-
Notifications
You must be signed in to change notification settings - Fork 347
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: ClientTrafficPolicy #1846
Comments
thanks for designing this @AliceProxy ! im a +1 on the Name ( |
Yeah I think starting with |
sg @AliceProxy do you want to convert this issue into a design doc & API or wait until agreement on |
one more question around overlapping intent (which doesnt need to be tackled now since the problem doesnt exist today) - what happens when a user defines a
imo multiple |
Great question. I would say that we limit it to one per listener. That way if you want a unique one for each listener then you can do that. If you have one attached to the entire Gateway then you cannot attach another to the Gateway or it's listeners. |
@AliceProxy this has been addressed upstream and is part of the PolicyAttachment GEP thanks to @zhaohuabing !
|
im hoping the first few features/fields added to this API are |
thanks for updating the API name @AliceProxy |
Proxy protocol is an interesting one -- @arkodg and I talked about this in the Envoy Gateway API meeting today, and there are interesting interactions between proxy here and in the Gateway's Listener. I'll try to talk to some of the Gateway API folks about this. |
Relates to envoyproxy#1846 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
* adds base API + CRD * adding k8s provider reconciliation * add skeleton in gateway-api translation layer Relates to envoyproxy#1846 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
* adds base API + CRD * adding k8s provider reconciliation * add skeleton in gateway-api translation layer Relates to envoyproxy#1846 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
* design: ClientTrafficPolicy Relates to #1846 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * lint Signed-off-by: Arko Dasgupta <arko@tetrate.io> * address open question Signed-off-by: Arko Dasgupta <arko@tetrate.io> * lint Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix field indentation Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io>
* feat: ClientTrafficPolicy * adds base API + CRD * adding k8s provider reconciliation * add skeleton in gateway-api translation layer Relates to #1846 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * validate policy Signed-off-by: Arko Dasgupta <arko@tetrate.io> * conditions and tests Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Relates to envoyproxy#1846 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Relates to #1846 Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Relates to
#1492
#1821
#1845
What is this?
ClientTrafficPolicy
is a proposal for a new policy attachment resource that can be applied toGateway
resources. It is meant to supplement a lot of config that Gateway API currently lacks while also providing a way to specify global defaults and is the counterpart to the other proposedBackendTrafficPolicy
resource.How would I use this resource?
You can attach a
ClientTrafficPolicy
to aGateway
to configure behaviour for how Envoy Proxy communicates with downstream clients.What if Gateway API implements a GEP that delivers the same functionality as some of the fields of this resource?
If Gateway improves any of their existing resources to deliver functionality that meets all of the needs of any of the below config,
then we will deprecate the field in this resource and use the Gateway API config instead. Ideally, a lot of this config can be
upstreamed into Gateway API in some form eventually since this resource only exists to solve areas where Gateway API is lacking for the needs of Envoy Gateway.
Can you use multiple
ClientTrafficPolicy
resources at the same time?You may use multiple
ClientTrafficPolicy
that target differentGateways
, but you may not attach multipleClientTrafficPolicies
to the sameGateway
. Merging config in this scenario would quickly become convoluted and confusing, and there are many edge-case scenarios that make supporting this undesirable.How will this be developed/implemented?
This issue serves as a proposal for the high-level design and fields of the API, but that does not mean that every field included below will be immediately available. My plan for the implementation is to add and implement one high-level field at a time until the whole resource is implemented.
API outline
Open questions
Gateway
, but you can configure multiple listeners on a singleGateway
. Realistically, this resource makes the most sense targeting listeners instead of forcing this to apply to the entire gateway. There should be a way to specify which listeners it applies to so that you can have different config for each listener.Gateway
and then adding in support for @zhaohuabing's SectionName to PolicyTargetReference enhancement when it lands and becomes available.options
field on the listener. We could add support for a new annotation there such asgateway.envoyproxy.io/config-from-clienttrafficpolicy: true
or similar to defer logic here, but I'm open to ideas on how to handle this.protocolOrder
would technically overwriteGateway
'sprotocol
field. Is this fine, or do we want to handle these cases differently?Edits / Changes
Renamed
DownstreamTrafficPolicy
toClientTrafficPolicy
to reduce potential user confusion about the types of traffic this resource will affect.The text was updated successfully, but these errors were encountered: