feat(translator): relax backend restrictions for localhost when running standalone with Host infrastructure#7427
Merged
shawnh2 merged 3 commits intoenvoyproxy:mainfrom Nov 6, 2025
Conversation
Codecov Report❌ Patch coverage is
❌ Your patch status has failed because the patch coverage (50.00%) is below the target coverage (60.00%). You can increase the patch coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## main #7427 +/- ##
==========================================
+ Coverage 72.36% 72.39% +0.03%
==========================================
Files 231 231
Lines 34042 34043 +1
==========================================
+ Hits 24633 24644 +11
+ Misses 7633 7626 -7
+ Partials 1776 1773 -3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
arkodg
reviewed
Nov 4, 2025
arkodg
reviewed
Nov 4, 2025
infrastructure Signed-off-by: Ignasi Barrera <nacx@apache.org>
Signed-off-by: Ignasi Barrera <nacx@apache.org>
2004a4c to
187eb1c
Compare
Member
Author
|
/retest |
arkodg
approved these changes
Nov 5, 2025
rudrakhp
pushed a commit
that referenced
this pull request
Nov 10, 2025
…ng standalone with Host infrastructure (#7427)
arkodg
added a commit
that referenced
this pull request
Nov 10, 2025
* chore(examples): fix extensionserver build (#7398) Signed-off-by: Maxime Brunet <max@brnt.mx> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * chore: add missing endpoints in the crl test (#7402) fix test for #7199 Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * chore(make): exit on failure (#7387) Signed-off-by: Maxime Brunet <max@brnt.mx> Co-authored-by: zirain <zirain2009@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: port typo (#7397) Signed-off-by: cong <q1875486458@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * build(deps): bump busybox from `2f590fc` to `e3652a0` in /tools/docker/envoy-gateway (#7409) build(deps): bump busybox in /tools/docker/envoy-gateway Bumps busybox from `2f590fc` to `e3652a0`. --- updated-dependencies: - dependency-name: busybox dependency-version: e3652a00a2fabd16ce889f0aa32c38eec347b997e73bd09e69c962ec7f8732ee dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: validate EnvoyGateway configuration before reload (#7412) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * build(deps): bump the actions group across 1 directory with 2 updates (#7410) Bumps the actions group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [google/osv-scanner-action](https://github.com/google/osv-scanner-action). Updates `github/codeql-action` from 4.31.0 to 4.31.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@4e94bd1...0499de3) Updates `google/osv-scanner-action` from 2.2.3 to 2.2.4 - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@e92b5d0...9bb6957) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: google/osv-scanner-action dependency-version: 2.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: missing onInvalidMessage for ClientTrafficPolicy (#7417) Signed-off-by: i.makarychev <makarichev.ivan@gmail.com> Signed-off-by: i.makarychev <i.makarychev@tbank.ru> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * chore: add missing filters in the filter order configuration (#7404) * add missing filters in the filter order configuration Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> * fix wrong filter name Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * test: tcp security policy e2e (#7226) * feat(securitypolicy): Added e2e tests for tcp security policies Signed-off-by: davem-git <demathieu@gmail.com> * removed commented out line Signed-off-by: davem-git <demathieu@gmail.com> --------- Signed-off-by: davem-git <demathieu@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * Docs: tcp security policy (#7247) * updated release notes Signed-off-by: davem-git <demathieu@gmail.com> * updated docs Signed-off-by: davem-git <demathieu@gmail.com> * fixed merge conflict Signed-off-by: davem-git <demathieu@gmail.com> --------- Signed-off-by: davem-git <demathieu@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * feat: support both local and global ratelimit simultaneously (#7334) * update rate limit type Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * feat: support both type rate limit Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * feat: support separated path match in ratelimit path (#7413) * update: path match ratelimit e2e Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: handle optional next update for CRL (#7422) fix: handle optional next update for crl Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: missing jwt provider when jwt is configured on multiple listeners sharing the same port (#7337) * fix jwt provider missing when jwt is configured at multiple ir listeners Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: only insert proxy service once it exists (#7424) * maybe this is the fix? Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> * fixes Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> * cleanup Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> * consolidate Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> * fix Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> --------- Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix error when updating invalid gateway status (#7415) * fix error when updating invalid gateway status Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: avoid calling the issuer's well-known endpoint for every routes (#7394) * fix: avoid calling the issuer's well-known endpoint for every routes with Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: memory leak (#7429) Fix memory leak. Two watchable.Maps were never closed when shutting down the provider: - GatewayClassStatuses.Close() - missing in GatewayAPIStatuses.Close() - BackendTrafficPolicyStatuses.Close() - missing in PolicyStatuses.Close() Each unclosed map leaked 3 goroutines: 1. Internal watchable.Map.coalesce goroutine 2. HandleSubscription goroutine blocked on channel read 3. Error handler goroutine blocked on channel read Signed-off-by: Gonzalo Serrano <boikot@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * perf: move snapshot update above status update in xds layer (#7423) Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * chore: cleanup logging when inserting proxy service cluster (#7431) cleanup Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * upgrade gofumpt (#7420) Signed-off-by: fabian4 <fabian.v.bao@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * feat(translator): relax backend restrictions for localhost when running standalone with Host infrastructure (#7427) Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * chore: improve api docs for http10.useDefaultHost (#7435) * imporove api docs for useDefaultHost Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * ci: disable lint.dependabot (#7445) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * chore: bump github.com/containerd/containerd (#7448) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * perf: do not set last transition time for status in watcher layer (#7268) Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * docs: fix gwapi docs (#7408) * docs: fix gwapi docs Signed-off-by: zirain <zirain2009@gmail.com> * fix Signed-off-by: zirain <zirain2009@gmail.com> * update Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * chore: renable lint.dependabot (#7454) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * chore: remove last transition time comparison as no longer set (#7451) chore: remove last transition time comparision as no longer set Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: merged policy status (#7376) Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: header modifier doesn't permit multiple values with commas (#7436) * revert: separate headers with commas Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> * add e2e Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix auto http config with proxy protocol (#7439) * don't set TypedExtensionProtocolOptions when ProxyProtocol enabled Signed-off-by: zirain <zirain2009@gmail.com> * update test Signed-off-by: zirain <zirain2009@gmail.com> * enable auto ALPN for proxy protocol Signed-off-by: zirain <zirain2009@gmail.com> * add e2e Signed-off-by: zirain <zirain2009@gmail.com> * update Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * build(deps): bump sigs.k8s.io/controller-runtime from 0.22.3 to 0.22.4 in /examples/extension-server (#7470) build(deps): bump sigs.k8s.io/controller-runtime Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.22.3 to 0.22.4. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.22.3...v0.22.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.22.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * build(deps): bump softprops/action-gh-release from 2.4.1 to 2.4.2 in the actions group across 1 directory (#7461) build(deps): bump softprops/action-gh-release Bumps the actions group with 1 update in the / directory: [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `softprops/action-gh-release` from 2.4.1 to 2.4.2 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@6da8fa9...5be0e66) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * build(deps): bump github.com/envoyproxy/go-control-plane/envoy from 1.35.0 to 1.36.0 in /examples/grpc-ext-proc (#7471) build(deps): bump github.com/envoyproxy/go-control-plane/envoy Bumps [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) from 1.35.0 to 1.36.0. - [Release notes](https://github.com/envoyproxy/go-control-plane/releases) - [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md) - [Commits](envoyproxy/go-control-plane@envoy/v1.35.0...envoy/v1.36.0) --- updated-dependencies: - dependency-name: github.com/envoyproxy/go-control-plane/envoy dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * build(deps): bump github.com/envoyproxy/go-control-plane/envoy from 1.35.0 to 1.36.0 in /examples/envoy-ext-auth (#7467) build(deps): bump github.com/envoyproxy/go-control-plane/envoy Bumps [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) from 1.35.0 to 1.36.0. - [Release notes](https://github.com/envoyproxy/go-control-plane/releases) - [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md) - [Commits](envoyproxy/go-control-plane@envoy/v1.35.0...envoy/v1.36.0) --- updated-dependencies: - dependency-name: github.com/envoyproxy/go-control-plane/envoy dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * build(deps): bump github.com/envoyproxy/go-control-plane/envoy from 1.35.1-0.20251029084203-42a4a9261f66 to 1.36.0 in /examples/extension-server (#7468) build(deps): bump github.com/envoyproxy/go-control-plane/envoy Bumps [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) from 1.35.1-0.20251029084203-42a4a9261f66 to 1.36.0. - [Release notes](https://github.com/envoyproxy/go-control-plane/releases) - [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md) - [Commits](https://github.com/envoyproxy/go-control-plane/commits/envoy/v1.36.0) --- updated-dependencies: - dependency-name: github.com/envoyproxy/go-control-plane/envoy dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * [release/v1.6] v1.6.0 release docs (#7475) Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> --------- Signed-off-by: Maxime Brunet <max@brnt.mx> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Signed-off-by: cong <q1875486458@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: i.makarychev <makarichev.ivan@gmail.com> Signed-off-by: i.makarychev <i.makarychev@tbank.ru> Signed-off-by: davem-git <demathieu@gmail.com> Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com> Signed-off-by: jukie <10012479+jukie@users.noreply.github.com> Signed-off-by: Gonzalo Serrano <boikot@gmail.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: fabian4 <fabian.v.bao@gmail.com> Co-authored-by: Maxime Brunet <max@brnt.mx> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: 聪 <q1875486458@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Inode1 <makarichevivan@gmail.com> Co-authored-by: davem-git <demathieu@gmail.com> Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com> Co-authored-by: Isaac <10012479+jukie@users.noreply.github.com> Co-authored-by: Gonzalo Serrano <boikot@gmail.com> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: Fabian Bao <fabian.v.bao@gmail.com> Co-authored-by: Ignasi Barrera <nacx@apache.org>
mathetake
pushed a commit
to envoyproxy/ai-gateway
that referenced
this pull request
Nov 11, 2025
…1501) **Description** Now that EG has merged the patch that allows using `localhost` in Backends when running in standalone mode, we can remove the uses of `.nip.io` we were using to overcome the limitation when proxying local Ollama LLMs or local MCP servers. I've verified all Docker guides we had as well as all ollama configs and everything works as expected (cc @codefromthecrypt) **Related Issues/PRs (if applicable)** envoyproxy/gateway#7427 **Special notes for reviewers (if applicable)** This requires upgrading to the latest EG from main (the change hasn't yet been cherry-picked to the 1.6 release branch). Opening as a draft to avoid bumping the EG dependency beyond 1.6 until we release. Signed-off-by: Ignasi Barrera <ignasi@tetrate.io> Signed-off-by: Ignasi Barrera <nacx@apache.org>
nacx
added a commit
to envoyproxy/ai-gateway
that referenced
this pull request
Nov 12, 2025
**Description**
Opening as a draft to get early feedback.
When running in standalone mode, it allows running and proxying `stdio`
MCP servers. This PR only supports defining the servers in the
`servers.json` format, as for now, we don't want to introduce new nouns
for a feature that does not apply to Kubernetes.
With this change, the CLI can be started with a file like the following:
```
aigw run --mcp-json '{
"mcpServers": {
"everything": {
"command": "npx",
"args": ["-y","@modelcontextprotocol/server-everything"]
},
"filesystem": {
"command": "npx",
"args": ["-y","@modelcontextprotocol/server-filesystem"]
}
}
}'
```
**Related Issues/PRs (if applicable)**
Depends on envoyproxy/gateway#7427 for a clean
implementation.
**Special notes for reviewers (if applicable)**
N/A
---------
Signed-off-by: Ignasi Barrera <ignasi@tetrate.io>
Signed-off-by: Ignasi Barrera <nacx@apache.org>
hustxiayang
pushed a commit
to hustxiayang/ai-gateway
that referenced
this pull request
Nov 13, 2025
…nvoyproxy#1501) **Description** Now that EG has merged the patch that allows using `localhost` in Backends when running in standalone mode, we can remove the uses of `.nip.io` we were using to overcome the limitation when proxying local Ollama LLMs or local MCP servers. I've verified all Docker guides we had as well as all ollama configs and everything works as expected (cc @codefromthecrypt) **Related Issues/PRs (if applicable)** envoyproxy/gateway#7427 **Special notes for reviewers (if applicable)** This requires upgrading to the latest EG from main (the change hasn't yet been cherry-picked to the 1.6 release branch). Opening as a draft to avoid bumping the EG dependency beyond 1.6 until we release. Signed-off-by: Ignasi Barrera <ignasi@tetrate.io> Signed-off-by: Ignasi Barrera <nacx@apache.org> Signed-off-by: yxia216 <yxia216@bloomberg.net>
hustxiayang
pushed a commit
to hustxiayang/ai-gateway
that referenced
this pull request
Nov 13, 2025
**Description**
Opening as a draft to get early feedback.
When running in standalone mode, it allows running and proxying `stdio`
MCP servers. This PR only supports defining the servers in the
`servers.json` format, as for now, we don't want to introduce new nouns
for a feature that does not apply to Kubernetes.
With this change, the CLI can be started with a file like the following:
```
aigw run --mcp-json '{
"mcpServers": {
"everything": {
"command": "npx",
"args": ["-y","@modelcontextprotocol/server-everything"]
},
"filesystem": {
"command": "npx",
"args": ["-y","@modelcontextprotocol/server-filesystem"]
}
}
}'
```
**Related Issues/PRs (if applicable)**
Depends on envoyproxy/gateway#7427 for a clean
implementation.
**Special notes for reviewers (if applicable)**
N/A
---------
Signed-off-by: Ignasi Barrera <ignasi@tetrate.io>
Signed-off-by: Ignasi Barrera <nacx@apache.org>
Signed-off-by: yxia216 <yxia216@bloomberg.net>
missBerg
pushed a commit
to missBerg/ai-gateway
that referenced
this pull request
Dec 20, 2025
…nvoyproxy#1501) **Description** Now that EG has merged the patch that allows using `localhost` in Backends when running in standalone mode, we can remove the uses of `.nip.io` we were using to overcome the limitation when proxying local Ollama LLMs or local MCP servers. I've verified all Docker guides we had as well as all ollama configs and everything works as expected (cc @codefromthecrypt) **Related Issues/PRs (if applicable)** envoyproxy/gateway#7427 **Special notes for reviewers (if applicable)** This requires upgrading to the latest EG from main (the change hasn't yet been cherry-picked to the 1.6 release branch). Opening as a draft to avoid bumping the EG dependency beyond 1.6 until we release. Signed-off-by: Ignasi Barrera <ignasi@tetrate.io> Signed-off-by: Ignasi Barrera <nacx@apache.org> Signed-off-by: Erica Hughberg <erica.sundberg.90@gmail.com>
missBerg
pushed a commit
to missBerg/ai-gateway
that referenced
this pull request
Dec 20, 2025
**Description**
Opening as a draft to get early feedback.
When running in standalone mode, it allows running and proxying `stdio`
MCP servers. This PR only supports defining the servers in the
`servers.json` format, as for now, we don't want to introduce new nouns
for a feature that does not apply to Kubernetes.
With this change, the CLI can be started with a file like the following:
```
aigw run --mcp-json '{
"mcpServers": {
"everything": {
"command": "npx",
"args": ["-y","@modelcontextprotocol/server-everything"]
},
"filesystem": {
"command": "npx",
"args": ["-y","@modelcontextprotocol/server-filesystem"]
}
}
}'
```
**Related Issues/PRs (if applicable)**
Depends on envoyproxy/gateway#7427 for a clean
implementation.
**Special notes for reviewers (if applicable)**
N/A
---------
Signed-off-by: Ignasi Barrera <ignasi@tetrate.io>
Signed-off-by: Ignasi Barrera <nacx@apache.org>
Signed-off-by: Erica Hughberg <erica.sundberg.90@gmail.com>
Contributor
|
I think we need to change this because this seems overly restricted for standalone mode. for example, it breaks docker based names in ways extremely hard to figure out. for example, in docker-compose, if your collector is named "otel", and everything in the same compose exports to that, envoy host mode launches can't because the exception to the dots rule is literally "localhost" only. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
This PR updates the translator to allow defining
Backendresources that representlocalhostor local addresses when running in standalone mode with theHostinfrastructure provider.What this PR does / why we need it:
The Warning in the Backend Routing section explains why it is not secure to allow defining backend objects pointing to
localhost. The threat model is applicable to Kubernetes environments, but when Envoy Gateway is running in standalone mode on a user's laptop, everything is self-contained in the same process, and the threat model does not apply: there is just a single persona configuring and using the system, and everything is in the same process and configuration domain.Allowing the use of
localhostreferences ONLY when running in this host infrastructure model would enable important use cases, such as being able to proxy local services (very handy when developing), and also a couple of important use cases for the Envoy AI Gateway project:Which issue(s) this PR fixes:
N/A