Rebases and Resolves Review Feedback#3
Merged
lizan merged 113 commits intolizan:authn_policy_docfrom Nov 16, 2022
Merged
Conversation
Signed-off-by: bitliu <[email protected]>
Signed-off-by: bitliu <[email protected]>
fix: set correct listener context order Signed-off-by: bitliu <[email protected]>
Signed-off-by: bitliu <[email protected]>
* provider: only store resource if spec has changed Leverage the metadata.Generation field to consider whether to update the newly reconciled resource into the watchable map which will trigger translations in the backend. Fixes: envoyproxy#407 Signed-off-by: Arko Dasgupta <[email protected]>
No longer needed now that order is maintained by using a list, thanks to envoyproxy#535 Signed-off-by: Arko Dasgupta <[email protected]>
Signed-off-by: danehans <[email protected]> Signed-off-by: danehans <[email protected]>
* TLS Passthrough support This commit adds a tlsroute controller which is further used to configure tls passthrough in envoy. Signed-off-by: Shubham Chauhan <[email protected]> * Adding tlsroute experimental crd in testdata update gatewayclass/gateway/httproute experimental CRDs to use standard schemas Signed-off-by: Shubham Chauhan <[email protected]> * keep other testdata changes out of this PR Signed-off-by: Shubham Chauhan <[email protected]> * added testcases for tlsroutes, include serviceport in irInfraPortName Signed-off-by: Shubham Chauhan <[email protected]> * lintfix Signed-off-by: Shubham Chauhan <[email protected]> * tlroute kubernetes provider test Signed-off-by: Shubham Chauhan <[email protected]> * added xds tls config validate test for passthrough Signed-off-by: Shubham Chauhan <[email protected]> * types test tlsroute Signed-off-by: Shubham Chauhan <[email protected]> * test fixes Signed-off-by: Shubham Chauhan <[email protected]> * xds config tests for tls passthrough Signed-off-by: Shubham Chauhan <[email protected]> * increase test coverage Signed-off-by: Shubham Chauhan <[email protected]> * testfix Signed-off-by: Shubham Chauhan <[email protected]> * separate xds tls listener Signed-off-by: Shubham Chauhan <[email protected]> testfix Signed-off-by: Shubham Chauhan <[email protected]> * additional xds validate tests Signed-off-by: Shubham Chauhan <[email protected]> * tlsroute refgrant test Signed-off-by: Shubham Chauhan <[email protected]> * add rbac permissions for tlsroute Signed-off-by: Shubham Chauhan <[email protected]> * updates post rebase Signed-off-by: Shubham Chauhan <[email protected]> * add status updater, gateway watcher for tlsroute Signed-off-by: Shubham Chauhan <[email protected]> * add status update framework for tlsroute Signed-off-by: Shubham Chauhan <[email protected]> * lintfix, testfix, fix post rebase Signed-off-by: Shubham Chauhan <[email protected]> * yet another lintfix Signed-off-by: Shubham Chauhan <[email protected]> * refactor tlslistener/route -> tcplistener/route, xds updates Signed-off-by: Shubham Chauhan <[email protected]> * missed a file Signed-off-by: Shubham Chauhan <[email protected]> * lintfix Signed-off-by: Shubham Chauhan <[email protected]> * rebase, review comments Signed-off-by: Shubham Chauhan <[email protected]> * minor testfix Signed-off-by: Shubham Chauhan <[email protected]> * more Signed-off-by: Shubham Chauhan <[email protected]> * review comments, status deepcopy, check routes in ns Signed-off-by: Shubham Chauhan <[email protected]> * revert bad import, testfix, new test Signed-off-by: Shubham Chauhan <[email protected]> * rev sort Signed-off-by: Shubham Chauhan <[email protected]> Signed-off-by: Shubham Chauhan <[email protected]>
* feat: implement liveness and readiness probes Signed-off-by: bitliu <[email protected]> * fix: remove duplicate case Signed-off-by: bitliu <[email protected]> * Fix merge conflicts Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: bitliu <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]>
* Adds Support for TLS Termination Signed-off-by: danehans <[email protected]> * Resolves @arkodg Feedback Signed-off-by: danehans <[email protected]> * Resolves @arkodg 10-11-22 Feedback Signed-off-by: danehans <[email protected]> Signed-off-by: danehans <[email protected]>
* chore: run conformance tests with identical ports Signed-off-by: bitliu <[email protected]> Signed-off-by: bitliu <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]>
Signed-off-by: Arko Dasgupta <[email protected]>
Signed-off-by: danehans <[email protected]> Signed-off-by: danehans <[email protected]>
update example manifest apiversion Signed-off-by: AliceProxy <[email protected]>
* Updates ParentRef Status Conditions Signed-off-by: danehans <[email protected]> * Resolved @skriss 10-11-22 Feedback Signed-off-by: danehans <[email protected]> Signed-off-by: danehans <[email protected]>
Signed-off-by: danehans <[email protected]>
Signed-off-by: bitliu <[email protected]>
Signed-off-by: danehans <[email protected]>
Signed-off-by: bitliu <[email protected]>
Signed-off-by: bitliu <[email protected]> Signed-off-by: bitliu <[email protected]>
fix: remove deprecated set-output Signed-off-by: bitliu <[email protected]>
Signed-off-by: Fredrik Geijer Haeggström <[email protected]>
* .gitignore: Ignore `vendor/` directories Signed-off-by: Luke Shumaker <[email protected]> * xds translator: Fix racy startup If the watchable.Map has content in it already when .Subscribe() is called on it, then those initial entries won't have a snapshot.Updates entry in that first snapshot. For the first snapshot we just need to iterate over snapshot.State. Signed-off-by: Luke Shumaker <[email protected]> * provider tests: Fix running the test multiple times controller-runtime.SetupSignalHandler() panics if called more than once in a process. So running the test multiple times (`go test -count=2`) reliably causes the test to panic. So don't use ctrl.SetupSignalHandler() in unit tests. Signed-off-by: Luke Shumaker <[email protected]> * Add and use a new watchutil.HandleSubscription function As the added godoc comment says, "This is better than iterating over snapshot.Updates because it handles the case where the the watchable.Map already contains entries before .Subscribe is called." The generalizes the fix that I made in the XDS translator. Signed-off-by: Luke Shumaker <[email protected]> * docs: Add a bit to watching.md about HandleSubscription Signed-off-by: Luke Shumaker <[email protected]> * Move HandleSubscription et al. around per Arko's feedback I was going to do a type alias for `watchable.Update`, but: internal/message/watchutil.go:7:6: generic type cannot be alias So I just defined a new child type, which is fine because there aren't any methods on Update. Signed-off-by: Luke Shumaker <[email protected]>
* infra: hash resources with long names Signed-off-by: AliceProxy <[email protected]> * add tests for hashing resources Signed-off-by: AliceProxy <[email protected]> * hashing: replace sha1 with sha256 Signed-off-by: AliceProxy <[email protected]> * hashing: only use 8 chars Signed-off-by: AliceProxy <[email protected]> * ir/infra: always hash resource names Signed-off-by: AliceProxy <[email protected]> * update all test manifests with hashed names Signed-off-by: AliceProxy <[email protected]> * only hash necessary resources Signed-off-by: AliceProxy <[email protected]> * update test manifests Signed-off-by: AliceProxy <[email protected]> Signed-off-by: AliceProxy <[email protected]>
* Adds Release Doc Signed-off-by: danehans <[email protected]> * Resolves Arko and Luke review feedback Signed-off-by: danehans <[email protected]> * Removes the step to link release notes Signed-off-by: danehans <[email protected]> Signed-off-by: danehans <[email protected]>
…nvoyproxy#580) * use RefNotPermitted reason for invalid cross-namespace TLS cert ref Closes envoyproxy#538. Signed-off-by: Steve Kriss <[email protected]>
* feat: support markdown resources Signed-off-by: bitliu <[email protected]> * update Signed-off-by: bitliu <[email protected]> Signed-off-by: bitliu <[email protected]>
* Moves Changelogs to Release Notes Signed-off-by: danehans <[email protected]> * Adds release-artifacts target with release notes Signed-off-by: danehans <[email protected]> Signed-off-by: danehans <[email protected]>
Signed-off-by: danehans <[email protected]> Signed-off-by: danehans <[email protected]>
Signed-off-by: danehans <[email protected]> Signed-off-by: danehans <[email protected]>
Signed-off-by: danehans <[email protected]>
* run conformance tests on three Kubernetes versions Closes envoyproxy#493. Signed-off-by: Steve Kriss <[email protected]> * serialize conformance runs on single runner Signed-off-by: Steve Kriss <[email protected]>
Signed-off-by: danehans <[email protected]> Signed-off-by: danehans <[email protected]>
Signed-off-by: danehans <[email protected]>
…oxy#685) * explain the non-transparent mode design decision for TCP/UDP Signed-off-by: zhaohuabing <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]>
* add ir for udp route envoyproxy#641 Signed-off-by: zhaohuabing <[email protected]>
Signed-off-by: bitliu <[email protected]>
feat: set envoy image to dev latest Signed-off-by: bitliu <[email protected]>
* fix: incorrect level of envoy-gateway configmap Signed-off-by: bitliu <[email protected]>
* translator: add accesslog Signed-off-by: hejianpeng <[email protected]>
* Update roadmap for v0.3.0 Signed-off-by: Arko Dasgupta <[email protected]>
Relates to envoyproxy#642 Signed-off-by: Arko Dasgupta <[email protected]>
* xds translator for udp route Signed-off-by: zhaohuabing <[email protected]>
* had to also append the TLSRoute name to the listener to make it unique Fixes: envoyproxy#691 Signed-off-by: Arko Dasgupta <[email protected]>
Updates Readme Slack and Google Group Signed-off-by: danehans <[email protected]>
Relates to envoyproxy#642 Signed-off-by: Arko Dasgupta <[email protected]>
Signed-off-by: Lizan Zhou <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]> Signed-off-by: Lizan Zhou <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]> Signed-off-by: Lizan Zhou <[email protected]>
Signed-off-by: danehans <[email protected]>
Signed-off-by: Lizan Zhou <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]> Signed-off-by: Lizan Zhou <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]> Signed-off-by: Lizan Zhou <[email protected]>
Signed-off-by: danehans <[email protected]>
danehans
force-pushed
the
lizan_authn_policy_doc_update
branch
from
22a6705 to
12f33db
Compare
Author
|
@lizan all changes other than |
danehans
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
-Rebases from main branch.
Signed-off-by: danehans [email protected]