Merge branch 'main' into api-docs

envoyproxy · Apr 21, 2023 · 36afd96 · 36afd96
2 parents c7b4267 + 2bf9607
commit 36afd96
Show file tree

Hide file tree

Showing 18 changed files with 524 additions and 159 deletions.
diff --git a/charts/gateway-helm/templates/certgen-rbac.yaml b/charts/gateway-helm/templates/certgen-rbac.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ include "eg.fullname" . }}-certgen
+  namespace: '{{ .Release.Namespace }}'
   labels:
   {{- include "eg.labels" . | nindent 4 }}
   annotations:
@@ -11,6 +12,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ include "eg.fullname" . }}-certgen
+  namespace: '{{ .Release.Namespace }}'
   labels:
   {{- include "eg.labels" . | nindent 4 }}
   annotations:
@@ -29,6 +31,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ include "eg.fullname" . }}-certgen
+  namespace: '{{ .Release.Namespace }}'
   labels:
   {{- include "eg.labels" . | nindent 4 }}
   annotations:

diff --git a/charts/gateway-helm/templates/certgen.yaml b/charts/gateway-helm/templates/certgen.yaml
@@ -2,6 +2,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
   name: {{ include "eg.fullname" . }}-certgen
+  namespace: '{{ .Release.Namespace }}'
   labels:
   {{- include "eg.labels" . | nindent 4 }}
   annotations:

diff --git a/charts/gateway-helm/templates/envoy-gateway-config.yaml b/charts/gateway-helm/templates/envoy-gateway-config.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: envoy-gateway-config
+  namespace: '{{ .Release.Namespace }}'
   labels:
   {{- include "eg.labels" . | nindent 4 }}
 data:

diff --git a/charts/gateway-helm/templates/envoy-gateway-deployment.yaml b/charts/gateway-helm/templates/envoy-gateway-deployment.yaml
@@ -2,13 +2,15 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: envoy-gateway
+  namespace: '{{ .Release.Namespace }}'
   labels:
   {{- include "eg.labels" . | nindent 4 }}
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: envoy-gateway
+  namespace: '{{ .Release.Namespace }}'
   labels:
     control-plane: envoy-gateway
   {{- include "eg.labels" . | nindent 4 }}

diff --git a/charts/gateway-helm/templates/envoy-gateway-metrics-service.yaml b/charts/gateway-helm/templates/envoy-gateway-metrics-service.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: envoy-gateway-metrics-service
+  namespace: '{{ .Release.Namespace }}'
   labels:
     control-plane: envoy-gateway
   {{- include "eg.labels" . | nindent 4 }}

diff --git a/charts/gateway-helm/templates/envoy-gateway-service.yaml b/charts/gateway-helm/templates/envoy-gateway-service.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: envoy-gateway
+  namespace: '{{ .Release.Namespace }}'
   labels:
     control-plane: envoy-gateway
   {{- include "eg.labels" . | nindent 4 }}

diff --git a/charts/gateway-helm/templates/infra-manager-rbac.yaml b/charts/gateway-helm/templates/infra-manager-rbac.yaml
@@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ include "eg.fullname" . }}-infra-manager
+  namespace: '{{ .Release.Namespace }}'
   labels:
   {{- include "eg.labels" . | nindent 4 }}
 rules:
@@ -29,6 +30,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ include "eg.fullname" . }}-infra-manager
+  namespace: '{{ .Release.Namespace }}'
   labels:
   {{- include "eg.labels" . | nindent 4 }}
 roleRef:

diff --git a/charts/gateway-helm/templates/leader-election-rbac.yaml b/charts/gateway-helm/templates/leader-election-rbac.yaml
@@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ include "eg.fullname" . }}-leader-election-role
+  namespace: '{{ .Release.Namespace }}'
   labels:
   {{- include "eg.labels" . | nindent 4 }}
 rules:
@@ -41,6 +42,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ include "eg.fullname" . }}-leader-election-rolebinding
+  namespace: '{{ .Release.Namespace }}'
   labels:
   {{- include "eg.labels" . | nindent 4 }}
 roleRef:

diff --git a/charts/gateway-helm/templates/metrics-reader-rbac.yaml b/charts/gateway-helm/templates/metrics-reader-rbac.yaml
@@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ include "eg.fullname" . }}-metrics-reader
+  namespace: '{{ .Release.Namespace }}'
   labels:
   {{- include "eg.labels" . | nindent 4 }}
 rules:

diff --git a/charts/gateway-helm/templates/namespace.yaml b/charts/gateway-helm/templates/namespace.yaml
@@ -0,0 +1,6 @@
+{{ if .Values.createNamespace }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: '{{ .Release.Namespace }}' 
+{{ end }}    
diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml
@@ -42,3 +42,4 @@ envoyGatewayMetricsService:
     protocol: TCP
     targetPort: https
 
+createNamespace: false
diff --git a/docs/latest/user/customize-envoyproxy.md b/docs/latest/user/customize-envoyproxy.md
@@ -171,13 +171,82 @@ metadata:
   namespace: envoy-gateway-system
 spec:
   bootstrap: |
-    xxxxxxxxxx
-
+    admin:
+      access_log:
+      - name: envoy.access_loggers.file
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+          path: /dev/null
+      address:
+        socket_address:
+          address: 127.0.0.1
+          port_value: 20000
+    dynamic_resources:
+      ads_config:
+        api_type: DELTA_GRPC
+        transport_api_version: V3
+        grpc_services:
+        - envoy_grpc:
+            cluster_name: xds_cluster
+        set_node_on_first_message_only: true
+      lds_config:
+        ads: {}
+      cds_config:
+        ads: {}
+    static_resources:
+      clusters:
+      - connect_timeout: 10s
+        load_assignment:
+          cluster_name: xds_cluster
+          endpoints:
+          - lb_endpoints:
+            - endpoint:
+                address:
+                  socket_address:
+                    address: envoy-gateway
+                    port_value: 18000
+        typed_extension_protocol_options:
+          "envoy.extensions.upstreams.http.v3.HttpProtocolOptions":
+             "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions"
+             "explicit_http_config":
+               "http2_protocol_options": {}
+        name: xds_cluster
+        type: STRICT_DNS
+        transport_socket:
+          name: envoy.transport_sockets.tls
+          typed_config:
+            "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+            common_tls_context:
+              tls_params:
+                tls_maximum_protocol_version: TLSv1_3
+              tls_certificate_sds_secret_configs:
+              - name: xds_certificate
+                sds_config:
+                  path_config_source:
+                    path: "/sds/xds-certificate.json"
+                  resource_api_version: V3
+              validation_context_sds_secret_config:
+                name: xds_trusted_ca
+                sds_config:
+                  path_config_source:
+                    path: "/sds/xds-trusted-ca.json"
+                  resource_api_version: V3
+    layered_runtime:
+      layers:
+      - name: runtime-0
+        rtds_layer:
+          rtds_config:
+            ads: {}
+          name: runtime-0
 EOF
 ```
 
+You can use [egctl translate](https://gateway.envoyproxy.io/latest/user/egctl.html#validating-gateway-api-configuration)
+to get the default xDS Bootstrap configuration used by Envoy Gateway.
+
 After applying the config, the bootstrap config will be overridden by the new config you provided.
-Envoy Gateway will use Webhook to validate the bootstrap config you provided.
+Any errors in the configuration will be surfaced as status within the `GatewayClass` resource.
+You can also validate this configuration using [egctl translate](https://gateway.envoyproxy.io/latest/user/egctl.html#validating-gateway-api-configuration).
 
 [Gateway API documentation]: https://gateway-api.sigs.k8s.io/
-[EnvoyProxy]: https://www.envoyproxy.io/
+[EnvoyProxy]: https://gateway.envoyproxy.io/latest/api/config_types.html#envoyproxy