Skip to content

[release-1.5] cherry-pick for v1.5.6#7665

Merged
jukie merged 10 commits intoenvoyproxy:release/v1.5from
jukie:cherry-pick/v1.5.6
Dec 5, 2025
Merged

[release-1.5] cherry-pick for v1.5.6#7665
jukie merged 10 commits intoenvoyproxy:release/v1.5from
jukie:cherry-pick/v1.5.6

Conversation

@jukie
Copy link
Copy Markdown
Contributor

@jukie jukie commented Dec 5, 2025

No description provided.

@jukie jukie requested a review from a team as a code owner December 5, 2025 03:45
Hackzzila and others added 6 commits December 4, 2025 20:51
@Hackzzila @jukie
fix(xds-server): clear snapshot on stream close (envoyproxy#6618)
23fdbe8 
* fix(xds-server): clear snapshot on stream close

Signed-off-by: Zachary Vacura <zvacura@digitalocean.com>

* check if there are other active connections before clearning the snapshot

Signed-off-by: Zachary Vacura <zvacura@digitalocean.com>
Signed-off-by: jukie <10012479+jukie@users.noreply.github.com>
@zhaohuabing @jukie
fix: oidc authentication endpoint was overwritten by discovered value (
5ced175 
…envoyproxy#7460)

fix: oid authentication endpoint was overriden by discovered value

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
Signed-off-by: jukie <10012479+jukie@users.noreply.github.com>
@shreealt @jukie
ci: add script to free disk space (envoyproxy#7534)
971312d 
* feat: free disk space

Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>

* lint

Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>

* cleanup

Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>

* make target and tools/hack

Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>

* lint

Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>

* modular action

Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>

---------

Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>
Signed-off-by: jukie <10012479+jukie@users.noreply.github.com>
@woodgear @jukie
treat too many addresses as programmed (envoyproxy#7542)
37cfeb5 
Signed-off-by: cong <q1875486458@gmail.com>
Signed-off-by: jukie <10012479+jukie@users.noreply.github.com>
@shreealt @jukie
feat: reclaim space in release pipeline (envoyproxy#7587)
28cdacd 
Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>
Signed-off-by: jukie <10012479+jukie@users.noreply.github.com>
@zirain @jukie
chore: bump golang.org/x/crypto (envoyproxy#7588)
eadbb91 
* chore: bump golang.org/x/crypto

Signed-off-by: zirain <zirain2009@gmail.com>

* fix gen

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: jukie <10012479+jukie@users.noreply.github.com>
@jukie jukie force-pushed the cherry-pick/v1.5.6 branch from a0f944c to 6de21cb Compare December 5, 2025 03:51
sudiptob2 and others added 3 commits December 4, 2025 20:55
@sudiptob2 @jukie
findOwningGateway should return controller based on linked GatewayCla…
8c5be88 
…ss (envoyproxy#7611)

* fix: filter Gateway by controller in findOwningGateway

Prevent cross-controller Gateway mutations by validating GatewayClass

Signed-off-by: Sudipto Baral <sudiptobaral.me@gmail.com>
Signed-off-by: jukie <10012479+jukie@users.noreply.github.com>
@zirain @jukie
fix: use default when namespace is unset (envoyproxy#7612)
55fd711 
* fix: use default when namespace is unset

Signed-off-by: zirain <zirain2009@gmail.com>

* fix

Signed-off-by: zirain <zirain2009@gmail.com>

* fix test

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: jukie <10012479+jukie@users.noreply.github.com>
@rajsinghtech @jukie
fix: prevent skeleton route status entries for unmanaged GatewayClass…
a2783a0 
…es (envoyproxy#7536)

* fix: prevent skeleton route status entries for unmanaged GatewayClasses

When processing policies (EnvoyExtensionPolicy, SecurityPolicy), the translator
was calling GetRouteParentContext for ALL parentRefs in a route, even those
referencing gateways with different GatewayClasses not managed by this translator.

GetRouteParentContext creates a skeleton RouteParentStatus entry with just the
controllerName when called on a parentRef that hasn't been processed yet. Since
all GatewayClass instances share the same controller name, these skeleton entries
persisted in status without conditions.

The fix checks if a parentRef context already exists before attempting to apply
policy configuration to it. If the context doesn't exist, it means this parentRef
wasn't processed by this translator and should be skipped.

Signed-off-by: Raj Singh <raj@tailscale.com>

* fix: also prevent skeleton entries in BackendTrafficPolicy processing

The same issue exists in BackendTrafficPolicy route processing - calling
GetRouteParentContext for all parentRefs creates skeleton status entries.

Apply the same fix: check if parentRef context exists before adding to list.

Signed-off-by: Raj Singh <raj@tailscale.com>

---------

Signed-off-by: Raj Singh <raj@tailscale.com>
Signed-off-by: jukie <10012479+jukie@users.noreply.github.com>
@jukie jukie force-pushed the cherry-pick/v1.5.6 branch from 6de21cb to a2783a0 Compare December 5, 2025 03:56
@jukie jukie requested review from zhaohuabing and zirain December 5, 2025 03:56
zhaohuabing
zhaohuabing previously approved these changes Dec 5, 2025
View reviewed changes
@jukie jukie requested a review from rudrakhp December 5, 2025 03:58
@codecov
Copy link
Copy Markdown

codecov bot commented Dec 5, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 53.48837% with 20 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.87%. Comparing base (9b48b8f) to head (9b8df79).
⚠️ Report is 2 commits behind head on release/v1.5.

Files with missing lines Patch % Lines
internal/xds/cache/snapshotcache.go 9.09% 10 Missing ⚠️
internal/gatewayapi/securitypolicy.go 60.00% 3 Missing and 5 partials ⚠️
internal/gatewayapi/envoyextensionpolicy.go 33.33% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@              Coverage Diff              @@
##           release/v1.5    #7665   +/-   ##
=============================================
  Coverage         71.86%   71.87%           
=============================================
  Files               225      225           
  Lines             32348    32380   +32     
=============================================
+ Hits              23248    23272   +24     
- Misses             7417     7425    +8     
  Partials           1683     1683

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jukie
lint
9b8df79 
Signed-off-by: jukie <10012479+jukie@users.noreply.github.com>
@jukie jukie requested review from a team and zhaohuabing December 5, 2025 04:16
@jukie jukie merged commit e5f2588 into envoyproxy:release/v1.5 Dec 5, 2025
23 of 24 checks passed
@jukie jukie deleted the cherry-pick/v1.5.6 branch December 5, 2025 05:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zirain zirain zirain approved these changes

@rudrakhp rudrakhp rudrakhp approved these changes

@zhaohuabing zhaohuabing Awaiting requested review from zhaohuabing

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@jukie @zhaohuabing @zirain @rudrakhp @Hackzzila @shreealt @woodgear @sudiptob2 @rajsinghtech