[release/v1.5] cherry pick for v1.5.1

VERSION

@@ -1 +1 @@
-v1.5.0-rc.1
+v1.5.0

api/v1alpha1/backendtrafficpolicy_types.go

@@ -74,8 +74,11 @@ type BackendTrafficPolicySpec struct {
 
 	// The compression config for the http streams.
 	//
+	// +patchMergeKey=type
+	// +patchStrategy=merge
+	//
 	// +optional
-	Compression []*Compression `json:"compression,omitempty"`
+	Compression []*Compression `json:"compression,omitempty" patchMergeKey:"type" patchStrategy:"merge"`
 
 	// ResponseOverride defines the configuration to override specific responses with a custom one.
 	// If multiple configurations are specified, the first one to match wins.

api/v1alpha1/clienttrafficpolicy_types.go

@@ -7,7 +7,6 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 )
 
@@ -159,7 +158,7 @@ type HeaderSettings struct {
 	// routing, tracing and built-in header manipulation.
 	//
 	// +optional
-	EarlyRequestHeaders *gwapiv1.HTTPHeaderFilter `json:"earlyRequestHeaders,omitempty"`
+	EarlyRequestHeaders *HTTPHeaderFilter `json:"earlyRequestHeaders,omitempty"`
 }
 
 // WithUnderscoresAction configures the action to take when an HTTP header with underscores

api/v1alpha1/cors_types.go

@@ -5,7 +5,7 @@
 
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 // Origin is defined by the scheme (protocol), hostname (domain), and port of
 // the URL used to access it. The hostname can be "precise" which is just the
@@ -61,7 +61,7 @@ type CORS struct {
 	// It specifies the value in the Access-Control-Max-Age CORS response header..
 	//
 	// +optional
-	MaxAge *metav1.Duration `json:"maxAge,omitempty"`
+	MaxAge *gwapiv1.Duration `json:"maxAge,omitempty"`
 
 	// AllowCredentials indicates whether a request can include user credentials
 	// like cookies, authentication headers, or TLS client certificates.

api/v1alpha1/dns_types.go

@@ -5,7 +5,7 @@
 
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 // DNSLookupFamily defines the behavior of Envoy when resolving DNS for hostnames
 // +enum
@@ -31,10 +31,14 @@ const (
 type DNS struct {
 	// DNSRefreshRate specifies the rate at which DNS records should be refreshed.
 	// Defaults to 30 seconds.
-	DNSRefreshRate *metav1.Duration `json:"dnsRefreshRate,omitempty"`
+	//
+	// +optional
+	DNSRefreshRate *gwapiv1.Duration `json:"dnsRefreshRate,omitempty"`
 	// RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
 	// If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
 	// Defaults to true.
+	//
+	// +optional
 	RespectDNSTTL *bool `json:"respectDnsTtl,omitempty"`
 	// LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
 	// If set, this configuration overrides other defaults.

api/v1alpha1/envoygateway_helpers.go

@@ -109,6 +109,16 @@ func (e *EnvoyGateway) GatewayNamespaceMode() bool {
 		*e.Provider.Kubernetes.Deploy.Type == KubernetesDeployModeTypeGatewayNamespace
 }
 
+// TopologyInjectorDisabled checks whether the provided EnvoyGateway disables TopologyInjector
+func (e *EnvoyGateway) TopologyInjectorDisabled() bool {
+	if e.Provider != nil &&
+		e.Provider.Kubernetes != nil &&
+		e.Provider.Kubernetes.TopologyInjector != nil {
+		return ptr.Deref(e.Provider.Kubernetes.TopologyInjector.Disable, false)
+	}
+	return false
+}
+
 // defaultRuntimeFlags are the default runtime flags for Envoy Gateway.
 var defaultRuntimeFlags = map[RuntimeFlag]bool{
 	XDSNameSchemeV2: false,

api/v1alpha1/envoygateway_types.go

@@ -143,13 +143,21 @@ type KubernetesClientRateLimit struct {
 // LeaderElection defines the desired leader election settings.
 type LeaderElection struct {
 	// LeaseDuration defines the time non-leader contenders will wait before attempting to claim leadership.
-	// It's based on the timestamp of the last acknowledged signal. The default setting is 15 seconds.
+	// It's based on the timestamp of the last acknowledged signal.
+	// The default setting is 15 seconds.
+	//
+	// +optional
 	LeaseDuration *gwapiv1.Duration `json:"leaseDuration,omitempty"`
 	// RenewDeadline represents the time frame within which the current leader will attempt to renew its leadership
-	// status before relinquishing its position. The default setting is 10 seconds.
+	// status before relinquishing its position.
+	// The default setting is 10 seconds.
+	//
+	// +optional
 	RenewDeadline *gwapiv1.Duration `json:"renewDeadline,omitempty"`
 	// RetryPeriod denotes the interval at which LeaderElector clients should perform action retries.
 	// The default setting is 2 seconds.
+	//
+	// +optional
 	RetryPeriod *gwapiv1.Duration `json:"retryPeriod,omitempty"`
 	// Disable provides the option to turn off leader election, which is enabled by default.
 	Disable *bool `json:"disable,omitempty"`
@@ -173,7 +181,7 @@ type EnvoyGatewayLogging struct {
 }
 
 // EnvoyGatewayLogComponent defines a component that supports a configured logging level.
-// +kubebuilder:validation:Enum=default;provider;gateway-api;xds-translator;xds-server;infrastructure;global-ratelimit
+// +kubebuilder:validation:Enum=default;provider;gateway-api;xds-translator;xds-server;xds;infrastructure;global-ratelimit
 type EnvoyGatewayLogComponent string
 
 const (
@@ -193,6 +201,9 @@ const (
 	// LogComponentXdsServerRunner defines the "xds-server" runner component.
 	LogComponentXdsServerRunner EnvoyGatewayLogComponent = "xds-server"
 
+	// LogComponentXdsRunner defines the "xds" runner component.
+	LogComponentXdsRunner EnvoyGatewayLogComponent = "xds"
+
 	// LogComponentInfrastructureRunner defines the "infrastructure" runner component.
 	LogComponentInfrastructureRunner EnvoyGatewayLogComponent = "infrastructure"
 
@@ -432,9 +443,9 @@ type RateLimit struct {
 
 	// Timeout specifies the timeout period for the proxy to access the ratelimit server
 	// If not set, timeout is 20ms.
+	//
 	// +optional
-	// +kubebuilder:validation:Format=duration
-	Timeout *metav1.Duration `json:"timeout,omitempty"`
+	Timeout *gwapiv1.Duration `json:"timeout,omitempty"`
 
 	// FailClosed is a switch used to control the flow of traffic
 	// when the response from the ratelimit server cannot be obtained.

api/v1alpha1/envoyproxy_types.go

@@ -272,6 +272,12 @@ const (
 	// EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter.
 	EnvoyFilterRateLimit EnvoyFilter = "envoy.filters.http.ratelimit"
 
+	// EnvoyFilterGRPCWeb defines the Envoy HTTP gRPC-web filter.
+	EnvoyFilterGRPCWeb EnvoyFilter = "envoy.filters.http.grpc_web"
+
+	// EnvoyFilterGRPCStats defines the Envoy HTTP gRPC stats filter.
+	EnvoyFilterGRPCStats EnvoyFilter = "envoy.filters.http.grpc_stats"
+
 	// EnvoyFilterCustomResponse defines the Envoy HTTP custom response filter.
 	EnvoyFilterCustomResponse EnvoyFilter = "envoy.filters.http.custom_response"
 
@@ -344,12 +350,12 @@ type ShutdownConfig struct {
 	// If unspecified, defaults to 60 seconds.
 	//
 	// +optional
-	DrainTimeout *metav1.Duration `json:"drainTimeout,omitempty"`
+	DrainTimeout *gwapiv1.Duration `json:"drainTimeout,omitempty"`
 	// MinDrainDuration defines the minimum drain duration allowing time for endpoint deprogramming to complete.
 	// If unspecified, defaults to 10 seconds.
 	//
 	// +optional
-	MinDrainDuration *metav1.Duration `json:"minDrainDuration,omitempty"`
+	MinDrainDuration *gwapiv1.Duration `json:"minDrainDuration,omitempty"`
 }
 
 // +kubebuilder:validation:XValidation:rule="((has(self.envoyDeployment) && !has(self.envoyDaemonSet)) || (!has(self.envoyDeployment) && has(self.envoyDaemonSet))) || (!has(self.envoyDeployment) && !has(self.envoyDaemonSet))",message="only one of envoyDeployment or envoyDaemonSet can be specified"

api/v1alpha1/fault_injection.go

@@ -5,7 +5,7 @@
 
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 // FaultInjection defines the fault injection policy to be applied. This configuration can be used to
 // inject delays and abort requests to mimic failure scenarios such as service failures and overloads
@@ -29,7 +29,7 @@ type FaultInjectionDelay struct {
 	// FixedDelay specifies the fixed delay duration
 	//
 	// +required
-	FixedDelay *metav1.Duration `json:"fixedDelay"`
+	FixedDelay *gwapiv1.Duration `json:"fixedDelay"`
 
 	// Percentage specifies the percentage of requests to be delayed. Default 100%, if set 0, no requests will be delayed. Accuracy to 0.0001%.
 	// +optional

api/v1alpha1/healthcheck_types.go

@@ -5,10 +5,7 @@
 
 package v1alpha1
 
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
-)
+import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 // HealthCheck configuration to decide which endpoints
 // are healthy and can be used for routing.
@@ -42,10 +39,9 @@ type PassiveHealthCheck struct {
 
 	// Interval defines the time between passive health checks.
 	//
-	// +kubebuilder:validation:Format=duration
 	// +kubebuilder:default="3s"
 	// +optional
-	Interval *metav1.Duration `json:"interval,omitempty"`
+	Interval *gwapiv1.Duration `json:"interval,omitempty"`
 
 	// ConsecutiveLocalOriginFailures sets the number of consecutive local origin failures triggering ejection.
 	// Parameter takes effect only when split_external_local_origin_errors is set to true.
@@ -68,10 +64,9 @@ type PassiveHealthCheck struct {
 
 	// BaseEjectionTime defines the base duration for which a host will be ejected on consecutive failures.
 	//
-	// +kubebuilder:validation:Format=duration
 	// +kubebuilder:default="30s"
 	// +optional
-	BaseEjectionTime *metav1.Duration `json:"baseEjectionTime,omitempty"`
+	BaseEjectionTime *gwapiv1.Duration `json:"baseEjectionTime,omitempty"`
 
 	// MaxEjectionPercent sets the maximum percentage of hosts in a cluster that can be ejected.
 	//
@@ -90,22 +85,19 @@ type PassiveHealthCheck struct {
 type ActiveHealthCheck struct {
 	// Timeout defines the time to wait for a health check response.
 	//
-	// +kubebuilder:validation:Format=duration
 	// +kubebuilder:default="1s"
 	// +optional
-	Timeout *metav1.Duration `json:"timeout"`
+	Timeout *gwapiv1.Duration `json:"timeout"`
 
 	// Interval defines the time between active health checks.
 	//
-	// +kubebuilder:validation:Format=duration
 	// +kubebuilder:default="3s"
 	// +optional
-	Interval *metav1.Duration `json:"interval"`
+	Interval *gwapiv1.Duration `json:"interval"`
 
 	// InitialJitter defines the maximum time Envoy will wait before the first health check.
 	// Envoy will randomly select a value between 0 and the initial jitter value.
 	//
-	// +kubebuilder:validation:Format=duration
 	// +optional
 	InitialJitter *gwapiv1.Duration `json:"initialJitter,omitempty"`
 

api/v1alpha1/loadbalancer_types.go

@@ -5,7 +5,7 @@
 
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 // LoadBalancer defines the load balancer policy to be applied.
 // +union
@@ -47,7 +47,6 @@ type LoadBalancer struct {
 	// ZoneAware defines the configuration related to the distribution of requests between locality zones.
 	//
 	// +optional
-	// +notImplementedHide
 	ZoneAware *ZoneAware `json:"zoneAware,omitempty"`
 }
 
@@ -120,7 +119,7 @@ type Cookie struct {
 	// Max-Age attribute value.
 	//
 	// +optional
-	TTL *metav1.Duration `json:"ttl,omitempty"`
+	TTL *gwapiv1.Duration `json:"ttl,omitempty"`
 	// Additional Attributes to set for the generated cookie.
 	//
 	// +optional
@@ -147,7 +146,7 @@ type SlowStart struct {
 	// Currently only supports linear growth of traffic. For additional details,
 	// see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig
 	// +kubebuilder:validation:Required
-	Window *metav1.Duration `json:"window"`
+	Window *gwapiv1.Duration `json:"window"`
 	// TODO: Add support for non-linear traffic increases based on user usage.
 }
 
@@ -156,7 +155,6 @@ type ZoneAware struct {
 	// PreferLocalZone configures zone-aware routing to prefer sending traffic to the local locality zone.
 	//
 	// +optional
-	// +notImplementedHide
 	PreferLocal *PreferLocalZone `json:"preferLocal,omitempty"`
 }
 
@@ -166,13 +164,11 @@ type PreferLocalZone struct {
 	// which maintains equal distribution among upstream endpoints while sending as much traffic as possible locally.
 	//
 	// +optional
-	// +notImplementedHide
 	Force *ForceLocalZone `json:"force,omitempty"`
 
 	// MinEndpointsThreshold is the minimum number of total upstream endpoints across all zones required to enable zone-aware routing.
 	//
 	// +optional
-	// +notImplementedHide
 	MinEndpointsThreshold *uint64 `json:"minEndpointsThreshold,omitempty"`
 }
 

api/v1alpha1/oidc_types.go

@@ -6,7 +6,6 @@
 package v1alpha1
 
 import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
@@ -110,7 +109,7 @@ type OIDC struct {
 	// OAuth flow will fail.
 	//
 	// +optional
-	DefaultTokenTTL *metav1.Duration `json:"defaultTokenTTL,omitempty"`
+	DefaultTokenTTL *gwapiv1.Duration `json:"defaultTokenTTL,omitempty"`
 
 	// RefreshToken indicates whether the Envoy should automatically refresh the
 	// id token and access token when they expire.
@@ -127,8 +126,9 @@ type OIDC struct {
 	//
 	// If not specified, defaults to 604800s (one week).
 	// Note: this field is only applicable when the "refreshToken" field is set to true.
+	//
 	// +optional
-	DefaultRefreshTokenTTL *metav1.Duration `json:"defaultRefreshTokenTTL,omitempty"`
+	DefaultRefreshTokenTTL *gwapiv1.Duration `json:"defaultRefreshTokenTTL,omitempty"`
 
 	// Skips OIDC authentication when the request contains a header that will be extracted by the JWT filter. Unless
 	// explicitly stated otherwise in the extractFrom field, this will be the "Authorization: Bearer ..." header.
@@ -232,6 +232,5 @@ const (
 type OIDCCookieConfig struct {
 	// +optional
 	// +kubebuilder:validation:Enum=Lax;Strict;None
-	// +kubebuilder:default=Strict
 	SameSite *string `json:"sameSite,omitempty"`
 }

api/v1alpha1/ratelimit_types.go

@@ -285,9 +285,9 @@ type RateLimitValue struct {
 }
 
 // RateLimitUnit specifies the intervals for setting rate limits.
-// Valid RateLimitUnit values are "Second", "Minute", "Hour", and "Day".
+// Valid RateLimitUnit values are "Second", "Minute", "Hour", "Day", "Month" and "Year".
 //
-// +kubebuilder:validation:Enum=Second;Minute;Hour;Day
+// +kubebuilder:validation:Enum=Second;Minute;Hour;Day;Month;Year
 type RateLimitUnit string
 
 // RateLimitUnit constants.
@@ -303,4 +303,10 @@ const (
 
 	// RateLimitUnitDay specifies the rate limit interval to be 1 day.
 	RateLimitUnitDay RateLimitUnit = "Day"
+
+	// RateLimitUnitMonth specifies the rate limit interval to be 1 month.
+	RateLimitUnitMonth RateLimitUnit = "Month"
+
+	// RateLimitUnitYear specifies the rate limit interval to be 1 year.
+	RateLimitUnitYear RateLimitUnit = "Year"
 )