diff --git a/internal/gatewayapi/backend.go b/internal/gatewayapi/backend.go index 300bac024a..d1772428a0 100644 --- a/internal/gatewayapi/backend.go +++ b/internal/gatewayapi/backend.go @@ -22,8 +22,6 @@ import ( func (t *Translator) ProcessBackends(backends []*egv1a1.Backend, backendTLSPolicies []*gwapiv1a3.BackendTLSPolicy) []*egv1a1.Backend { var res []*egv1a1.Backend for _, backend := range backends { - backend := backend.DeepCopy() - // Ensure Backends are enabled if !t.BackendEnabled { status.UpdateBackendStatusAcceptedCondition(backend, false, diff --git a/internal/gatewayapi/backendtrafficpolicy.go b/internal/gatewayapi/backendtrafficpolicy.go index 17b7ce138b..95510eb89d 100644 --- a/internal/gatewayapi/backendtrafficpolicy.go +++ b/internal/gatewayapi/backendtrafficpolicy.go @@ -109,7 +109,7 @@ func (t *Translator) ProcessBackendTrafficPolicies(resources *resource.Resources if currTarget.Kind != resource.KindGateway { policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy handledPolicies[policyName] = policy res = append(res, policy) } @@ -237,7 +237,7 @@ func (t *Translator) ProcessBackendTrafficPolicies(resources *resource.Resources if currTarget.Kind == resource.KindGateway { policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy handledPolicies[policyName] = policy res = append(res, policy) } @@ -545,7 +545,7 @@ func applyTrafficFeatureToRoute(route RouteContext, func mergeBackendTrafficPolicy(routePolicy, gwPolicy *egv1a1.BackendTrafficPolicy) (*egv1a1.BackendTrafficPolicy, error) { if routePolicy.Spec.MergeType == nil || gwPolicy == nil { - return routePolicy.DeepCopy(), nil + return routePolicy, nil } return utils.Merge[*egv1a1.BackendTrafficPolicy](gwPolicy, routePolicy, *routePolicy.Spec.MergeType) diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go index 32da7adad7..aed10607dc 100644 --- a/internal/gatewayapi/clienttrafficpolicy.go +++ b/internal/gatewayapi/clienttrafficpolicy.go @@ -72,7 +72,7 @@ func (t *Translator) ProcessClientTrafficPolicies( if hasSectionName(&currTarget) { policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy handledPolicies[policyName] = policy res = append(res, policy) } @@ -169,7 +169,7 @@ func (t *Translator) ProcessClientTrafficPolicies( policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy res = append(res, policy) handledPolicies[policyName] = policy } diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index 49ae4b8c01..ab7d1bb696 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -80,7 +80,7 @@ func (t *Translator) ProcessEnvoyExtensionPolicies(envoyExtensionPolicies []*egv if currTarget.Kind != resource.KindGateway && currTarget.SectionName != nil { policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy res = append(res, policy) handledPolicies[policyName] = policy } @@ -99,7 +99,7 @@ func (t *Translator) ProcessEnvoyExtensionPolicies(envoyExtensionPolicies []*egv if currTarget.Kind != resource.KindGateway && currTarget.SectionName == nil { policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy res = append(res, policy) handledPolicies[policyName] = policy } @@ -118,7 +118,7 @@ func (t *Translator) ProcessEnvoyExtensionPolicies(envoyExtensionPolicies []*egv if currTarget.Kind == resource.KindGateway && currTarget.SectionName != nil { policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy res = append(res, policy) handledPolicies[policyName] = policy } @@ -137,7 +137,7 @@ func (t *Translator) ProcessEnvoyExtensionPolicies(envoyExtensionPolicies []*egv if currTarget.Kind == resource.KindGateway && currTarget.SectionName == nil { policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy res = append(res, policy) handledPolicies[policyName] = policy } diff --git a/internal/gatewayapi/envoypatchpolicy.go b/internal/gatewayapi/envoypatchpolicy.go index 310efc02fa..2b6f0f39c5 100644 --- a/internal/gatewayapi/envoypatchpolicy.go +++ b/internal/gatewayapi/envoypatchpolicy.go @@ -23,7 +23,7 @@ func (t *Translator) ProcessEnvoyPatchPolicies(envoyPatchPolicies []*egv1a1.Envo for _, policy := range envoyPatchPolicies { var ( - policy = policy.DeepCopy() + policy = policy ancestorRefs []gwapiv1a2.ParentReference resolveErr *status.PolicyResolveError targetKind string diff --git a/internal/gatewayapi/extensionserverpolicy.go b/internal/gatewayapi/extensionserverpolicy.go index b80c838faf..bb65606c06 100644 --- a/internal/gatewayapi/extensionserverpolicy.go +++ b/internal/gatewayapi/extensionserverpolicy.go @@ -40,7 +40,7 @@ func (t *Translator) ProcessExtensionServerPolicies(policies []unstructured.Unst // Process the policies targeting Gateways. Only update the policy status if it was accepted. // A policy is considered accepted if at least one targetRef contained inside matched a listener. for policyIndex, policy := range policies { - policy := policy.DeepCopy() + policy := &policy var policyStatus gwapiv1a2.PolicyStatus accepted := false targetRefs, err := extractTargetRefs(policy, gateways) diff --git a/internal/gatewayapi/resource/resource.go b/internal/gatewayapi/resource/resource.go index 215aa95cb6..448175eb09 100644 --- a/internal/gatewayapi/resource/resource.go +++ b/internal/gatewayapi/resource/resource.go @@ -216,7 +216,11 @@ func (c *ControllerResources) DeepCopy() *ControllerResources { return nil } out := make(ControllerResources, len(*c)) - copy(out, *c) + for i, res := range *c { + if res != nil { + out[i] = res.DeepCopy() + } + } return &out } diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index 62fa944c0f..6b3855dcef 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -60,7 +60,7 @@ func (t *Translator) ProcessHTTPRoutes(httpRoutes []*gwapiv1.HTTPRoute, gateways if h == nil { panic("received nil httproute") } - httpRoute := &HTTPRouteContext{HTTPRoute: h.DeepCopy()} + httpRoute := &HTTPRouteContext{HTTPRoute: h} // Find out if this route attaches to one of our Gateway's listeners, // and if so, get the list of listeners that allow it to attach for each @@ -87,7 +87,7 @@ func (t *Translator) ProcessGRPCRoutes(grpcRoutes []*gwapiv1.GRPCRoute, gateways if g == nil { panic("received nil grpcroute") } - grpcRoute := &GRPCRouteContext{GRPCRoute: g.DeepCopy()} + grpcRoute := &GRPCRouteContext{GRPCRoute: g} // Find out if this route attaches to one of our Gateway's listeners, // and if so, get the list of listeners that allow it to attach for each @@ -916,7 +916,7 @@ func (t *Translator) ProcessTLSRoutes(tlsRoutes []*gwapiv1a2.TLSRoute, gateways if tls == nil { panic("received nil tlsroute") } - tlsRoute := &TLSRouteContext{TLSRoute: tls.DeepCopy()} + tlsRoute := &TLSRouteContext{TLSRoute: tls} // Find out if this route attaches to one of our Gateway's listeners, // and if so, get the list of listeners that allow it to attach for each @@ -1060,7 +1060,7 @@ func (t *Translator) ProcessUDPRoutes(udpRoutes []*gwapiv1a2.UDPRoute, gateways if u == nil { panic("received nil udproute") } - udpRoute := &UDPRouteContext{UDPRoute: u.DeepCopy()} + udpRoute := &UDPRouteContext{UDPRoute: u} // Find out if this route attaches to one of our Gateway's listeners, // and if so, get the list of listeners that allow it to attach for each @@ -1208,7 +1208,7 @@ func (t *Translator) ProcessTCPRoutes(tcpRoutes []*gwapiv1a2.TCPRoute, gateways if tcp == nil { panic("received nil tcproute") } - tcpRoute := &TCPRouteContext{TCPRoute: tcp.DeepCopy()} + tcpRoute := &TCPRouteContext{TCPRoute: tcp} // Find out if this route attaches to one of our Gateway's listeners, // and if so, get the list of listeners that allow it to attach for each diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index 1769e35596..692ff75381 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -96,7 +96,7 @@ func (t *Translator) ProcessSecurityPolicies(securityPolicies []*egv1a1.Security if currTarget.Kind != resource.KindGateway && currTarget.SectionName != nil { policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy handledPolicies[policyName] = policy res = append(res, policy) } @@ -114,7 +114,7 @@ func (t *Translator) ProcessSecurityPolicies(securityPolicies []*egv1a1.Security if currTarget.Kind != resource.KindGateway && currTarget.SectionName == nil { policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy handledPolicies[policyName] = policy res = append(res, policy) } @@ -132,7 +132,7 @@ func (t *Translator) ProcessSecurityPolicies(securityPolicies []*egv1a1.Security if currTarget.Kind == resource.KindGateway && currTarget.SectionName != nil { policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy handledPolicies[policyName] = policy res = append(res, policy) } @@ -150,7 +150,7 @@ func (t *Translator) ProcessSecurityPolicies(securityPolicies []*egv1a1.Security if currTarget.Kind == resource.KindGateway && currTarget.SectionName == nil { policy, found := handledPolicies[policyName] if !found { - policy = currPolicy.DeepCopy() + policy = currPolicy handledPolicies[policyName] = policy res = append(res, policy) } diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml index 41b161cbc3..9091747abd 100644 --- a/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml +++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml @@ -162,6 +162,20 @@ xdsIR: group: gateway.networking.k8s.io kind: Gateway name: gateway-1 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller - object: apiVersion: foo.example.io/v1alpha1 kind: Bar @@ -175,6 +189,21 @@ xdsIR: kind: Gateway name: gateway-1 sectionName: tcp1 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: tcp1 + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller globalResources: proxyServiceCluster: name: envoy-gateway/gateway-1 diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml index 6282b46226..68600c04d2 100644 --- a/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml +++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml @@ -162,6 +162,20 @@ xdsIR: group: gateway.networking.k8s.io kind: Gateway name: gateway-1 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller - object: apiVersion: foo.example.io/v1alpha1 kind: Bar @@ -175,6 +189,21 @@ xdsIR: kind: Gateway name: gateway-1 sectionName: udp1 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: udp1 + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller globalResources: proxyServiceCluster: name: envoy-gateway/gateway-1 diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml index 39fb71a8ba..a4806effd3 100644 --- a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml +++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml @@ -180,6 +180,32 @@ xdsIR: - group: gateway.networking.k8s.io kind: Gateway name: gateway-1 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-2 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller http: - address: 0.0.0.0 extensionRefs: @@ -263,6 +289,32 @@ xdsIR: - group: gateway.networking.k8s.io kind: Gateway name: gateway-1 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-2 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller globalResources: proxyServiceCluster: name: envoy-gateway/gateway-2 diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml index 5df8dc3518..63495e3991 100644 --- a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml +++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml @@ -166,6 +166,20 @@ xdsIR: group: gateway.networking.k8s.io kind: Gateway name: gateway-1 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller - object: apiVersion: foo.example.io/v1alpha1 kind: Bar @@ -179,6 +193,21 @@ xdsIR: kind: Gateway name: gateway-1 sectionName: http2 + status: + ancestors: + - ancestorRef: + group: gateway.networking.k8s.io + kind: Gateway + name: gateway-1 + namespace: envoy-gateway + sectionName: http2 + conditions: + - lastTransitionTime: null + message: Policy has been accepted. + reason: Accepted + status: "True" + type: Accepted + controllerName: gateway.envoyproxy.io/gatewayclass-controller globalResources: proxyServiceCluster: name: envoy-gateway/gateway-1 diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index e19e24348d..f80fdc8c57 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -280,7 +280,7 @@ func (t *Translator) GetRelevantGateways(resources *resource.Resources) ( if gateway.Spec.GatewayClassName == t.GatewayClassName { gc := &GatewayContext{ - Gateway: gateway.DeepCopy(), + Gateway: gateway, } // Gateways that are not accepted by the controller because they reference an invalid EnvoyProxy. diff --git a/test/gobench/translate_test.go b/test/gobench/translate_test.go index 7bb02c07df..cc1abaac14 100644 --- a/test/gobench/translate_test.go +++ b/test/gobench/translate_test.go @@ -34,6 +34,19 @@ spec: - name: http protocol: HTTP port: 80 + - name: https + protocol: HTTPS + port: 443 + tls: + mode: Terminate + certificateRefs: + - name: tls-secret + - name: grpc + protocol: HTTP + port: 81 + - name: udp + protocol: UDP + port: 82 ` backendYAML = `--- apiVersion: gateway.envoyproxy.io/v1alpha1 @@ -46,6 +59,17 @@ spec: - ip: address: 0.0.0.0 port: 8000 +` + tlsSecretYAML = `--- +apiVersion: v1 +kind: Secret +metadata: + name: tls-secret + namespace: default +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURERENDQWZTZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrekNEWXdXaGNOTXpRdwpNakkyTUJUME1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOTE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dObWszUW8xbnRBVTMzamprcwpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K ` grpcRouteYAML = `--- apiVersion: gateway.networking.k8s.io/v1 @@ -101,9 +125,113 @@ spec: - backendRefs: - name: provided-backend port: 3000 +` + securityPolicyYAML = `--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: SecurityPolicy +metadata: + name: security-policy + namespace: default +spec: + targetRefs: + - group: gateway.networking.k8s.io + kind: HTTPRoute + name: backend + cors: + allowOrigins: + - "https://www.example.com" + allowMethods: + - GET + - POST + allowHeaders: + - "Content-Type" +` + backendTrafficPolicyYAML = `--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: BackendTrafficPolicy +metadata: + name: backend-traffic-policy + namespace: default +spec: + targetRefs: + - group: gateway.networking.k8s.io + kind: HTTPRoute + name: backend + circuitBreaker: + maxConnections: 100 + maxPendingRequests: 50 + loadBalancer: + type: RoundRobin +` + clientTrafficPolicyYAML = `--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: ClientTrafficPolicy +metadata: + name: client-traffic-policy + namespace: default +spec: + targetRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: eg + timeout: + http: + requestReceivedTimeout: 30s ` ) +// Helpers for benchmark policy generation. +func genSecurityPolicies(n int) string { + var sb strings.Builder + for i := 0; i < n; i++ { + sb.WriteString(fmt.Sprintf(`--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: SecurityPolicy +metadata: + name: security-policy-%d + namespace: default +spec: + targetRefs: + - group: gateway.networking.k8s.io + kind: HTTPRoute + name: backend-%d + cors: + allowOrigins: + - "https://www.example-%d.com" + allowMethods: + - GET + - POST + allowHeaders: + - "Content-Type" +`, i, i, i)) + } + return sb.String() +} + +func genBackendTrafficPolicies(n int) string { + var sb strings.Builder + for i := 0; i < n; i++ { + sb.WriteString(fmt.Sprintf(`--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: BackendTrafficPolicy +metadata: + name: backend-traffic-policy-%d + namespace: default +spec: + targetRefs: + - group: gateway.networking.k8s.io + kind: HTTPRoute + name: backend-%d + circuitBreaker: + maxConnections: %d + maxPendingRequests: %d + loadBalancer: + type: RoundRobin +`, i, i, 100+i*10, 50+i*5)) + } + return sb.String() +} + // Helpers for benchmark route generation. func genHTTPRoutes(n int) string { var sb strings.Builder @@ -184,19 +312,23 @@ func BenchmarkGatewayAPItoXDS(b *testing.B) { name string yaml string } - medium := baseYAML + backendYAML + - genHTTPRoutes(10) + - genGRPCRoutes(5) + - genUDPRoutes(2) - large := baseYAML + backendYAML + + medium := baseYAML + backendYAML + tlsSecretYAML + clientTrafficPolicyYAML + genHTTPRoutes(100) + genGRPCRoutes(50) + - genUDPRoutes(10) + genUDPRoutes(20) + + genSecurityPolicies(100) + + genBackendTrafficPolicies(100) + large := baseYAML + backendYAML + tlsSecretYAML + clientTrafficPolicyYAML + + genHTTPRoutes(1000) + + genGRPCRoutes(500) + + genUDPRoutes(100) + + genSecurityPolicies(1000) + + genBackendTrafficPolicies(1000) cases := []benchCase{ { name: "small", - yaml: baseYAML + httpRouteYAML + backendYAML, + yaml: baseYAML + httpRouteYAML + backendYAML + tlsSecretYAML + securityPolicyYAML + backendTrafficPolicyYAML + clientTrafficPolicyYAML, }, { name: "medium", @@ -215,6 +347,7 @@ func BenchmarkGatewayAPItoXDS(b *testing.B) { b.Fatalf("load: %v", err) } b.ReportAllocs() + b.ResetTimer() for i := 0; i < b.N; i++ { _, err = egctl.TranslateGatewayAPIToXds("default", "cluster.local", "all", rs) if err != nil && strings.Contains(err.Error(), "failed to translate xds") {