[release/v1.5] cherrypick for rc.2 (#6696)

* chore: cleanups from #6597 (#6647)

Cleanup

Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* fix: set order for grpc_web and grpc_stats filters (#6626)

* set order for grpc_web and grpc_stats filters

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* address comment

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* fix: nil pointer when InsecureSkipVerify is true (#6652)

* fix nil pointer when InsecureSkipVerify is true

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* add test

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* delete cacert for the xds translator test

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* fix: allow imageRepository contains port (#6658) (#6660)

(cherry picked from commit c988ec5)

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Co-authored-by: 聪 <congwu@alauda.io>
Signed-off-by: zirain <zirain2009@gmail.com>

* docs: improve policy concepts section (#6663)

better explain
* targets
* precedence
* merge types

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Signed-off-by: zirain <zirain2009@gmail.com>

* docs: observability pre req not required in admin console page (#6662)

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Signed-off-by: zirain <zirain2009@gmail.com>

* docs: xds name scheme v2 (#6656)

* name scheme v2

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

name scheme v2

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* address comment

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* address comment

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* docs: highlight wait step (#6665)

* docs: highlight wait step

Signed-off-by: zirain <zirain2009@gmail.com>

* update

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>

* fix: populate status for custom backendRef not found (#6670)

Signed-off-by: bitliu <bitliu@tencent.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* fix: xds name schema v2 (#6638)

* rename route config

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* rename HCM statPrefix

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* rename virtual host

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* fix test

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* minor change

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* address comment

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* docs: expand Gateway Namespace Mode doc on client/server auth (#6616)

* Expand Gateway Namespace Mode doc on client/server auth

Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

* Add additional explanation to the overview

Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>

---------

Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* increase earlyRequestHeaders from 16 to 64 (#6673)

* created a new definition of HTTPFilterHeader that supports 64 items
for `set`, `add`, and `remove`

* sanitizing request headers from untrusted downstream traffic is a
  common use case and 16 items may not be adequate enough at times.
  This action needs to be performed route processing for cases
  and the HTTPRoute filters cannot be used

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Signed-off-by: zirain <zirain2009@gmail.com>

* docs: skipping TLS verification (#6653)

* docs for skipping TLS verification

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* remove btlsp for skiptlsverify

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* address comment

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* address comment

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* remove public

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* feat: add listener metadata (#6639)

* add listener metadata

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

* remove sort

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* fix: Fix BTP ZoneAware translation (#6668)

* Fix BTP ZoneAware translation

Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com>

* Add e2e

Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com>

---------

Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* docs: unhide zoneaware api for docs (#6683)

unhide api docs

Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* watchable: use Store directly instead of HandleStore wrapper (#6680)

* watchable: use Store directly instead of HandleStore wrapper

GC is unable to collect the temporary references created in
`HandleStore`

Relates to #6406

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* fix test

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

---------

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Signed-off-by: zirain <zirain2009@gmail.com>

* docs: Update Zone Aware Routing for BackendTrafficPolicy configuration example (#6667)

Update zone aware routing docs

Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* combine the xds-translator and xds-server runner into one (#6586)

* combine the xds-translator and xds-server into one xds runner

* primarily to reduce memory and convergence time

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Signed-off-by: zirain <zirain2009@gmail.com>

* build(deps): bump the gomod group across 1 directory with 6 updates (#6691)

* build(deps): bump the gomod group across 1 directory with 6 updates

Bumps the gomod group with 4 updates in the / directory: [github.com/miekg/dns](https://github.com/miekg/dns), [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang), [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) and [go.opentelemetry.io/proto/otlp](https://github.com/open-telemetry/opentelemetry-proto-go).

Updates `github.com/miekg/dns` from 1.1.67 to 1.1.68
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](miekg/dns@v1.1.67...v1.1.68)

Updates `github.com/prometheus/client_golang` from 1.22.0 to 1.23.0
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.22.0...v1.23.0)

Updates `github.com/quic-go/quic-go` from 0.52.0 to 0.54.0
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Commits](quic-go/quic-go@v0.52.0...v0.54.0)

Updates `go.opentelemetry.io/proto/otlp` from 1.7.0 to 1.7.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-proto-go/releases)
- [Commits](open-telemetry/opentelemetry-proto-go@v1.7.0...v1.7.1)

Updates `google.golang.org/genproto/googleapis/api` from 0.0.0-20250603155806-513f23925822 to 0.0.0-20250728155136-f173205681a0
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20250603155806-513f23925822 to 0.0.0-20250728155136-f173205681a0
- [Commits](https://github.com/googleapis/go-genproto/commits)

---
updated-dependencies:
- dependency-name: github.com/miekg/dns
  dependency-version: 1.1.68
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: go.opentelemetry.io/proto/otlp
  dependency-version: 1.7.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: google.golang.org/genproto/googleapis/api
  dependency-version: 0.0.0-20250728155136-f173205681a0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-version: 0.0.0-20250728155136-f173205681a0
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix gen

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: zirain <zirain2009@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* fix: controller panic when reloading config (#6688)

* fix controller panic when reloading config

Signed-off-by: zirain <zirain2009@gmail.com>

* use gwapiv1.Duration instead of metav1.Duration (#6664)

* use gwapiv1.Duration instead of metav1.Duration

fixes: #4746

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* add charts

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* go back to metav1 in IR to make YAML tests happy

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Signed-off-by: zirain <zirain2009@gmail.com>

* fix: don't block deployment creating when missing secret in EnvoyProxy (#6692)

* fix: don't block deployment creating when missing secret in EnvoyProxy

Signed-off-by: zirain <zirain2009@gmail.com>

* [release/v1.5] release notes for rc.2 (#6697)

* [release/v1.5] release notes for rc.2

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: jukie <10012479+Jukie@users.noreply.github.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Signed-off-by: bitliu <bitliu@tencent.com>
Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Isaac <10012479+jukie@users.noreply.github.com>
Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com>
Co-authored-by: 聪 <congwu@alauda.io>
Co-authored-by: Xunzhuo <bitliu@tencent.com>
Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: 8 people

VERSION

@@ -1 +1 @@
-v1.5.0-rc.1
+v1.5.0-rc.2

api/v1alpha1/clienttrafficpolicy_types.go

@@ -7,7 +7,6 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 )
 
@@ -159,7 +158,7 @@ type HeaderSettings struct {
 	// routing, tracing and built-in header manipulation.
 	//
 	// +optional
-	EarlyRequestHeaders *gwapiv1.HTTPHeaderFilter `json:"earlyRequestHeaders,omitempty"`
+	EarlyRequestHeaders *HTTPHeaderFilter `json:"earlyRequestHeaders,omitempty"`
 }
 
 // WithUnderscoresAction configures the action to take when an HTTP header with underscores

api/v1alpha1/cors_types.go

@@ -5,7 +5,7 @@
 
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 // Origin is defined by the scheme (protocol), hostname (domain), and port of
 // the URL used to access it. The hostname can be "precise" which is just the
@@ -61,7 +61,7 @@ type CORS struct {
 	// It specifies the value in the Access-Control-Max-Age CORS response header..
 	//
 	// +optional
-	MaxAge *metav1.Duration `json:"maxAge,omitempty"`
+	MaxAge *gwapiv1.Duration `json:"maxAge,omitempty"`
 
 	// AllowCredentials indicates whether a request can include user credentials
 	// like cookies, authentication headers, or TLS client certificates.

api/v1alpha1/dns_types.go

@@ -5,7 +5,7 @@
 
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 // DNSLookupFamily defines the behavior of Envoy when resolving DNS for hostnames
 // +enum
@@ -31,10 +31,14 @@ const (
 type DNS struct {
 	// DNSRefreshRate specifies the rate at which DNS records should be refreshed.
 	// Defaults to 30 seconds.
-	DNSRefreshRate *metav1.Duration `json:"dnsRefreshRate,omitempty"`
+	//
+	// +optional
+	DNSRefreshRate *gwapiv1.Duration `json:"dnsRefreshRate,omitempty"`
 	// RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
 	// If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
 	// Defaults to true.
+	//
+	// +optional
 	RespectDNSTTL *bool `json:"respectDnsTtl,omitempty"`
 	// LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
 	// If set, this configuration overrides other defaults.

api/v1alpha1/envoygateway_types.go

@@ -143,13 +143,21 @@ type KubernetesClientRateLimit struct {
 // LeaderElection defines the desired leader election settings.
 type LeaderElection struct {
 	// LeaseDuration defines the time non-leader contenders will wait before attempting to claim leadership.
-	// It's based on the timestamp of the last acknowledged signal. The default setting is 15 seconds.
+	// It's based on the timestamp of the last acknowledged signal.
+	// The default setting is 15 seconds.
+	//
+	// +optional
 	LeaseDuration *gwapiv1.Duration `json:"leaseDuration,omitempty"`
 	// RenewDeadline represents the time frame within which the current leader will attempt to renew its leadership
-	// status before relinquishing its position. The default setting is 10 seconds.
+	// status before relinquishing its position.
+	// The default setting is 10 seconds.
+	//
+	// +optional
 	RenewDeadline *gwapiv1.Duration `json:"renewDeadline,omitempty"`
 	// RetryPeriod denotes the interval at which LeaderElector clients should perform action retries.
 	// The default setting is 2 seconds.
+	//
+	// +optional
 	RetryPeriod *gwapiv1.Duration `json:"retryPeriod,omitempty"`
 	// Disable provides the option to turn off leader election, which is enabled by default.
 	Disable *bool `json:"disable,omitempty"`
@@ -173,7 +181,7 @@ type EnvoyGatewayLogging struct {
 }
 
 // EnvoyGatewayLogComponent defines a component that supports a configured logging level.
-// +kubebuilder:validation:Enum=default;provider;gateway-api;xds-translator;xds-server;infrastructure;global-ratelimit
+// +kubebuilder:validation:Enum=default;provider;gateway-api;xds-translator;xds-server;xds;infrastructure;global-ratelimit
 type EnvoyGatewayLogComponent string
 
 const (
@@ -193,6 +201,9 @@ const (
 	// LogComponentXdsServerRunner defines the "xds-server" runner component.
 	LogComponentXdsServerRunner EnvoyGatewayLogComponent = "xds-server"
 
+	// LogComponentXdsRunner defines the "xds" runner component.
+	LogComponentXdsRunner EnvoyGatewayLogComponent = "xds"
+
 	// LogComponentInfrastructureRunner defines the "infrastructure" runner component.
 	LogComponentInfrastructureRunner EnvoyGatewayLogComponent = "infrastructure"
 
@@ -432,9 +443,9 @@ type RateLimit struct {
 
 	// Timeout specifies the timeout period for the proxy to access the ratelimit server
 	// If not set, timeout is 20ms.
+	//
 	// +optional
-	// +kubebuilder:validation:Format=duration
-	Timeout *metav1.Duration `json:"timeout,omitempty"`
+	Timeout *gwapiv1.Duration `json:"timeout,omitempty"`
 
 	// FailClosed is a switch used to control the flow of traffic
 	// when the response from the ratelimit server cannot be obtained.

api/v1alpha1/envoyproxy_types.go

@@ -272,6 +272,12 @@ const (
 	// EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter.
 	EnvoyFilterRateLimit EnvoyFilter = "envoy.filters.http.ratelimit"
 
+	// EnvoyFilterGRPCWeb defines the Envoy HTTP gRPC-web filter.
+	EnvoyFilterGRPCWeb EnvoyFilter = "envoy.filters.http.grpc_web"
+
+	// EnvoyFilterGRPCStats defines the Envoy HTTP gRPC stats filter.
+	EnvoyFilterGRPCStats EnvoyFilter = "envoy.filters.http.grpc_stats"
+
 	// EnvoyFilterCustomResponse defines the Envoy HTTP custom response filter.
 	EnvoyFilterCustomResponse EnvoyFilter = "envoy.filters.http.custom_response"
 
@@ -344,12 +350,12 @@ type ShutdownConfig struct {
 	// If unspecified, defaults to 60 seconds.
 	//
 	// +optional
-	DrainTimeout *metav1.Duration `json:"drainTimeout,omitempty"`
+	DrainTimeout *gwapiv1.Duration `json:"drainTimeout,omitempty"`
 	// MinDrainDuration defines the minimum drain duration allowing time for endpoint deprogramming to complete.
 	// If unspecified, defaults to 10 seconds.
 	//
 	// +optional
-	MinDrainDuration *metav1.Duration `json:"minDrainDuration,omitempty"`
+	MinDrainDuration *gwapiv1.Duration `json:"minDrainDuration,omitempty"`
 }
 
 // +kubebuilder:validation:XValidation:rule="((has(self.envoyDeployment) && !has(self.envoyDaemonSet)) || (!has(self.envoyDeployment) && has(self.envoyDaemonSet))) || (!has(self.envoyDeployment) && !has(self.envoyDaemonSet))",message="only one of envoyDeployment or envoyDaemonSet can be specified"

api/v1alpha1/fault_injection.go

@@ -5,7 +5,7 @@
 
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 // FaultInjection defines the fault injection policy to be applied. This configuration can be used to
 // inject delays and abort requests to mimic failure scenarios such as service failures and overloads
@@ -29,7 +29,7 @@ type FaultInjectionDelay struct {
 	// FixedDelay specifies the fixed delay duration
 	//
 	// +required
-	FixedDelay *metav1.Duration `json:"fixedDelay"`
+	FixedDelay *gwapiv1.Duration `json:"fixedDelay"`
 
 	// Percentage specifies the percentage of requests to be delayed. Default 100%, if set 0, no requests will be delayed. Accuracy to 0.0001%.
 	// +optional

api/v1alpha1/healthcheck_types.go

@@ -5,10 +5,7 @@
 
 package v1alpha1
 
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
-)
+import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 // HealthCheck configuration to decide which endpoints
 // are healthy and can be used for routing.
@@ -42,10 +39,9 @@ type PassiveHealthCheck struct {
 
 	// Interval defines the time between passive health checks.
 	//
-	// +kubebuilder:validation:Format=duration
 	// +kubebuilder:default="3s"
 	// +optional
-	Interval *metav1.Duration `json:"interval,omitempty"`
+	Interval *gwapiv1.Duration `json:"interval,omitempty"`
 
 	// ConsecutiveLocalOriginFailures sets the number of consecutive local origin failures triggering ejection.
 	// Parameter takes effect only when split_external_local_origin_errors is set to true.
@@ -68,10 +64,9 @@ type PassiveHealthCheck struct {
 
 	// BaseEjectionTime defines the base duration for which a host will be ejected on consecutive failures.
 	//
-	// +kubebuilder:validation:Format=duration
 	// +kubebuilder:default="30s"
 	// +optional
-	BaseEjectionTime *metav1.Duration `json:"baseEjectionTime,omitempty"`
+	BaseEjectionTime *gwapiv1.Duration `json:"baseEjectionTime,omitempty"`
 
 	// MaxEjectionPercent sets the maximum percentage of hosts in a cluster that can be ejected.
 	//
@@ -90,22 +85,19 @@ type PassiveHealthCheck struct {
 type ActiveHealthCheck struct {
 	// Timeout defines the time to wait for a health check response.
 	//
-	// +kubebuilder:validation:Format=duration
 	// +kubebuilder:default="1s"
 	// +optional
-	Timeout *metav1.Duration `json:"timeout"`
+	Timeout *gwapiv1.Duration `json:"timeout"`
 
 	// Interval defines the time between active health checks.
 	//
-	// +kubebuilder:validation:Format=duration
 	// +kubebuilder:default="3s"
 	// +optional
-	Interval *metav1.Duration `json:"interval"`
+	Interval *gwapiv1.Duration `json:"interval"`
 
 	// InitialJitter defines the maximum time Envoy will wait before the first health check.
 	// Envoy will randomly select a value between 0 and the initial jitter value.
 	//
-	// +kubebuilder:validation:Format=duration
 	// +optional
 	InitialJitter *gwapiv1.Duration `json:"initialJitter,omitempty"`
 

api/v1alpha1/loadbalancer_types.go

@@ -5,7 +5,7 @@
 
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 // LoadBalancer defines the load balancer policy to be applied.
 // +union
@@ -47,7 +47,6 @@ type LoadBalancer struct {
 	// ZoneAware defines the configuration related to the distribution of requests between locality zones.
 	//
 	// +optional
-	// +notImplementedHide
 	ZoneAware *ZoneAware `json:"zoneAware,omitempty"`
 }
 
@@ -120,7 +119,7 @@ type Cookie struct {
 	// Max-Age attribute value.
 	//
 	// +optional
-	TTL *metav1.Duration `json:"ttl,omitempty"`
+	TTL *gwapiv1.Duration `json:"ttl,omitempty"`
 	// Additional Attributes to set for the generated cookie.
 	//
 	// +optional
@@ -147,7 +146,7 @@ type SlowStart struct {
 	// Currently only supports linear growth of traffic. For additional details,
 	// see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig
 	// +kubebuilder:validation:Required
-	Window *metav1.Duration `json:"window"`
+	Window *gwapiv1.Duration `json:"window"`
 	// TODO: Add support for non-linear traffic increases based on user usage.
 }
 
@@ -156,7 +155,6 @@ type ZoneAware struct {
 	// PreferLocalZone configures zone-aware routing to prefer sending traffic to the local locality zone.
 	//
 	// +optional
-	// +notImplementedHide
 	PreferLocal *PreferLocalZone `json:"preferLocal,omitempty"`
 }
 
@@ -166,13 +164,11 @@ type PreferLocalZone struct {
 	// which maintains equal distribution among upstream endpoints while sending as much traffic as possible locally.
 	//
 	// +optional
-	// +notImplementedHide
 	Force *ForceLocalZone `json:"force,omitempty"`
 
 	// MinEndpointsThreshold is the minimum number of total upstream endpoints across all zones required to enable zone-aware routing.
 	//
 	// +optional
-	// +notImplementedHide
 	MinEndpointsThreshold *uint64 `json:"minEndpointsThreshold,omitempty"`
 }
 

api/v1alpha1/oidc_types.go

@@ -6,7 +6,6 @@
 package v1alpha1
 
 import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
@@ -110,7 +109,7 @@ type OIDC struct {
 	// OAuth flow will fail.
 	//
 	// +optional
-	DefaultTokenTTL *metav1.Duration `json:"defaultTokenTTL,omitempty"`
+	DefaultTokenTTL *gwapiv1.Duration `json:"defaultTokenTTL,omitempty"`
 
 	// RefreshToken indicates whether the Envoy should automatically refresh the
 	// id token and access token when they expire.
@@ -127,8 +126,9 @@ type OIDC struct {
 	//
 	// If not specified, defaults to 604800s (one week).
 	// Note: this field is only applicable when the "refreshToken" field is set to true.
+	//
 	// +optional
-	DefaultRefreshTokenTTL *metav1.Duration `json:"defaultRefreshTokenTTL,omitempty"`
+	DefaultRefreshTokenTTL *gwapiv1.Duration `json:"defaultRefreshTokenTTL,omitempty"`
 
 	// Skips OIDC authentication when the request contains a header that will be extracted by the JWT filter. Unless
 	// explicitly stated otherwise in the extractFrom field, this will be the "Authorization: Bearer ..." header.