fix: add ownerReferences to ratelimit ConfigMap and HPA#8358
Merged
arkodg merged 2 commits intoenvoyproxy:mainfrom Mar 7, 2026
Merged
fix: add ownerReferences to ratelimit ConfigMap and HPA#8358arkodg merged 2 commits intoenvoyproxy:mainfrom
arkodg merged 2 commits intoenvoyproxy:mainfrom
Conversation
✅ Deploy Preview for cerulean-figolla-1f9435 canceled.
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds ownerReferences to the ratelimit ConfigMap (statsd-exporter-config) and HorizontalPodAutoscaler resources to ensure proper garbage collection when the parent envoy-gateway Deployment is deleted. This fixes an inconsistency where other ratelimit resources (Service, ServiceAccount, Deployment, and PodDisruptionBudget) already had ownerReferences, but ConfigMap and HPA were missing them.
Changes:
- Added ownerReferences to ratelimit ConfigMap by calling
r.ownerReferences()helper method - Added ownerReferences to ratelimit HorizontalPodAutoscaler by calling
r.ownerReferences()helper method - Updated test data files to reflect the new ownerReferences in generated resources
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| internal/infrastructure/kubernetes/ratelimit/resource_provider.go | Added OwnerReferences field to ConfigMap and HPA ObjectMeta using the existing ownerReferences() helper method |
| internal/infrastructure/kubernetes/ratelimit/testdata/envoy-ratelimit-configmap.yaml | Updated test data to include ownerReferences for validation |
| internal/infrastructure/kubernetes/ratelimit/testdata/hpa/default.yaml | Updated test data to include ownerReferences for validation |
| internal/infrastructure/kubernetes/ratelimit/testdata/hpa/custom.yaml | Updated test data to include ownerReferences for validation |
| internal/infrastructure/kubernetes/ratelimit/testdata/hpa/with-deployment-name.yaml | Updated test data to include ownerReferences for validation |
| internal/infrastructure/kubernetes/ratelimit/testdata/hpa/with-name.yaml | Updated test data to include ownerReferences for validation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #8358 +/- ##
==========================================
+ Coverage 74.18% 74.19% +0.01%
==========================================
Files 242 242
Lines 37310 37312 +2
==========================================
+ Hits 27678 27684 +6
+ Misses 7698 7696 -2
+ Partials 1934 1932 -2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Member
|
can you add release notes for this? |
zirain
approved these changes
Mar 2, 2026
cnvergence
approved these changes
Mar 2, 2026
Signed-off-by: Tejasriram Parvathaneni <tejaparvathaneni90@gmail.com>
634f2af to
f83ab75
Compare
kkk777-7
approved these changes
Mar 6, 2026
jukie
approved these changes
Mar 6, 2026
Contributor
|
/retest |
|
@arkodg did this reference the correct issue? The description does not match imo. |
Contributor
|
yeah good point, i'll reopen #8209 |
jukie
pushed a commit
that referenced
this pull request
Mar 12, 2026
* api: make ConnectionLimit.Value optional (#8478) * api: make ConnectionLimit.Value optional Signed-off-by: Felipe Sabadini Facina <fsabadini@hotmail.com> * release-notes: add entry for ConnectionLimit.Value optional Signed-off-by: Felipe Sabadini Facina <fsabadini@hotmail.com> * fix: add CEL rule to require value when closeDelay is set Signed-off-by: Felipe Sabadini Facina <fsabadini@hotmail.com> --------- Signed-off-by: Felipe Sabadini Facina <fsabadini@hotmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix up release notes Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: aggregate xRoute/xPolicy statuses across GWCs in gateway-api runner (#8387) * fix: aggregate xRoute/xPolicy statuses across GWCs in gateway-api runner Signed-off-by: y-rabie <youssef.rabie@procore.com> * polish Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * add e2e test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * release note Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * truncate policy status & add tests Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: y-rabie <youssef.rabie@procore.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: y-rabie <youssef.rabie@procore.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: active health check respect endpoint hostname (#8452) revert unrelated changes Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: exclude unmanaged route parents from xPolicy status ancestors (#8321) * add test for mixed managed and unmanaged Gateway parents Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix the policy status when the targeting routes have managed and unmanged Gateway parents Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: add ownerReferences to ratelimit ConfigMap and HPA (#8358) Signed-off-by: Tejasriram Parvathaneni <tejaparvathaneni90@gmail.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: computeHosts doesn't work when listener and route both wildcard (#8186) * fix: computeHosts doesn't work when listener and route both wildcard Signed-off-by: zirain <zirain2009@gmail.com> * remove skipped tests Signed-off-by: zirain <zirain2009@gmail.com> * Update internal/gatewayapi/helpers.go Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: fixed local object reference resolution from parent in merged BackendTrafficPolicies (#8210) Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: XListenerSet allows route from same namespace (#8226) Previously, using allowedRoutes/Same for an XListenerSet with an xRoute in the same namespace would return an error. Now it properly allows xRoutes from the same namespace. Signed-off-by: Kris Hicks <khicks@nvidia.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix: API key auth (#8267) * add test for multiple keys Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * revert secret transform Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * fix gen-check Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * add release notes Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> * add release notes for envoy proxy image Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> --------- Signed-off-by: Felipe Sabadini Facina <fsabadini@hotmail.com> Signed-off-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: y-rabie <youssef.rabie@procore.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Tejasriram Parvathaneni <tejaparvathaneni90@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Signed-off-by: Kris Hicks <khicks@nvidia.com> Co-authored-by: Felipe Sabadini Facina <fsabadini@hotmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: y-rabie <youssef.rabie@procore.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: Tejasriram Parvathaneni <tejaparvathaneni90@gmail.com> Co-authored-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Co-authored-by: Kris Hicks <khicks@nvidia.com>
rudrakhp
added a commit
that referenced
this pull request
Mar 12, 2026
* fix: fixed local object reference resolution from parent in merged BackendTrafficPolicies (#8210) Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: exclude unmanaged route parents from xPolicy status ancestors (#8321) * add test for mixed managed and unmanaged Gateway parents Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix the policy status when the targeting routes have managed and unmanged Gateway parents Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * fix test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: computeHosts doesn't work when listener and route both wildcard (#8186) * fix: computeHosts doesn't work when listener and route both wildcard Signed-off-by: zirain <zirain2009@gmail.com> * remove skipped tests Signed-off-by: zirain <zirain2009@gmail.com> * Update internal/gatewayapi/helpers.go Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: aggregate xRoute/xPolicy statuses across GWCs in gateway-api runner (#8387) * fix: aggregate xRoute/xPolicy statuses across GWCs in gateway-api runner Signed-off-by: y-rabie <youssef.rabie@procore.com> * polish Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * add e2e test Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * release note Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * truncate policy status & add tests Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> * update Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> --------- Signed-off-by: y-rabie <youssef.rabie@procore.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: y-rabie <youssef.rabie@procore.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix: add ownerReferences to ratelimit ConfigMap and HPA (#8358) Signed-off-by: Tejasriram Parvathaneni <tejaparvathaneni90@gmail.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * api: make ConnectionLimit.Value optional (#8478) * api: make ConnectionLimit.Value optional Signed-off-by: Felipe Sabadini Facina <fsabadini@hotmail.com> * release-notes: add entry for ConnectionLimit.Value optional Signed-off-by: Felipe Sabadini Facina <fsabadini@hotmail.com> * fix: add CEL rule to require value when closeDelay is set Signed-off-by: Felipe Sabadini Facina <fsabadini@hotmail.com> --------- Signed-off-by: Felipe Sabadini Facina <fsabadini@hotmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix test race (#8180) * fix test race Signed-off-by: zirain <zirain2009@gmail.com> * use io.Discard Signed-off-by: zirain <zirain2009@gmail.com> * use sync.WaitGroup Signed-off-by: zirain <zirain2009@gmail.com> --------- Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: Isaac Wilson <isaac.wilson514@gmail.com> Co-authored-by: Isaac Wilson <isaac.wilson514@gmail.com> Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> * fix gen check Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> --------- Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: y-rabie <youssef.rabie@procore.com> Signed-off-by: Tejasriram Parvathaneni <tejaparvathaneni90@gmail.com> Signed-off-by: Felipe Sabadini Facina <fsabadini@hotmail.com> Signed-off-by: Isaac Wilson <isaac.wilson514@gmail.com> Co-authored-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com> Co-authored-by: y-rabie <youssef.rabie@procore.com> Co-authored-by: Teja079 <117351771+Teja079@users.noreply.github.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: Felipe Sabadini <fsabadini@hotmail.com> Co-authored-by: Isaac Wilson <isaac.wilson514@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
fix
What this PR does / why we need it:
The ratelimit ConfigMap (statsd-exporter-config) and HorizontalPodAutoscaler were missing ownerReferences, even though every other ratelimit resource Service, ServiceAccount, Deployment and PodDisruptionBudget already has them. Without these, Kubernetes won't automatically clean up the ConfigMap and HPA when the parent envoy-gateway Deployment is deleted, leaving orphaned resources behind.
The fix is straightforward both resources now call the existing ownerReferences() helper that PodDisruptionBudget was already using.
Which issue(s) this PR fixes:
Fixes #8209
Release Notes: Yes
Added ownerReferences to ratelimit ConfigMap and HorizontalPodAutoscaler so they are properly garbage-collected when the envoy-gateway Deployment is removed.