Merge branch 'main' into security-policy-design

Signed-off-by: zirain <zirain2009@gmail.com>
arkodg · Oct 25, 2023 · ee29f6f · ee29f6f
2 parents b1d4e10 + a00d289
commit ee29f6f
Show file tree

Hide file tree

Showing 583 changed files with 21,321 additions and 4,892 deletions.
diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml
@@ -33,7 +33,7 @@ jobs:
       contents: write
     steps:
     - name: Git checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         submodules: true
 
@@ -48,11 +48,8 @@ jobs:
       with:
         node-version: '18'
 
-    - name: Install Site Dependencies
-      run: cd site && npm install
-
-    - name: Build Site
-      run: cd site && npm run build:production
+    - name: Install Site Dependencies and Build Site
+      run: make docs
 
     # Upload docs for GitHub Pages
     - name: Upload GitHub Pages artifact

diff --git a/.github/workflows/retest.yaml b/.github/workflows/retest.yaml
@@ -22,6 +22,6 @@ jobs:
       pull-requests: write
       actions: write
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.0.18
+    - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.0.25
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/README.md b/README.md
@@ -10,8 +10,8 @@ Kubernetes-based application gateway.
 
 * [Blog][blog] introducing Envoy Gateway.
 * [Goals](GOALS.md)
-* [Quickstart](./docs/latest/user/quickstart.md) to use Envoy Gateway in a few simple steps.
-* [Roadmap](./docs/latest/design/roadmap.md)
+* [Quickstart](https://gateway.envoyproxy.io/latest/user/quickstart/) to use Envoy Gateway in a few simple steps.
+* [Roadmap](https://gateway.envoyproxy.io/latest/contributions/roadmap/)
 
 ## Contact
 
@@ -20,9 +20,9 @@ Kubernetes-based application gateway.
 
 ## Contributing
 
-* [Code of conduct](./docs/latest/dev/CODE_OF_CONDUCT.md)
-* [Contributing guide](./docs/latest/dev/CONTRIBUTING.md)
-* [Developer guide](docs/latest/dev/README.md)
+* [Code of conduct](https://gateway.envoyproxy.io/latest/contributions/code_of_conduct/)
+* [Contributing guide](https://gateway.envoyproxy.io/latest/contributions/contributing/)
+* [Developer guide](https://gateway.envoyproxy.io/latest/contributions/develop/)
 
 ## Community Meeting
 

diff --git a/api/v1alpha1/backendtrafficpolicy_types.go b/api/v1alpha1/backendtrafficpolicy_types.go
@@ -0,0 +1,71 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+)
+
+const (
+	// KindBackendTrafficPolicy is the name of the BackendTrafficPolicy kind.
+	KindBackendTrafficPolicy = "BackendTrafficPolicy"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:shortName=btpolicy
+// +kubebuilder:subresource:status
+// +kubebuilder:subresource:overrideStrategy
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Accepted")].reason`
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+//
+// BackendTrafficPolicy allows the user to configure the behavior of the connection
+// between the downstream client and Envoy Proxy listener.
+type BackendTrafficPolicy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// spec defines the desired state of BackendTrafficPolicy.
+	Spec BackendTrafficPolicySpec `json:"spec"`
+
+	// status defines the current status of BackendTrafficPolicy.
+	Status BackendTrafficPolicyStatus `json:"status,omitempty"`
+}
+
+// spec defines the desired state of BackendTrafficPolicy.
+type BackendTrafficPolicySpec struct {
+
+	// +kubebuilder:validation:XValidation:rule="self.kind == 'Gateway' || self.kind == 'HTTPRoute' || self.kind == 'GRPCRoute' || self.kind == 'UDPRoute' || self.kind == 'TCPRoute' || self.kind == 'TLSRoute'", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute"
+	//
+	// targetRef is the name of the resource this policy
+	// is being attached to.
+	// This Policy and the TargetRef MUST be in the same namespace
+	// for this Policy to have effect and be applied to the Gateway.
+	TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"`
+}
+
+// BackendTrafficPolicyStatus defines the state of BackendTrafficPolicy
+type BackendTrafficPolicyStatus struct {
+	// Conditions describe the current conditions of the BackendTrafficPolicy.
+	//
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	// +kubebuilder:validation:MaxItems=8
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// BackendTrafficPolicyList contains a list of BackendTrafficPolicy resources.
+type BackendTrafficPolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []BackendTrafficPolicy `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&BackendTrafficPolicy{}, &BackendTrafficPolicyList{})
+}
diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go
@@ -7,8 +7,8 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
-	gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1"
 )
 
 const (
@@ -64,12 +64,12 @@ type TCPKeepalive struct {
 	// Defaults to `7200s`.
 	//
 	// +optional
-	IdleTime *gwapiv1b1.Duration `json:"idleTime,omitempty"`
+	IdleTime *gwapiv1.Duration `json:"idleTime,omitempty"`
 	// The duration between keep-alive probes.
 	// Defaults to `75s`.
 	//
 	// +optional
-	Interval *gwapiv1b1.Duration `json:"interval,omitempty"`
+	Interval *gwapiv1.Duration `json:"interval,omitempty"`
 }
 
 // ClientTrafficPolicyStatus defines the state of ClientTrafficPolicy

diff --git a/api/v1alpha1/envoygateway_helpers.go b/api/v1alpha1/envoygateway_helpers.go
@@ -6,6 +6,8 @@
 package v1alpha1
 
 import (
+	"fmt"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -17,10 +19,11 @@ func DefaultEnvoyGateway() *EnvoyGateway {
 			APIVersion: GroupVersion.String(),
 		},
 		EnvoyGatewaySpec{
-			Gateway:  DefaultGateway(),
-			Provider: DefaultEnvoyGatewayProvider(),
-			Logging:  DefaultEnvoyGatewayLogging(),
-			Admin:    DefaultEnvoyGatewayAdmin(),
+			Gateway:   DefaultGateway(),
+			Provider:  DefaultEnvoyGatewayProvider(),
+			Logging:   DefaultEnvoyGatewayLogging(),
+			Admin:     DefaultEnvoyGatewayAdmin(),
+			Telemetry: DefaultEnvoyGatewayTelemetry(),
 		},
 	}
 }
@@ -45,6 +48,9 @@ func (e *EnvoyGateway) SetEnvoyGatewayDefaults() {
 	if e.Admin == nil {
 		e.Admin = DefaultEnvoyGatewayAdmin()
 	}
+	if e.Telemetry == nil {
+		e.Telemetry = DefaultEnvoyGatewayTelemetry()
+	}
 }
 
 // GetEnvoyGatewayAdmin returns the EnvoyGatewayAdmin of EnvoyGateway or a default EnvoyGatewayAdmin if unspecified.
@@ -60,6 +66,16 @@ func (e *EnvoyGateway) GetEnvoyGatewayAdmin() *EnvoyGatewayAdmin {
 	return e.Admin
 }
 
+// GetEnvoyGatewayAdminAddress returns the EnvoyGateway Admin Address.
+func (e *EnvoyGateway) GetEnvoyGatewayAdminAddress() string {
+	address := e.GetEnvoyGatewayAdmin().Address
+	if address != nil {
+		return fmt.Sprintf("%s:%d", address.Host, address.Port)
+	}
+
+	return ""
+}
+
 // DefaultGateway returns a new Gateway with default configuration parameters.
 func DefaultGateway() *Gateway {
 	return &Gateway{
@@ -76,6 +92,50 @@ func DefaultEnvoyGatewayLogging() *EnvoyGatewayLogging {
 	}
 }
 
+// GetEnvoyGatewayAdmin returns the EnvoyGatewayAdmin of EnvoyGateway or a default EnvoyGatewayAdmin if unspecified.
+func (e *EnvoyGateway) GetEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry {
+	if e.Telemetry != nil {
+		if e.Telemetry.Metrics.Prometheus == nil {
+			e.Telemetry.Metrics.Prometheus = DefaultEnvoyGatewayPrometheus()
+		}
+
+		if e.Telemetry.Metrics == nil {
+			e.Telemetry.Metrics = DefaultEnvoyGatewayMetrics()
+		}
+		return e.Telemetry
+	}
+	e.Telemetry = DefaultEnvoyGatewayTelemetry()
+
+	return e.Telemetry
+}
+
+// IfDisablePrometheus returns if disable prometheus.
+func (e *EnvoyGateway) IfDisablePrometheus() bool {
+	return e.GetEnvoyGatewayTelemetry().Metrics.Prometheus.Disable
+}
+
+// DefaultEnvoyGatewayTelemetry returns a new EnvoyGatewayTelemetry with default configuration parameters.
+func DefaultEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry {
+	return &EnvoyGatewayTelemetry{
+		Metrics: DefaultEnvoyGatewayMetrics(),
+	}
+}
+
+// DefaultEnvoyGatewayMetrics returns a new EnvoyGatewayMetrics with default configuration parameters.
+func DefaultEnvoyGatewayMetrics() *EnvoyGatewayMetrics {
+	return &EnvoyGatewayMetrics{
+		Prometheus: DefaultEnvoyGatewayPrometheus(),
+	}
+}
+
+// DefaultEnvoyGatewayPrometheus returns a new EnvoyGatewayMetrics with default configuration parameters.
+func DefaultEnvoyGatewayPrometheus() *EnvoyGatewayPrometheusProvider {
+	return &EnvoyGatewayPrometheusProvider{
+		// Enable prometheus pull by default.
+		Disable: false,
+	}
+}
+
 // DefaultEnvoyGatewayProvider returns a new EnvoyGatewayProvider with default configuration parameters.
 func DefaultEnvoyGatewayProvider() *EnvoyGatewayProvider {
 	return &EnvoyGatewayProvider{
@@ -103,8 +163,9 @@ func DefaultEnvoyGatewayKubeProvider() *EnvoyGatewayKubernetesProvider {
 // DefaultEnvoyGatewayAdmin returns a new EnvoyGatewayAdmin with default configuration parameters.
 func DefaultEnvoyGatewayAdmin() *EnvoyGatewayAdmin {
 	return &EnvoyGatewayAdmin{
-		Debug:   false,
-		Address: DefaultEnvoyGatewayAdminAddress(),
+		Address:          DefaultEnvoyGatewayAdminAddress(),
+		EnableDumpConfig: false,
+		EnablePprof:      false,
 	}
 }
 

diff --git a/api/v1alpha1/envoygateway_metrics_types.go b/api/v1alpha1/envoygateway_metrics_types.go
@@ -0,0 +1,48 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package v1alpha1
+
+// EnvoyGatewayMetrics defines control plane push/pull metrics configurations.
+type EnvoyGatewayMetrics struct {
+	// Sinks defines the metric sinks where metrics are sent to.
+	Sinks []EnvoyGatewayMetricSink `json:"sinks,omitempty"`
+	// Prometheus defines the configuration for prometheus endpoint.
+	Prometheus *EnvoyGatewayPrometheusProvider `json:"prometheus,omitempty"`
+}
+
+// EnvoyGatewayMetricSink defines control plane
+// metric sinks where metrics are sent to.
+type EnvoyGatewayMetricSink struct {
+	// Type defines the metric sink type.
+	// EG control plane currently supports OpenTelemetry.
+	// +kubebuilder:validation:Enum=OpenTelemetry
+	// +kubebuilder:default=OpenTelemetry
+	Type MetricSinkType `json:"type"`
+	// OpenTelemetry defines the configuration for OpenTelemetry sink.
+	// It's required if the sink type is OpenTelemetry.
+	OpenTelemetry *EnvoyGatewayOpenTelemetrySink `json:"openTelemetry,omitempty"`
+}
+
+type EnvoyGatewayOpenTelemetrySink struct {
+	// Host define the sink service hostname.
+	Host string `json:"host"`
+	// Protocol define the sink service protocol.
+	// +kubebuilder:validation:Enum=grpc;http
+	Protocol string `json:"protocol"`
+	// Port defines the port the sink service is exposed on.
+	//
+	// +optional
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:default=4317
+	Port int32 `json:"port,omitempty"`
+}
+
+// EnvoyGatewayPrometheusProvider will expose prometheus endpoint in pull mode.
+type EnvoyGatewayPrometheusProvider struct {
+	// Disable defines if disables the prometheus metrics in pull mode.
+	//
+	Disable bool `json:"disable,omitempty"`
+}