Skip to content

fix: add validation for request buffer limit#7687

Merged
arkodg merged 2 commits intoenvoyproxy:mainfrom
kkk777-7:add-validate-reqbuffer-limit
Dec 17, 2025
Merged

fix: add validation for request buffer limit#7687
arkodg merged 2 commits intoenvoyproxy:mainfrom
kkk777-7:add-validate-reqbuffer-limit

Conversation

@kkk777-7
Copy link
Copy Markdown
Member

@kkk777-7 kkk777-7 commented Dec 7, 2025

What this PR does / why we need it:
Added gatewayapi layer validation for request buffer limit in BackendTrafficPolicy.

Which issue(s) this PR fixes:

Fixes #7677

Release Notes: Yes

@kkk777-7
fix: add validation for request buffer limit
00162ed 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7 kkk777-7 requested a review from a team as a code owner December 7, 2025 15:42
@codecov
Copy link
Copy Markdown

codecov bot commented Dec 7, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 80.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 72.38%. Comparing base (343aeb3) to head (322fa8b).
⚠️ Report is 8 commits behind head on main.

Files with missing lines Patch % Lines
internal/gatewayapi/backendtrafficpolicy.go 80.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7687      +/-   ##
==========================================
- Coverage   72.42%   72.38%   -0.04%     
==========================================
  Files         234      234              
  Lines       34538    34542       +4     
==========================================
- Hits        25013    25003      -10     
- Misses       7737     7752      +15     
+ Partials     1788     1787       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

jukie
jukie previously approved these changes Dec 7, 2025
View reviewed changes
@zirain
Copy link
Copy Markdown
Member

zirain commented Dec 7, 2025

is it possible to validate this with CEL?

arkodg
arkodg previously approved these changes Dec 8, 2025
View reviewed changes
@kkk777-7
Copy link
Copy Markdown
Member Author

kkk777-7 commented Dec 8, 2025

is it possible to validate this with CEL?

I've thought about this a bit, but given the possible input types, it seems somewhat difficult to implement strict validation at the CRD layer.
https://github.com/envoyproxy/gateway/blob/main/api/v1alpha1/backendtrafficpolicy_types.go#L181-L183

I feel it’s best to limit the CRD validation to format checks and handle min/max constraints within the application code instead. What do you think?

@kkk777-7
Merge branch 'main' into add-validate-reqbuffer-limit
322fa8b 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7 kkk777-7 dismissed stale reviews from arkodg and jukie via 322fa8b December 15, 2025 05:24
@kkk777-7
Copy link
Copy Markdown
Member Author

kkk777-7 commented Dec 16, 2025

/retest

@arkodg arkodg merged commit 3e6e994 into envoyproxy:main Dec 17, 2025
53 of 55 checks passed
millermatt pushed a commit to millermatt/envoy-gateway that referenced this pull request Jan 4, 2026
@kkk777-7 @millermatt
fix: add validation for request buffer limit (envoyproxy#7687)
cdb9698 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: Matt Miller <millermatt@outlook.com>
zirain pushed a commit to zirain/gateway that referenced this pull request Jan 8, 2026
@kkk777-7 @zirain
fix: add validation for request buffer limit (envoyproxy#7687)
019e7b4 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
rudrakhp pushed a commit to rudrakhp/gateway that referenced this pull request Jan 8, 2026
@kkk777-7 @rudrakhp
fix: add validation for request buffer limit (envoyproxy#7687)
7195c04 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>
zirain added a commit that referenced this pull request Jan 9, 2026
@zirain @kkk777-7
@rudrakhp @zhaohuabing
[release-1.5] cherry pick for v1.5.7 (#7889)
ef41d25 
* fix: set observedGeneration in envoy patch policy (#7715)

* fix: set observedGeneration in envoy patch policy

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

* add release note

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

---------

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* fix: add validation for request buffer limit (#7687)

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* fix: setting externalTrafficPolicy for NodePort service type (#7823)

Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* fix: make port-forward worked for OTel collector on port 19001 (#7860)

Signed-off-by: zirain <zirain2009@gmail.com>

* chore: fix goroutine leak (#7880)

fix goroutine leak

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>

* fix gen

Signed-off-by: zirain <zirain2009@gmail.com>

* bump envoy to 1.35.8

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com>
Co-authored-by: Rudrakh Panigrahi <rudrakh97@gmail.com>
Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
rudrakhp added a commit that referenced this pull request Jan 9, 2026
@rudrakhp @kkk777-7
@zirain @zhaohuabing
[release/v1.6] Cherrypick/v1.6.2 (#7893)
633fb3c 
* fix: set observedGeneration in envoy patch policy (#7715)

* fix: set observedGeneration in envoy patch policy

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

* add release note

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>

---------

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>

* fix: add validation for request buffer limit (#7687)

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>

* fix: nil pointer error when applying BackendTrafficPolicy to HTTPRoute with no backendRefs (#7765)

* fix: checking route section name in backend traffic policy

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>

* fix: setting externalTrafficPolicy for NodePort service type (#7823)

Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>

* fix: add indexing and processing for CRL references in ClientTrafficPolicies (#7829)

Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>

* feat: change the benchmark report to json format (#6818)

* benchmark json output

Signed-off-by: zirain <zirain2009@gmail.com>

* fix

Signed-off-by: zirain <zirain2009@gmail.com>

* fix

Signed-off-by: zirain <zirain2009@gmail.com>

* fix lint

Signed-off-by: zirain <zirain2009@gmail.com>

* fix

Signed-off-by: zirain <zirain2009@gmail.com>

* revert

Signed-off-by: zirain <zirain2009@gmail.com>

* fix seconds

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>

* bechmark: scale up RPS to test data plane CPU performance (#7810)

* Scale up RPS to test data plane CPU performance

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* set duration to 120s

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* discard invalid samples

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* change scrape interval to 10s

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* remove invalid cpu sampling data

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* reduce duration to 60

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* fix benchmark end time

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* fix data plane benchmark start time

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* increase test time to get more samples

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* adjust rps for each scale

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* address comments

Signed-off-by: Huabing(Robin) Zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing(Robin) Zhao <zhaohuabing@gmail.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>

* fix: make port-forward worked for OTel collector on port 19001 (#7860)

Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>

* chore: fix goroutine leak (#7880)

fix goroutine leak

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>

* fix gen-check

Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>

---------

Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing(Robin) Zhao <zhaohuabing@gmail.com>
Co-authored-by: Kota Kimura <86363983+kkk777-7@users.noreply.github.com>
Co-authored-by: zirain <zirain2009@gmail.com>
Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zirain zirain zirain approved these changes

@arkodg arkodg arkodg approved these changes

@jukie jukie jukie left review comments

Assignees

No one assigned

Labels

cherrypick/release-v1.5.7 cherrypick/release-v1.6.2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

BackendTrafficPolicy does not validate maximum value of requestBuffer.limit

4 participants

@kkk777-7 @zirain @arkodg @jukie