feature(helm): create gateway-crds-helm helm chart, to store CRDs trough template by nissessenap · Pull Request #5616 · envoyproxy/gateway

nissessenap · 2025-03-26T08:37:12Z

What type of PR is this?
feature

What this PR does / why we need it:
Support upgrading EG CRDs and make it possible to install EG in a Kubernetes cluster that already got Gateway API CRDs installed.

Which issue(s) this PR fixes:

Fixes #4001

Release Notes: Yes/No

.github/workflows/release.yaml

zirain · 2025-03-28T11:07:10Z

like gateway-helm, we need to release this as oci image.

codecov · 2025-03-28T11:11:06Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.38%. Comparing base (096cb8d) to head (f521334).
Report is 19 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5616      +/-   ##
==========================================
+ Coverage   65.19%   65.38%   +0.18%     
==========================================
  Files         214      215       +1     
  Lines       34321    34576     +255     
==========================================
+ Hits        22377    22607     +230     
- Misses      10591    10598       +7     
- Partials     1353     1371      +18

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

nissessenap · 2025-03-28T13:13:58Z

@zirain

like gateway-helm, we need to release this as oci image.

I haven't been able to find where this is done, I was hoping this was solved in some makefile somewhere... Do you have a good idea what I need to update to fix that?

tools/helm-docs/readme.gateway-crds-helm.gotmpl

charts/gateway-crds-helm/values.yaml

nissessenap · 2025-04-08T06:19:37Z

I'm wondering how to pass the tests:

I can't find any ignore folder setting ether.
I used make -k gen-check and I got a few changes, but it won't make make lint-deps what I can see.

Is there any command to run to automatically fix the yaml to follow the standard you want? I can't find anything around this in contributing.md ether.

nissessenap · 2025-04-08T06:21:40Z

like gateway-helm, we need to release this as oci image.

My understanding that the publish of the helm chart is solved here:

gateway/tools/make/helm.mk

Lines 29 to 41 in 521b78b

    
           .PHONY: helm-push 
        
           helm-push: ## Push envoy gateway relevant helm charts to OCI registry. 
        
           helm-push: 
        
           	@for chart in $(CHARTS); do \ 
        
           		$(LOG_TARGET); \ 
        
           		$(MAKE) $(addprefix helm-push., $$(basename $${chart})); \ 
        
           	done 
        
           .PHONY: helm-push.% 
        
           helm-push.%: helm-package.% 
        
           	$(eval COMMAND := $(word 1,$(subst ., ,$*))) 
        
           	$(eval CHART_NAME := $(COMMAND)) 
        
           	helm push ${OUTPUT_DIR}/charts/${CHART_NAME}-${CHART_VERSION}.tgz ${OCI_REGISTRY}

Together with:

gateway/.github/workflows/release.yaml

Lines 75 to 78 in 521b78b

    
                 - name: Build and Push EG Release Helm Chart 
        
                   run: | 
        
                     IMAGE_PULL_POLICY=IfNotPresent OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=${{ env.release_tag }} IMAGE=docker.io/envoyproxy/gateway TAG=${{ env.release_tag }} make helm-package helm-push 
        
                     IMAGE_PULL_POLICY=IfNotPresent OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=${{ env.without_v_release_tag }} IMAGE=docker.io/envoyproxy/gateway TAG=${{ env.release_tag }} make helm-package helm-push

arkodg · 2025-04-10T23:44:44Z

charts/gateway-crds-helm/templates/gatewayapi-crds.yaml

should be gatewayApi

arkodg · 2025-04-10T23:59:34Z

thanks @nissessenap this is looking good !
i had 2 comments

imo should be crd.gatewayAPI
should the default value for crd.gatewayAPI be false ? this depends on what we think will be the most common deployment model for EG users
- will they deploy in a cloud which will manage these CRDs for them ?
- or will they prefer to install these CRDs themselves

…ugh template Signed-off-by: Edvin Norling <[email protected]>

arkodg

LGTM thanks for addressing the comments !

arkodg · 2025-04-17T02:43:27Z

the gen check error can be avoided by committing the changes from make generate && make manifests
the lint error can be fixed by adding a line in

gateway/tools/linter/yamllint/.yamllint

Line 3 in dd1c66f

ignore: |

Signed-off-by: Edvin Norling <[email protected]>

nissessenap · 2025-04-19T14:29:17Z

I have changed from Api to API and removed my changes to the e2e file. Hopefully this time the PR passes.

arkodg · 2025-04-19T15:16:08Z

hey @nissessenap there were new API changes that landed, can you rebase again and run make generate && make manifests

Signed-off-by: Edvin Norling <[email protected]>

nissessenap · 2025-04-19T15:25:15Z

I ran the make commands again, but I didn't commit the changes done in test/helm/gateway-addons-helm/e2e.out.yaml

shahar-h · 2025-04-29T08:08:40Z

@nissessenap @arkodg the new gateway-crds-helm can't be installed because of helm issue referred here:

Error: create: failed to create: Secret "sh.helm.release.v1.eg-crds.v1" is invalid: data: Too long: must have at most 1048576 bytes

I suggest to separate EG CRDs and GWAPI CRDs into two charts until helm issue is resolved, or alternatively instruct to install the chart twice - firstly with only EG CRDs enabled and secondly with only GWAPI CRDs enabled.
WDYT?

arkodg · 2025-04-29T19:00:14Z

yeah i like option 2, installing in 2 steps, so we can reduce maintenance of managing artifacts on our end yet user workflow looks like 1

arkodg · 2025-04-29T20:42:38Z

also maybe best to disable by default so users dont hit the helm issue by default

nissessenap · 2025-04-29T21:07:28Z

And people wonder why none likes helm...
My understanding is that this really is an issue only for people using helm upgrade/helm install. Great for PoC, but I assume none is doing this for production. I assume upgrade is something only people do in production any way.

It doesn't help to install the CRDs separate in gateway-crds-helm. I tried it and I get the same error.

~envoy-gateway/charts/gateway-crds-helm on  main [!?] via 🐹 v1.24.2 at ☸️ kind-kind
➜ helm upgrade -i gateway . --set crds.gatewayAPI.enabled=true --set crds.envoyGateway.enabled=false
Release "gateway" does not exist. Installing it now.
Error: create: failed to create: Secret "sh.helm.release.v1.gateway.v1" is invalid: data: Too long: must have at most 1048576 bytes

~envoy-gateway/charts/gateway-crds-helm on  main [!?] via 🐹 v1.24.2 at ☸️ kind-kind
➜ helm upgrade -i gateway . --set crds.gatewayAPI.enabled=false --set crds.envoyGateway.enabled=true
Release "gateway" does not exist. Installing it now.
Error: create: failed to create: Secret "sh.helm.release.v1.gateway.v1" is invalid: data: Too long: must have at most 1048576 bytes

I assume it works with gateway-helm since it's inside the CRD folder and helm treats those files differently.

If you use ArgoCD you can use argocd.argoproj.io/sync-options: ServerSideApply=true or argocd.argoproj.io/sync-options: Replace=true
This is how we solve it in the grafana-operator. Instead of using kubectl apply -f you will have to use kubectl create/replace -f
In flux, you get server-side apply by default if my memory serves me correct, so it shouldn't be any issues from the start.

My suggestion would be to document out of this issue. There is no good solution due to the limitations of etcd/helm, and it's not much we can do about it.

arkodg · 2025-04-29T22:56:07Z

yeah +1 to this, a workaround for helm / k8s yaml users is helm template | kubectl apply

* These settings dont work by default in the way `helm` works and this helm chart is now mainly used as a package artifact to be consumed by CI tools like Argo, so changed the default settings to disable by default, so users are opting into specific CRDs they want. Relates to envoyproxy#5616 (comment) Signed-off-by: Arko Dasgupta <[email protected]>

* disable settings by default in gateway-crds-helm * These settings dont work by default in the way `helm` works and this helm chart is now mainly used as a package artifact to be consumed by CI tools like Argo, so changed the default settings to disable by default, so users are opting into specific CRDs they want. Relates to #5616 (comment) Signed-off-by: Arko Dasgupta <[email protected]>

* disable settings by default in gateway-crds-helm * These settings dont work by default in the way `helm` works and this helm chart is now mainly used as a package artifact to be consumed by CI tools like Argo, so changed the default settings to disable by default, so users are opting into specific CRDs they want. Relates to envoyproxy/gateway#5616 (comment) Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: melsal13 <[email protected]>

* disable settings by default in gateway-crds-helm * These settings dont work by default in the way `helm` works and this helm chart is now mainly used as a package artifact to be consumed by CI tools like Argo, so changed the default settings to disable by default, so users are opting into specific CRDs they want. Relates to envoyproxy#5616 (comment) Signed-off-by: Arko Dasgupta <[email protected]>

* chore: ignore api types in codecov (#5886) Signed-off-by: shawnh2 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore/ci: add `go.lint.fmt` target (#5846) * chore/ci: add lint.gofumpt target Signed-off-by: Karol Szwaj <[email protected]> * update review Signed-off-by: Karol Szwaj <[email protected]> * Add extra flag to gofumpt, move local golanglint fmt target to golang makefile Signed-off-by: Karol Szwaj <[email protected]> * add build tags Signed-off-by: Karol Szwaj <[email protected]> * fix lint Signed-off-by: Karol Szwaj <[email protected]> --------- Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: staticcheck issues (#5779) * fix(QF1008): Omit embedded fields from selector expression Signed-off-by: Matthieu MOREL <[email protected]> * fix(QF1001): Apply De Morgan’s law Signed-off-by: Matthieu MOREL <[email protected]> * fix(QF1002): Convert untagged switch to tagged switch Signed-off-by: Matthieu MOREL <[email protected]> * fix(QF1003): Convert if/else-if chain to tagged switch Signed-off-by: Matthieu MOREL <[email protected]> * fix(QF1007): Merge conditional assignment into variable declaration Signed-off-by: Matthieu MOREL <[email protected]> * fix(QF1009): Use time.Time.Equal instead of == operator Signed-off-by: Matthieu MOREL <[email protected]> --------- Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: local jwks (#5806) docs for local jwks Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * disable settings by default in gateway-crds-helm (#5894) * disable settings by default in gateway-crds-helm * These settings dont work by default in the way `helm` works and this helm chart is now mainly used as a package artifact to be consumed by CI tools like Argo, so changed the default settings to disable by default, so users are opting into specific CRDs they want. Relates to #5616 (comment) Signed-off-by: Arko Dasgupta <[email protected]> * Add seed corpus to guide the fuzzer to generate combinations of gatew… (#5904) * Add seed corpus to guide the fuzzer to generate combinations of gateway resources. Signed-off-by: sudipto baral <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix(chart): passing root context to template (#5902) * chore: passing root context to template Signed-off-by: hansselvig <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore: improve merge test (#5861) Signed-off-by: Arko Dasgupta <[email protected]> * fix: httproute precedence by considering header/query match type (#5740) * fix precedence to use number of exact matches Signed-off-by: kkk777-7 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * ci: make helm-generate should failed as expected (#5908) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs(rate-limit): minor fix in 'Distinct Users Except Admin' section (#5912) Signed-off-by: Tomas Rojo <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * adpot internals/utils/merge.Merge (#5917) Signed-off-by: Arko Dasgupta <[email protected]> * Add Bitnami as an Envoy Gateway adopter (#5926) Signed-off-by: Arko Dasgupta <[email protected]> * build(deps): bump google/osv-scanner-action from 2.0.1 to 2.0.2 (#5920) Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@6fc7144...e69cc6c) --- updated-dependencies: - dependency-name: google/osv-scanner-action dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <[email protected]> * build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 (#5919) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.16 to 3.28.17. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@28deaed...60168ef) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.17 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <[email protected]> * build(deps): bump github.com/valyala/fasthttp from 1.60.0 to 1.61.0 in /examples/preserve-case-backend in the github-com group across 1 directory (#5921) build(deps): bump github.com/valyala/fasthttp Bumps the github-com group with 1 update in the /examples/preserve-case-backend directory: [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp). Updates `github.com/valyala/fasthttp` from 1.60.0 to 1.61.0 - [Release notes](https://github.com/valyala/fasthttp/releases) - [Commits](valyala/fasthttp@v1.60.0...v1.61.0) --- updated-dependencies: - dependency-name: github.com/valyala/fasthttp dependency-version: 1.61.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-com ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <[email protected]> * docs: fix example for http redirects page (#5830) * docs: fix example for http redirects page Signed-off-by: Marcel Czaplinski <[email protected]> * chore: copy documentation patch for http redirects from v1.3 to latest Signed-off-by: Marcel Czaplinski <[email protected]> --------- Signed-off-by: Marcel Czaplinski <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: Add docs for request buffering (#5910) * add docs for request buffering Signed-off-by: mark winter <[email protected]> * add missing change Signed-off-by: mark winter <[email protected]> --------- Signed-off-by: mark winter <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: support configuring tls for dynamic resolver backend (#5867) * support configuring tls for dynamic resolver backend Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: fix topology injector bug (#5911) * fix webhook Signed-off-by: Jukie <[email protected]> * lint and test fixes Signed-off-by: Jukie <[email protected]> --------- Signed-off-by: Jukie <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: allow merge rate limit rule in BTP (#5915) * feat: allow merge rate limit rule in BTP Signed-off-by: zirain <[email protected]> * fix gen Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: install EG via Argo CD (#5824) * install EG via Argo CD Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore: clean up BTP status (#5934) clean up BTP status Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: test for dynamic resolver backend using system ca for TLS (#5932) e2e test for dynamic resolver backend using system ca for TLS Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: implement offline kubernetes controller (#5767) Signed-off-by: Arko Dasgupta <[email protected]> * fix: SecurityPolicy reference grant (#5792) * fix: SecurityPolicy reference grant Signed-off-by: kkk777-7 <[email protected]> * add: release note Signed-off-by: kkk777-7 <[email protected]> * update: func name Signed-off-by: kkk777-7 <[email protected]> * revert func name Signed-off-by: kkk777-7 <[email protected]> * update: use processBackendRef to handle route backends Signed-off-by: kkk777-7 <[email protected]> * fix: use not pointer type for extAuth backendRef Signed-off-by: kkk777-7 <[email protected]> * Add: testcase for ExtAuth Signed-off-by: kkk777-7 <[email protected]> * fix: add jwt backendref to backendSecurityPolicyIndexFunc Signed-off-by: kkk777-7 <[email protected]> --------- Signed-off-by: kkk777-7 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: add validation for header values (#5933) Signed-off-by: Gavin Lam <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: Fixed typo in error message. (#5945) Signed-off-by: Mathias Westby Skoglund <[email protected]> Co-authored-by: Mathias Westby Skoglund <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: disable DynamicResolverBackendTest on IPv6 (#5964) disable DynamicResolverBackendTest in IPV6 Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: proxy creation/deletion error handling in GatewayNamespace mode (#5954) * fix: proxy creation/deletion error handling in GatewayNamespace mode Signed-off-by: zirain <[email protected]> * nit Signed-off-by: zirain <[email protected]> * nit Signed-off-by: zirain <[email protected]> * more nit Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * ci: kube-deploy support KUBE_DEPLOY_PROFILE (#5957) * ci: kube-deploy support helm values configuration file Signed-off-by: zirain <[email protected]> * move to test/cofnig Signed-off-by: zirain <[email protected]> * fix Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: process remaining gatewayClasses after encountering an err (#5953) fix: process all gatewayClasses after encountering an err * instead of returning from Reconcile after encountering an err which processing a `GatewayClass`, `continue` instead to process all GatewayClasses Fixes: #5618 Signed-off-by: Arko Dasgupta <[email protected]> * fix: do not add tls inspector filter to quic listener (#5671) * fix: enable http3 but panic Signed-off-by: bitliu <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * Add seed corpus related to traffic task. (#5947) * Add seed corpus related to traffic task. Signed-off-by: sudipto baral <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * [release/v1.3] release v1.3.3 notes (#5969) release v1.3.3 notes Signed-off-by: Guy Daich <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: fix PreserveCase flaky (#5966) * e2e: fix PreserveCase flaky Signed-off-by: zirain <[email protected]> * fix Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: validate JWT token and use projected token (#5871) * Add proxyMetadata to xds config and validate JWT Signed-off-by: Karol Szwaj <[email protected]> * Add controller namespace to infra Signed-off-by: Karol Szwaj <[email protected]> * Add Metadata envoy bootstrap struct Signed-off-by: Karol Szwaj <[email protected]> * Add release note Signed-off-by: Karol Szwaj <[email protected]> * fix lint Signed-off-by: Karol Szwaj <[email protected]> * fix doc Signed-off-by: Karol Szwaj <[email protected]> * use projected service account tokens with eg audience Signed-off-by: Karol Szwaj <[email protected]> * lint code Signed-off-by: Karol Szwaj <[email protected]> * make gen Signed-off-by: Karol Szwaj <[email protected]> * make gen Signed-off-by: Karol Szwaj <[email protected]> * Revert "Add controller namespace to infra" This reverts commit b2fa2caf58982432e5d5b31bd7d95a5ad523ed5e. Signed-off-by: Karol Szwaj <[email protected]> * fetch the node id and initial metadata from first msg Signed-off-by: Karol Szwaj <[email protected]> * update codegen Signed-off-by: Karol Szwaj <[email protected]> * verify service account Signed-off-by: Huabing (Robin) Zhao <[email protected]> * validate only sa Signed-off-by: Karol Szwaj <[email protected]> * add local hash name func Signed-off-by: Karol Szwaj <[email protected]> * Verify pod name for authz This reverts commit b0748a0. Signed-off-by: Huabing (Robin) Zhao <[email protected]> * lint code Signed-off-by: Karol Szwaj <[email protected]> --------- Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: Huabing (Robin) Zhao <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: add controller namespace field to infrastructure render (#5937) * Add controller namespace to infra Signed-off-by: Karol Szwaj <[email protected]> * make gen Signed-off-by: Karol Szwaj <[email protected]> * rebase code and add controller namespace helper Signed-off-by: Karol Szwaj <[email protected]> * rename to envoy namespace Signed-off-by: Karol Szwaj <[email protected]> * rename to ControllerNamespace Signed-off-by: Karol Szwaj <[email protected]> --------- Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: GatewayNamespace mode (#5961) * enable gateway-namespace-mode e2e Signed-off-by: zirain <[email protected]> * fix ProxyMetrics Signed-off-by: zirain <[email protected]> * fix and skip some tests Signed-off-by: zirain <[email protected]> * enable MetricCompressorTest Signed-off-by: zirain <[email protected]> * fix upgrade test Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * helm: support standard channel (#5958) * support standard channel Signed-off-by: Huabing (Robin) Zhao <[email protected]> * add comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: bump upgrade test version to v1.3.2 (#5976) e2e: bump upgrade test version Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: add validation for duplicated API keys (#5955) * reject duplicated API keys * enhance api-key-auth e2e test to cover duplicated client IDs Signed-off-by: Gavin Lam <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * [release/v1.3] update site to use v1.3.3 (#5980) update site to use v1.3.3 Signed-off-by: Guy Daich <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: dynamic resolver backend (#5935) * docs for dynamic resolver backend Signed-off-by: Huabing (Robin) Zhao <[email protected]> * update docs Signed-off-by: Huabing (Robin) Zhao <[email protected]> * update docs Signed-off-by: Huabing (Robin) Zhao <[email protected]> * delete docs Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * Fuzzing: Fail on xds translation error (#5986) Fail on xds translation error Signed-off-by: sudipto baral <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix btp merge not working when there's multi parent refs on router (#5967) * fix btp merge not working when there's multi parent refs on router Signed-off-by: zirain <[email protected]> * address comment Signed-off-by: zirain <[email protected]> * messge Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: fix GRPCExtAuth flaky (#5987) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore: add coverpkg for coverage test (#5991) add coverpkg for coverage test Signed-off-by: shawnh2 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * ci: enable conformance test for GatewayNamespaceMode (#5992) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: add CollectAndDump for EGUpgrade test (#5998) * e2e: only run collect and dump when failed Signed-off-by: zirain <[email protected]> * dump when EGUpgrade failed Signed-off-by: zirain <[email protected]> * nit Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: add test for BTP timeout (#5994) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * Remoe check for accesslog formatter (#5985) * Remoe check for accesslog formatter Signed-off-by: zirain <[email protected]> * gen Signed-off-by: zirain <[email protected]> * lint Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: fix GRPCExtAuth/http_route_with_ext_auth_authentication (#6001) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore: update dependabot (#6007) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: update CORS test (#6011) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore: add multiple gateways testdata for GatewayNamespace mode (#5972) * chore: add gatewaynamespacemode multiple gateways testdata Signed-off-by: Karol Szwaj <[email protected]> * fix lint Signed-off-by: Karol Szwaj <[email protected]> * Add multiple resources to infra test Signed-off-by: Karol Szwaj <[email protected]> * Review update Signed-off-by: Karol Szwaj <[email protected]> --------- Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: adds support for extension server in standalone mode (#5984) Signed-off-by: Takeshi Yoneda <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: Add new conceptual pages for intro concepts (#5981) * add new conceptual pages for intro concepts Signed-off-by: melsal13 <[email protected]> * renamed envoy-proxy.md to proxy.md Signed-off-by: melsal13 <[email protected]> * reorganized sidebar Signed-off-by: melsal13 <[email protected]> * fixed formatting issue Signed-off-by: melsal13 <[email protected]> * fixed linker errors Signed-off-by: melsal13 <[email protected]> * fixed link errors in v1.3 Signed-off-by: melsal13 <[email protected]> * fixed typo & removed related resources links in gateway-api-extensions index file Signed-off-by: melsal13 <[email protected]> --------- Signed-off-by: melsal13 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: update open graph image (#6022) update the og:image to a new image in style with the current website styling Signed-off-by: Erica Hughberg <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * temporarily disable the backend tls test (#6030) Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * Fix lint (#6031) * temporarily disable the backend tls test Signed-off-by: Huabing (Robin) Zhao <[email protected]> * fix lint Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: allows offline k8s controller to use non default CRDs (#6020) * fix: allows offline k8s controller to use non default CRDs Signed-off-by: Takeshi Yoneda <[email protected]> * workaround Signed-off-by: Takeshi Yoneda <[email protected]> --------- Signed-off-by: Takeshi Yoneda <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: refactor ratelmit test (#5997) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * moved shared under rules (#5944) * moved shared under rules Signed-off-by: Ryan Hristovski <[email protected]> * Fix some logic Signed-off-by: Ryan Hristovski <[email protected]> * fix rule logic Signed-off-by: Ryan Hristovski <[email protected]> * fix some tests Signed-off-by: Ryan Hristovski <[email protected]> * fix tests Signed-off-by: Ryan Hristovski <[email protected]> * Fix descriptor hierarchy Signed-off-by: Ryan Hristovski <[email protected]> * comments Signed-off-by: Ryan Hristovski <[email protected]> * fmt Signed-off-by: Ryan Hristovski <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix make gen Signed-off-by: Arko Dasgupta <[email protected]> * make gen round 2 Signed-off-by: Arko Dasgupta <[email protected]> --------- Signed-off-by: shawnh2 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: sudipto baral <[email protected]> Signed-off-by: hansselvig <[email protected]> Signed-off-by: kkk777-7 <[email protected]> Signed-off-by: zirain <[email protected]> Signed-off-by: Tomas Rojo <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Marcel Czaplinski <[email protected]> Signed-off-by: mark winter <[email protected]> Signed-off-by: Jukie <[email protected]> Signed-off-by: Gavin Lam <[email protected]> Signed-off-by: Mathias Westby Skoglund <[email protected]> Signed-off-by: bitliu <[email protected]> Signed-off-by: Guy Daich <[email protected]> Signed-off-by: Takeshi Yoneda <[email protected]> Signed-off-by: melsal13 <[email protected]> Signed-off-by: Erica Hughberg <[email protected]> Signed-off-by: Ryan Hristovski <[email protected]> Co-authored-by: sh2 <[email protected]> Co-authored-by: Karol Szwaj <[email protected]> Co-authored-by: Matthieu MOREL <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Co-authored-by: Sudipto Baral <[email protected]> Co-authored-by: hansselvig <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: Kota Kimura <[email protected]> Co-authored-by: tomas-rojo <[email protected]> Co-authored-by: Carlos Rodríguez Hernández <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marcel Czaplinski <[email protected]> Co-authored-by: Mark Winter <[email protected]> Co-authored-by: Isaac <[email protected]> Co-authored-by: Gavin Lam <[email protected]> Co-authored-by: Mathias Westby Skoglund <[email protected]> Co-authored-by: Mathias Westby Skoglund <[email protected]> Co-authored-by: Xunzhuo <[email protected]> Co-authored-by: Guy Daich <[email protected]> Co-authored-by: Takeshi Yoneda <[email protected]> Co-authored-by: Melissa Salazar <[email protected]> Co-authored-by: Erica Hughberg <[email protected]> Co-authored-by: Ryan Hristovski <[email protected]>

…y#6044) * chore: ignore api types in codecov (envoyproxy#5886) Signed-off-by: shawnh2 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore/ci: add `go.lint.fmt` target (envoyproxy#5846) * chore/ci: add lint.gofumpt target Signed-off-by: Karol Szwaj <[email protected]> * update review Signed-off-by: Karol Szwaj <[email protected]> * Add extra flag to gofumpt, move local golanglint fmt target to golang makefile Signed-off-by: Karol Szwaj <[email protected]> * add build tags Signed-off-by: Karol Szwaj <[email protected]> * fix lint Signed-off-by: Karol Szwaj <[email protected]> --------- Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: staticcheck issues (envoyproxy#5779) * fix(QF1008): Omit embedded fields from selector expression Signed-off-by: Matthieu MOREL <[email protected]> * fix(QF1001): Apply De Morgan’s law Signed-off-by: Matthieu MOREL <[email protected]> * fix(QF1002): Convert untagged switch to tagged switch Signed-off-by: Matthieu MOREL <[email protected]> * fix(QF1003): Convert if/else-if chain to tagged switch Signed-off-by: Matthieu MOREL <[email protected]> * fix(QF1007): Merge conditional assignment into variable declaration Signed-off-by: Matthieu MOREL <[email protected]> * fix(QF1009): Use time.Time.Equal instead of == operator Signed-off-by: Matthieu MOREL <[email protected]> --------- Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: local jwks (envoyproxy#5806) docs for local jwks Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * disable settings by default in gateway-crds-helm (envoyproxy#5894) * disable settings by default in gateway-crds-helm * These settings dont work by default in the way `helm` works and this helm chart is now mainly used as a package artifact to be consumed by CI tools like Argo, so changed the default settings to disable by default, so users are opting into specific CRDs they want. Relates to envoyproxy#5616 (comment) Signed-off-by: Arko Dasgupta <[email protected]> * Add seed corpus to guide the fuzzer to generate combinations of gatew… (envoyproxy#5904) * Add seed corpus to guide the fuzzer to generate combinations of gateway resources. Signed-off-by: sudipto baral <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix(chart): passing root context to template (envoyproxy#5902) * chore: passing root context to template Signed-off-by: hansselvig <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore: improve merge test (envoyproxy#5861) Signed-off-by: Arko Dasgupta <[email protected]> * fix: httproute precedence by considering header/query match type (envoyproxy#5740) * fix precedence to use number of exact matches Signed-off-by: kkk777-7 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * ci: make helm-generate should failed as expected (envoyproxy#5908) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs(rate-limit): minor fix in 'Distinct Users Except Admin' section (envoyproxy#5912) Signed-off-by: Tomas Rojo <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * adpot internals/utils/merge.Merge (envoyproxy#5917) Signed-off-by: Arko Dasgupta <[email protected]> * Add Bitnami as an Envoy Gateway adopter (envoyproxy#5926) Signed-off-by: Arko Dasgupta <[email protected]> * build(deps): bump google/osv-scanner-action from 2.0.1 to 2.0.2 (envoyproxy#5920) Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@6fc7144...e69cc6c) --- updated-dependencies: - dependency-name: google/osv-scanner-action dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <[email protected]> * build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 (envoyproxy#5919) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.16 to 3.28.17. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@28deaed...60168ef) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.17 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <[email protected]> * build(deps): bump github.com/valyala/fasthttp from 1.60.0 to 1.61.0 in /examples/preserve-case-backend in the github-com group across 1 directory (envoyproxy#5921) build(deps): bump github.com/valyala/fasthttp Bumps the github-com group with 1 update in the /examples/preserve-case-backend directory: [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp). Updates `github.com/valyala/fasthttp` from 1.60.0 to 1.61.0 - [Release notes](https://github.com/valyala/fasthttp/releases) - [Commits](valyala/fasthttp@v1.60.0...v1.61.0) --- updated-dependencies: - dependency-name: github.com/valyala/fasthttp dependency-version: 1.61.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-com ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Arko Dasgupta <[email protected]> * docs: fix example for http redirects page (envoyproxy#5830) * docs: fix example for http redirects page Signed-off-by: Marcel Czaplinski <[email protected]> * chore: copy documentation patch for http redirects from v1.3 to latest Signed-off-by: Marcel Czaplinski <[email protected]> --------- Signed-off-by: Marcel Czaplinski <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: Add docs for request buffering (envoyproxy#5910) * add docs for request buffering Signed-off-by: mark winter <[email protected]> * add missing change Signed-off-by: mark winter <[email protected]> --------- Signed-off-by: mark winter <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: support configuring tls for dynamic resolver backend (envoyproxy#5867) * support configuring tls for dynamic resolver backend Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: fix topology injector bug (envoyproxy#5911) * fix webhook Signed-off-by: Jukie <[email protected]> * lint and test fixes Signed-off-by: Jukie <[email protected]> --------- Signed-off-by: Jukie <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: allow merge rate limit rule in BTP (envoyproxy#5915) * feat: allow merge rate limit rule in BTP Signed-off-by: zirain <[email protected]> * fix gen Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: install EG via Argo CD (envoyproxy#5824) * install EG via Argo CD Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore: clean up BTP status (envoyproxy#5934) clean up BTP status Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: test for dynamic resolver backend using system ca for TLS (envoyproxy#5932) e2e test for dynamic resolver backend using system ca for TLS Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: implement offline kubernetes controller (envoyproxy#5767) Signed-off-by: Arko Dasgupta <[email protected]> * fix: SecurityPolicy reference grant (envoyproxy#5792) * fix: SecurityPolicy reference grant Signed-off-by: kkk777-7 <[email protected]> * add: release note Signed-off-by: kkk777-7 <[email protected]> * update: func name Signed-off-by: kkk777-7 <[email protected]> * revert func name Signed-off-by: kkk777-7 <[email protected]> * update: use processBackendRef to handle route backends Signed-off-by: kkk777-7 <[email protected]> * fix: use not pointer type for extAuth backendRef Signed-off-by: kkk777-7 <[email protected]> * Add: testcase for ExtAuth Signed-off-by: kkk777-7 <[email protected]> * fix: add jwt backendref to backendSecurityPolicyIndexFunc Signed-off-by: kkk777-7 <[email protected]> --------- Signed-off-by: kkk777-7 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: add validation for header values (envoyproxy#5933) Signed-off-by: Gavin Lam <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: Fixed typo in error message. (envoyproxy#5945) Signed-off-by: Mathias Westby Skoglund <[email protected]> Co-authored-by: Mathias Westby Skoglund <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: disable DynamicResolverBackendTest on IPv6 (envoyproxy#5964) disable DynamicResolverBackendTest in IPV6 Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: proxy creation/deletion error handling in GatewayNamespace mode (envoyproxy#5954) * fix: proxy creation/deletion error handling in GatewayNamespace mode Signed-off-by: zirain <[email protected]> * nit Signed-off-by: zirain <[email protected]> * nit Signed-off-by: zirain <[email protected]> * more nit Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * ci: kube-deploy support KUBE_DEPLOY_PROFILE (envoyproxy#5957) * ci: kube-deploy support helm values configuration file Signed-off-by: zirain <[email protected]> * move to test/cofnig Signed-off-by: zirain <[email protected]> * fix Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: process remaining gatewayClasses after encountering an err (envoyproxy#5953) fix: process all gatewayClasses after encountering an err * instead of returning from Reconcile after encountering an err which processing a `GatewayClass`, `continue` instead to process all GatewayClasses Fixes: envoyproxy#5618 Signed-off-by: Arko Dasgupta <[email protected]> * fix: do not add tls inspector filter to quic listener (envoyproxy#5671) * fix: enable http3 but panic Signed-off-by: bitliu <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * Add seed corpus related to traffic task. (envoyproxy#5947) * Add seed corpus related to traffic task. Signed-off-by: sudipto baral <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * [release/v1.3] release v1.3.3 notes (envoyproxy#5969) release v1.3.3 notes Signed-off-by: Guy Daich <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: fix PreserveCase flaky (envoyproxy#5966) * e2e: fix PreserveCase flaky Signed-off-by: zirain <[email protected]> * fix Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: validate JWT token and use projected token (envoyproxy#5871) * Add proxyMetadata to xds config and validate JWT Signed-off-by: Karol Szwaj <[email protected]> * Add controller namespace to infra Signed-off-by: Karol Szwaj <[email protected]> * Add Metadata envoy bootstrap struct Signed-off-by: Karol Szwaj <[email protected]> * Add release note Signed-off-by: Karol Szwaj <[email protected]> * fix lint Signed-off-by: Karol Szwaj <[email protected]> * fix doc Signed-off-by: Karol Szwaj <[email protected]> * use projected service account tokens with eg audience Signed-off-by: Karol Szwaj <[email protected]> * lint code Signed-off-by: Karol Szwaj <[email protected]> * make gen Signed-off-by: Karol Szwaj <[email protected]> * make gen Signed-off-by: Karol Szwaj <[email protected]> * Revert "Add controller namespace to infra" This reverts commit b2fa2caf58982432e5d5b31bd7d95a5ad523ed5e. Signed-off-by: Karol Szwaj <[email protected]> * fetch the node id and initial metadata from first msg Signed-off-by: Karol Szwaj <[email protected]> * update codegen Signed-off-by: Karol Szwaj <[email protected]> * verify service account Signed-off-by: Huabing (Robin) Zhao <[email protected]> * validate only sa Signed-off-by: Karol Szwaj <[email protected]> * add local hash name func Signed-off-by: Karol Szwaj <[email protected]> * Verify pod name for authz This reverts commit b0748a0. Signed-off-by: Huabing (Robin) Zhao <[email protected]> * lint code Signed-off-by: Karol Szwaj <[email protected]> --------- Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: Huabing (Robin) Zhao <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: add controller namespace field to infrastructure render (envoyproxy#5937) * Add controller namespace to infra Signed-off-by: Karol Szwaj <[email protected]> * make gen Signed-off-by: Karol Szwaj <[email protected]> * rebase code and add controller namespace helper Signed-off-by: Karol Szwaj <[email protected]> * rename to envoy namespace Signed-off-by: Karol Szwaj <[email protected]> * rename to ControllerNamespace Signed-off-by: Karol Szwaj <[email protected]> --------- Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: GatewayNamespace mode (envoyproxy#5961) * enable gateway-namespace-mode e2e Signed-off-by: zirain <[email protected]> * fix ProxyMetrics Signed-off-by: zirain <[email protected]> * fix and skip some tests Signed-off-by: zirain <[email protected]> * enable MetricCompressorTest Signed-off-by: zirain <[email protected]> * fix upgrade test Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * helm: support standard channel (envoyproxy#5958) * support standard channel Signed-off-by: Huabing (Robin) Zhao <[email protected]> * add comment Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: bump upgrade test version to v1.3.2 (envoyproxy#5976) e2e: bump upgrade test version Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: add validation for duplicated API keys (envoyproxy#5955) * reject duplicated API keys * enhance api-key-auth e2e test to cover duplicated client IDs Signed-off-by: Gavin Lam <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * [release/v1.3] update site to use v1.3.3 (envoyproxy#5980) update site to use v1.3.3 Signed-off-by: Guy Daich <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: dynamic resolver backend (envoyproxy#5935) * docs for dynamic resolver backend Signed-off-by: Huabing (Robin) Zhao <[email protected]> * update docs Signed-off-by: Huabing (Robin) Zhao <[email protected]> * update docs Signed-off-by: Huabing (Robin) Zhao <[email protected]> * delete docs Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * Fuzzing: Fail on xds translation error (envoyproxy#5986) Fail on xds translation error Signed-off-by: sudipto baral <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix btp merge not working when there's multi parent refs on router (envoyproxy#5967) * fix btp merge not working when there's multi parent refs on router Signed-off-by: zirain <[email protected]> * address comment Signed-off-by: zirain <[email protected]> * messge Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: fix GRPCExtAuth flaky (envoyproxy#5987) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore: add coverpkg for coverage test (envoyproxy#5991) add coverpkg for coverage test Signed-off-by: shawnh2 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * ci: enable conformance test for GatewayNamespaceMode (envoyproxy#5992) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: add CollectAndDump for EGUpgrade test (envoyproxy#5998) * e2e: only run collect and dump when failed Signed-off-by: zirain <[email protected]> * dump when EGUpgrade failed Signed-off-by: zirain <[email protected]> * nit Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: add test for BTP timeout (envoyproxy#5994) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * Remoe check for accesslog formatter (envoyproxy#5985) * Remoe check for accesslog formatter Signed-off-by: zirain <[email protected]> * gen Signed-off-by: zirain <[email protected]> * lint Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: fix GRPCExtAuth/http_route_with_ext_auth_authentication (envoyproxy#6001) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore: update dependabot (envoyproxy#6007) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: update CORS test (envoyproxy#6011) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * chore: add multiple gateways testdata for GatewayNamespace mode (envoyproxy#5972) * chore: add gatewaynamespacemode multiple gateways testdata Signed-off-by: Karol Szwaj <[email protected]> * fix lint Signed-off-by: Karol Szwaj <[email protected]> * Add multiple resources to infra test Signed-off-by: Karol Szwaj <[email protected]> * Review update Signed-off-by: Karol Szwaj <[email protected]> --------- Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * feat: adds support for extension server in standalone mode (envoyproxy#5984) Signed-off-by: Takeshi Yoneda <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: Add new conceptual pages for intro concepts (envoyproxy#5981) * add new conceptual pages for intro concepts Signed-off-by: melsal13 <[email protected]> * renamed envoy-proxy.md to proxy.md Signed-off-by: melsal13 <[email protected]> * reorganized sidebar Signed-off-by: melsal13 <[email protected]> * fixed formatting issue Signed-off-by: melsal13 <[email protected]> * fixed linker errors Signed-off-by: melsal13 <[email protected]> * fixed link errors in v1.3 Signed-off-by: melsal13 <[email protected]> * fixed typo & removed related resources links in gateway-api-extensions index file Signed-off-by: melsal13 <[email protected]> --------- Signed-off-by: melsal13 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * docs: update open graph image (envoyproxy#6022) update the og:image to a new image in style with the current website styling Signed-off-by: Erica Hughberg <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * temporarily disable the backend tls test (envoyproxy#6030) Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * Fix lint (envoyproxy#6031) * temporarily disable the backend tls test Signed-off-by: Huabing (Robin) Zhao <[email protected]> * fix lint Signed-off-by: Huabing (Robin) Zhao <[email protected]> --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix: allows offline k8s controller to use non default CRDs (envoyproxy#6020) * fix: allows offline k8s controller to use non default CRDs Signed-off-by: Takeshi Yoneda <[email protected]> * workaround Signed-off-by: Takeshi Yoneda <[email protected]> --------- Signed-off-by: Takeshi Yoneda <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * e2e: refactor ratelmit test (envoyproxy#5997) Signed-off-by: zirain <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * moved shared under rules (envoyproxy#5944) * moved shared under rules Signed-off-by: Ryan Hristovski <[email protected]> * Fix some logic Signed-off-by: Ryan Hristovski <[email protected]> * fix rule logic Signed-off-by: Ryan Hristovski <[email protected]> * fix some tests Signed-off-by: Ryan Hristovski <[email protected]> * fix tests Signed-off-by: Ryan Hristovski <[email protected]> * Fix descriptor hierarchy Signed-off-by: Ryan Hristovski <[email protected]> * comments Signed-off-by: Ryan Hristovski <[email protected]> * fmt Signed-off-by: Ryan Hristovski <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> * fix make gen Signed-off-by: Arko Dasgupta <[email protected]> * make gen round 2 Signed-off-by: Arko Dasgupta <[email protected]> --------- Signed-off-by: shawnh2 <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: Karol Szwaj <[email protected]> Signed-off-by: Matthieu MOREL <[email protected]> Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: sudipto baral <[email protected]> Signed-off-by: hansselvig <[email protected]> Signed-off-by: kkk777-7 <[email protected]> Signed-off-by: zirain <[email protected]> Signed-off-by: Tomas Rojo <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Marcel Czaplinski <[email protected]> Signed-off-by: mark winter <[email protected]> Signed-off-by: Jukie <[email protected]> Signed-off-by: Gavin Lam <[email protected]> Signed-off-by: Mathias Westby Skoglund <[email protected]> Signed-off-by: bitliu <[email protected]> Signed-off-by: Guy Daich <[email protected]> Signed-off-by: Takeshi Yoneda <[email protected]> Signed-off-by: melsal13 <[email protected]> Signed-off-by: Erica Hughberg <[email protected]> Signed-off-by: Ryan Hristovski <[email protected]> Co-authored-by: sh2 <[email protected]> Co-authored-by: Karol Szwaj <[email protected]> Co-authored-by: Matthieu MOREL <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Co-authored-by: Sudipto Baral <[email protected]> Co-authored-by: hansselvig <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: Kota Kimura <[email protected]> Co-authored-by: tomas-rojo <[email protected]> Co-authored-by: Carlos Rodríguez Hernández <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marcel Czaplinski <[email protected]> Co-authored-by: Mark Winter <[email protected]> Co-authored-by: Isaac <[email protected]> Co-authored-by: Gavin Lam <[email protected]> Co-authored-by: Mathias Westby Skoglund <[email protected]> Co-authored-by: Mathias Westby Skoglund <[email protected]> Co-authored-by: Xunzhuo <[email protected]> Co-authored-by: Guy Daich <[email protected]> Co-authored-by: Takeshi Yoneda <[email protected]> Co-authored-by: Melissa Salazar <[email protected]> Co-authored-by: Erica Hughberg <[email protected]> Co-authored-by: Ryan Hristovski <[email protected]> Signed-off-by: shawnh2 <[email protected]>

nissessenap requested a review from a team as a code owner March 26, 2025 08:37

nissessenap mentioned this pull request Mar 26, 2025

CRDs upgrade support #4001

Closed

nissessenap force-pushed the crd_template branch from b24cb58 to b6f43ec Compare March 26, 2025 08:44

nissessenap mentioned this pull request Mar 27, 2025

feat(helm) Make Gateway API CRDs a pre-req #5614

Closed

nissessenap changed the title ~~chore(helm): move CRDs in to template~~ feature(helm): create gateway-crds-helm helm chart, to store CRDs trough template Mar 27, 2025

nissessenap force-pushed the crd_template branch from cbf349a to 1a81e6e Compare March 28, 2025 07:22

zirain reviewed Mar 28, 2025

View reviewed changes

.github/workflows/release.yaml Outdated Show resolved Hide resolved

zirain reviewed Mar 28, 2025

View reviewed changes

.github/workflows/release.yaml Outdated Show resolved Hide resolved

illrill reviewed Apr 7, 2025

View reviewed changes

tools/helm-docs/readme.gateway-crds-helm.gotmpl Outdated Show resolved Hide resolved

illrill reviewed Apr 7, 2025

View reviewed changes

tools/helm-docs/readme.gateway-crds-helm.gotmpl Outdated Show resolved Hide resolved

illrill reviewed Apr 7, 2025

View reviewed changes

charts/gateway-crds-helm/values.yaml Outdated Show resolved Hide resolved

arkodg reviewed Apr 10, 2025

View reviewed changes

charts/gateway-crds-helm/templates/gatewayapi-crds.yaml Outdated

Copy link
Copy Markdown

Contributor

arkodg Apr 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be gatewayApi

nissessenap force-pushed the crd_template branch from ad04331 to 05e0651 Compare April 11, 2025 06:35

feature(helm): create gateway-crds-helm helm chart, to store CRDs tro…

0cb43a9

…ugh template Signed-off-by: Edvin Norling <[email protected]>

nissessenap force-pushed the crd_template branch from 05e0651 to 0cb43a9 Compare April 11, 2025 06:46

Merge branch 'main' into crd_template

dbb426d

arkodg added this to the v1.4.0-rc.1 milestone Apr 17, 2025

arkodg previously approved these changes Apr 17, 2025

View reviewed changes

arkodg requested review from a team April 17, 2025 02:02

nissessenap and others added 2 commits April 17, 2025 08:04

Merge branch 'main' into crd_template

9336d38

update yamllint ignore and run make commands

e53fd45

Signed-off-by: Edvin Norling <[email protected]>

nissessenap dismissed arkodg’s stale review via e53fd45 April 17, 2025 06:07

manualy revert changes

8ee3f8a

Signed-off-by: Edvin Norling <[email protected]>

nissessenap force-pushed the crd_template branch from 2c6f3b4 to 8ee3f8a Compare April 19, 2025 14:27

update crds

f521334

Signed-off-by: Edvin Norling <[email protected]>

arkodg approved these changes Apr 19, 2025

View reviewed changes

arkodg requested review from a team and zirain April 19, 2025 23:14

zirain approved these changes Apr 20, 2025

View reviewed changes

zirain merged commit 4c18316 into envoyproxy:main Apr 20, 2025
43 of 44 checks passed

nissessenap deleted the crd_template branch April 20, 2025 04:10

arkodg mentioned this pull request May 1, 2025

disable settings by default in gateway-crds-helm #5894

Merged

BrewTestBot mentioned this pull request May 14, 2025

egctl 1.4.0 Homebrew/homebrew-core#223391

Merged

arkodg mentioned this pull request May 19, 2025

gateway-crds-helm v1.4.0 install fails – rendered release exceeds 1 MiB Secret size limit #6105

Open

Conversation

nissessenap commented Mar 26, 2025

Uh oh!

Uh oh!

Uh oh!

zirain commented Mar 28, 2025

Uh oh!

codecov bot commented Mar 28, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

nissessenap commented Mar 28, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

nissessenap commented Apr 8, 2025

Uh oh!

nissessenap commented Apr 8, 2025

Uh oh!

arkodg Apr 10, 2025

Choose a reason for hiding this comment

Uh oh!

arkodg commented Apr 10, 2025

Uh oh!

arkodg left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

arkodg commented Apr 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nissessenap commented Apr 19, 2025

Uh oh!

arkodg commented Apr 19, 2025

Uh oh!

nissessenap commented Apr 19, 2025

Uh oh!

Uh oh!

shahar-h commented Apr 29, 2025

Uh oh!

arkodg commented Apr 29, 2025

Uh oh!

arkodg commented Apr 29, 2025

Uh oh!

nissessenap commented Apr 29, 2025

Uh oh!

arkodg commented Apr 29, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

codecov bot commented Mar 28, 2025 •

edited

Loading

arkodg left a comment •

edited

Loading

arkodg commented Apr 17, 2025 •

edited

Loading