Skip to content

Rebases and Resolves Review Feedback#3

Merged
lizan merged 113 commits intolizan:authn_policy_docfrom
danehans:lizan_authn_policy_doc_update
Nov 16, 2022
Merged

Rebases and Resolves Review Feedback#3
lizan merged 113 commits intolizan:authn_policy_docfrom
danehans:lizan_authn_policy_doc_update

Conversation

@danehans
Copy link
Copy Markdown

@danehans danehans commented Nov 11, 2022
edited
Loading

-Rebases from main branch.

  • Adds additional details to implementation examples.

Signed-off-by: danehans daneyonhansen@gmail.com

Xunzhuo and others added 30 commits October 10, 2022 08:06
@Xunzhuo
fix(conformance): add HTTPRouteHeaderMatching case (envoyproxy#532)
fcdb9b1 
Signed-off-by: bitliu <bitliu@tencent.com>
@Xunzhuo
fix: cobra mismatched comments (envoyproxy#525)
34afca0 
Signed-off-by: bitliu <bitliu@tencent.com>
@Xunzhuo
fix: set correct listenerContext order (envoyproxy#535)
ce1aa35 
fix: set correct listener context order

Signed-off-by: bitliu <bitliu@tencent.com>
@Xunzhuo
fix: make kube-undeploy target failed (envoyproxy#528)
81eb817 
Signed-off-by: bitliu <bitliu@tencent.com>
@arkodg
provider: only store resource if spec has changed (envoyproxy#480)
a370277 
* provider: only store resource if spec has changed

Leverage the metadata.Generation field to consider whether
to update the newly reconciled resource into the watchable map
which will trigger translations in the backend.

Fixes: envoyproxy#407

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
@arkodg
remove xds ir listener sort (envoyproxy#537)
8462fe8 
No longer needed now that order is maintained
by using a list, thanks to envoyproxy#535

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
@danehans
Merges Release Manifests (envoyproxy#510)
872c7f5 
Signed-off-by: danehans <daneyonhansen@gmail.com>

Signed-off-by: danehans <daneyonhansen@gmail.com>
@chauhanshubham
TLS Passthrough support (envoyproxy#402)
b9ed6df 
* TLS Passthrough support

This commit adds a tlsroute controller which is further used
to configure tls passthrough in envoy.

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* Adding tlsroute experimental crd in testdata

update gatewayclass/gateway/httproute experimental
CRDs to use standard schemas

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* keep other testdata changes out of this PR

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* added testcases for tlsroutes, include serviceport in irInfraPortName

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* lintfix

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* tlroute kubernetes provider test

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* added xds tls config validate test for passthrough

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* types test tlsroute

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* test fixes

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* xds config tests for tls passthrough

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* increase test coverage

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* testfix

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* separate xds tls listener

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

testfix

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* additional xds validate tests

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* tlsroute refgrant test

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* add rbac permissions for tlsroute

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* updates post rebase

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* add status updater, gateway watcher for tlsroute

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* add status update framework for tlsroute

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* lintfix, testfix, fix post rebase

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* yet another lintfix

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* refactor tlslistener/route -> tcplistener/route, xds updates

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* missed a file

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* lintfix

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* rebase, review comments

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* minor testfix

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* more

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* review comments, status deepcopy, check routes in ns

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* revert bad import, testfix, new test

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

* rev sort

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>

Signed-off-by: Shubham Chauhan <shubham@tetrate.io>
@Xunzhuo @arkodg
feat: implement liveness and readiness probes (envoyproxy#524)
4d8d9f6 
* feat: implement liveness and readiness probes

Signed-off-by: bitliu <bitliu@tencent.com>

* fix: remove duplicate case

Signed-off-by: bitliu <bitliu@tencent.com>

* Fix merge conflicts

Signed-off-by: Arko Dasgupta <arkodg@users.noreply.github.com>

Signed-off-by: bitliu <bitliu@tencent.com>
Signed-off-by: Arko Dasgupta <arkodg@users.noreply.github.com>
Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com>
@danehans
Adds TLS Termination Support (envoyproxy#519)
3ed86df 
* Adds Support for TLS Termination

Signed-off-by: danehans <daneyonhansen@gmail.com>

* Resolves @arkodg Feedback

Signed-off-by: danehans <daneyonhansen@gmail.com>

* Resolves @arkodg 10-11-22 Feedback

Signed-off-by: danehans <daneyonhansen@gmail.com>

Signed-off-by: danehans <daneyonhansen@gmail.com>
@Xunzhuo @arkodg
chore: run conformance tests with identical ports (envoyproxy#534)
5801e0b 
* chore: run conformance tests with identical ports

Signed-off-by: bitliu <bitliu@tencent.com>

Signed-off-by: bitliu <bitliu@tencent.com>
Signed-off-by: Arko Dasgupta <arkodg@users.noreply.github.com>
Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com>
@arkodg
rm duplicate HTTPRouteHeaderMatching test (envoyproxy#541)
6ad3c0c 
Signed-off-by: Arko Dasgupta <arko@tetrate.io>
@danehans
Consolidates Quickstart Manifests (envoyproxy#511)
03be9f4 
Signed-off-by: danehans <daneyonhansen@gmail.com>

Signed-off-by: danehans <daneyonhansen@gmail.com>
Update example manifest apiversion (envoyproxy#544)
5d5c28e 
update example manifest apiversion

Signed-off-by: AliceProxy <alicewasko@datawire.io>
@danehans
Updates ParentRef Status Conditions (envoyproxy#495)
2fb3ca8 
* Updates ParentRef Status Conditions

Signed-off-by: danehans <daneyonhansen@gmail.com>

* Resolved @skriss 10-11-22 Feedback

Signed-off-by: danehans <daneyonhansen@gmail.com>

Signed-off-by: danehans <daneyonhansen@gmail.com>
@danehans
Removes run-kube-local Target (envoyproxy#552)
01a638c 
Signed-off-by: danehans <daneyonhansen@gmail.com>
@Xunzhuo
chore: add local shellcheck tools (envoyproxy#521)
0be1aef 
Signed-off-by: bitliu <bitliu@tencent.com>
@danehans
Fixes URL in Quickstart Doc (envoyproxy#560)
2103195 
Signed-off-by: danehans <daneyonhansen@gmail.com>
@Xunzhuo
chore: set IMAGE to release-manifests (envoyproxy#553)
75f93c1 
Signed-off-by: bitliu <bitliu@tencent.com>
@Xunzhuo
feat: set mgr to interface (envoyproxy#530)
61f0999 
Signed-off-by: bitliu <bitliu@tencent.com>

Signed-off-by: bitliu <bitliu@tencent.com>
@Xunzhuo
fix: remove deprecated set-output in release pipeline (envoyproxy#568)
6a1ced2 
fix: remove deprecated set-output

Signed-off-by: bitliu <bitliu@tencent.com>
@fredgineer
docs: correcting route ref, system design (envoyproxy#570)
d36d140 
Signed-off-by: Fredrik Geijer Haeggström <fredrik.g.haeggstrom@gmail.com>
@LukeShu
Fix intermittent failures (envoyproxy#557)
319bcb9 
* .gitignore: Ignore `vendor/` directories

Signed-off-by: Luke Shumaker <lukeshu@datawire.io>

* xds translator: Fix racy startup

If the watchable.Map has content in it already when .Subscribe() is called
on it, then those initial entries won't have a snapshot.Updates entry in
that first snapshot.  For the first snapshot we just need to iterate over
snapshot.State.

Signed-off-by: Luke Shumaker <lukeshu@datawire.io>

* provider tests: Fix running the test multiple times

controller-runtime.SetupSignalHandler() panics if called more than once in
a process.  So running the test multiple times (`go test -count=2`)
reliably causes the test to panic.

So don't use ctrl.SetupSignalHandler() in unit tests.

Signed-off-by: Luke Shumaker <lukeshu@datawire.io>

* Add and use a new watchutil.HandleSubscription function

As the added godoc comment says, "This is better than iterating over
snapshot.Updates because it handles the case where the the watchable.Map
already contains entries before .Subscribe is called."

The generalizes the fix that I made in the XDS translator.

Signed-off-by: Luke Shumaker <lukeshu@datawire.io>

* docs: Add a bit to watching.md about HandleSubscription

Signed-off-by: Luke Shumaker <lukeshu@datawire.io>

* Move HandleSubscription et al. around per Arko's feedback

I was going to do a type alias for `watchable.Update`, but:

    internal/message/watchutil.go:7:6: generic type cannot be alias

So I just defined a new child type, which is fine because there aren't any
methods on Update.

Signed-off-by: Luke Shumaker <lukeshu@datawire.io>
Hash ir/infra resources (envoyproxy#559)
39456ca 
* infra: hash resources with long names

Signed-off-by: AliceProxy <alicewasko@datawire.io>

* add tests for hashing resources

Signed-off-by: AliceProxy <alicewasko@datawire.io>

* hashing: replace sha1 with sha256

Signed-off-by: AliceProxy <alicewasko@datawire.io>

* hashing: only use 8 chars

Signed-off-by: AliceProxy <alicewasko@datawire.io>

* ir/infra: always hash resource names

Signed-off-by: AliceProxy <alicewasko@datawire.io>

* update all test manifests with hashed names

Signed-off-by: AliceProxy <alicewasko@datawire.io>

* only hash necessary resources

Signed-off-by: AliceProxy <alicewasko@datawire.io>

* update test manifests

Signed-off-by: AliceProxy <alicewasko@datawire.io>

Signed-off-by: AliceProxy <alicewasko@datawire.io>
@danehans
Adds Release Doc (envoyproxy#325)
6a387d3 
* Adds Release Doc

Signed-off-by: danehans <daneyonhansen@gmail.com>

* Resolves Arko and Luke review feedback

Signed-off-by: danehans <daneyonhansen@gmail.com>

* Removes the step to link release notes

Signed-off-by: danehans <daneyonhansen@gmail.com>

Signed-off-by: danehans <daneyonhansen@gmail.com>
@skriss
use RefNotPermitted reason for invalid cross-namespace TLS cert ref (e…
d8bb99b 
…nvoyproxy#580)

* use RefNotPermitted reason for invalid cross-namespace TLS cert ref

Closes envoyproxy#538.

Signed-off-by: Steve Kriss <krisss@vmware.com>
@Xunzhuo
feat: support markdown resources (envoyproxy#571)
0cf2f87 
* feat: support markdown resources

Signed-off-by: bitliu <bitliu@tencent.com>

* update

Signed-off-by: bitliu <bitliu@tencent.com>

Signed-off-by: bitliu <bitliu@tencent.com>
@danehans
Moves Changelogs to Release Notes (envoyproxy#546)
3845583 
* Moves Changelogs to Release Notes

Signed-off-by: danehans <daneyonhansen@gmail.com>

* Adds release-artifacts target with release notes

Signed-off-by: danehans <daneyonhansen@gmail.com>

Signed-off-by: danehans <daneyonhansen@gmail.com>
@danehans
Adds HTTPRouting User Doc (envoyproxy#558)
5e3db60 
Signed-off-by: danehans <daneyonhansen@gmail.com>

Signed-off-by: danehans <daneyonhansen@gmail.com>
@danehans
Updates Dev Doc to Use Gateway Ns/Name (envoyproxy#561)
1caaa48 
Signed-off-by: danehans <daneyonhansen@gmail.com>

Signed-off-by: danehans <daneyonhansen@gmail.com>
danehans and others added 25 commits November 3, 2022 12:10
@danehans
Fixes README Broken Links (envoyproxy#693)
c147218 
Signed-off-by: danehans <daneyonhansen@gmail.com>
@skriss
run conformance tests on three Kubernetes versions (envoyproxy#681)
80c78a5 
* run conformance tests on three Kubernetes versions

Closes envoyproxy#493.

Signed-off-by: Steve Kriss <krisss@vmware.com>

* serialize conformance runs on single runner

Signed-off-by: Steve Kriss <krisss@vmware.com>
@danehans
Updates User Docs to Use Echoserver (envoyproxy#694)
976366f 
Signed-off-by: danehans <daneyonhansen@gmail.com>

Signed-off-by: danehans <daneyonhansen@gmail.com>
@danehans
Cleans-Up Docs (envoyproxy#640)
54d44d5 
Signed-off-by: danehans <daneyonhansen@gmail.com>
@zhaohuabing @arkodg
Explain the non-transparent mode design decision for TCP/UDP (envoypr…
f751581 
…oxy#685)

* explain the non-transparent mode design decision for TCP/UDP

Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com>
@zhaohuabing
add ir for udp route (envoyproxy#646)
7c6c37a 
* add ir for udp route envoyproxy#641

Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
@Xunzhuo
feat: support multi-release versions (envoyproxy#698)
7db9a40 
Signed-off-by: bitliu <bitliu@tencent.com>
@Xunzhuo
feat: set envoyproxy image to envoy-dev latest in main (envoyproxy#712)
672a0cc 
feat: set envoy image to dev latest

Signed-off-by: bitliu <bitliu@tencent.com>
@Xunzhuo
fix: incorrect level of envoy-gateway configmap vars (envoyproxy#711)
6f800aa 
* fix: incorrect level of envoy-gateway configmap

Signed-off-by: bitliu <bitliu@tencent.com>
translator: add accesslog (envoyproxy#704)
0446430 
* translator: add accesslog

Signed-off-by: hejianpeng <hejianpeng2@huawei.com>
@arkodg
Update roadmap for v0.3.0 (envoyproxy#695)
9eecce6 
* Update roadmap for v0.3.0

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
@arkodg
Enhance HTTP IR to support GRPCRoute (envoyproxy#666)
13875fa 
Relates to envoyproxy#642

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
@zhaohuabing
xds translator for udp route (envoyproxy#709)
2a3c995 
* xds translator for udp route

Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
@arkodg
Add new Xds IR TCP Listener per TLSRoute (envoyproxy#696)
b7502ce 
* had to also append the TLSRoute name to the listener to make it unique

Fixes: envoyproxy#691

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
@danehans
Updates Readme Slack and Google Group (envoyproxy#715)
bb2df7c 
Updates Readme Slack and Google Group

Signed-off-by: danehans <daneyonhansen@gmail.com>
@arkodg
add xds translation for http2 (envoyproxy#718)
ee75e3b 
Relates to envoyproxy#642

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
@danehans
Fixes Envoy Deployment Ref in Dev Doc (envoyproxy#722)
c1f2585
@lizan @danehans
Add authn policy design with JWT only
36e65c1 
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
@lizan @arkodg @danehans
Update docs/design/authentication_policy.md
1228478 
Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com>
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
@lizan @arkodg @danehans
Update docs/design/authentication_policy.md
ba5b9b6 
Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com>
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
@danehans
Refactors request auth design doc
69923b3 
Signed-off-by: danehans <daneyonhansen@gmail.com>
@lizan @danehans
Add authn policy design with JWT only
d821123 
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
@lizan @arkodg @danehans
Update docs/design/authentication_policy.md
33772f7 
Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com>
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
@lizan @arkodg @danehans
Update docs/design/authentication_policy.md
aa4c617 
Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com>
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
@danehans
Resolves Review Feedback
12f33db 
Signed-off-by: danehans <daneyonhansen@gmail.com>
@danehans danehans force-pushed the lizan_authn_policy_doc_update branch from 22a6705 to 12f33db Compare November 11, 2022 21:41
@danehans danehans changed the title Resolves Review Feedback Rebases Resolves Review Feedback Nov 11, 2022
@danehans
Copy link
Copy Markdown
Author

danehans commented Nov 11, 2022

@lizan all changes other than docs/latest/design/request-authentication.md are from the rebase.

@lizan lizan merged commit 90ed4e2 into lizan:authn_policy_doc Nov 16, 2022
@danehans danehans changed the title Rebases Resolves Review Feedback Rebases and Resolves Review Feedback Nov 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.