envoyproxy
diff --git a/‎.github/ISSUE_TEMPLATE/release.md‎
Lines changed: 1 addition & 1 deletion b/‎.github/ISSUE_TEMPLATE/release.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/v1alpha1/envoygateway_helpers.go‎
Lines changed: 13 additions & 0 deletions b/‎api/v1alpha1/envoygateway_helpers.go‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎api/v1alpha1/envoygateway_types.go‎
Lines changed: 25 additions & 0 deletions b/‎api/v1alpha1/envoygateway_types.go‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎api/v1alpha1/httproutefilter_types.go‎
Lines changed: 57 additions & 0 deletions b/‎api/v1alpha1/httproutefilter_types.go‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎api/v1alpha1/shared_types.go‎
Lines changed: 26 additions & 0 deletions b/‎api/v1alpha1/shared_types.go‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎api/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 79 additions & 0 deletions b/‎api/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 79 additions & 0 deletions
diff --git a/‎charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml‎
Lines changed: 2 additions & 0 deletions b/‎charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml‎
Lines changed: 2 additions & 0 deletions
@@ -13,7 +13,7 @@ assignees: ''
 - [ ] update VERSION in release branch
 - [ ] wait for CI
 - [ ] push tag
-    - [ ] Pusth tag https://github.com/envoyproxy/gateway/releases/tag/v1.x.x
+    - [ ] Push tag https://github.com/envoyproxy/gateway/releases/tag/v1.x.x
     - [ ] wait for release CI
 - [ ] verify quickstart
 - [ ] update doc
 
@@ -128,6 +128,19 @@ var defaultRuntimeFlags = map[RuntimeFlag]bool{
 	XDSNameSchemeV2: false,
 }
 
+// IsEnabled checks if an experimental Gateway API is enabled in the EnvoyGateway configuration.
+func (f *GatewayAPIs) IsEnabled(api GatewayAPI) bool {
+	if f != nil {
+		for _, enable := range f.Enabled {
+			if enable == api {
+				return true
+			}
+		}
+	}
+
+	return false
+}
+
 // IsEnabled checks if a runtime flag is enabled in the EnvoyGateway configuration.
 func (f *RuntimeFlags) IsEnabled(flag RuntimeFlag) bool {
 	if f != nil {
 
@@ -100,11 +100,36 @@ type EnvoyGatewaySpec struct {
 	// +optional
 	ExtensionAPIs *ExtensionAPISettings `json:"extensionApis,omitempty"`
 
+	// GatewayAPIs defines feature flags for experimental Gateway API resources.
+	// These APIs live under the gateway.networking.x-k8s.io group and are opt-in.
+	//
+	// +optional
+	// +notImplementedHide
+	GatewayAPIs *GatewayAPIs `json:"gatewayAPIs,omitempty"`
+
 	// RuntimeFlags defines the runtime flags for Envoy Gateway.
 	// Unlike ExtensionAPIs, these flags are temporary and will be removed in future releases once the related features are stable.
 	RuntimeFlags *RuntimeFlags `json:"runtimeFlags,omitempty"`
 }
 
+// GatewayAPI defines an experimental Gateway API resource that can be enabled.
+// +enum
+// +kubebuilder:validation:Enum=XListenerSet;XBackendTrafficPolicy
+type GatewayAPI string
+
+const (
+// XListenerSet enables the Gateway API XListenerSet resource.
+// XListenerSet GatewayAPI = "XListenerSet"
+// XBackendTrafficPolicy enables the Gateway API XBackendTrafficPolicy resource.
+// XBackendTrafficPolicy GatewayAPI = "XBackendTrafficPolicy"
+)
+
+// GatewayAPIs provides a mechanism to opt into experimental Gateway API resources.
+// These APIs are experimental today and are subject to change or removal as they mature.
+type GatewayAPIs struct {
+	Enabled []GatewayAPI `json:"enabled,omitempty"`
+}
+
 // RuntimeFlag defines a runtime flag used to guard breaking changes or risky experimental features in new Envoy Gateway releases.
 // A runtime flag may be enabled or disabled by default and can be toggled through the EnvoyGateway resource.
 // +enum
 
@@ -44,6 +44,14 @@ type HTTPRouteFilterSpec struct {
 	DirectResponse *HTTPDirectResponseFilter `json:"directResponse,omitempty"`
 	// +optional
 	CredentialInjection *HTTPCredentialInjectionFilter `json:"credentialInjection,omitempty"`
+	// Matches defines additional matching criteria for the HTTPRoute rule.
+	// As with HTTPRouteRule.Matches, the rule is matched if any one match applies.
+	// When both HTTPRouteRule.Matches and HTTPRouteFilter.Matches are set, the
+	// effective matching is the logical AND of the two sets.
+	//
+	// +optional
+	// +kubebuilder:validation:MaxItems=8
+	Matches []HTTPRouteMatchFilter `json:"matches,omitempty"`
 }
 
 // HTTPURLRewriteFilter define rewrites of HTTP URL components such as path and host
@@ -186,6 +194,55 @@ type InjectedCredential struct {
 	// EG may support more credential types in the future, for example, OAuth2 access token retrieved by Client Credentials Grant flow.
 }
 
+// HTTPRouteMatchFilter defines additional matching criteria for the HTTPRoute rule.
+// At least one matcher must be specified.
+//
+// +kubebuilder:validation:MinProperties=1
+type HTTPRouteMatchFilter struct {
+	// Cookies is a list of cookie matchers evaluated against the HTTP request.
+	// All specified matchers must match.
+	//
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=16
+	Cookies []HTTPCookieMatch `json:"cookies,omitempty"`
+}
+
+// CookieMatchType specifies the semantics of how cookie values should be compared.
+// Valid CookieMatchType values are "Exact" and "RegularExpression".
+//
+// +kubebuilder:validation:Enum=Exact;RegularExpression
+type CookieMatchType string
+
+// CookieMatchType constants.
+const (
+	// CookieMatchExact matches the exact value of the cookie.
+	CookieMatchExact CookieMatchType = "Exact"
+	// CookieMatchRegularExpression matches a regular expression against the value of the cookie.
+	// The regex string must adhere to the syntax documented in https://github.com/google/re2/wiki/Syntax.
+	CookieMatchRegularExpression CookieMatchType = "RegularExpression"
+)
+
+// HTTPCookieMatch defines how to match a single cookie.
+type HTTPCookieMatch struct {
+	// Type specifies how to match against the value of the cookie.
+	//
+	// +optional
+	// +kubebuilder:default=Exact
+	Type *CookieMatchType `json:"type,omitempty"`
+
+	// Name is the cookie name to evaluate.
+	//
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=256
+	Name string `json:"name"`
+
+	// Value is the cookie value to be matched.
+	//
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=4096
+	Value string `json:"value"`
+}
+
 //+kubebuilder:object:root=true
 
 // HTTPRouteFilterList contains a list of HTTPRouteFilter resources.
 
@@ -863,6 +863,8 @@ type Tracing struct {
 	// CustomTags defines the custom tags to add to each span.
 	// If provider is kubernetes, pod name and namespace are added by default.
 	//
+	// Deprecated: Use Tags instead.
+	//
 	// +optional
 	CustomTags map[string]CustomTag `json:"customTags,omitempty"`
 	// Tags defines the custom tags to add to each span.
@@ -998,6 +1000,30 @@ type HTTPHeaderFilter struct {
 	// +kubebuilder:validation:MaxItems=64
 	Add []gwapiv1.HTTPHeader `json:"add,omitempty"`
 
+	// AddIfAbsent adds the given header(s) (name, value) to the request/response
+	// only if the header does not already exist. Unlike Add which appends to
+	// existing values, this is a no-op if the header is already present.
+	//
+	// Input:
+	//   GET /foo HTTP/1.1
+	//   my-header: foo
+	//
+	// Config:
+	//   addIfAbsent:
+	//   - name: "my-header"
+	//     value: "bar"
+	//
+	// Output:
+	//   GET /foo HTTP/1.1
+	//   my-header: foo
+	//
+	// +optional
+	// +listType=map
+	// +listMapKey=name
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=64
+	AddIfAbsent []gwapiv1.HTTPHeader `json:"addIfAbsent,omitempty"`
+
 	// Remove the given header(s) from the HTTP request before the action. The
 	// value of Remove is a list of HTTP header names. Note that the header
 	// names are case-insensitive (see
 
@@ -2418,6 +2418,8 @@ spec:
                         description: |-
                           CustomTags defines the custom tags to add to each span.
                           If provider is kubernetes, pod name and namespace are added by default.
+
+                          Deprecated: Use Tags instead.
                         type: object
                       samplingFraction:
                         description: |-