feat(policy): Adding BTP support for UDP/TCPRoute#3004
Merged
guydc merged 19 commits intoenvoyproxy:mainfrom Mar 26, 2024
alexwo:btp_support_for_tcp_udp_routes
Merged
feat(policy): Adding BTP support for UDP/TCPRoute#3004guydc merged 19 commits intoenvoyproxy:mainfrom alexwo:btp_support_for_tcp_udp_routes
guydc merged 19 commits intoenvoyproxy:mainfrom
alexwo:btp_support_for_tcp_udp_routes
Conversation
Signed-off-by: Alexander Volchok <[email protected]>
alexwo
changed the title
Signed-off-by: Alexander Volchok <[email protected]>
…lexwo/gateway into btp_support_for_tcp_udp_routes Signed-off-by: Alexander Volchok <[email protected]>
Signed-off-by: Alexander Volchok <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3004 +/- ##
==========================================
- Coverage 64.55% 64.52% -0.04%
==========================================
Files 121 121
Lines 21235 21344 +109
==========================================
+ Hits 13709 13772 +63
- Misses 6672 6706 +34
- Partials 854 866 +12 ☔ View full report in Codecov by Sentry. |
Signed-off-by: Alexander Volchok <[email protected]>
Contributor
Author
|
/retest |
Member
|
Should we enforce BTP setting validation on TCP/UDP route and update the status? For example, HTTP-related settings such as |
Contributor
|
Can I also please ask to add TLSRoute support too? |
Contributor
Author
|
Contributor
Author
Sounds good to me. Alternatively, we could update the status of each route to indicate which policies from the BTP are in effect, providing clarity to the user on how their route is affected. Since this functionality isn't available currently, it might be best to introduce it through a separate change. |
Member
Sounds good. Could you please raise an issue to track this? |
Contributor
|
hey @zhaohuabing we can't enforce validation here, because if the policy is applied to the Gateway, they could apply to |
arkodg
reviewed
Mar 26, 2024
arkodg
reviewed
Mar 26, 2024
| outlierDetection: {} | ||
| perConnectionBufferLimitBytes: 32768 | ||
| type: EDS | ||
| upstreamConnectionOptions: |
Contributor
There was a problem hiding this comment.
the test is for listener side keep alive, how did this config come here (cluster) ?
Contributor
Author
There was a problem hiding this comment.
The TCP keep-alive setting is specified in the IR, resulting in a keep-alive configuration for the TCP listener cluster. Typically, such settings are adjusted through a traffic policy, i'm not certain if this make sense in this context.
- name: "fourth-listener"
address: "0.0.0.0"
tcpKeepalive:
probes: 10
port: 10083
destination:
name: "tcp-route-dest"
settings:
- endpoints:
- host: "1.2.3.4"
port: 50000
Contributor
There was a problem hiding this comment.
can you raise a follow up issue for this ?
arkodg
reviewed
Mar 26, 2024
| } | ||
|
|
||
| if tcpkeepalive.Probes != nil { | ||
| if tcpkeepalive.IdleTime != nil { |
arkodg
reviewed
Mar 26, 2024
| if t.MergeGateways && gatewayName != policyTarget { | ||
| continue | ||
| } | ||
|
|
Contributor
There was a problem hiding this comment.
you probably also need some code similar to L500-510
// If any of the features are already set, it means that a more specific
// policy(targeting xRoute) has already set it, so we skip it.
// TODO: zhaohuabing group the features into a struct and check if all of them are set
if r.RateLimit != nil || r.LoadBalancer != nil ||
r.ProxyProtocol != nil || r.HealthCheck != nil ||
r.CircuitBreaker != nil || r.FaultInjection != nil ||
r.TCPKeepalive != nil || r.Retry != nil ||
r.Timeout != nil {
continue
}
arkodg
reviewed
Mar 26, 2024
| continue | ||
| } | ||
|
|
||
| udp.LoadBalancer = lb |
Contributor
|
thanks for adding support for this @alexwo ! |
Member
Should we enforce validation when the target is a xRoute? It would be confusing if HTTP-related setting is configured for TCP/UDP route. And it would be nice if we could allow users to know which settings in the BTP can be applied to which type of route. Probably add some comments to BTP settings? |
Contributor
Author
|
/retest |
1 similar comment
Contributor
Author
|
/retest |
Contributor
Author
|
/retest |
1 similar comment
Contributor
Author
|
/retest |
guydc
previously approved these changes
Mar 26, 2024
Contributor
Author
|
/retest |
Signed-off-by: Alexander Volchok <[email protected]>
Contributor
Author
|
/retest |
guydc
approved these changes
Mar 26, 2024
Contributor
guydc
left a comment
guydc
left a comment
There was a problem hiding this comment.
LGTM, thanks for fixing the coverage check!
Contributor
Author
|
/retest |
arkodg
approved these changes
Mar 26, 2024
Contributor
Author
|
/retest |
Contributor
|
/retest |
Contributor
|
I just migrated to the latest commit and it works with TLSRoute! Thanks! |
yaelSchechter
pushed a commit
to yaelSchechter/envoy-gateway
that referenced
this pull request
Mar 28, 2024
* Adding BTP support for UDP/TCP Routes Signed-off-by: Alexander Volchok <[email protected]> * fixining lint Signed-off-by: Alexander Volchok <[email protected]> * fix IdleTime check Signed-off-by: Alexander Volchok <[email protected]> * adding missing generates Signed-off-by: Alexander Volchok <[email protected]> * fixing code review comments Signed-off-by: Alexander Volchok <[email protected]> * incresing code coverage Signed-off-by: Alexander Volchok <[email protected]> --------- Signed-off-by: Alexander Volchok <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: Huabing Zhao <[email protected]> Signed-off-by: Yael Shechter <[email protected]>
arkodg
added a commit
that referenced
this pull request
Mar 28, 2024
* build(deps): bump github.com/prometheus/common from 0.50.0 to 0.51.1 (#3010) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.50.0 to 0.51.1. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](prometheus/common@v0.50.0...v0.51.1) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Huabing Zhao <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * docs: fix squash link (#3013) Signed-off-by: zirain <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * api: support IdleTimeout in clientTrafficPolicy Signed-off-by: Yael Shechter <[email protected]> * build(deps): bump fortio.org/fortio from 1.63.4 to 1.63.5 (#3011) Bumps [fortio.org/fortio](https://github.com/fortio/fortio) from 1.63.4 to 1.63.5. - [Release notes](https://github.com/fortio/fortio/releases) - [Commits](fortio/fortio@v1.63.4...v1.63.5) --- updated-dependencies: - dependency-name: fortio.org/fortio dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Huabing Zhao <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * ci: trigger docs action (#3017) Signed-off-by: zirain <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * ci: fix cherrypick permission (#2985) Signed-off-by: zirain <[email protected]> Co-authored-by: Huabing Zhao <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * fix: set path prefix for http ext auth service (#3018) Signed-off-by: huabing zhao <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * feat: add Chinese language support for doc site (#2532) * Add Chinese support for doc site Signed-off-by: Wilson Wu <[email protected]> * Add zh i18n for menus Signed-off-by: Wilson Wu <[email protected]> * Add zh content placeholders Signed-off-by: Wilson Wu <[email protected]> * Fix about zh page Signed-off-by: Wilson Wu <[email protected]> * Apply suggestions from code review Co-authored-by: Huabing Zhao <[email protected]> Signed-off-by: Wilson Wu <[email protected]> * docs: `%s/Application/API/g` (#2929) Signed-off-by: Wilson Wu <[email protected]> * remove old version for zh content Signed-off-by: Wilson Wu <[email protected]> * Update the latest version link Signed-off-by: Wilson Wu <[email protected]> * Fix default content dir Signed-off-by: Wilson Wu <[email protected]> * Translate landing page and fix broken link Signed-off-by: Wilson Wu <[email protected]> * Fix broken link Signed-off-by: Wilson Wu <[email protected]> * Add a contribution page Signed-off-by: Wilson Wu <[email protected]> --------- Signed-off-by: Wilson Wu <[email protected]> Co-authored-by: Huabing Zhao <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: zirain <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * feat(translator): implement connection limit (#2952) * implement connection limit Signed-off-by: Guy Daich <[email protected]> * fix lint Signed-off-by: Guy Daich <[email protected]> * fix lint 2 Signed-off-by: Guy Daich <[email protected]> * fix ir, coverage Signed-off-by: Guy Daich <[email protected]> * fix lint 3 Signed-off-by: Guy Daich <[email protected]> * open more connection in e2e Signed-off-by: Guy Daich <[email protected]> * fix error type Signed-off-by: Guy Daich <[email protected]> * add additional connections Signed-off-by: Guy Daich <[email protected]> * make limit value required Signed-off-by: Guy Daich <[email protected]> * add error-flow unit test Signed-off-by: Guy Daich <[email protected]> * fix lint 4 Signed-off-by: Guy Daich <[email protected]> * assert policy accepted in test Signed-off-by: Guy Daich <[email protected]> * rename limit => connectionLimit Signed-off-by: Guy Daich <[email protected]> --------- Signed-off-by: Guy Daich <[email protected]> Co-authored-by: zirain <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * docs: remove 0.1.0 from linkinator ignore list (#3015) Signed-off-by: yuluo <[email protected]> Co-authored-by: zirain <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * disable connection limit test (#3025) Signed-off-by: huabing zhao <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * fix: use correct connection limit attribute name in e2e, docs (#3028) fix attribute name Signed-off-by: Guy Daich <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * docs: document patches in envoy proxy (#3027) * docs: document patches in envoy proxy Signed-off-by: Yael Shechter <[email protected]> * fix linting issue Signed-off-by: Yael Shechter <[email protected]> * fix pr comment Signed-off-by: Yael Shechter <[email protected]> --------- Signed-off-by: Yael Shechter <[email protected]> * feat(policy): Adding BTP support for UDP/TCPRoute (#3004) * Adding BTP support for UDP/TCP Routes Signed-off-by: Alexander Volchok <[email protected]> * fixining lint Signed-off-by: Alexander Volchok <[email protected]> * fix IdleTime check Signed-off-by: Alexander Volchok <[email protected]> * adding missing generates Signed-off-by: Alexander Volchok <[email protected]> * fixing code review comments Signed-off-by: Alexander Volchok <[email protected]> * incresing code coverage Signed-off-by: Alexander Volchok <[email protected]> --------- Signed-off-by: Alexander Volchok <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: Huabing Zhao <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * fix: add missing http filters to the http filter chain (#2970) * fix: add missing http filters to the http filter chain Signed-off-by: huabing zhao <[email protected]> * refactor Signed-off-by: huabing zhao <[email protected]> * fix lint Signed-off-by: huabing zhao <[email protected]> * add comments Signed-off-by: huabing zhao <[email protected]> * remove refactor Signed-off-by: huabing zhao <[email protected]> * remove refactor Signed-off-by: huabing zhao <[email protected]> * fix gen Signed-off-by: huabing zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: huabing zhao <[email protected]> Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * fix pr comment Signed-off-by: Yael Shechter <[email protected]> * ci: grant pull-requests permission to cherrypick action (#3039) Signed-off-by: zirain <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * Update ADOPTERS.md for Airspace Link (#3045) Signed-off-by: Fabrice Aneche <[email protected]> Co-authored-by: zirain <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * feat: added option to specify resources on the OIDC security policy (#3030) added option to specify resources on the OIDC filter Signed-off-by: jaynis <[email protected]> Co-authored-by: Huabing Zhao <[email protected]> Signed-off-by: Yael Shechter <[email protected]> * run make commands Signed-off-by: Yael Shechter <[email protected]> * fix: allow websockets in url rewrite (#3022) allow websockets in url rewrite Signed-off-by: Jesse Haka <[email protected]> Co-authored-by: zirain <[email protected]> Signed-off-by: Yael Shechter <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Yael Shechter <[email protected]> Signed-off-by: zirain <[email protected]> Signed-off-by: huabing zhao <[email protected]> Signed-off-by: Wilson Wu <[email protected]> Signed-off-by: Guy Daich <[email protected]> Signed-off-by: yuluo <[email protected]> Signed-off-by: Alexander Volchok <[email protected]> Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Fabrice Aneche <[email protected]> Signed-off-by: jaynis <[email protected]> Signed-off-by: Jesse Haka <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Huabing Zhao <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: Wilson Wu <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: Guy Daich <[email protected]> Co-authored-by: YuLuo <[email protected]> Co-authored-by: Alex Volchok <[email protected]> Co-authored-by: Fabrice Aneche <[email protected]> Co-authored-by: jaynis <[email protected]> Co-authored-by: Jesse Haka <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Enables the application of BTP rules on gateway and TCP/UDP routes.
Modifications have been incorporated into the IR mapper and XDS translator.
Adds below BTP rules for tcp and tls routes:
Adds below BTP rules for UDP routes:
Which issue(s) this PR fixes:
#2880