Skip to content

Commit

Permalink
[release/v1.0] Cherry-pick fixes into v1.0 (#3127)
Browse files Browse the repository at this point in the history
* Run certgen when upgrading (#2934)

run certgen when upgrading

Signed-off-by: huabing zhao <[email protected]>
(cherry picked from commit 62ecf15)
Signed-off-by: Arko Dasgupta <[email protected]>

* Fix: nil secret in resourceversiontable (#2982)

* fix nil secret in resourceversiontable

Signed-off-by: huabing zhao <[email protected]>

* check secrets in the xds result

Signed-off-by: huabing zhao <[email protected]>

---------

Signed-off-by: huabing zhao <[email protected]>
(cherry picked from commit e880439)
Signed-off-by: Arko Dasgupta <[email protected]>

* fix: add missing http filters to the http filter chain (#2970)

* fix: add missing http filters to the http filter chain

Signed-off-by: huabing zhao <[email protected]>

* refactor

Signed-off-by: huabing zhao <[email protected]>

* fix lint

Signed-off-by: huabing zhao <[email protected]>

* add comments

Signed-off-by: huabing zhao <[email protected]>

* remove refactor

Signed-off-by: huabing zhao <[email protected]>

* remove refactor

Signed-off-by: huabing zhao <[email protected]>

* fix gen

Signed-off-by: huabing zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: huabing zhao <[email protected]>
Signed-off-by: Huabing Zhao <[email protected]>
(cherry picked from commit f699edf)
Signed-off-by: Arko Dasgupta <[email protected]>

* fix: allow websockets in url rewrite (#3022)

allow websockets in url rewrite

Signed-off-by: Jesse Haka <[email protected]>
Co-authored-by: zirain <[email protected]>
(cherry picked from commit 3d51933)
Signed-off-by: Arko Dasgupta <[email protected]>

* Set host for http health checker explicitly to avoid using the cluster name as host header for http health checking request. (#3057)

* Set host for http health checker explictly to avoid using the cluster name as host header for http health checking request

Signed-off-by: lemonlinger <[email protected]>

* fix broken tests

Signed-off-by: lemonlinger <[email protected]>

* fix health-check test case in xds translation

Signed-off-by: lemonlinger <[email protected]>

* Simplify code and concise comments

Signed-off-by: lemonlinger <[email protected]>

---------

Signed-off-by: lemonlinger <[email protected]>
(cherry picked from commit 8f450a9)
Signed-off-by: Arko Dasgupta <[email protected]>

* fix: do not create infra resources when missing translated listeners (#3043)

* fix: do not create infra resources when missing translated listeners

Signed-off-by: Karol Szwaj <[email protected]>

* remove empty line

Signed-off-by: Karol Szwaj <[email protected]>

* skip infra creation on empty listeners and log it

Signed-off-by: Karol Szwaj <[email protected]>

---------

Signed-off-by: Karol Szwaj <[email protected]>
(cherry picked from commit 36d7141)
Signed-off-by: Arko Dasgupta <[email protected]>

* Fix: double slashes in redirect URL (#2998)

* fix: double trailing splashs in redirect URL

Signed-off-by: huabing zhao <[email protected]>

* add e2e tests

Signed-off-by: huabing zhao <[email protected]>

* fix lint

Signed-off-by: huabing zhao <[email protected]>

* fix test

Signed-off-by: huabing zhao <[email protected]>

* fix test

Signed-off-by: huabing zhao <[email protected]>

* fix test

Signed-off-by: huabing zhao <[email protected]>

* fix test

Signed-off-by: huabing zhao <[email protected]>

* add e2e tests

Signed-off-by: huabing zhao <[email protected]>

* fix test

Signed-off-by: huabing zhao <[email protected]>

* revert

Signed-off-by: huabing zhao <[email protected]>

* use regex rewrite to generate the redirect url

Signed-off-by: huabing zhao <[email protected]>

* use regex rewrite to generate the redirect url

Signed-off-by: huabing zhao <[email protected]>

* use regex rewrite to generate the redirect url

Signed-off-by: huabing zhao <[email protected]>

* remove comments

Signed-off-by: huabing zhao <[email protected]>

* extract method

Signed-off-by: huabing zhao <[email protected]>

* address comments

Signed-off-by: huabing zhao <[email protected]>

---------

Signed-off-by: huabing zhao <[email protected]>
(cherry picked from commit ceb697f)
Signed-off-by: Arko Dasgupta <[email protected]>

* fix: Allow Policy to attach to multiple http listeners  (#2967)

* Fixing the clienttrafficpolicy validation.

Signed-off-by: Lior Okman <[email protected]>

* Make SecurityPolicy validate correctly.

Signed-off-by: Lior Okman <[email protected]>

* Reverted the SecurityPolicy validation - handled differently via
another feature.

Signed-off-by: Lior Okman <[email protected]>

* Updated the tests to reflect that this validation isn't required for SecurityPolicy

Signed-off-by: Lior Okman <[email protected]>

* Added some comments to explain the validation being performed.

Signed-off-by: Lior Okman <[email protected]>

* Updated the error message as requested in the review.

Signed-off-by: Lior Okman <[email protected]>

---------

Signed-off-by: Lior Okman <[email protected]>
(cherry picked from commit f9409e4)
Signed-off-by: Arko Dasgupta <[email protected]>

* fix: set path prefix for http ext auth service (#3018)

Signed-off-by: huabing zhao <[email protected]>
(cherry picked from commit 2882b7c)
Signed-off-by: Arko Dasgupta <[email protected]>

* Change route sorting order to Exact > RegularExpression > PathPrefix (#2579)

* Change route sorting order to Exact > RegularExpression > PathPrefix

kubernetes-sigs/gateway-api#1770
kubernetes-sigs/gateway-api#1855

Signed-off-by: Stéphane Cottin <[email protected]>
(cherry picked from commit 11f56fd)
Signed-off-by: Arko Dasgupta <[email protected]>

* fix: infraIR duplicate port translation for merged gateways (#3061)

* fix: duplicate port translation for merged gateways

Signed-off-by: Karol Szwaj <[email protected]>

* refactor to map

Signed-off-by: Karol Szwaj <[email protected]>

* rename map

Signed-off-by: Karol Szwaj <[email protected]>

* add seperate testcase

Signed-off-by: Karol Szwaj <[email protected]>

---------

Signed-off-by: Karol Szwaj <[email protected]>
(cherry picked from commit 29946b0)
Signed-off-by: Arko Dasgupta <[email protected]>

* translator: set SpawnUpstreamSpan to true (#3102)

* translator: set SpawnUpstreamSpan to true

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>
(cherry picked from commit 635ebfc)
Signed-off-by: Arko Dasgupta <[email protected]>

* fix: rate limit doesn't work with two(and more) listeners (#3085)

* fix: rate limit doesn't work with two listeners

Signed-off-by: huabing zhao <[email protected]>

* add e2e test for rate limit on multiple listeners

Signed-off-by: huabing zhao <[email protected]>

* address comments

Signed-off-by: huabing zhao <[email protected]>

---------

Signed-off-by: huabing zhao <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>
(cherry picked from commit a5bedbc)
Signed-off-by: Arko Dasgupta <[email protected]>

* rerun make testdata

Signed-off-by: Arko Dasgupta <[email protected]>

---------

Signed-off-by: huabing zhao <[email protected]>
Signed-off-by: Arko Dasgupta <[email protected]>
Signed-off-by: Huabing Zhao <[email protected]>
Signed-off-by: Jesse Haka <[email protected]>
Signed-off-by: lemonlinger <[email protected]>
Signed-off-by: Karol Szwaj <[email protected]>
Signed-off-by: Lior Okman <[email protected]>
Signed-off-by: Stéphane Cottin <[email protected]>
Signed-off-by: zirain <[email protected]>
Co-authored-by: Huabing Zhao <[email protected]>
Co-authored-by: Jesse Haka <[email protected]>
Co-authored-by: zirain <[email protected]>
Co-authored-by: Meng <[email protected]>
Co-authored-by: Karol Szwaj <[email protected]>
Co-authored-by: Lior Okman <[email protected]>
Co-authored-by: vixns <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>
  • Loading branch information
9 people authored Apr 8, 2024
1 parent 2d6f940 commit 5a15902
Show file tree
Hide file tree
Showing 54 changed files with 2,298 additions and 139 deletions.
2 changes: 1 addition & 1 deletion charts/gateway-helm/templates/certgen.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
labels:
{{- include "eg.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook": pre-install, pre-upgrade
{{- if .Values.certgen.job.annotations }}
{{- toYaml .Values.certgen.job.annotations | nindent 4 -}}
{{- end }}
Expand Down
5 changes: 5 additions & 0 deletions internal/gatewayapi/backendtrafficpolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,8 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
r.LoadBalancer = lb
r.ProxyProtocol = pp
r.HealthCheck = hc
// Update the Host field in HealthCheck, now that we have access to the Route Hostname.
r.HealthCheck.SetHTTPHostIfAbsent(r.Hostname)
r.CircuitBreaker = cb
r.FaultInjection = fi
r.TCPKeepalive = ka
Expand Down Expand Up @@ -459,7 +461,10 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
}
if r.HealthCheck == nil {
r.HealthCheck = hc
// Update the Host field in HealthCheck, now that we have access to the Route Hostname.
r.HealthCheck.SetHTTPHostIfAbsent(r.Hostname)
}

if r.CircuitBreaker == nil {
r.CircuitBreaker = cb
}
Expand Down
29 changes: 25 additions & 4 deletions internal/gatewayapi/clienttrafficpolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ func (t *Translator) ProcessClientTrafficPolicies(resources *Resources,
// It must exist since we've already finished processing the gateways
gwXdsIR := xdsIR[irKey]
if string(l.Name) == section {
err = validatePortOverlapForClientTrafficPolicy(l, gwXdsIR)
err = validatePortOverlapForClientTrafficPolicy(l, gwXdsIR, false)
if err == nil {
err = t.translateClientTrafficPolicyForListener(policy, l, xdsIR, infraIR, resources)
}
Expand Down Expand Up @@ -234,7 +234,7 @@ func (t *Translator) ProcessClientTrafficPolicies(resources *Resources,
irKey := t.getIRKey(l.gateway)
// It must exist since we've already finished processing the gateways
gwXdsIR := xdsIR[irKey]
if err := validatePortOverlapForClientTrafficPolicy(l, gwXdsIR); err != nil {
if err := validatePortOverlapForClientTrafficPolicy(l, gwXdsIR, true); err != nil {
errs = errors.Join(errs, err)
} else if err := t.translateClientTrafficPolicyForListener(policy, l, xdsIR, infraIR, resources); err != nil {
errs = errors.Join(errs, err)
Expand Down Expand Up @@ -312,7 +312,7 @@ func resolveCTPolicyTargetRef(policy *egv1a1.ClientTrafficPolicy, gateways map[t
return gateway.GatewayContext, nil
}

func validatePortOverlapForClientTrafficPolicy(l *ListenerContext, xds *ir.Xds) error {
func validatePortOverlapForClientTrafficPolicy(l *ListenerContext, xds *ir.Xds, attachedToGateway bool) error {
// Find Listener IR
// TODO: Support TLSRoute and TCPRoute once
// https://github.com/envoyproxy/gateway/issues/1635 is completed
Expand All @@ -328,8 +328,29 @@ func validatePortOverlapForClientTrafficPolicy(l *ListenerContext, xds *ir.Xds)

// IR must exist since we're past validation
if httpIR != nil {
// Get a list of all other non-TLS listeners on this Gateway that share a port with
// the listener in question.
if sameListeners := listenersWithSameHTTPPort(xds, httpIR); len(sameListeners) != 0 {
return fmt.Errorf("affects additional listeners: %s", strings.Join(sameListeners, ", "))
if attachedToGateway {
// If this policy is attached to an entire gateway and the mergeGateways feature
// is turned on, validate that all the listeners affected by this policy originated
// from the same Gateway resource. The name of the Gateway from which this listener
// originated is part of the listener's name by construction.
gatewayName := irListenerName[0:strings.LastIndex(irListenerName, "/")]
conflictingListeners := []string{}
for _, currName := range sameListeners {
if strings.Index(currName, gatewayName) != 0 {
conflictingListeners = append(conflictingListeners, currName)
}
}
if len(conflictingListeners) != 0 {
return fmt.Errorf("ClientTrafficPolicy is being applied to multiple http (non https) listeners (%s) on the same port, which is not allowed", strings.Join(conflictingListeners, ", "))
}
} else {
// If this policy is attached to a specific listener, any other listeners in the list
// would be affected by this policy but should not be, so this policy can't be accepted.
return fmt.Errorf("ClientTrafficPolicy is being applied to multiple http (non https) listeners (%s) on the same port, which is not allowed", strings.Join(sameListeners, ", "))
}
}
}
return nil
Expand Down
73 changes: 38 additions & 35 deletions internal/gatewayapi/listener.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ type ListenersTranslator interface {
}

func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap, infraIR InfraIRMap, resources *Resources) {
// Infra IR proxy ports must be unique.
foundPorts := make(map[string][]*protocolPort)
t.validateConflictedLayer7Listeners(gateways)
t.validateConflictedLayer4Listeners(gateways, gwapiv1.TCPProtocolType, gwapiv1.TLSProtocolType)
t.validateConflictedLayer4Listeners(gateways, gwapiv1.UDPProtocolType)
Expand All @@ -35,8 +37,6 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap
// and compute status for each, and add valid ones
// to the Xds IR.
for _, gateway := range gateways {
// Infra IR proxy ports must be unique.
var foundPorts []*protocolPort
irKey := t.getIRKey(gateway.Gateway)

if resources.EnvoyProxy != nil {
Expand Down Expand Up @@ -93,7 +93,6 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap
if !isReady {
continue
}

// Add the listener to the Xds IR
servicePort := &protocolPort{protocol: listener.Protocol, port: int32(listener.Port)}
containerPort := servicePortToContainerPort(servicePort.port)
Expand Down Expand Up @@ -122,42 +121,46 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap

// Add the listener to the Infra IR. Infra IR ports must have a unique port number per layer-4 protocol
// (TCP or UDP).
if !containsPort(foundPorts, servicePort) {
foundPorts = append(foundPorts, servicePort)
var proto ir.ProtocolType
switch listener.Protocol {
case gwapiv1.HTTPProtocolType:
proto = ir.HTTPProtocolType
case gwapiv1.HTTPSProtocolType:
proto = ir.HTTPSProtocolType
case gwapiv1.TLSProtocolType:
proto = ir.TLSProtocolType
case gwapiv1.TCPProtocolType:
proto = ir.TCPProtocolType
case gwapiv1.UDPProtocolType:
proto = ir.UDPProtocolType
}
if !containsPort(foundPorts[irKey], servicePort) {
t.processInfraIRListener(listener, infraIR, irKey, servicePort)
foundPorts[irKey] = append(foundPorts[irKey], servicePort)
}
}
}
}

infraPortName := string(listener.Name)
if t.MergeGateways {
infraPortName = irHTTPListenerName(listener)
}
infraPort := ir.ListenerPort{
Name: infraPortName,
Protocol: proto,
ServicePort: servicePort.port,
ContainerPort: containerPort,
}
func (t *Translator) processInfraIRListener(listener *ListenerContext, infraIR InfraIRMap, irKey string, servicePort *protocolPort) {
var proto ir.ProtocolType
switch listener.Protocol {
case gwapiv1.HTTPProtocolType:
proto = ir.HTTPProtocolType
case gwapiv1.HTTPSProtocolType:
proto = ir.HTTPSProtocolType
case gwapiv1.TLSProtocolType:
proto = ir.TLSProtocolType
case gwapiv1.TCPProtocolType:
proto = ir.TCPProtocolType
case gwapiv1.UDPProtocolType:
proto = ir.UDPProtocolType
}

proxyListener := &ir.ProxyListener{
Name: irHTTPListenerName(listener),
Ports: []ir.ListenerPort{infraPort},
}
infraPortName := string(listener.Name)
if t.MergeGateways {
infraPortName = irHTTPListenerName(listener)
}
infraPort := ir.ListenerPort{
Name: infraPortName,
Protocol: proto,
ServicePort: servicePort.port,
ContainerPort: servicePortToContainerPort(servicePort.port),
}

infraIR[irKey].Proxy.Listeners = append(infraIR[irKey].Proxy.Listeners, proxyListener)
}
}
proxyListener := &ir.ProxyListener{
Name: irHTTPListenerName(listener),
Ports: []ir.ListenerPort{infraPort},
}

infraIR[irKey].Proxy.Listeners = append(infraIR[irKey].Proxy.Listeners, proxyListener)
}

func processAccessLog(envoyproxy *egv1a1.EnvoyProxy) *ir.AccessLog {
Expand Down
48 changes: 2 additions & 46 deletions internal/gatewayapi/securitypolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -134,12 +134,7 @@ func (t *Translator) ProcessSecurityPolicies(securityPolicies []*egv1a1.Security
continue
}

err := validatePortOverlapForSecurityPolicyRoute(xdsIR, targetedRoute)
if err == nil {
err = t.translateSecurityPolicyForRoute(policy, targetedRoute, resources, xdsIR)
}

if err != nil {
if err := t.translateSecurityPolicyForRoute(policy, targetedRoute, resources, xdsIR); err != nil {
status.SetTranslationErrorForPolicyAncestors(&policy.Status,
parentGateways,
t.GatewayControllerName,
Expand Down Expand Up @@ -191,15 +186,7 @@ func (t *Translator) ProcessSecurityPolicies(securityPolicies []*egv1a1.Security
continue
}

irKey := t.getIRKey(targetedGateway.Gateway)
// Should exist since we've validated this
xds := xdsIR[irKey]
err := validatePortOverlapForSecurityPolicyGateway(xds)
if err == nil {
err = t.translateSecurityPolicyForGateway(policy, targetedGateway, resources, xdsIR)
}

if err != nil {
if err := t.translateSecurityPolicyForGateway(policy, targetedGateway, resources, xdsIR); err != nil {
status.SetTranslationErrorForPolicyAncestors(&policy.Status,
parentGateways,
t.GatewayControllerName,
Expand Down Expand Up @@ -407,23 +394,6 @@ func (t *Translator) translateSecurityPolicyForRoute(
return errs
}

func validatePortOverlapForSecurityPolicyRoute(xds XdsIRMap, route RouteContext) error {
var errs error
prefix := irRoutePrefix(route)
for _, ir := range xds {
for _, http := range ir.HTTP {
for _, r := range http.Routes {
if strings.HasPrefix(r.Name, prefix) {
if sameListeners := listenersWithSameHTTPPort(ir, http); len(sameListeners) != 0 {
errs = errors.Join(errs, fmt.Errorf("affects multiple listeners: %s", strings.Join(sameListeners, ", ")))
}
}
}
}
}
return errs
}

func (t *Translator) translateSecurityPolicyForGateway(
policy *egv1a1.SecurityPolicy, gateway *GatewayContext,
resources *Resources, xdsIR XdsIRMap) error {
Expand Down Expand Up @@ -516,20 +486,6 @@ func (t *Translator) translateSecurityPolicyForGateway(
return errs
}

func validatePortOverlapForSecurityPolicyGateway(xds *ir.Xds) error {
affectedListeners := []string{}
for _, http := range xds.HTTP {
if sameListeners := listenersWithSameHTTPPort(xds, http); len(sameListeners) != 0 {
affectedListeners = append(affectedListeners, sameListeners...)
}
}

if len(affectedListeners) > 0 {
return fmt.Errorf("affects multiple listeners: %s", strings.Join(affectedListeners, ", "))
}
return nil
}

func (t *Translator) buildCORS(cors *egv1a1.CORS) *ir.CORS {
var allowOrigins []*ir.StringMatch

Expand Down
20 changes: 10 additions & 10 deletions internal/gatewayapi/sort.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,33 +18,33 @@ func (x XdsIRRoutes) Swap(i, j int) { x[i], x[j] = x[j], x[i] }
func (x XdsIRRoutes) Less(i, j int) bool {

// 1. Sort based on path match type
// Exact > PathPrefix > RegularExpression
// Exact > RegularExpression > PathPrefix
if x[i].PathMatch != nil && x[i].PathMatch.Exact != nil {
if x[j].PathMatch != nil {
if x[j].PathMatch.Prefix != nil {
if x[j].PathMatch.SafeRegex != nil {
return false
}
if x[j].PathMatch.SafeRegex != nil {
if x[j].PathMatch.Prefix != nil {
return false
}
}
}
if x[i].PathMatch != nil && x[i].PathMatch.Prefix != nil {
if x[i].PathMatch != nil && x[i].PathMatch.SafeRegex != nil {
if x[j].PathMatch != nil {
if x[j].PathMatch.Exact != nil {
return true
}
if x[j].PathMatch.SafeRegex != nil {
if x[j].PathMatch.Prefix != nil {
return false
}
}
}
if x[i].PathMatch != nil && x[i].PathMatch.SafeRegex != nil {
if x[i].PathMatch != nil && x[i].PathMatch.Prefix != nil {
if x[j].PathMatch != nil {
if x[j].PathMatch.Exact != nil {
return true
}
if x[j].PathMatch.Prefix != nil {
if x[j].PathMatch.SafeRegex != nil {
return true
}
}
Expand Down Expand Up @@ -96,12 +96,12 @@ func pathMatchCount(pathMatch *ir.StringMatch) int {
if pathMatch.Exact != nil {
return len(*pathMatch.Exact)
}
if pathMatch.Prefix != nil {
return len(*pathMatch.Prefix)
}
if pathMatch.SafeRegex != nil {
return len(*pathMatch.SafeRegex)
}
if pathMatch.Prefix != nil {
return len(*pathMatch.Prefix)
}
}
return 0
}
Original file line number Diff line number Diff line change
Expand Up @@ -496,6 +496,7 @@ xdsIR:
expectedStatuses:
- 200
- 300
host: '*'
method: GET
path: /healthz
interval: 3s
Expand Down Expand Up @@ -624,6 +625,7 @@ xdsIR:
expectedStatuses:
- 200
- 201
host: gateway.envoyproxy.io
method: GET
path: /healthz
interval: 5s
Expand Down
30 changes: 19 additions & 11 deletions internal/gatewayapi/testdata/conflicting-policies.out.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ clientTrafficPolicies:
namespace: default
conditions:
- lastTransitionTime: null
message: 'Affects additional listeners: default/gateway-1/http'
message: ClientTrafficPolicy is being applied to multiple http (non https)
listeners (default/gateway-1/http) on the same port, which is not allowed
reason: Invalid
status: "False"
type: Accepted
Expand Down Expand Up @@ -217,13 +218,6 @@ infraIR:
name: default/gateway-1/http
protocol: HTTP
servicePort: 80
- address: null
name: default/mfqjpuycbgjrtdww/http
ports:
- containerPort: 10080
name: default/mfqjpuycbgjrtdww/http
protocol: HTTP
servicePort: 80
metadata:
labels:
gateway.envoyproxy.io/owning-gatewayclass: envoy-gateway-class
Expand Down Expand Up @@ -261,9 +255,9 @@ securityPolicies:
namespace: default
conditions:
- lastTransitionTime: null
message: 'Affects multiple listeners: default/mfqjpuycbgjrtdww/http, default/gateway-1/http'
reason: Invalid
status: "False"
message: Policy has been accepted.
reason: Accepted
status: "True"
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
xdsIR:
Expand Down Expand Up @@ -314,6 +308,20 @@ xdsIR:
- backendWeights:
invalid: 0
valid: 0
cors:
allowCredentials: true
allowMethods:
- PUT
- GET
- POST
- DELETE
- PATCH
- OPTIONS
allowOrigins:
- distinct: false
name: ""
safeRegex: http://.*\.foo\.com
maxAge: 10m0s
destination:
name: httproute/default/mfqjpuycbgjrtdww/rule/0
settings:
Expand Down
Loading

0 comments on commit 5a15902

Please sign in to comment.