Cors policy is not automatically cleared when deleting CRD Security Policy

[quyenhoang96]

Description:
I apply config as bellow:

apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: example-gateway-class
  labels:
    example: grpc-routing
spec:
  controllerName: gateway.envoyproxy.io/gatewayclass-controller
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  namespace: envoy-gateway
  name: gateway-1
spec:
  gatewayClassName: example-gateway-class
  listeners:
  - name: http
    protocol: HTTP
    port: 80
    allowedRoutes:
      namespaces:
        from: All
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: GRPCRoute
metadata:
  namespace: default
  name: grpcroute-1
spec:
  parentRefs:
  - namespace: envoy-gateway
    name: gateway-1
    sectionName: http
  rules:
  - backendRefs:
    - name: service-1
      port: 9000
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  namespace: default
  name: httproute-1
spec:
  hostnames:
  - gateway.envoyproxy.io
  parentRefs:
  - namespace: envoy-gateway
    name: gateway-2
    sectionName: http
  rules:
  - matches:
    - path:
        value: "/"
    backendRefs:
    - name: service-1
      port: 8080
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: SecurityPolicy
metadata:
  namespace: default
  name: policy-for-route
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: GRPCRoute
    name: grpcroute-1
    namespace: default
  cors:
    allowOrigins:
    - type: Prefix
      value: example
    - type: Suffix
      value: bar.org
    allowMethods:
    - GET
    - POST
    allowHeaders:
    - "x-header-5"
    - "x-header-6"
    exposeHeaders:
    - "x-header-7"
    - "x-header-8"
    maxAge: 30s

---
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: yages
    example: grpc-routing
  name: yages
spec:
  selector:
    matchLabels:
      app: yages
  replicas: 1
  template:
    metadata:
      labels:
        app: yages
    spec:
      containers:
        - name: grpcsrv
          image: ghcr.io/projectcontour/yages:v0.1.0
          ports:
            - containerPort: 9000
              protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: yages
    example: grpc-routing
  name: service-1
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 9000
      protocol: TCP
      targetPort: 9000
  selector:
    app: yages

Then, the result of config:

"routes": [
         {
          "match": {
           "prefix": "/"
          },
          "route": {
           "cluster": "grpcroute/default/grpcroute-1/rule/0"
          },
          "typed_per_filter_config": {
           "envoy.filters.http.cors": {
            "@type": "type.googleapis.com/envoy.extensions.filters.http.cors.v3.CorsPolicy",
            "allow_origin_string_match": [
             {
              "prefix": "example"
             },
             {
              "suffix": "bar.org"
             }
            ],
            "allow_methods": "GET, POST",
            "allow_headers": "x-header-5, x-header-6",
            "expose_headers": "x-header-7, x-header-8",
            "max_age": "2000"
           }
          },
          "name": "grpcroute/default/grpcroute-1/rule/0/match/-1/*"
         }
        ]

And I deleted CRD SecurityPolicy, But typed_per_filter_config can not delete

[zirain]

cc @zhaohuabing

[zhaohuabing]

Thanks for testing. I'll look into it.

[zhaohuabing]

This should have been fixed in #2086

[arkodg]

Hey @zhaohuabing what was the issue in this one

[zhaohuabing]

Hey @zhaohuabing what was the issue in this one

Forgot to add watch for SecurityPolicy.