bugfix: BackendTlsPolicy should not reference across namespace#6309
Merged
arkodg merged 2 commits intoenvoyproxy:mainfrom Jun 16, 2025
Merged
bugfix: BackendTlsPolicy should not reference across namespace#6309arkodg merged 2 commits intoenvoyproxy:mainfrom
arkodg merged 2 commits intoenvoyproxy:mainfrom
Conversation
Signed-off-by: zirain <zirain2009@gmail.com>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #6309 +/- ##
==========================================
+ Coverage 70.60% 70.61% +0.01%
==========================================
Files 220 220
Lines 36829 36835 +6
==========================================
+ Hits 26003 26012 +9
+ Misses 9293 9292 -1
+ Partials 1533 1531 -2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
zhaohuabing
approved these changes
Jun 16, 2025
zhaohuabing
pushed a commit
to shawnh2/gateway
that referenced
this pull request
Jul 4, 2025
…proxy#6309) * bugfix: BackendTlsPolicy should not reference across namespace Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 9925189) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
zhaohuabing
added a commit
that referenced
this pull request
Jul 4, 2025
* fix(translator): ext-proc full duplex streamed trailers and validation (#6323) * fix ext proc validation and trailer management for full duplex streamed mode Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * feat: disable automountServiceAccountToken for proxy and ratelimit (#6364) Signed-off-by: Jeff Davis <mr.jefedavis@gmail.com> * bugfix: make EnvoyPatchPolicy able to replace telemetry cluster (#6367) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * feat: add validation of section name for Gateway listener (#6343) * add validation of section name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update error status reason Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * refactor: define as function of validate section name for gateway listener Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix: add configMap indexers for EEP reconciler (#6369) Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: use buildEndpointType for access and tracing (#6370) Signed-off-by: zirain <zirain2009@gmail.com> * fix: default accesslog not working (#6441) * fix default accesslog Signed-off-by: zirain <zirain2009@gmail.com> * release notes Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * chore: fix cve (#6446) * fix cve Signed-off-by: zirain <zirain2009@gmail.com> * lint Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> * fix: Do not set backendRequestTimeout when Retries are set (#6421) * fix: Do not set backendRequestTimeout when Retries are set Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> * fix: update comment Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> --------- Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> * gatewayapi: don't append gwcResource if there's invalid GatewayClass (#6379) * gatewayapi: don't process gloabal resources when acceptedGateways is 0 Signed-off-by: zirain <zirain2009@gmail.com> * update Signed-off-by: zirain <zirain2009@gmail.com> * fix test Signed-off-by: zirain <zirain2009@gmail.com> * don't skip gateways Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix testdata Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix k8s provider controller Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix: retry reconcile on transient errors during reconcile (#6299) * fix: add isTransientError helper to classify retryable errors Introduces isTransientError to detect transient Kubernetes errors and enable proper reconciliation retries. Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> handle errors from processing BackendRefs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> handle errors from processing ConfigMap Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * skip invalid GatewayClass Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * address comment Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * handle all transient errors Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * don't skip failed GCs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit 71ce56f) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix: fix bug in hostname overlap detection (#6332) fix bug in hostname overlap detection Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> (cherry picked from commit e78e268) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix telemetry with host port not working (#6460) Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit c0a2ce7) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * bugfix: BackendTlsPolicy should not reference across namespace (#6309) * bugfix: BackendTlsPolicy should not reference across namespace Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 9925189) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: Jeff Davis <mr.jefedavis@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Guy Daich <guy.daich@sap.com> Co-authored-by: Jeff Davis <mr.jefedavis@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com> Co-authored-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Co-authored-by: Sudipto Baral <sudiptobaral.me@gmail.com> Co-authored-by: Patryk Rostkowski <48490105+patrostkowski@users.noreply.github.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
shawnh2
added a commit
to shawnh2/gateway
that referenced
this pull request
Sep 15, 2025
* fix(translator): ext-proc full duplex streamed trailers and validation (envoyproxy#6323) * fix ext proc validation and trailer management for full duplex streamed mode Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * feat: disable automountServiceAccountToken for proxy and ratelimit (envoyproxy#6364) Signed-off-by: Jeff Davis <mr.jefedavis@gmail.com> * bugfix: make EnvoyPatchPolicy able to replace telemetry cluster (envoyproxy#6367) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * feat: add validation of section name for Gateway listener (envoyproxy#6343) * add validation of section name Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * update error status reason Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * refactor: define as function of validate section name for gateway listener Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix: add configMap indexers for EEP reconciler (envoyproxy#6369) Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: use buildEndpointType for access and tracing (envoyproxy#6370) Signed-off-by: zirain <zirain2009@gmail.com> * fix: default accesslog not working (envoyproxy#6441) * fix default accesslog Signed-off-by: zirain <zirain2009@gmail.com> * release notes Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * chore: fix cve (envoyproxy#6446) * fix cve Signed-off-by: zirain <zirain2009@gmail.com> * lint Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> * fix: Do not set backendRequestTimeout when Retries are set (envoyproxy#6421) * fix: Do not set backendRequestTimeout when Retries are set Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> * fix: update comment Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> --------- Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> * gatewayapi: don't append gwcResource if there's invalid GatewayClass (envoyproxy#6379) * gatewayapi: don't process gloabal resources when acceptedGateways is 0 Signed-off-by: zirain <zirain2009@gmail.com> * update Signed-off-by: zirain <zirain2009@gmail.com> * fix test Signed-off-by: zirain <zirain2009@gmail.com> * don't skip gateways Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix testdata Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix k8s provider controller Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix: retry reconcile on transient errors during reconcile (envoyproxy#6299) * fix: add isTransientError helper to classify retryable errors Introduces isTransientError to detect transient Kubernetes errors and enable proper reconciliation retries. Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> handle errors from processing BackendRefs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> handle errors from processing ConfigMap Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * skip invalid GatewayClass Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * address comment Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * handle all transient errors Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * don't skip failed GCs Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> (cherry picked from commit 71ce56f) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix: fix bug in hostname overlap detection (envoyproxy#6332) fix bug in hostname overlap detection Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> (cherry picked from commit e78e268) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix telemetry with host port not working (envoyproxy#6460) Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit c0a2ce7) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * bugfix: BackendTlsPolicy should not reference across namespace (envoyproxy#6309) * bugfix: BackendTlsPolicy should not reference across namespace Signed-off-by: zirain <zirain2009@gmail.com> (cherry picked from commit 9925189) Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Guy Daich <guy.daich@sap.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: Jeff Davis <mr.jefedavis@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Signed-off-by: sudipto baral <sudiptobaral.me@gmail.com> Signed-off-by: Patryk Rostkowski <patrostkowski@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: Guy Daich <guy.daich@sap.com> Co-authored-by: Jeff Davis <mr.jefedavis@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com> Co-authored-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Co-authored-by: Sudipto Baral <sudiptobaral.me@gmail.com> Co-authored-by: Patryk Rostkowski <48490105+patrostkowski@users.noreply.github.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
IIUC, LocalObjectReference should not across namespace.