Skip to content

Commit efb6afa

Browse files
jukiejukie
authored
Merge branch 'main' into fix/rm-shdw-host-suffix
2 parents 01ae92e + 6db21bc commit efb6afa

File tree

77 files changed

+967
-214
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

77 files changed

+967
-214
lines changed

OWNERS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ reviewers:
3535
- kflynn
3636
- tanujd11
3737
- liorokman
38+
- shahar-h
3839

3940
emeritus-reviewers:
4041

api/v1alpha1/loadbalancer_types.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,6 +170,13 @@ type PreferLocalZone struct {
170170
//
171171
// +optional
172172
MinEndpointsThreshold *uint64 `json:"minEndpointsThreshold,omitempty"`
173+
174+
// Configures percentage of requests that will be considered for zone aware routing if zone aware routing is configured. If not specified, Envoy defaults to 100%.
175+
//
176+
// +kubebuilder:validation:Minimum=0
177+
// +kubebuilder:validation:Maximum=100
178+
// +optional
179+
PercentageEnabled *uint32 `json:"percentageEnabled,omitempty"`
173180
}
174181

175182
// ForceLocalZone defines override configuration for forcing all traffic to stay within the local zone instead of the default behavior

api/v1alpha1/oidc_types.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -130,6 +130,16 @@ type OIDC struct {
130130
// +optional
131131
DefaultRefreshTokenTTL *gwapiv1.Duration `json:"defaultRefreshTokenTTL,omitempty"`
132132

133+
// CSRFTokenTTL defines how long the CSRF token generated during the OAuth2 authorization flow remains valid.
134+
//
135+
// This duration determines the lifetime of the CSRF cookie, which is validated against the CSRF token
136+
// in the "state" parameter when the provider redirects back to the callback endpoint.
137+
//
138+
// If omitted, Envoy Gateway defaults the token expiration to 10 minutes.
139+
//
140+
// +optional
141+
CSRFTokenTTL *gwapiv1.Duration `json:"csrfTokenTTL,omitempty"`
142+
133143
// Disable token encryption. When set to true, both the access token and the ID token will be stored in plain text.
134144
// This option should only be used in secure environments where token encryption is not required.
135145
// Default is false (tokens are encrypted).

api/v1alpha1/validation/envoyproxy_validate.go

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -238,10 +238,7 @@ func validateProxyAccessLog(accessLog *egv1a1.ProxyAccessLog) []error {
238238
errs = append(errs, err)
239239
}
240240
case egv1a1.ProxyAccessLogFormatTypeJSON:
241-
if setting.Format.JSON == nil {
242-
err := fmt.Errorf("unable to configure access log when using JSON format but \"json\" field being empty")
243-
errs = append(errs, err)
244-
}
241+
// TODO: add JSON format validation if needed
245242
}
246243
}
247244

api/v1alpha1/zz_generated.deepcopy.go

Lines changed: 10 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -754,6 +754,14 @@ spec:
754754
to enable zone-aware routing.
755755
format: int64
756756
type: integer
757+
percentageEnabled:
758+
description: Configures percentage of requests that will
759+
be considered for zone aware routing if zone aware routing
760+
is configured. If not specified, Envoy defaults to 100%.
761+
format: int32
762+
maximum: 100
763+
minimum: 0
764+
type: integer
757765
type: object
758766
type: object
759767
required:

charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -833,6 +833,15 @@ spec:
833833
all zones required to enable zone-aware routing.
834834
format: int64
835835
type: integer
836+
percentageEnabled:
837+
description: Configures percentage of requests
838+
that will be considered for zone aware routing
839+
if zone aware routing is configured. If not
840+
specified, Envoy defaults to 100%.
841+
format: int32
842+
maximum: 100
843+
minimum: 0
844+
type: integer
836845
type: object
837846
type: object
838847
required:

charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_envoyproxies.yaml

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11817,6 +11817,17 @@ spec:
1181711817
to enable zone-aware routing.
1181811818
format: int64
1181911819
type: integer
11820+
percentageEnabled:
11821+
description: Configures percentage
11822+
of requests that will be
11823+
considered for zone aware
11824+
routing if zone aware routing
11825+
is configured. If not specified,
11826+
Envoy defaults to 100%.
11827+
format: int32
11828+
maximum: 100
11829+
minimum: 0
11830+
type: integer
1182011831
type: object
1182111832
type: object
1182211833
required:
@@ -12928,6 +12939,17 @@ spec:
1292812939
to enable zone-aware routing.
1292912940
format: int64
1293012941
type: integer
12942+
percentageEnabled:
12943+
description: Configures percentage
12944+
of requests that will be
12945+
considered for zone aware
12946+
routing if zone aware routing
12947+
is configured. If not specified,
12948+
Envoy defaults to 100%.
12949+
format: int32
12950+
maximum: 100
12951+
minimum: 0
12952+
type: integer
1293112953
type: object
1293212954
type: object
1293312955
required:
@@ -14122,6 +14144,17 @@ spec:
1412214144
routing.
1412314145
format: int64
1412414146
type: integer
14147+
percentageEnabled:
14148+
description: Configures percentage
14149+
of requests that will be considered
14150+
for zone aware routing if zone
14151+
aware routing is configured. If
14152+
not specified, Envoy defaults
14153+
to 100%.
14154+
format: int32
14155+
maximum: 100
14156+
minimum: 0
14157+
type: integer
1412514158
type: object
1412614159
type: object
1412714160
required:
@@ -15234,6 +15267,16 @@ spec:
1523415267
to enable zone-aware routing.
1523515268
format: int64
1523615269
type: integer
15270+
percentageEnabled:
15271+
description: Configures percentage of
15272+
requests that will be considered for
15273+
zone aware routing if zone aware routing
15274+
is configured. If not specified, Envoy
15275+
defaults to 100%.
15276+
format: int32
15277+
maximum: 100
15278+
minimum: 0
15279+
type: integer
1523715280
type: object
1523815281
type: object
1523915282
required:

charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_securitypolicies.yaml

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1355,6 +1355,15 @@ spec:
13551355
routing.
13561356
format: int64
13571357
type: integer
1358+
percentageEnabled:
1359+
description: Configures percentage of requests
1360+
that will be considered for zone aware routing
1361+
if zone aware routing is configured. If
1362+
not specified, Envoy defaults to 100%.
1363+
format: int32
1364+
maximum: 100
1365+
minimum: 0
1366+
type: integer
13581367
type: object
13591368
type: object
13601369
required:
@@ -2362,6 +2371,15 @@ spec:
23622371
routing.
23632372
format: int64
23642373
type: integer
2374+
percentageEnabled:
2375+
description: Configures percentage of requests
2376+
that will be considered for zone aware routing
2377+
if zone aware routing is configured. If
2378+
not specified, Envoy defaults to 100%.
2379+
format: int32
2380+
maximum: 100
2381+
minimum: 0
2382+
type: integer
23652383
type: object
23662384
type: object
23672385
required:
@@ -3582,6 +3600,16 @@ spec:
35823600
to enable zone-aware routing.
35833601
format: int64
35843602
type: integer
3603+
percentageEnabled:
3604+
description: Configures percentage of
3605+
requests that will be considered for
3606+
zone aware routing if zone aware routing
3607+
is configured. If not specified, Envoy
3608+
defaults to 100%.
3609+
format: int32
3610+
maximum: 100
3611+
minimum: 0
3612+
type: integer
35853613
type: object
35863614
type: object
35873615
required:
@@ -3958,6 +3986,16 @@ spec:
39583986
If not specified, defaults to "IdToken-(randomly generated uid)"
39593987
type: string
39603988
type: object
3989+
csrfTokenTTL:
3990+
description: |-
3991+
CSRFTokenTTL defines how long the CSRF token generated during the OAuth2 authorization flow remains valid.
3992+
3993+
This duration determines the lifetime of the CSRF cookie, which is validated against the CSRF token
3994+
in the "state" parameter when the provider redirects back to the callback endpoint.
3995+
3996+
If omitted, Envoy Gateway defaults the token expiration to 10 minutes.
3997+
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
3998+
type: string
39613999
defaultRefreshTokenTTL:
39624000
description: |-
39634001
DefaultRefreshTokenTTL is the default lifetime of the refresh token.
@@ -4844,6 +4882,15 @@ spec:
48444882
routing.
48454883
format: int64
48464884
type: integer
4885+
percentageEnabled:
4886+
description: Configures percentage of requests
4887+
that will be considered for zone aware routing
4888+
if zone aware routing is configured. If
4889+
not specified, Envoy defaults to 100%.
4890+
format: int32
4891+
maximum: 100
4892+
minimum: 0
4893+
type: integer
48474894
type: object
48484895
type: object
48494896
required:

charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -753,6 +753,14 @@ spec:
753753
to enable zone-aware routing.
754754
format: int64
755755
type: integer
756+
percentageEnabled:
757+
description: Configures percentage of requests that will
758+
be considered for zone aware routing if zone aware routing
759+
is configured. If not specified, Envoy defaults to 100%.
760+
format: int32
761+
maximum: 100
762+
minimum: 0
763+
type: integer
756764
type: object
757765
type: object
758766
required:

0 commit comments

Comments
 (0)