name: names[1],
+ }
+ }
+
+ // Might be MergeGateways, should not happen
+ // but just in case, return the first part as name
+ return types.NamespacedName{
+ Name: names[0],
+ }
}
diff --git a/internal/xds/server/runner/runner.go b/internal/xds/server/runner/runner.go
index 46001cd3e7..429438babb 100644
--- a/internal/xds/server/runner/runner.go
+++ b/internal/xds/server/runner/runner.go
@@ -114,6 +114,7 @@ func (r *Runner) Start(ctx context.Context) (err error) {
}
saAudience := fmt.Sprintf("%s.%s.svc.%s", config.EnvoyGatewayServiceName, r.ControllerNamespace, r.DNSDomain)
jwtInterceptor := kubejwt.NewJWTAuthInterceptor(
+ r.Logger,
clientset,
defaultKubernetesIssuer,
saAudience,
diff --git a/release-notes/current.yaml b/release-notes/current.yaml
index 80df73d656..1f4474042f 100644
--- a/release-notes/current.yaml
+++ b/release-notes/current.yaml
@@ -2,6 +2,7 @@ date: Pending
# Changes that are expected to cause an incompatibility with previous versions, such as deletions or modifications to existing APIs.
breaking changes: |
+ Use gateway name as proxy fleet name for gateway namespace mode.
# Updates addressing vulnerabilities, security flaws, or compliance requirements.
security updates: |
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 0ccbf24804..21ec2302d8 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -2777,6 +2777,10 @@ KubernetesDeployModeType defines the type of KubernetesDeployMode
_Appears in:_
- [KubernetesDeployMode](#kubernetesdeploymode)
+| Value | Description |
+| ----- | ----------- |
+| `ControllerNamespace` | KubernetesDeployModeTypeControllerNamespace indicates that the controller namespace is used for the infra proxy deployments.
|
+| `GatewayNamespace` | KubernetesDeployModeTypeGatewayNamespace indicates that the gateway namespace is used for the infra proxy deployments.
|
#### KubernetesDeploymentSpec
diff --git a/test/e2e/testdata/envoyproxy-custom-name.yaml b/test/e2e/testdata/envoyproxy-custom-name.yaml
index a1061025ef..922a7b9684 100644
--- a/test/e2e/testdata/envoyproxy-custom-name.yaml
+++ b/test/e2e/testdata/envoyproxy-custom-name.yaml
@@ -1,7 +1,7 @@
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
- name: deploy-custom-name
+ name: eg-deployment
namespace: gateway-conformance-infra
spec:
gatewayClassName: "{GATEWAY_CLASS_NAME}"
@@ -35,7 +35,7 @@ metadata:
namespace: gateway-conformance-infra
spec:
parentRefs:
- - name: deploy-custom-name
+ - name: eg-deployment
rules:
- backendRefs:
- name: infra-backend-v1
@@ -48,7 +48,7 @@ spec:
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
- name: ds-custom-name
+ name: eg-daemonset
namespace: gateway-conformance-infra
spec:
gatewayClassName: "{GATEWAY_CLASS_NAME}"
@@ -109,7 +109,7 @@ metadata:
namespace: gateway-conformance-infra
spec:
parentRefs:
- - name: ds-custom-name
+ - name: eg-daemonset
rules:
- backendRefs:
- name: infra-backend-v1
diff --git a/test/e2e/tests/envoyproxy.go b/test/e2e/tests/envoyproxy.go
index 3ac2995ae5..46454c5780 100644
--- a/test/e2e/tests/envoyproxy.go
+++ b/test/e2e/tests/envoyproxy.go
@@ -41,7 +41,7 @@ var EnvoyProxyCustomNameTest = suite.ConformanceTest{
t.Run("Deployment", func(t *testing.T) {
ns := "gateway-conformance-infra"
routeNN := types.NamespacedName{Name: "deploy-route", Namespace: ns}
- gwNN := types.NamespacedName{Name: "deploy-custom-name", Namespace: ns}
+ gwNN := types.NamespacedName{Name: "eg-deployment", Namespace: ns}
okResp := http.ExpectedResponse{
Request: http.Request{
Path: "/deploy",
@@ -53,11 +53,11 @@ var EnvoyProxyCustomNameTest = suite.ConformanceTest{
}
// Make sure there's deployment for the gateway
- err := checkEnvoyProxyDeployment(t, suite, gwNN, gatewayNS, fmt.Sprintf("envoy-%s-%s", gwNN.Namespace, gwNN.Name))
+ err := checkEnvoyProxyDeployment(t, suite, gwNN, gatewayNS, expectedGatewayName(gwNN))
if err != nil {
t.Fatalf("Failed to check EnvoyProxy deployment: %v", err)
}
- err = checkEnvoyProxyService(t, suite, gwNN, gatewayNS, fmt.Sprintf("envoy-%s-%s", gwNN.Namespace, gwNN.Name))
+ err = checkEnvoyProxyService(t, suite, gwNN, gatewayNS, expectedGatewayName(gwNN))
if err != nil {
t.Fatalf("Failed to check EnvoyProxy service: %v", err)
}
@@ -88,11 +88,11 @@ var EnvoyProxyCustomNameTest = suite.ConformanceTest{
updateGateway(t, suite, gwNN, &gwapiv1.GatewayInfrastructure{})
// Make sure there's deployment for the gateway
- err = checkEnvoyProxyDeployment(t, suite, gwNN, gatewayNS, fmt.Sprintf("envoy-%s-%s", gwNN.Namespace, gwNN.Name))
+ err = checkEnvoyProxyDeployment(t, suite, gwNN, gatewayNS, expectedGatewayName(gwNN))
if err != nil {
t.Fatalf("Failed to check EnvoyProxy deployment: %v", err)
}
- err = checkEnvoyProxyService(t, suite, gwNN, gatewayNS, fmt.Sprintf("envoy-%s-%s", gwNN.Namespace, gwNN.Name))
+ err = checkEnvoyProxyService(t, suite, gwNN, gatewayNS, expectedGatewayName(gwNN))
if err != nil {
t.Fatalf("Failed to check EnvoyProxy service: %v", err)
}
@@ -103,7 +103,7 @@ var EnvoyProxyCustomNameTest = suite.ConformanceTest{
t.Run("DaemonSet", func(t *testing.T) {
ns := "gateway-conformance-infra"
routeNN := types.NamespacedName{Name: "ds-route", Namespace: ns}
- gwNN := types.NamespacedName{Name: "ds-custom-name", Namespace: ns}
+ gwNN := types.NamespacedName{Name: "eg-daemonset", Namespace: ns}
okResp := http.ExpectedResponse{
Request: http.Request{
Path: "/daemonset",
@@ -115,11 +115,11 @@ var EnvoyProxyCustomNameTest = suite.ConformanceTest{
}
// Make sure there's DaemonSet for the gateway
- err := checkEnvoyProxyDaemonSet(t, suite, gwNN, gatewayNS, fmt.Sprintf("envoy-%s-%s", gwNN.Namespace, gwNN.Name))
+ err := checkEnvoyProxyDaemonSet(t, suite, gwNN, gatewayNS, expectedGatewayName(gwNN))
if err != nil {
t.Fatalf("Failed to check EnvoyProxy deployment: %v", err)
}
- err = checkEnvoyProxyService(t, suite, gwNN, gatewayNS, fmt.Sprintf("envoy-%s-%s", gwNN.Namespace, gwNN.Name))
+ err = checkEnvoyProxyService(t, suite, gwNN, gatewayNS, expectedGatewayName(gwNN))
if err != nil {
t.Fatalf("Failed to check EnvoyProxy service: %v", err)
}
@@ -156,11 +156,11 @@ var EnvoyProxyCustomNameTest = suite.ConformanceTest{
})
// Make sure there's DaemonSet for the gateway
- err = checkEnvoyProxyDaemonSet(t, suite, gwNN, gatewayNS, fmt.Sprintf("envoy-%s-%s", gwNN.Namespace, gwNN.Name))
+ err = checkEnvoyProxyDaemonSet(t, suite, gwNN, gatewayNS, expectedGatewayName(gwNN))
if err != nil {
t.Fatalf("Failed to check EnvoyProxy deployment: %v", err)
}
- err = checkEnvoyProxyService(t, suite, gwNN, gatewayNS, fmt.Sprintf("envoy-%s-%s", gwNN.Namespace, gwNN.Name))
+ err = checkEnvoyProxyService(t, suite, gwNN, gatewayNS, expectedGatewayName(gwNN))
if err != nil {
t.Fatalf("Failed to check EnvoyProxy service: %v", err)
}
@@ -171,6 +171,14 @@ var EnvoyProxyCustomNameTest = suite.ConformanceTest{
},
}
+func expectedGatewayName(gwNN types.NamespacedName) string {
+ if IsGatewayNamespaceMode() {
+ return gwNN.Name
+ }
+
+ return fmt.Sprintf("envoy-%s-%s", gwNN.Namespace, gwNN.Name)
+}
+
func updateGateway(t *testing.T, suite *suite.ConformanceTestSuite, gwNN types.NamespacedName, paramRef *gwapiv1.GatewayInfrastructure) {
err := wait.PollUntilContextTimeout(t.Context(), time.Second, suite.TimeoutConfig.CreateTimeout, true,
func(ctx context.Context) (bool, error) {
@@ -228,7 +236,7 @@ func checkEnvoyProxyDeployment(t *testing.T, suite *suite.ConformanceTestSuite,
// Make sure there's deployment for the gateway
return wait.PollUntilContextTimeout(context.TODO(), time.Second, suite.TimeoutConfig.CreateTimeout, true, func(ctx context.Context) (bool, error) {
deploys := &appsv1.DeploymentList{}
- err := suite.Client.List(ctx, deploys, &client.ListOptions{
+ opts := &client.ListOptions{
Namespace: exceptNs,
LabelSelector: labels.SelectorFromSet(map[string]string{
"app.kubernetes.io/managed-by": "envoy-gateway",
@@ -236,12 +244,13 @@ func checkEnvoyProxyDeployment(t *testing.T, suite *suite.ConformanceTestSuite,
"gateway.envoyproxy.io/owning-gateway-name": gwNN.Name,
"gateway.envoyproxy.io/owning-gateway-namespace": gwNN.Namespace,
}),
- })
+ }
+ err := suite.Client.List(ctx, deploys, opts)
if err != nil {
return false, err
}
if len(deploys.Items) != 1 {
- tlog.Logf(t, "Expected 1 Deployment for the Gateway, got %d", len(deploys.Items))
+ tlog.Logf(t, "Expected 1 Deployment for the Gateway (%v), got %d", opts, len(deploys.Items))
return false, nil
}
@@ -264,7 +273,7 @@ func checkEnvoyProxyService(t *testing.T, suite *suite.ConformanceTestSuite, gwN
// Make sure there's deployment for the gateway
return wait.PollUntilContextTimeout(context.TODO(), time.Second, suite.TimeoutConfig.CreateTimeout, true, func(ctx context.Context) (bool, error) {
svcList := &corev1.ServiceList{}
- err := suite.Client.List(ctx, svcList, &client.ListOptions{
+ opts := &client.ListOptions{
Namespace: exceptNs,
LabelSelector: labels.SelectorFromSet(map[string]string{
"app.kubernetes.io/managed-by": "envoy-gateway",
@@ -272,12 +281,13 @@ func checkEnvoyProxyService(t *testing.T, suite *suite.ConformanceTestSuite, gwN
"gateway.envoyproxy.io/owning-gateway-name": gwNN.Name,
"gateway.envoyproxy.io/owning-gateway-namespace": gwNN.Namespace,
}),
- })
+ }
+ err := suite.Client.List(ctx, svcList, opts)
if err != nil {
return false, err
}
if len(svcList.Items) != 1 {
- tlog.Logf(t, "Expected 1 Service for the Gateway, got %d", len(svcList.Items))
+ tlog.Logf(t, "Expected 1 Service for the Gateway (%v), got %d", opts, len(svcList.Items))
return false, nil
}
@@ -296,7 +306,7 @@ func checkEnvoyProxyDaemonSet(t *testing.T, suite *suite.ConformanceTestSuite, g
// Make sure there's deployment for the gateway
return wait.PollUntilContextTimeout(context.TODO(), time.Second, suite.TimeoutConfig.CreateTimeout, true, func(ctx context.Context) (bool, error) {
dsList := &appsv1.DaemonSetList{}
- err := suite.Client.List(ctx, dsList, &client.ListOptions{
+ opts := &client.ListOptions{
Namespace: exceptNs,
LabelSelector: labels.SelectorFromSet(map[string]string{
"app.kubernetes.io/managed-by": "envoy-gateway",
@@ -304,12 +314,13 @@ func checkEnvoyProxyDaemonSet(t *testing.T, suite *suite.ConformanceTestSuite, g
"gateway.envoyproxy.io/owning-gateway-name": gwNN.Name,
"gateway.envoyproxy.io/owning-gateway-namespace": gwNN.Namespace,
}),
- })
+ }
+ err := suite.Client.List(ctx, dsList, opts)
if err != nil {
return false, err
}
if len(dsList.Items) != 1 {
- tlog.Logf(t, "Expected 1 DaemonSet for the Gateway, got %d", len(dsList.Items))
+ tlog.Logf(t, "Expected 1 DaemonSet for the Gateway (%v), got %d", opts, len(dsList.Items))
return false, nil
}