Allow for headless envoy services#6250
Merged
arkodg merged 9 commits intoenvoyproxy:mainfrom Jun 3, 2025
Merged
Conversation
Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com>
Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #6250 +/- ##
==========================================
+ Coverage 70.45% 70.51% +0.05%
==========================================
Files 220 220
Lines 36607 36611 +4
==========================================
+ Hits 25792 25815 +23
+ Misses 9288 9270 -18
+ Partials 1527 1526 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
|
thanks @ryanhristovski |
Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com>
arkodg
previously approved these changes
Jun 2, 2025
Contributor
|
test is failing @ryanhristovski |
Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com>
Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com>
Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com>
arkodg
approved these changes
Jun 2, 2025
Contributor
Author
|
/retest |
shawnh2
approved these changes
Jun 3, 2025
Member
|
/retest |
arkodg
pushed a commit
to arkodg/gateway
that referenced
this pull request
Jun 3, 2025
* Allow for headless envoy services Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Allow headless service, cleanup Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * clean Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Add test and comment Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Fix tests Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> (cherry picked from commit 2e168a8) Signed-off-by: Arko Dasgupta <arko@tetrate.io>
arkodg
added a commit
that referenced
this pull request
Jun 4, 2025
* feat: set OverlappingTLSConfig condition for merged Gateways (#5862) * set OverlappingTLSConfig condition for merged Gateways Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * minor change Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit be51e5b) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: fix backend tls test (#6029) * fix backend tls test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * enable backend tls test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * remove gateway TLS to simplify the test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * rename secret to avoid conflicts Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit a685667) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * validate gateway namespace mode and merged gateways (#6041) * validate gateway namespace mode and merged gateways in translator Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * skip merge gateways test Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * validate on gatewayclass and set the status Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * skip e2e test Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * add valid testcases Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Update internal/provider/kubernetes/controller.go Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * skip merge gateways test Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * rebase Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> (cherry picked from commit c5f6831) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Fix shared=true when no clientSelector, (#6072) * Fix shared=true when no clientSelector, cleanup filter logic, fix rl descriptor logic Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * testdata update Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Linting, remove unused funcs Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * fix e2e Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> (cherry picked from commit bb3c8da) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix(tranlator): SubjectAltNames were being dropped from BackendTLSPolicy.validation (#6092) * Add support for SubjectAltNames from BackendTLSPolicy.validation Signed-off-by: Ankush Agarwal <ankushagarwal11@gmail.com> (cherry picked from commit 35420d5) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: add ownerreference to infra resources when gateway namespace mode (#6100) * feat: add ownerreference to infra resources when gateway namespace mode Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> (cherry picked from commit fc462a8) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: add FullDuplexStreamed to enum (#6103) * fix: add FullDuplexStreamed to enum Signed-off-by: Guy Daich <guy.daich@sap.com> (cherry picked from commit 020d60a) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: Use quoted values zone annotation in topology injector (#6133) * Quoted string for zone values Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> * release note Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> * regen Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> (cherry picked from commit ea9cb05) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: return early from buildwasms (#6169) return early from buildwasms Signed-off-by: Guy Daich <guy.daich@sap.com> (cherry picked from commit 64624fe) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: bump go and purego (#6174) * chore: bump go and purego Signed-off-by: zirain <zirain2009@gmail.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 40ae9e3) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: translate xds udp listener (#6183) * fix: translate udp listener Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: tcp/udp no routes testdata in xds translator Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: release note Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> (cherry picked from commit 8f538e7) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Change static uid to for global ratelimit dashboard (#6193) Signed-off-by: Emin Aktas <eminaktas34@gmail.com> (cherry picked from commit f721925) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Fix broken btp ratelimit merge (#6214) * Fix broken btp ratelimit merge Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * lint Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> --------- Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> (cherry picked from commit 0f6f363) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Keep ALPN configuration for listeners with overlapping certificates when ALPN is explicitly set via ClientTrafficPolicy (#6217) Keep ALPN configuration for listeners with overlapping certificates when ALPN is explicitly set in ClientTrafficPolicy Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit de816a6) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix testdata Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Allow for headless envoy services (#6250) * Allow for headless envoy services Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Allow headless service, cleanup Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * clean Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Add test and comment Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Fix tests Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> (cherry picked from commit 2e168a8) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * remove infra ENVOY_GATEWAY_NAMESPACE and introduce ENVOY_POD_NAMESPACE envVar for accesslog (#6221) * remove infra ENVOY_GATEWAY_NAMESPACE and introduce ENVOY_POD_NAMESPACE envVar for accesslog Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix e2e test Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> (cherry picked from commit b7ed197) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix lint Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> Signed-off-by: Ankush Agarwal <ankushagarwal11@gmail.com> Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Emin Aktas <eminaktas34@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Ryan Hristovski <61257223+ryanhristovski@users.noreply.github.com> Co-authored-by: Ankush Agarwal <ankushagarwal11@gmail.com> Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com> Co-authored-by: Guy Daich <guy.daich@sap.com> Co-authored-by: Isaac <10012479+jukie@users.noreply.github.com> Co-authored-by: Emin AKTAS <eminaktas34@gmail.com>
shawnh2
pushed a commit
to shawnh2/gateway
that referenced
this pull request
Sep 15, 2025
* feat: set OverlappingTLSConfig condition for merged Gateways (envoyproxy#5862) * set OverlappingTLSConfig condition for merged Gateways Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix lint Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * minor change Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit be51e5b) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * e2e: fix backend tls test (envoyproxy#6029) * fix backend tls test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * enable backend tls test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * remove gateway TLS to simplify the test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * rename secret to avoid conflicts Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit a685667) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * validate gateway namespace mode and merged gateways (envoyproxy#6041) * validate gateway namespace mode and merged gateways in translator Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * skip merge gateways test Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * validate on gatewayclass and set the status Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * skip e2e test Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * add valid testcases Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * Update internal/provider/kubernetes/controller.go Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix lint Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * skip merge gateways test Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * rebase Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> (cherry picked from commit c5f6831) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Fix shared=true when no clientSelector, (envoyproxy#6072) * Fix shared=true when no clientSelector, cleanup filter logic, fix rl descriptor logic Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * testdata update Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Linting, remove unused funcs Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * fix e2e Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> (cherry picked from commit bb3c8da) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix(tranlator): SubjectAltNames were being dropped from BackendTLSPolicy.validation (envoyproxy#6092) * Add support for SubjectAltNames from BackendTLSPolicy.validation Signed-off-by: Ankush Agarwal <ankushagarwal11@gmail.com> (cherry picked from commit 35420d5) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * feat: add ownerreference to infra resources when gateway namespace mode (envoyproxy#6100) * feat: add ownerreference to infra resources when gateway namespace mode Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> (cherry picked from commit fc462a8) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: add FullDuplexStreamed to enum (envoyproxy#6103) * fix: add FullDuplexStreamed to enum Signed-off-by: Guy Daich <guy.daich@sap.com> (cherry picked from commit 020d60a) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: Use quoted values zone annotation in topology injector (envoyproxy#6133) * Quoted string for zone values Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> * release note Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> * regen Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> (cherry picked from commit ea9cb05) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: return early from buildwasms (envoyproxy#6169) return early from buildwasms Signed-off-by: Guy Daich <guy.daich@sap.com> (cherry picked from commit 64624fe) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * chore: bump go and purego (envoyproxy#6174) * chore: bump go and purego Signed-off-by: zirain <zirain2009@gmail.com> * fix gen Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 40ae9e3) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix: translate xds udp listener (envoyproxy#6183) * fix: translate udp listener Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: tcp/udp no routes testdata in xds translator Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add: release note Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> (cherry picked from commit 8f538e7) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Change static uid to for global ratelimit dashboard (envoyproxy#6193) Signed-off-by: Emin Aktas <eminaktas34@gmail.com> (cherry picked from commit f721925) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Fix broken btp ratelimit merge (envoyproxy#6214) * Fix broken btp ratelimit merge Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * lint Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> --------- Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> (cherry picked from commit 0f6f363) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Keep ALPN configuration for listeners with overlapping certificates when ALPN is explicitly set via ClientTrafficPolicy (envoyproxy#6217) Keep ALPN configuration for listeners with overlapping certificates when ALPN is explicitly set in ClientTrafficPolicy Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit de816a6) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix testdata Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Allow for headless envoy services (envoyproxy#6250) * Allow for headless envoy services Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Allow headless service, cleanup Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * clean Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Add test and comment Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> * Fix tests Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> (cherry picked from commit 2e168a8) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * remove infra ENVOY_GATEWAY_NAMESPACE and introduce ENVOY_POD_NAMESPACE envVar for accesslog (envoyproxy#6221) * remove infra ENVOY_GATEWAY_NAMESPACE and introduce ENVOY_POD_NAMESPACE envVar for accesslog Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix e2e test Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> (cherry picked from commit b7ed197) Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix lint Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Ryan Hristovski <ryan.hristovski@docker.com> Signed-off-by: Ankush Agarwal <ankushagarwal11@gmail.com> Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Emin Aktas <eminaktas34@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Ryan Hristovski <61257223+ryanhristovski@users.noreply.github.com> Co-authored-by: Ankush Agarwal <ankushagarwal11@gmail.com> Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com> Co-authored-by: Guy Daich <guy.daich@sap.com> Co-authored-by: Isaac <10012479+jukie@users.noreply.github.com> Co-authored-by: Emin AKTAS <eminaktas34@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When clusterip on service is set to None it causes a not critical error (everything still functions as expected):
Caused by this:
This solution simply adds valid cluster IP's, and ignores None or "".
Signed-off-by: Ryan Hristovski ryan.hristovski@docker.com