[release/v1.1] cherry-pick main (#3935)

* fix quickstart link in helm chart (#3793)

Signed-off-by: Huabing Zhao <[email protected]>

* build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0 (#3780)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.21.0 to 0.22.0.
- [Commits](golang/sys@v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: zirain <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* build(deps): bump distroless/static from `e9ac71e` to `8dd8d3c` in /tools/docker/envoy-gateway (#3778)

build(deps): bump distroless/static in /tools/docker/envoy-gateway

Bumps distroless/static from `e9ac71e` to `8dd8d3c`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xunzhuo <[email protected]>

* build(deps): bump fortio.org/log from 1.12.2 to 1.14.0 (#3782)

Bumps [fortio.org/log](https://github.com/fortio/log) from 1.12.2 to 1.14.0.
- [Release notes](https://github.com/fortio/log/releases)
- [Commits](fortio/log@v1.12.2...v1.14.0)

---
updated-dependencies:
- dependency-name: fortio.org/log
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: zirain <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* build(deps): bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#3783)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.64.0 to 1.65.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.64.0...v1.65.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* docs: move release-notes out of version (#3765)

* move release-notes out of version

Signed-off-by: zirain <[email protected]>

* fix

Signed-off-by: zirain <[email protected]>

* update release-notes

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* ci: update cherry-pick v1.1.0 (#3803)

Signed-off-by: Guy Daich <[email protected]>

* doc: how to build a wasm image (#3806)

* docs for building wasm images

Signed-off-by: Huabing Zhao <[email protected]>

* address comments

Signed-off-by: Huabing Zhao <[email protected]>

* minor change

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>

* Use Wasm instead of WASM (#3812)

* Use Wasm instead of WASM

Signed-off-by: Takeshi Yoneda <[email protected]>

* part2

Signed-off-by: Takeshi Yoneda <[email protected]>

---------

Signed-off-by: Takeshi Yoneda <[email protected]>

* docs: generate v1.1.0-rc.1 release note (#3794)

* chore: release-notes-docs be part of generate (#3815)

* fix: enable client timeout test (#3811)

* enable client timeout test

Signed-off-by: Guy Daich <[email protected]>

* fix target of policy

Signed-off-by: Guy Daich <[email protected]>

---------

Signed-off-by: Guy Daich <[email protected]>

* chore: add benchmark report into release artifacts (#3756)

* add benchmark report save dir

Signed-off-by: shawnh2 <[email protected]>

* add benchmark report to latest release

Signed-off-by: shawnh2 <[email protected]>

* separate benchmark-test push and pull_request event

Signed-off-by: shawnh2 <[email protected]>

* add benchmark report to release workflow

Signed-off-by: shawnh2 <[email protected]>

* fix lint and update doc

Signed-off-by: shawnh2 <[email protected]>

* move out resource limit unit

Signed-off-by: shawnh2 <[email protected]>

---------

Signed-off-by: shawnh2 <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* docs: fix grafana link (#3818)

Signed-off-by: zirain <[email protected]>

* e2e: make sure ALS server is ready (#3816)

Signed-off-by: zirain <[email protected]>

* Revert "docs: fix grafana link" (#3822)

Revert "docs: fix grafana link (#3818)"

This reverts commit 0af2f9f.

Signed-off-by: zirain <[email protected]>

* feat: support target selectors on Envoy Gateway Extension Server policies (#3800)

* Support target selectors on Envoy Gateway Extension Server policies

Signed-off-by: Lior Okman <[email protected]>

* Fixed the linter errors

Signed-off-by: Lior Okman <[email protected]>

---------

Signed-off-by: Lior Okman <[email protected]>

* docs: updating the documentation for Extension Servers and adding an example extension server (#3788)

* Updating the documentation for Extension Servers and adding an example
extension server.

Signed-off-by: Lior Okman <[email protected]>

* Make the docs linter happy

Signed-off-by: Lior Okman <[email protected]>

* Add license headers to every new source file, and make the yaml linter
ignore the extension-server chart

Signed-off-by: Lior Okman <[email protected]>

* Add the boilerplate license for generated files.

Signed-off-by: Lior Okman <[email protected]>

---------

Signed-off-by: Lior Okman <[email protected]>

* docs for ip allowlist/denylist (#3784)

* docs for ip whitelisting/blacklisting

Signed-off-by: Huabing Zhao <[email protected]>

* replace terms based on CNCF INI doc

Signed-off-by: Huabing Zhao <[email protected]>

* address comments

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* docs: gRPC Access Log Service (ALS) sink (#3768)

* docs: gRPC Access Log Service (ALS) sink

Signed-off-by: zirain <[email protected]>

* ignore githubusercontent.com

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* docs: update v1.1.0-rc.1 release notes (#3821)

update v1.1.0-rc.1 release notes

Signed-off-by: Guy Daich <[email protected]>

* docs: add task for wasm extensions (#3796)

* docs for wasm extensions

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

* address comments

Signed-off-by: Huabing Zhao <[email protected]>

* minor change

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* community: promote shawnh2 to maintainer and move qicz to emeritus (#3760)

Signed-off-by: bitliu <[email protected]>

* chore: report a translate error to errChan to make it observed correctly (#3827)

Signed-off-by: Kensei Nakada <[email protected]>

* chore: upgrade to golang v1.22.5 (#3829)

* chore: golang v1.22.5

Signed-off-by: Kensei Nakada <[email protected]>

* chore: update golang version in example manifest

Signed-off-by: Kensei Nakada <[email protected]>

---------

Signed-off-by: Kensei Nakada <[email protected]>
Co-authored-by: zirain <[email protected]>

* chore: add `make lint.fix-golint` to address auto fixable lint issues (#3828)

* chore: add make lint.fix to address auto fixable lint issues

Signed-off-by: Kensei Nakada <[email protected]>

* chore: rename to lint.fix-golint

Signed-off-by: Kensei Nakada <[email protected]>

* chore: golang v1.22.5

Signed-off-by: Kensei Nakada <[email protected]>

* fix: correct a mistake on the name

Signed-off-by: Kensei Nakada <[email protected]>

---------

Signed-off-by: Kensei Nakada <[email protected]>

* docs: patch field within EnvoyService (#3820)

* add docs for patching field within EnvoyService

Signed-off-by: shawnh2 <[email protected]>

* update path service example

Signed-off-by: shawnh2 <[email protected]>

---------

Signed-off-by: shawnh2 <[email protected]>

* accesslog: remove ALS gRPC initialMetadata (#3751)

remove ALS gRPC initialMetadata

Signed-off-by: zirain <[email protected]>

* docs: add fixed links to the current version of eg docs  (#3819)

* rename v1.0.2 to docs

Signed-off-by: Huabing Zhao <[email protected]>

* retain v1.0.2 directory to avoid dead links

Signed-off-by: Huabing Zhao <[email protected]>

* fix link

Signed-off-by: Huabing Zhao <[email protected]>

* fix link

Signed-off-by: Huabing Zhao <[email protected]>

* copy v1.0.2 to docs in make file

Signed-off-by: Huabing Zhao <[email protected]>

* test auto copy

Signed-off-by: Huabing Zhao <[email protected]>

* test auto copy

Signed-off-by: Huabing Zhao <[email protected]>

* test auto copy

Signed-off-by: Huabing Zhao <[email protected]>

* test auto copy

Signed-off-by: Huabing Zhao <[email protected]>

* test auto copy

Signed-off-by: Huabing Zhao <[email protected]>

* copy latest version docs to docs directory

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>
Co-authored-by: zirain <[email protected]>

* fix: backendtls minversion (#3835)

fix backendtls

Signed-off-by: Guy Daich <[email protected]>

* fix: enable use-client-protocol test (#3825)

* enable use-client-protocol test

Signed-off-by: Guy Daich <[email protected]>

* add retries to basic auth tests

Signed-off-by: Guy Daich <[email protected]>

---------

Signed-off-by: Guy Daich <[email protected]>

* fix: backendtls client cert (#3839)

fix backendtls client cert

Signed-off-by: Guy Daich <[email protected]>

* fix: prevent xdsIR updates from overwriting RateLimit configs from other xdsIR (#3771)

* fix: prevent xdsIR updates from overwriting RateLimit configs from other xdsIR

Signed-off-by: Kensei Nakada <[email protected]>

* fix: handle deletion events appropriately

Signed-off-by: Kensei Nakada <[email protected]>

* test: add a unit test for subscribeAndTranslate

Signed-off-by: Kensei Nakada <[email protected]>

* chore: sort import order

Signed-off-by: Kensei Nakada <[email protected]>

---------

Signed-off-by: Kensei Nakada <[email protected]>
Co-authored-by: zirain <[email protected]>

* docs: use v[x.y] instead of v[x.y.z] (#3836)

* docs: use vx.y instead of vx.y.z

Signed-off-by: zirain <[email protected]>

* fix deadlink

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* e2e: fix basic auth flaky (#3833)

Signed-off-by: zirain <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* design: add wasm extension supports OCI image code source (#3313)

* desing docs for wasm oci support

Signed-off-by: huabing zhao <[email protected]>

* fix lint

Signed-off-by: huabing zhao <[email protected]>

* Update site/content/en/contributions/design/wasm-extension.md

Co-authored-by: Arko Dasgupta <[email protected]>
Signed-off-by: Huabing Zhao <[email protected]>

* minor wording

Signed-off-by: huabing zhao <[email protected]>

* authn consideration

Signed-off-by: huabing zhao <[email protected]>

* address comments

Signed-off-by: huabing zhao <[email protected]>

* minor wording

Signed-off-by: huabing zhao <[email protected]>

* minor wording

Signed-off-by: huabing zhao <[email protected]>

* minor wording

Signed-off-by: huabing zhao <[email protected]>

* minor wording

Signed-off-by: huabing zhao <[email protected]>

* restrict access to priave images

Signed-off-by: huabing zhao <[email protected]>

* minor change

Signed-off-by: Huabing Zhao <[email protected]>

* move image to /img

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: huabing zhao <[email protected]>
Signed-off-by: Huabing Zhao <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]>
Co-authored-by: zirain <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* fix: enable upgrade test (#3764)

adapt upgrade test to v1.1

Signed-off-by: Guy Daich <[email protected]>
Co-authored-by: zirain <[email protected]>

* chore: go mod tidy (#3842)

Signed-off-by: zirain <[email protected]>

* fix flaky authorization tests (#3844)

Signed-off-by: Huabing Zhao <[email protected]>

* build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (#3849)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.26.0 to 0.27.0.
- [Commits](golang/net@v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump fortio.org/fortio from 1.65.0 to 1.66.0 (#3848)

Bumps [fortio.org/fortio](https://github.com/fortio/fortio) from 1.65.0 to 1.66.0.
- [Release notes](https://github.com/fortio/fortio/releases)
- [Commits](fortio/fortio@v1.65.0...v1.66.0)

---
updated-dependencies:
- dependency-name: fortio.org/fortio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump helm.sh/helm/v3 from 3.15.2 to 3.15.3 (#3850)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.15.2 to 3.15.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.15.2...v3.15.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: move UDP test resources out of the base (#3857)

delay the creation for non-shared udp test resources

Signed-off-by: Huabing Zhao <[email protected]>

* chore: replace targetRef with targetRefs in e2e (#3858)

* docs: Remove the older versions from linkinator ignore list (#3846)

* upgrade hugo and postcss-cli

Signed-off-by: zirain <[email protected]>

* fix deadlink

Signed-off-by: zirain <[email protected]>

* remove linkinator timeout

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* build(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 (#3854)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.23.0 to 0.24.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@7c2007b...6e7b7d1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/norwoodj/helm-docs from 1.13.0 to 1.14.2 in /tools/src/helm-docs (#3847)

build(deps): bump github.com/norwoodj/helm-docs in /tools/src/helm-docs

Bumps [github.com/norwoodj/helm-docs](https://github.com/norwoodj/helm-docs) from 1.13.0 to 1.14.2.
- [Release notes](https://github.com/norwoodj/helm-docs/releases)
- [Changelog](https://github.com/norwoodj/helm-docs/blob/master/CHANGELOG.md)
- [Commits](norwoodj/helm-docs@v1.13.0...v1.14.2)

---
updated-dependencies:
- dependency-name: github.com/norwoodj/helm-docs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: move connection limit test resources out of the base (#3859)

* delay the creation for non-shared test resources

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>

* build(deps): bump actions/setup-node from 4.0.2 to 4.0.3 (#3853)

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@60edb5d...1e60f62)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google/osv-scanner-action from 1.8.1 to 1.8.2 (#3851)

Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/google/osv-scanner-action/releases)
- [Commits](google/osv-scanner-action@3c399db...7ac94f9)

---
updated-dependencies:
- dependency-name: google/osv-scanner-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: zirain <[email protected]>

* build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 in /tools/github-actions/setup-deps (#3855)

build(deps): bump actions/setup-go in /tools/github-actions/setup-deps

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@cdcb360...0a12ed9)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#3852)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b611370...4fa2a79)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: zirain <[email protected]>

* docs: add backend tls docs (#3843)

* add backend tls docs

Signed-off-by: Guy Daich <[email protected]>

* fix links

Signed-off-by: Guy Daich <[email protected]>

* add gateway paramsref

Signed-off-by: Guy Daich <[email protected]>

* nit

Signed-off-by: Guy Daich <[email protected]>

---------

Signed-off-by: Guy Daich <[email protected]>

* chore: move zipkin test resources out of the base (#3864)

move zipkin test resources out of the base

Signed-off-by: Huabing Zhao <[email protected]>

* chore: move tcp test resources out of the base (#3863)

move tcp test resources out of the base

Signed-off-by: Huabing Zhao <[email protected]>

* docs: create concepts docs page and diagram (#3808)

* Adding concept page with visual to docs site

Signed-off-by: Erica Hughberg <[email protected]>

* Fix EnvoyGatewayPatchPolicy to EnvoyPatchPolicy

Signed-off-by: Erica Hughberg <[email protected]>

* Fix ordering of columns and adding links.

Signed-off-by: Erica Hughberg <[email protected]>

* Adding to v1.0.2 as well

Signed-off-by: Erica Hughberg <[email protected]>

* Fixing links

Signed-off-by: Erica Hughberg <[email protected]>

* Added Backend resource to concept overview

Signed-off-by: Erica Hughberg <[email protected]>

* Tidy up and update docs for 1.0.2

Signed-off-by: Erica Hughberg <[email protected]>

* Update arrow from Route to route targets

Signed-off-by: Erica Hughberg <[email protected]>

* fix: wrong path & title and add diagram

Signed-off-by: bitliu <[email protected]>

---------

Signed-off-by: Erica Hughberg <[email protected]>
Signed-off-by: bitliu <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* benchmark: enable prometheus to scrape metrics from (#3772)

* chore: move backend tls test resources out of the base (#3862)

* move backend tls test resources out of the base

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

* add notice

Signed-off-by: Huabing Zhao <[email protected]>

* fix test

Signed-off-by: Huabing Zhao <[email protected]>

* fix test

Signed-off-by: Huabing Zhao <[email protected]>

* print response body for debugging

Signed-off-by: Huabing Zhao <[email protected]>

* print policy for debugging

Signed-off-by: Huabing Zhao <[email protected]>

* increase timeout

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>

* chore: remove cherrypicker action (#3831)

Signed-off-by: zirain <[email protected]>

* chore: update linkinator comment (#3870)

Signed-off-by: zirain <[email protected]>

* chore: make format as part of gen-check (#3877)

Signed-off-by: zirain <[email protected]>

* chore: update LINKINATOR_IGNORE (#3879)

* chore: update LINKINATOR_IGNORE

Signed-off-by: zirain <[email protected]>

* remove example.com

Signed-off-by: zirain <[email protected]>

* Revert "remove example.com"

This reverts commit 0c6e44c.

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* return 500 error for failed SecurityPolicies to avoid unauthorized access to xRoutes (#3869)

* return 500 error to avoid unauthorized access to xRoutes

Signed-off-by: Huabing Zhao <[email protected]>

* address comments

Signed-off-by: Huabing Zhao <[email protected]>

* address comments

Signed-off-by: Huabing Zhao <[email protected]>

* add e2e test for failed SecurityPolicy

Signed-off-by: Huabing Zhao <[email protected]>

* add e2e test for failed SecurityPolicy

Signed-off-by: Huabing Zhao <[email protected]>

* add e2e test for failed SecurityPolicy

Signed-off-by: Huabing Zhao <[email protected]>

* add e2e test for failed SecurityPolicy

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

* rename

Signed-off-by: Huabing Zhao <[email protected]>

* rename

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* lint: update yamllint and codespell skip  (#3882)

* lint: update yamllint and codespell skip

Signed-off-by: zirain <[email protected]>

* end with newline

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* e2e: increase test timeout (#3883)

Signed-off-by: zirain <[email protected]>

* chore: client mtls test (#3874)

client mtls test

Signed-off-by: Guy Daich <[email protected]>

* fix: nil pointer err during hash load balancing build (#3886)

fix nil pointer err in buildHashPolicy

Signed-off-by: shawnh2 <[email protected]>

* fix override issue for EEP (#3881)

* add test for empty policies

Signed-off-by: Huabing Zhao <[email protected]>

* add test for eep

Signed-off-by: Huabing Zhao <[email protected]>

* add teset for eep

Signed-off-by: Huabing Zhao <[email protected]>

* fix eep override issue

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>

* accesslog: fix different CelMatches on AccessLog (#3885)

* accesslog: fix different CelMatches on AccessLog

Signed-off-by: zirain <[email protected]>

* lint

Signed-off-by: zirain <[email protected]>

* text

Signed-off-by: zirain <[email protected]>

* lint

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* rm gateway-api translation error message from direct response (#3878)

* Responding back with an error message around translation errors
may leak info to internet facing external clients around ingress
internals

Signed-off-by: Arko Dasgupta <[email protected]>
Co-authored-by: zirain <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* GetParentReferences should use namespace from RouteContext (#3876)

* GetParentReferences should use namespace from RouteContext

Signed-off-by: zirain <[email protected]>

* lint

Signed-off-by: zirain <[email protected]>

* add test

Signed-off-by: zirain <[email protected]>

* fix test

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

* add negative case

Signed-off-by: zirain <[email protected]>

* address review comment

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* Add e2e test for load balancing (#3868)

* update api doc and e2e test env for lb

Signed-off-by: shawnh2 <[email protected]>

* add e2e test for round robin lb

Signed-off-by: shawnh2 <[email protected]>

* fix gen-check

Signed-off-by: shawnh2 <[email protected]>

* add e2e test for source ip consistent hash lb

Signed-off-by: shawnh2 <[email protected]>

* add e2e test for header consistent hash lb

Signed-off-by: shawnh2 <[email protected]>

* add e2e test for cookie consistent hash lb

Signed-off-by: shawnh2 <[email protected]>

* add deployment only for lb test case

Signed-off-by: shawnh2 <[email protected]>

* rename deployment for different test setup

Signed-off-by: shawnh2 <[email protected]>

* wait deployment to have available replicas

Signed-off-by: shawnh2 <[email protected]>

---------

Signed-off-by: shawnh2 <[email protected]>
Co-authored-by: zirain <[email protected]>

* egctl: introduce `egctl x collect` (#3775)

* e2e: add e2e test for cookie based consistent hash load balancing (#3890)

* add e2e test for cookie based consistent hash load balancing

Signed-off-by: shawnh2 <[email protected]>

* fix lint

Signed-off-by: shawnh2 <[email protected]>

* lower the round robin lb test boundary

Signed-off-by: shawnh2 <[email protected]>

* add case for generated cookie

Signed-off-by: shawnh2 <[email protected]>

* fix lint

Signed-off-by: shawnh2 <[email protected]>

* remove response dump

Signed-off-by: shawnh2 <[email protected]>

---------

Signed-off-by: shawnh2 <[email protected]>

* enable HTTPRouteBackendRequestHeaderModifier test (#3891)

* enable HTTPRouteBackendRequestHeaderModifier test

already supported with #3246

Signed-off-by: Arko Dasgupta <[email protected]>

* make testdata

Signed-off-by: Arko Dasgupta <[email protected]>

---------

Signed-off-by: Arko Dasgupta <[email protected]>

* disable writing into GatewayClass.Status.SupportedFeatures

disable until the field moves from experiemental to stable
so status writes for a GatewayClass dont fail when the datatypes differ

Signed-off-by: Arko Dasgupta <[email protected]>

* comment out test snippet

Signed-off-by: Arko Dasgupta <[email protected]>

* validate for reconcile should check reference from EnvoyProxy (#3895)

validateEndpointSliceForReconcile should check reference from EnvoyProxy

Signed-off-by: zirain <[email protected]>

* chore: add grafonnet dashboards support (#3785)

* add grafonnet lib and support for resources monitor dashboard

Signed-off-by: shawnh2 <[email protected]>

* update helm-generate to support grafonnet generate dashboards

Signed-off-by: shawnh2 <[email protected]>

* update doc

Signed-off-by: shawnh2 <[email protected]>

* fix doc-lint and osv-scan

Signed-off-by: shawnh2 <[email protected]>

* fix tools path

Signed-off-by: shawnh2 <[email protected]>

* resolve conflicts

Signed-off-by: shawnh2 <[email protected]>

* fix gen-check

Signed-off-by: shawnh2 <[email protected]>

* fix doc-lint

Signed-off-by: shawnh2 <[email protected]>

---------

Signed-off-by: shawnh2 <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* add startupProbe to all provisioned containers (#3893)

* This ensures the readinessProbe kicks in only after the container has
  started
* max startup time is 300s - 30 (failureThreshold) x 10 (periodSeconds).
After this the container is killed and the `restartPolicy` kicks in
https://kubernetes.io/docs/concepts/configuration/liveness-readiness-startup-probes/#startup-probe

Fixes: #3511

Signed-off-by: Arko Dasgupta <[email protected]>

* e2e: move als test resources out of the base (#3884)

Signed-off-by: zirain <[email protected]>

* e2e: fix ZipkinTracing flaky (#3899)

* e2e: make sure OTel-collector is ready

Signed-off-by: zirain <[email protected]>

* fix gen

Signed-off-by: zirain <[email protected]>

* fix retry

Signed-off-by: zirain <[email protected]>

* remove infrastructure.parametersRef from all-namespace

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

* lint

Signed-off-by: zirain <[email protected]>

* fix bad request

Signed-off-by: zirain <[email protected]>

* increase time of one cycle

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* doc: add load balancing usage (#3903)

add load balancing usage

Signed-off-by: shawnh2 <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* fix: typos in release notes (#3909)

Signed-off-by: bitliu <[email protected]>

* fix: fix the CEL definitions to allow policies that use target selectors without explicit targetRefs (#3904)

Fix the CEL definitions to allow policies that use target selectors
without explicit targetRefs

Signed-off-by: Lior Okman <[email protected]>

* feat(logger): Add tlog for better test logging (#3913)

Add tlog.Logf() logger

Signed-off-by: Manoramsharma <[email protected]>

* e2e: add hook to debug OIDC fail (#3914)

* e2e: refactor and improve lb test (#3912)

* e2e: refactor and improve lb test

Signed-off-by: zirain <[email protected]>

* tlog

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

* lint

Signed-off-by: zirain <[email protected]>

* nit

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* tools: remove sphinx (#3927)

Signed-off-by: zirain <[email protected]>

* release v1.1.0 (#3932)

* release v1.1.0

Signed-off-by: Guy Daich <[email protected]>

* update release notes with delta from v1.1.0-rc.1

Signed-off-by: Guy Daich <[email protected]>

* fix lint

Signed-off-by: Guy Daich <[email protected]>

---------

Signed-off-by: Guy Daich <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: zirain <[email protected]>
Signed-off-by: Guy Daich <[email protected]>
Signed-off-by: Takeshi Yoneda <[email protected]>
Signed-off-by: shawnh2 <[email protected]>
Signed-off-by: Lior Okman <[email protected]>
Signed-off-by: bitliu <[email protected]>
Signed-off-by: Kensei Nakada <[email protected]>
Signed-off-by: huabing zhao <[email protected]>
Signed-off-by: Erica Hughberg <[email protected]>
Signed-off-by: Arko Dasgupta <[email protected]>
Signed-off-by: Manoramsharma <[email protected]>
Co-authored-by: Huabing Zhao <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: zirain <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>
Co-authored-by: Takeshi Yoneda <[email protected]>
Co-authored-by: sh2 <[email protected]>
Co-authored-by: Lior Okman <[email protected]>
Co-authored-by: Kensei Nakada <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]>
Co-authored-by: Erica Hughberg <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]>
Co-authored-by: Manoramsharma <[email protected]>

.github/workflows/build_and_test.yaml

@@ -18,7 +18,7 @@ permissions:
 
 jobs:
   lint:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
     - uses: ./tools/github-actions/setup-deps
@@ -137,6 +137,8 @@ jobs:
 
   benchmark-test:
     runs-on: ubuntu-latest
+    # There's a different workflow for benchmark-test on push.
+    if: ${{ ! startsWith(github.event_name, 'push') }}
     needs: [build]
     steps:
     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
@@ -151,12 +153,13 @@ jobs:
         BENCHMARK_RPS: 10000
         BENCHMARK_CONNECTIONS: 100
         BENCHMARK_DURATION: 30
-        BENCHMARK_CPU_LIMITS: 1000
-        BENCHMARK_MEMORY_LIMITS: 2000
+        BENCHMARK_CPU_LIMITS: 1000m
+        BENCHMARK_MEMORY_LIMITS: 2000Mi
+        BENCHMARK_REPORT_DIR: benchmark_report
       run: make benchmark
 
     - name: Read Benchmark report
-      run: cat test/benchmark/benchmark_report.md
+      run: cat test/benchmark/benchmark_report/benchmark_report.md
 
   publish:
     runs-on: ubuntu-latest

.github/workflows/codeql.yml

@@ -36,14 +36,14 @@ jobs:
     - uses: ./tools/github-actions/setup-deps
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c  # v3.25.11
+      uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f  # v3.25.12
       with:
         languages: ${{ matrix.language }}
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c  # v3.25.11
+      uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f  # v3.25.12
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c  # v3.25.11
+      uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f  # v3.25.12
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/docs.yaml

@@ -62,7 +62,7 @@ jobs:
         extended: true
 
     - name: Setup Node
-      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8  # v4.1.0
+      uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b  # v4.1.0
       with:
         node-version: '18'
 

.github/workflows/latest_release.yaml

@@ -17,8 +17,40 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  # For push event, we run benchmark test here because we need to
+  # include benchmark report in the latest release.
+  benchmark-test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
+    - uses: ./tools/github-actions/setup-deps
+
+    # Benchmark
+    - name: Run Benchmark tests
+      env:
+        KIND_NODE_TAG: v1.28.9
+        IMAGE_PULL_POLICY: IfNotPresent
+        # Args for benchmark test
+        BENCHMARK_RPS: 10000
+        BENCHMARK_CONNECTIONS: 100
+        BENCHMARK_DURATION: 30
+        BENCHMARK_CPU_LIMITS: 1000m
+        BENCHMARK_MEMORY_LIMITS: 2000Mi
+        BENCHMARK_REPORT_DIR: benchmark_report
+      run: make benchmark
+
+    - name: Package benchmark report
+      run: cd test/benchmark && zip -r benchmark_report.zip benchmark_report
+
+    - name: Upload Benchmark Report
+      uses: actions/upload-artifact@v4  # version is better be consistent with actions/download-artifact
+      with:
+        name: benchmark_report
+        path: test/benchmark/benchmark_report.zip
+
   latest-release:
     runs-on: ubuntu-22.04
+    needs: [benchmark-test]
     permissions:
       contents: write
     steps:
@@ -29,6 +61,12 @@ jobs:
       # Use `Always` image pull policy for latest version.
       run: IMAGE_PULL_POLICY=Always make generate-manifests IMAGE=envoyproxy/gateway-dev TAG=latest OUTPUT_DIR=release-artifacts
 
+    - name: Download Benchmark Report
+      uses: actions/download-artifact@v4
+      with:
+        name: benchmark_report
+        path: release-artifacts
+
     - name: Build egctl latest multiarch binaries
       run: |
         make build-multiarch BINS="egctl"
@@ -70,6 +108,7 @@ jobs:
         files: |
           release-artifacts/install.yaml
           release-artifacts/quickstart.yaml
+          release-artifacts/benchmark_report.zip
           egctl_latest_linux_amd64.tar.gz
           egctl_latest_linux_arm64.tar.gz
           egctl_latest_darwin_amd64.tar.gz

.github/workflows/license-scan.yml

@@ -18,7 +18,7 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
     - name: Run scanner
-      uses: google/osv-scanner-action/osv-scanner-action@3c399db9dd6dd8106a27d280d53c55077d3f7cea  # v1.8.1
+      uses: google/osv-scanner-action/osv-scanner-action@7ac94f9d40028db4cacf8d53adec6626f5d3d2f7  # v1.8.2
       with:
         scan-args: |-
           --skip-git

.github/workflows/osv-scanner.yml

@@ -16,16 +16,31 @@ on:
 jobs:
   scan-scheduled:
     if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@3c399db9dd6dd8106a27d280d53c55077d3f7cea"  # v1.8.1
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@7ac94f9d40028db4cacf8d53adec6626f5d3d2f7"  # v1.8.2
     permissions:
       actions: read
       contents: read
       # Require writing security events to upload SARIF file to security tab
       security-events: write
+    with:
+      scan-args: |-
+        --skip-git
+        --recursive
+        ./
+        --config
+        tools/osv-scanner/config.toml
+
   scan-pr:
     if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@3c399db9dd6dd8106a27d280d53c55077d3f7cea"  # v1.8.1
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@7ac94f9d40028db4cacf8d53adec6626f5d3d2f7"  # v1.8.2
     permissions:
       actions: read
       contents: read
       security-events: write
+    with:
+      scan-args: |-
+        --skip-git
+        --recursive
+        ./
+        --config
+        tools/osv-scanner/config.toml

.github/workflows/release.yaml

@@ -10,8 +10,40 @@ on:
       - "v*.*.*"
 
 jobs:
+  # For push event, we run benchmark test here because we need to
+  # include benchmark report in the release.
+  benchmark-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
+      - uses: ./tools/github-actions/setup-deps
+
+      # Benchmark
+      - name: Run Benchmark tests
+        env:
+          KIND_NODE_TAG: v1.28.9
+          IMAGE_PULL_POLICY: IfNotPresent
+          # Args for benchmark test
+          BENCHMARK_RPS: 10000
+          BENCHMARK_CONNECTIONS: 100
+          BENCHMARK_DURATION: 30
+          BENCHMARK_CPU_LIMITS: 1000m
+          BENCHMARK_MEMORY_LIMITS: 2000Mi
+          BENCHMARK_REPORT_DIR: benchmark_report
+        run: make benchmark
+
+      - name: Package benchmark report
+        run: cd test/benchmark && zip -r benchmark_report.zip benchmark_report
+
+      - name: Upload Benchmark Report
+        uses: actions/upload-artifact@v4  # version is better be consistent with actions/download-artifact
+        with:
+          name: benchmark_report
+          path: test/benchmark/benchmark_report.zip
+
   release:
     runs-on: ubuntu-22.04
+    needs: [benchmark-test]
     permissions:
       contents: write
     steps:
@@ -39,13 +71,20 @@ jobs:
       - name: Build and Push EG Release Helm Chart
         run: IMAGE_PULL_POLICY=IfNotPresent OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=${{ env.release_tag }} IMAGE=docker.io/envoyproxy/gateway TAG=${{ env.release_tag }} make helm-package helm-push
 
+      - name: Download Benchmark Report
+        uses: actions/download-artifact@v4
+        with:
+          name: benchmark_report
+          path: release-artifacts
+
       - name: Upload Release Manifests
         uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0  # v0.1.15
         with:
           files: |
             release-artifacts/install.yaml
             release-artifacts/quickstart.yaml
             release-artifacts/release-notes.yaml
+            release-artifacts/benchmark_report.zip
             release-artifacts/egctl_${{ env.release_tag }}_linux_amd64.tar.gz
             release-artifacts/egctl_${{ env.release_tag }}_linux_arm64.tar.gz
             release-artifacts/egctl_${{ env.release_tag }}_darwin_amd64.tar.gz

.github/workflows/scorecard.yml

@@ -40,6 +40,6 @@ jobs:
         retention-days: 5
 
     - name: "Upload to code-scanning"
-      uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c  # v3.25.11
+      uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f  # v3.25.12
       with:
         sarif_file: results.sarif

.github/workflows/trivy.yml

@@ -25,7 +25,7 @@ jobs:
         IMAGE=envoy-proxy/gateway-dev TAG=${{ github.sha }} make image
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2  # v0.23.0
+      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8  # v0.24.0
       with:
         image-ref: envoy-proxy/gateway-dev:${{ github.sha }}
         exit-code: '1'

.gitignore

@@ -35,5 +35,10 @@ charts/gateway-helm/values.yaml
 # dependency charts generated by addons helm.
 charts/gateway-addons-helm/charts/
 
+# vendor for grafonnet
+charts/gateway-addons-helm/dashboards/vendor/
+
 # VIM
 .*.swp
+
+*.tar.gz

OWNERS

@@ -13,9 +13,18 @@ maintainers:
 - arkodg
 - Xunzhuo
 - zirain
-- qicz
 - zhaohuabing
 - guydc
+- shawnh2
+
+emeritus-maintainers:
+
+- alexgervais
+- danehans
+- LukeShu
+- skriss
+- youngnick
+- qicz
 
 reviewers:
 
@@ -24,5 +33,4 @@ reviewers:
 - tmsnan
 - tanujd11
 - cnvergence
-- shawnh2
 - liorokman

VERSION

@@ -1 +1 @@
-v1.1.0-rc.1
+v1.1.0

api/v1alpha1/accesslogging_types.go

@@ -20,7 +20,7 @@ type ProxyAccessLogSetting struct {
 	// Format defines the format of accesslog.
 	// This will be ignored if sink type is ALS.
 	// +optional
-	Format *ProxyAccessLogFormat `json:"format"`
+	Format *ProxyAccessLogFormat `json:"format,omitempty"`
 	// Matches defines the match conditions for accesslog in CEL expression.
 	// An accesslog will be emitted only when one or more match conditions are evaluated to true.
 	// Invalid [CEL](https://www.envoyproxy.io/docs/envoy/latest/xds/type/v3/cel.proto.html#common-expression-language-cel-proto) expressions will be ignored.

api/v1alpha1/backendtrafficpolicy_types.go

@@ -34,7 +34,7 @@ type BackendTrafficPolicy struct {
 	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs))", message="either targetRef or targetRefs must be used"
+// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
 //
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true ", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute"

api/v1alpha1/clienttrafficpolicy_types.go

@@ -34,7 +34,7 @@ type ClientTrafficPolicy struct {
 	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs))", message="either targetRef or targetRefs must be used"
+// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
 //
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind == 'Gateway' : true", message="this policy can only have a targetRef.kind of Gateway"

api/v1alpha1/envoyextensionypolicy_types.go

@@ -32,7 +32,7 @@ type EnvoyExtensionPolicy struct {
 	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs))", message="either targetRef or targetRefs must be used"
+// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
 //
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute"

api/v1alpha1/loadbalancer_types.go

@@ -58,7 +58,10 @@ const (
 // +kubebuilder:validation:XValidation:rule="self.type == 'Header' ? has(self.header) : !has(self.header)",message="If consistent hash type is header, the header field must be set."
 // +kubebuilder:validation:XValidation:rule="self.type == 'Cookie' ? has(self.cookie) : !has(self.cookie)",message="If consistent hash type is cookie, the cookie field must be set."
 type ConsistentHash struct {
-	// ConsistentHashType defines the type of input to hash on. Valid Type values are "SourceIP" or "Header".
+	// ConsistentHashType defines the type of input to hash on. Valid Type values are
+	// "SourceIP",
+	// "Header",
+	// "Cookie".
 	//
 	// +unionDiscriminator
 	Type ConsistentHashType `json:"type"`

api/v1alpha1/securitypolicy_types.go

@@ -33,7 +33,7 @@ type SecurityPolicy struct {
 	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs))", message="either targetRef or targetRefs must be used"
+// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
 //
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute"

charts/gateway-addons-helm/.helmignore

@@ -21,3 +21,8 @@
 .idea/
 *.tmproj
 .vscode/
+# Vendor and configs for Jsonnet and Grafonnet
+dashboards/lib/
+dashboards/vendor/
+dashboards/jsonnetfile.json
+dashboards/jsonnetfile.lock.json

charts/gateway-addons-helm/README.md

@@ -61,6 +61,7 @@ To uninstall the chart:
 | fluent-bit.config.service | string | `"[SERVICE]\n    Daemon Off\n    Flush {{ .Values.flush }}\n    Log_Level {{ .Values.logLevel }}\n    Parsers_File parsers.conf\n    Parsers_File custom_parsers.conf\n    HTTP_Server On\n    HTTP_Listen 0.0.0.0\n    HTTP_Port {{ .Values.metricsPort }}\n    Health_Check On\n"` |  |
 | fluent-bit.enabled | bool | `true` |  |
 | fluent-bit.fullnameOverride | string | `"fluent-bit"` |  |
+| fluent-bit.image.repository | string | `"fluent/fluent-bit"` |  |
 | fluent-bit.podAnnotations."fluentbit.io/exclude" | string | `"true"` |  |
 | fluent-bit.podAnnotations."prometheus.io/path" | string | `"/api/v1/metrics/prometheus"` |  |
 | fluent-bit.podAnnotations."prometheus.io/port" | string | `"2020"` |  |