From f5945463e58abe9070db9e2bfd7398230840ed33 Mon Sep 17 00:00:00 2001 From: jukie <10012479+Jukie@users.noreply.github.com> Date: Fri, 22 Aug 2025 09:45:34 -0600 Subject: [PATCH 1/3] Actually update xdsIR with maxAcceptPerSocketEvent Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> --- internal/gatewayapi/clienttrafficpolicy.go | 4 + ...ection-max-accept-per-socket-event.in.yaml | 65 ++++ ...ction-max-accept-per-socket-event.out.yaml | 300 ++++++++++++++++++ 3 files changed, 369 insertions(+) create mode 100644 internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.in.yaml create mode 100644 internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.out.yaml diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go index 3e66aefcd5..f3f9f0f09b 100644 --- a/internal/gatewayapi/clienttrafficpolicy.go +++ b/internal/gatewayapi/clienttrafficpolicy.go @@ -957,6 +957,10 @@ func buildConnection(connection *egv1a1.ClientConnection) (*ir.ClientConnection, irConnection.BufferLimitBytes = ptr.To(uint32(bufferLimit)) } + if connection.MaxAcceptPerSocketEvent != nil { + irConnection.MaxAcceptPerSocketEvent = ptr.To(*connection.MaxAcceptPerSocketEvent) + } + return irConnection, nil } diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.in.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.in.yaml new file mode 100644 index 0000000000..4ea2c4d227 --- /dev/null +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.in.yaml @@ -0,0 +1,65 @@ +clientTrafficPolicies: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + namespace: envoy-gateway + name: default-max-accept + spec: + connection: {} + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + namespace: envoy-gateway + name: non-default-max-accept + spec: + connection: + maxAcceptPerSocketEvent: 3 + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + sectionName: http-2 +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + namespace: envoy-gateway + name: disabled-max-accept + spec: + connection: + maxAcceptPerSocketEvent: 0 + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + sectionName: http-3 +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http-1 + protocol: HTTP + port: 8081 + allowedRoutes: + namespaces: + from: Same + - name: http-2 + protocol: HTTP + port: 8082 + allowedRoutes: + namespaces: + from: Same + - name: http-3 + protocol: HTTP + port: 8083 + allowedRoutes: + namespaces: + from: Same \ No newline at end of file diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.out.yaml new file mode 100644 index 0000000000..542c68ee5a --- /dev/null +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.out.yaml @@ -0,0 +1,300 @@ +clientTrafficPolicies: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + creationTimestamp: null + name: non-default-max-accept + namespace: envoy-gateway + spec: + connection: + maxAcceptPerSocketEvent: 3 + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + sectionName: http-2 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http-2 + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + creationTimestamp: null + name: disabled-max-accept + namespace: envoy-gateway + spec: + connection: + maxAcceptPerSocketEvent: 0 + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + sectionName: http-3 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http-3 + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: ClientTrafficPolicy + metadata: + creationTimestamp: null + name: default-max-accept + namespace: envoy-gateway + spec: + connection: {} + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: There are existing ClientTrafficPolicies that are overriding these + sections [http-2 http-3] + reason: Overridden + status: "True" + type: Overridden + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: Same + name: http-1 + port: 8081 + protocol: HTTP + - allowedRoutes: + namespaces: + from: Same + name: http-2 + port: 8082 + protocol: HTTP + - allowedRoutes: + namespaces: + from: Same + name: http-3 + port: 8083 + protocol: HTTP + status: + listeners: + - attachedRoutes: 0 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http-1 + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute + - attachedRoutes: 0 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http-2 + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute + - attachedRoutes: 0 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http-3 + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: null + name: envoy-gateway/gateway-1/http-1 + ports: + - containerPort: 8081 + name: http-8081 + protocol: HTTP + servicePort: 8081 + - address: null + name: envoy-gateway/gateway-1/http-2 + ports: + - containerPort: 8082 + name: http-8082 + protocol: HTTP + servicePort: 8082 + - address: null + name: envoy-gateway/gateway-1/http-3 + ports: + - containerPort: 8083 + name: http-8083 + protocol: HTTP + servicePort: 8083 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + ownerReference: + kind: GatewayClass + name: envoy-gateway-class + name: envoy-gateway/gateway-1 + namespace: envoy-gateway-system +xdsIR: + envoy-gateway/gateway-1: + accessLog: + json: + - path: /dev/stdout + globalResources: + proxyServiceCluster: + name: envoy-gateway/gateway-1 + settings: + - addressType: IP + endpoints: + - host: 7.6.5.4 + port: 8080 + zone: zone1 + metadata: + name: envoy-envoy-gateway-gateway-1-196ae069 + namespace: envoy-gateway-system + sectionName: "8080" + name: envoy-gateway/gateway-1 + protocol: TCP + http: + - address: 0.0.0.0 + connection: {} + externalPort: 8081 + hostnames: + - '*' + isHTTP2: false + metadata: + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http-1 + name: envoy-gateway/gateway-1/http-1 + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 8081 + - address: 0.0.0.0 + connection: + maxAcceptPerSocketEvent: 3 + externalPort: 8082 + hostnames: + - '*' + isHTTP2: false + metadata: + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http-2 + name: envoy-gateway/gateway-1/http-2 + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 8082 + - address: 0.0.0.0 + connection: + maxAcceptPerSocketEvent: 0 + externalPort: 8083 + hostnames: + - '*' + isHTTP2: false + metadata: + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http-3 + name: envoy-gateway/gateway-1/http-3 + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 8083 + readyListener: + address: 0.0.0.0 + ipFamily: IPv4 + path: /ready + port: 19003 From 611d5773f7ffaa8aee7c23a67a3b2f273de7c4ee Mon Sep 17 00:00:00 2001 From: jukie <10012479+Jukie@users.noreply.github.com> Date: Fri, 22 Aug 2025 10:08:48 -0600 Subject: [PATCH 2/3] release note Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> --- release-notes/current.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 140fd57e71..9e39dd32a5 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -12,6 +12,7 @@ new features: | bug fixes: | Fixed %ROUTE_KIND% operator to be lower-cased when used by clusterStatName in EnvoyProxy API. + Fixed maxAcceptPerSocketEvent being ignored in ClientTrafficPolicy # Enhancements that improve performance. performance improvements: | From ded227b1f2fa062ccb10bd75261d4923d06b1cf4 Mon Sep 17 00:00:00 2001 From: jukie <10012479+Jukie@users.noreply.github.com> Date: Fri, 22 Aug 2025 10:15:28 -0600 Subject: [PATCH 3/3] newline lint Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com> --- ...trafficpolicy-connection-max-accept-per-socket-event.in.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.in.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.in.yaml index 4ea2c4d227..e98f57ca58 100644 --- a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.in.yaml +++ b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-max-accept-per-socket-event.in.yaml @@ -62,4 +62,4 @@ gateways: port: 8083 allowedRoutes: namespaces: - from: Same \ No newline at end of file + from: Same