From 41919abb03c73a914d93391badc17b4be1bd82d7 Mon Sep 17 00:00:00 2001 From: "Huabing (Robin) Zhao" Date: Wed, 30 Jul 2025 08:38:24 +0000 Subject: [PATCH 1/2] add listener metadata Signed-off-by: Huabing (Robin) Zhao --- .../translate/out/default-resources.all.yaml | 16 +++++++++ .../out/from-gateway-api-to-xds.all.json | 28 +++++++++++++++ .../out/from-gateway-api-to-xds.all.yaml | 16 +++++++++ .../out/from-gateway-api-to-xds.listener.yaml | 16 +++++++++ ...-single-route-single-match-to-xds.all.json | 14 ++++++++ ...-single-route-single-match-to-xds.all.yaml | 8 +++++ ...le-route-single-match-to-xds.listener.yaml | 8 +++++ .../out/no-service-cluster-ip.all.yaml | 8 +++++ internal/xds/translator/metadata.go | 17 ++++++++- .../out/xds-ir/accesslog-types.listeners.yaml | 8 +++++ .../authorization-jwt-claim.listeners.yaml | 8 +++++ .../authorization-jwt-scope.listeners.yaml | 8 +++++ .../xds-ir/backend-priority.listeners.yaml | 8 +++++ .../out/xds-ir/btp-telemetry.listeners.yaml | 8 +++++ .../out/xds-ir/compression.listeners.yaml | 8 +++++ ...al-injection-backend-filter.listeners.yaml | 8 +++++ .../credential-injection.listeners.yaml | 8 +++++ .../out/xds-ir/custom-response.listeners.yaml | 8 +++++ .../xds-ir/dns-lookup-family.listeners.yaml | 8 +++++ ...-proc-with-traffic-settings.listeners.yaml | 8 +++++ .../xds-ir/http-connect-proxy.listeners.yaml | 8 +++++ .../http-connect-terminate.listeners.yaml | 8 +++++ ...http-route-dynamic-resolver.listeners.yaml | 8 +++++ .../http-route-with-metadata.listeners.yaml | 10 ++++++ .../xds-ir/http-upgrade-spdy.listeners.yaml | 8 +++++ ...http-upgrade-websocket-spdy.listeners.yaml | 8 +++++ .../jwt-with-backend-tls-retry.listeners.yaml | 8 +++++ ...ener-overlapping-tls-config.listeners.yaml | 20 +++++++++++ .../out/xds-ir/request-buffer.listeners.yaml | 16 +++++++++ ...ypolicy-with-oidc-jwt-authz.listeners.yaml | 8 +++++ internal/xds/translator/translator.go | 35 ++++++++++++++++++- release-notes/current.yaml | 1 + 32 files changed, 355 insertions(+), 2 deletions(-) diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index 997bb75a1d..8773d06075 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -1127,6 +1127,14 @@ xds: useRemoteAddress: true name: default/eg/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: eg + namespace: default + sectionName: http name: default/eg/http perConnectionBufferLimitBytes: 32768 - activeState: @@ -1239,6 +1247,14 @@ xds: useRemoteAddress: true name: default/eg/grpc maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: eg + namespace: default + sectionName: grpc name: default/eg/grpc perConnectionBufferLimitBytes: 32768 - activeState: diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json index b31e8aed56..05d87054e1 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json @@ -978,6 +978,20 @@ "name": "default/eg/http" }, "maxConnectionsToAcceptPerSocketEvent": 1, + "metadata": { + "filterMetadata": { + "envoy-gateway": { + "resources": [ + { + "kind": "Gateway", + "name": "eg", + "namespace": "default", + "sectionName": "http" + } + ] + } + } + }, "name": "default/eg/http", "perConnectionBufferLimitBytes": 32768 } @@ -1130,6 +1144,20 @@ "name": "default/eg/grpc" }, "maxConnectionsToAcceptPerSocketEvent": 1, + "metadata": { + "filterMetadata": { + "envoy-gateway": { + "resources": [ + { + "kind": "Gateway", + "name": "eg", + "namespace": "default", + "sectionName": "grpc" + } + ] + } + } + }, "name": "default/eg/grpc", "perConnectionBufferLimitBytes": 32768 } diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml index b6467311ec..fc69cd6293 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml @@ -580,6 +580,14 @@ xds: useRemoteAddress: true name: default/eg/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: eg + namespace: default + sectionName: http name: default/eg/http perConnectionBufferLimitBytes: 32768 - activeState: @@ -692,6 +700,14 @@ xds: useRemoteAddress: true name: default/eg/grpc maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: eg + namespace: default + sectionName: grpc name: default/eg/grpc perConnectionBufferLimitBytes: 32768 - activeState: diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml index 1c8fba4d1d..1e315a1741 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml @@ -143,6 +143,14 @@ xds: useRemoteAddress: true name: default/eg/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: eg + namespace: default + sectionName: http name: default/eg/http perConnectionBufferLimitBytes: 32768 - activeState: @@ -255,6 +263,14 @@ xds: useRemoteAddress: true name: default/eg/grpc maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: eg + namespace: default + sectionName: grpc name: default/eg/grpc perConnectionBufferLimitBytes: 32768 - activeState: diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json index 300d0c8f6d..2ef1bfccad 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json @@ -689,6 +689,20 @@ "name": "envoy-gateway-system/eg/http" }, "maxConnectionsToAcceptPerSocketEvent": 1, + "metadata": { + "filterMetadata": { + "envoy-gateway": { + "resources": [ + { + "kind": "Gateway", + "name": "eg", + "namespace": "envoy-gateway-system", + "sectionName": "http" + } + ] + } + } + }, "name": "envoy-gateway-system/eg/http", "perConnectionBufferLimitBytes": 32768 } diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml index 55673a986f..97e8af982d 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml @@ -418,6 +418,14 @@ xds: useRemoteAddress: true name: envoy-gateway-system/eg/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: eg + namespace: envoy-gateway-system + sectionName: http name: envoy-gateway-system/eg/http perConnectionBufferLimitBytes: 32768 - '@type': type.googleapis.com/envoy.admin.v3.RoutesConfigDump diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml index 6eeb127d70..9e33881f16 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml @@ -163,5 +163,13 @@ xds: useRemoteAddress: true name: envoy-gateway-system/eg/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: eg + namespace: envoy-gateway-system + sectionName: http name: envoy-gateway-system/eg/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml index d8bd72e73f..6f1a6b9d6f 100644 --- a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml @@ -353,6 +353,14 @@ xds: useRemoteAddress: true name: envoy-gateway-system/eg/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: eg + namespace: envoy-gateway-system + sectionName: http name: envoy-gateway-system/eg/http perConnectionBufferLimitBytes: 32768 - '@type': type.googleapis.com/envoy.admin.v3.RoutesConfigDump diff --git a/internal/xds/translator/metadata.go b/internal/xds/translator/metadata.go index 6ee726c258..41233ebdba 100644 --- a/internal/xds/translator/metadata.go +++ b/internal/xds/translator/metadata.go @@ -27,8 +27,23 @@ func buildXdsMetadata(metadata *ir.ResourceMetadata) *corev3.Metadata { return nil } + return buildXdsMetadataFromMultiple([]*ir.ResourceMetadata{metadata}) +} + +func buildXdsMetadataFromMultiple(metadata []*ir.ResourceMetadata) *corev3.Metadata { + if metadata == nil { + return nil + } + resourcesList := &structpb.ListValue{} - resourcesList.Values = append(resourcesList.Values, buildResourceMetadata(metadata)) + for _, md := range metadata { + if md != nil { + resourcesList.Values = append(resourcesList.Values, buildResourceMetadata(md)) + } + } + if len(resourcesList.Values) == 0 { + return nil + } return &corev3.Metadata{ FilterMetadata: map[string]*structpb.Struct{ diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml index 58471e8de1..5bc6484861 100644 --- a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml @@ -345,5 +345,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml index 261038728f..998f503038 100644 --- a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml @@ -75,5 +75,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml index 261038728f..998f503038 100644 --- a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml @@ -75,5 +75,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml index 7f609a90d1..41a1c3abc8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml @@ -45,5 +45,13 @@ useRemoteAddress: true name: default/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: default + sectionName: http name: default/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/btp-telemetry.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/btp-telemetry.listeners.yaml index 4d0fe90c54..be40ad3cb0 100644 --- a/internal/xds/translator/testdata/out/xds-ir/btp-telemetry.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/btp-telemetry.listeners.yaml @@ -31,5 +31,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/compression.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/compression.listeners.yaml index e0bba0b836..90876bb592 100644 --- a/internal/xds/translator/testdata/out/xds-ir/compression.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/compression.listeners.yaml @@ -47,5 +47,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/credential-injection-backend-filter.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/credential-injection-backend-filter.listeners.yaml index 4d0fe90c54..be40ad3cb0 100644 --- a/internal/xds/translator/testdata/out/xds-ir/credential-injection-backend-filter.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/credential-injection-backend-filter.listeners.yaml @@ -31,5 +31,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/credential-injection.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/credential-injection.listeners.yaml index 7a127ec768..c9dbe4269e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/credential-injection.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/credential-injection.listeners.yaml @@ -59,5 +59,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml index 79224eb3d4..7ac2f81044 100644 --- a/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml @@ -167,5 +167,13 @@ useRemoteAddress: true name: default/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: default + sectionName: http name: default/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/dns-lookup-family.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/dns-lookup-family.listeners.yaml index c5fb9a58f8..7a293dba3c 100644 --- a/internal/xds/translator/testdata/out/xds-ir/dns-lookup-family.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/dns-lookup-family.listeners.yaml @@ -177,5 +177,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml index 7f609a90d1..41a1c3abc8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml @@ -45,5 +45,13 @@ useRemoteAddress: true name: default/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: default + sectionName: http name: default/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/http-connect-proxy.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-connect-proxy.listeners.yaml index 4d0fe90c54..be40ad3cb0 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-connect-proxy.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-connect-proxy.listeners.yaml @@ -31,5 +31,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/http-connect-terminate.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-connect-terminate.listeners.yaml index 4d0fe90c54..be40ad3cb0 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-connect-terminate.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-connect-terminate.listeners.yaml @@ -31,5 +31,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-dynamic-resolver.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-dynamic-resolver.listeners.yaml index f869509943..1d2eb71e64 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-dynamic-resolver.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-dynamic-resolver.listeners.yaml @@ -67,5 +67,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml index a5bc288824..dfae8da1b1 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml @@ -31,5 +31,15 @@ useRemoteAddress: true name: first-listener maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - annotations: + foo: bar + kind: Gateway + name: first-gateway + namespace: first-gateway + sectionName: first-listener name: first-listener perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/http-upgrade-spdy.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-upgrade-spdy.listeners.yaml index 4d0fe90c54..be40ad3cb0 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-upgrade-spdy.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-upgrade-spdy.listeners.yaml @@ -31,5 +31,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/http-upgrade-websocket-spdy.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-upgrade-websocket-spdy.listeners.yaml index 4d0fe90c54..be40ad3cb0 100644 --- a/internal/xds/translator/testdata/out/xds-ir/http-upgrade-websocket-spdy.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/http-upgrade-websocket-spdy.listeners.yaml @@ -31,5 +31,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-with-backend-tls-retry.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-with-backend-tls-retry.listeners.yaml index 672ec20c19..f14e70b86e 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-with-backend-tls-retry.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-with-backend-tls-retry.listeners.yaml @@ -63,5 +63,13 @@ useRemoteAddress: true name: default/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: default + sectionName: http name: default/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-overlapping-tls-config.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-overlapping-tls-config.listeners.yaml index 5c88ff3986..bc14dec8de 100644 --- a/internal/xds/translator/testdata/out/xds-ir/listener-overlapping-tls-config.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/listener-overlapping-tls-config.listeners.yaml @@ -96,6 +96,18 @@ typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: https-1 + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: https-2 name: envoy-gateway/gateway-1/https-1 perConnectionBufferLimitBytes: 32768 - address: @@ -152,5 +164,13 @@ typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: https-3 name: envoy-gateway/gateway-1/https-3 perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/request-buffer.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/request-buffer.listeners.yaml index 1b5504bd87..3448386e4d 100644 --- a/internal/xds/translator/testdata/out/xds-ir/request-buffer.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/request-buffer.listeners.yaml @@ -36,6 +36,14 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 - address: @@ -76,5 +84,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-2/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-2 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-2/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml index 61573e5b44..c89b24ad99 100644 --- a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml @@ -103,5 +103,13 @@ useRemoteAddress: true name: envoy-gateway/gateway-1/http maxConnectionsToAcceptPerSocketEvent: 1 + metadata: + filterMetadata: + envoy-gateway: + resources: + - kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http name: envoy-gateway/gateway-1/http perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go index 862d8d7133..312d00a09f 100644 --- a/internal/xds/translator/translator.go +++ b/internal/xds/translator/translator.go @@ -6,9 +6,11 @@ package translator import ( + "cmp" "errors" "fmt" "runtime" + "slices" "strings" "time" @@ -276,7 +278,8 @@ func (t *Translator) processHTTPListenerXdsTranslation( // The XDS translation is done in a best-effort manner, so we collect all // errors and return them at the end. var ( - http3EnabledListeners = make(map[listenerKey]*ir.HTTP3Settings) // Map to track HTTP3 settings for listeners by address and port + ownerGatewayListeners = make(map[string]sets.Set[*ir.ResourceMetadata]) // The set of Gateway HTTPListeners that own the xDS Listener + http3EnabledListeners = make(map[listenerKey]*ir.HTTP3Settings) // Map to track HTTP3 settings for listeners by address and port errs error ) @@ -331,6 +334,7 @@ func (t *Translator) processHTTPListenerXdsTranslation( errs = errors.Join(errs, err) continue } + ownerGatewayListeners[quicXDSListener.Name] = sets.New[*ir.ResourceMetadata]() } // Create a new TCP listener for HTTP1/HTTP2 traffic. @@ -348,6 +352,7 @@ func (t *Translator) processHTTPListenerXdsTranslation( errs = errors.Join(errs, err) continue } + ownerGatewayListeners[tcpXDSListener.Name] = sets.New[*ir.ResourceMetadata]() // We need to add an HCM to the newly created listener. addHCM = true @@ -401,6 +406,12 @@ func (t *Translator) processHTTPListenerXdsTranslation( } } + // Collect the metadata for the HTTPListener. + ownerGatewayListeners[tcpXDSListener.Name].Insert(httpListener.Metadata) + if http3Enabled { + ownerGatewayListeners[quicXDSListener.Name].Insert(httpListener.Metadata) + } + // Add the secrets referenced by the listener's TLS configuration to the // resource version table. // 1:1 between IR TLSListenerConfig and xDS Secret @@ -475,6 +486,28 @@ func (t *Translator) processHTTPListenerXdsTranslation( } } + // Add the owner Gateway Listeners to the xDS listeners' metadata. + for listenerName, ownerGatewayListeners := range ownerGatewayListeners { + xdsListener := findXdsListener(tCtx, listenerName) + if xdsListener != nil { + sortedListeners := ownerGatewayListeners.UnsortedList() + // Sort by namespace, name, and section name ascending + slices.SortFunc(sortedListeners, func(a, b *ir.ResourceMetadata) int { + if a == nil && b == nil { + return 0 + } + if a == nil { + return -1 + } + if b == nil { + return 1 + } + return cmp.Compare(a.Namespace+a.Name+a.SectionName, b.Namespace+b.Name+b.SectionName) + }) + xdsListener.Metadata = buildXdsMetadataFromMultiple(sortedListeners) + } + } + return errs } diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 90fe13f4f5..51fae7e3f6 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -47,6 +47,7 @@ new features: | Added admin console support with web UI for the Envoy Gateway admin server. Added support for configuring Zone Aware Routing via BackendTrafficPolicy. Added support for endpoint override policy based on Header. + Added Gateway Listeners to the xDS listener metadata. bug fixes: | Handle integer zone annotation values From 2e690656170360ad2959e922d56f5b4dc27394e5 Mon Sep 17 00:00:00 2001 From: "Huabing (Robin) Zhao" Date: Fri, 1 Aug 2025 02:11:41 +0000 Subject: [PATCH 2/2] remove sort Signed-off-by: Huabing (Robin) Zhao --- internal/xds/translator/translator.go | 28 +++++---------------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go index 312d00a09f..aad2f78a3f 100644 --- a/internal/xds/translator/translator.go +++ b/internal/xds/translator/translator.go @@ -6,11 +6,9 @@ package translator import ( - "cmp" "errors" "fmt" "runtime" - "slices" "strings" "time" @@ -278,8 +276,8 @@ func (t *Translator) processHTTPListenerXdsTranslation( // The XDS translation is done in a best-effort manner, so we collect all // errors and return them at the end. var ( - ownerGatewayListeners = make(map[string]sets.Set[*ir.ResourceMetadata]) // The set of Gateway HTTPListeners that own the xDS Listener - http3EnabledListeners = make(map[listenerKey]*ir.HTTP3Settings) // Map to track HTTP3 settings for listeners by address and port + ownerGatewayListeners = make(map[string][]*ir.ResourceMetadata) // The set of Gateway HTTPListeners that own the xDS Listener + http3EnabledListeners = make(map[listenerKey]*ir.HTTP3Settings) // Map to track HTTP3 settings for listeners by address and port errs error ) @@ -334,7 +332,6 @@ func (t *Translator) processHTTPListenerXdsTranslation( errs = errors.Join(errs, err) continue } - ownerGatewayListeners[quicXDSListener.Name] = sets.New[*ir.ResourceMetadata]() } // Create a new TCP listener for HTTP1/HTTP2 traffic. @@ -352,7 +349,6 @@ func (t *Translator) processHTTPListenerXdsTranslation( errs = errors.Join(errs, err) continue } - ownerGatewayListeners[tcpXDSListener.Name] = sets.New[*ir.ResourceMetadata]() // We need to add an HCM to the newly created listener. addHCM = true @@ -407,9 +403,9 @@ func (t *Translator) processHTTPListenerXdsTranslation( } // Collect the metadata for the HTTPListener. - ownerGatewayListeners[tcpXDSListener.Name].Insert(httpListener.Metadata) + ownerGatewayListeners[tcpXDSListener.Name] = append(ownerGatewayListeners[tcpXDSListener.Name], httpListener.Metadata) if http3Enabled { - ownerGatewayListeners[quicXDSListener.Name].Insert(httpListener.Metadata) + ownerGatewayListeners[quicXDSListener.Name] = append(ownerGatewayListeners[quicXDSListener.Name], httpListener.Metadata) } // Add the secrets referenced by the listener's TLS configuration to the @@ -490,21 +486,7 @@ func (t *Translator) processHTTPListenerXdsTranslation( for listenerName, ownerGatewayListeners := range ownerGatewayListeners { xdsListener := findXdsListener(tCtx, listenerName) if xdsListener != nil { - sortedListeners := ownerGatewayListeners.UnsortedList() - // Sort by namespace, name, and section name ascending - slices.SortFunc(sortedListeners, func(a, b *ir.ResourceMetadata) int { - if a == nil && b == nil { - return 0 - } - if a == nil { - return -1 - } - if b == nil { - return 1 - } - return cmp.Compare(a.Namespace+a.Name+a.SectionName, b.Namespace+b.Name+b.SectionName) - }) - xdsListener.Metadata = buildXdsMetadataFromMultiple(sortedListeners) + xdsListener.Metadata = buildXdsMetadataFromMultiple(ownerGatewayListeners) } }