envoyproxy
diff --git a/‎.github/dependabot.yml
+3 b/‎.github/dependabot.yml
+3
diff --git a/‎.github/workflows/build_and_test.yaml
+2-3 b/‎.github/workflows/build_and_test.yaml
+2-3
diff --git a/‎.github/workflows/cherrypick.yaml
+9-9 b/‎.github/workflows/cherrypick.yaml
+9-9
diff --git a/‎.github/workflows/experimental_conformance.yaml
+1-1 b/‎.github/workflows/experimental_conformance.yaml
+1-1
diff --git a/‎.github/workflows/latest_release.yaml
+1-1 b/‎.github/workflows/latest_release.yaml
+1-1
diff --git a/‎.github/workflows/release.yaml
+1-1 b/‎.github/workflows/release.yaml
+1-1
diff --git a/‎.gitignore
+3 b/‎.gitignore
+3
diff --git a/‎ADOPTERS.md
+43 b/‎ADOPTERS.md
+43
diff --git a/‎OWNERS
+1-1 b/‎OWNERS
+1-1
diff --git a/‎VERSION
+1-1 b/‎VERSION
+1-1
diff --git a/‎api/v1alpha1/backendtrafficpolicy_types.go
+1-12 b/‎api/v1alpha1/backendtrafficpolicy_types.go
+1-12
diff --git a/‎api/v1alpha1/clienttrafficpolicy_types.go
+1-13 b/‎api/v1alpha1/clienttrafficpolicy_types.go
+1-13
diff --git a/‎api/v1alpha1/kubernetes_helpers.go
+1-11 b/‎api/v1alpha1/kubernetes_helpers.go
+1-11
diff --git a/‎api/v1alpha1/securitypolicy_types.go
+1-1 b/‎api/v1alpha1/securitypolicy_types.go
+1-1
diff --git a/‎api/v1alpha1/shared_types.go
+2-4 b/‎api/v1alpha1/shared_types.go
+2-4
diff --git a/‎api/v1alpha1/validation/envoygateway_validate_test.go
+1-4 b/‎api/v1alpha1/validation/envoygateway_validate_test.go
+1-4
diff --git a/‎api/v1alpha1/validation/envoyproxy_validate.go
+13-25 b/‎api/v1alpha1/validation/envoyproxy_validate.go
+13-25
@@ -32,6 +32,9 @@ updates:
       k8s.io:
         patterns:
           - "k8s.io/*"
+      go.opentelemetry.io:
+        patterns:
+          - "go.opentelemetry.io/*"
   - package-ecosystem: pip
     directory: /tools/src/codespell
     schedule:
 
@@ -12,7 +12,6 @@ on:
     - "release/v*"
     paths-ignore:
     - "**/*.png"
-    - 'site/**'
 
 permissions:
   contents: read
@@ -81,7 +80,7 @@ jobs:
     needs: [build]
     strategy:
       matrix:
-        version: [ v1.27.3, v1.28.0, v1.29.0 ]
+        version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ]
     steps:
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
     - uses: ./tools/github-actions/setup-deps
@@ -109,7 +108,7 @@ jobs:
     needs: [build]
     strategy:
       matrix:
-        version: [ v1.27.3, v1.28.0, v1.29.0 ]
+        version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ]
     steps:
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
     - uses: ./tools/github-actions/setup-deps
 
@@ -9,23 +9,23 @@ permissions:
   contents: read
 
 jobs:
-  cherry_pick_release_v0_6:
+  cherry_pick_release_v1_0:
     runs-on: ubuntu-22.04
-    name: Cherry pick into release-v0.6
-    if: ${{ contains(github.event.pull_request.labels.*.name, 'cherrypick/release-v0.6') && github.event.pull_request.merged == true }}
+    name: Cherry pick into release-v1.0
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'cherrypick/release-v1.0') && github.event.pull_request.merged == true }}
     steps:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
         with:
           fetch-depth: 0
-      - name: Cherry pick into release/v0.6
+      - name: Cherry pick into release/v1.0
         uses: carloscastrojumo/github-cherry-pick-action@a145da1b8142e752d3cbc11aaaa46a535690f0c5  # v1.0.9
         with:
-          branch: release/v0.6
-          title: "[release/v0.6] {old_title}"
-          body: "Cherry picking #{old_pull_request_id} onto release/v0.6"
+          branch: release/v1.0
+          title: "[release/v1.0] {old_title}"
+          body: "Cherry picking #{old_pull_request_id} onto release/v1.0"
           labels: |
-            cherrypick/release-v0.6
+            cherrypick/release-v1.0
           # put release manager here
           reviewers: |
-            arkodg
+            Xunzhuo
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        version: [ v1.26.6, v1.27.3, v1.28.0 ]
+        version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ]
     steps:
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
     - uses: ./tools/github-actions/setup-deps
 
@@ -61,7 +61,7 @@ jobs:
         GITHUB_REPOSITORY: ${{ github.repository_owner }}/${{ github.event.repository.name }}
 
     - name: Recreate the Latest Release and Tag
-      uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844  # v0.1.15
+      uses: softprops/action-gh-release@d99959edae48b5ffffd7b00da66dcdb0a33a52ee  # v0.1.15
       with:
         draft: false
         prerelease: true
 
@@ -40,7 +40,7 @@ jobs:
         run: OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=${{ env.release_tag }} IMAGE=docker.io/envoyproxy/gateway TAG=${{ env.release_tag }} make helm-package helm-push
 
       - name: Upload Release Manifests
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844  # v0.1.15
+        uses: softprops/action-gh-release@d99959edae48b5ffffd7b00da66dcdb0a33a52ee  # v0.1.15
         with:
           files: |
             release-artifacts/install.yaml
 
@@ -31,3 +31,6 @@ vendor/
 
 # values.yaml file is generated from its template counterpart.
 charts/gateway-helm/values.yaml
+
+# VIM
+.*.swp
@@ -0,0 +1,43 @@
+
+<!--
+
+Insert your entry using this template keeping the list alphabetically sorted:
+
+## <Company/Organization Name>
+ * Website: https://www.your-website.com
+ * Category: End User, Service Provider, etc
+ * Environments: AWS, Azure, Google Cloud, Bare Metal, etc
+ * Use Cases:
+    - ...
+ * Status:
+   - [ ] development & testing
+   - [ ] production
+ * (Option) Logo (show in the official site):
+ * (Option) Description:
+-->
+
+# Envoy Gateway Adopters
+
+This page contains a list of organizations who are users of Envoy Gateway, following the [definitions provided by the CNCF](https://github.com/cncf/toc/blob/main/FAQ.md#what-is-the-definition-of-an-adopter).
+
+If you would like to be included in this table, please submit a PR to this file or comment to [this issue](https://github.com/envoyproxy/gateway/issues/2781) and your information will be added.
+
+## AllFactors
+* Website https://allfactors.com
+* Category: End User
+* Environments:
+* Use Case:
+   - Routing all customer traffic to our various backends. Every time a new customer signs up we dynamically add a
+     route to a new hostname so Envoy Gateway is deeply integrated with our product.
+* Status: production
+* Logo: https://allfactors.com/AllFactors-Logo.svg
+
+## Tetrate
+* Website: https://www.tetrate.io
+* Category: Service Provider
+* Environments: AWS
+* Use Cases:
+   - Tetrate provides Enterprise Gateway (TEG) to end users, which includes a 100% upstream distribution of Envoy Gateway, and management to deliver applications securely, authenticate user traffic, protect services with rate limiting and WAF, and integrate with your observability stack to monitor and observe activity.
+* Status: production
+* (Option) https://tetrate.io/wp-content/uploads/2023/03/tetrate-logo-dark.svg
+* (Option) Description:
@@ -15,6 +15,7 @@ maintainers:
 - zirain
 - qicz
 - zhaohuabing
+- guydc
 
 reviewers:
 
@@ -25,5 +26,4 @@ reviewers:
 - tanujd11
 - cnvergence
 - shawnh2
-- guydc
 - liorokman
@@ -1 +1 @@
-v1.0.0-rc.1
+v1.0.0
@@ -31,7 +31,7 @@ type BackendTrafficPolicy struct {
 	Spec BackendTrafficPolicySpec `json:"spec"`
 
 	// status defines the current status of BackendTrafficPolicy.
-	Status BackendTrafficPolicyStatus `json:"status,omitempty"`
+	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
 }
 
 // spec defines the desired state of BackendTrafficPolicy.
@@ -98,17 +98,6 @@ type BackendTrafficPolicySpec struct {
 	Compression []*Compression `json:"compression,omitempty"`
 }
 
-// BackendTrafficPolicyStatus defines the state of BackendTrafficPolicy
-type BackendTrafficPolicyStatus struct {
-	// Conditions describe the current conditions of the BackendTrafficPolicy.
-	//
-	// +optional
-	// +listType=map
-	// +listMapKey=type
-	// +kubebuilder:validation:MaxItems=8
-	Conditions []metav1.Condition `json:"conditions,omitempty"`
-}
-
 // +kubebuilder:object:root=true
 // BackendTrafficPolicyList contains a list of BackendTrafficPolicy resources.
 type BackendTrafficPolicyList struct {
 
@@ -31,10 +31,9 @@ type ClientTrafficPolicy struct {
 	Spec ClientTrafficPolicySpec `json:"spec"`
 
 	// Status defines the current status of ClientTrafficPolicy.
-	Status ClientTrafficPolicyStatus `json:"status,omitempty"`
+	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:validation:XValidation:rule="has(self.http3) && has(self.tls) && has(self.tls.alpnProtocols) ? self.tls.alpnProtocols.size() == 0 : true",message="alpn protocols can't be set if HTTP/3 is enabled"
 // ClientTrafficPolicySpec defines the desired state of ClientTrafficPolicy.
 type ClientTrafficPolicySpec struct {
 	// +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
@@ -175,17 +174,6 @@ type HTTP10Settings struct {
 	UseDefaultHost *bool `json:"useDefaultHost,omitempty"`
 }
 
-// ClientTrafficPolicyStatus defines the state of ClientTrafficPolicy
-type ClientTrafficPolicyStatus struct {
-	// Conditions describe the current conditions of the ClientTrafficPolicy.
-	//
-	// +optional
-	// +listType=map
-	// +listMapKey=type
-	// +kubebuilder:validation:MaxItems=8
-	Conditions []metav1.Condition `json:"conditions,omitempty"`
-}
-
 const (
 	// PolicyConditionOverridden indicates whether the policy has
 	// completely attached to all the sections within the target or not.
 
@@ -17,12 +17,6 @@ import (
 	"k8s.io/utils/ptr"
 )
 
-// DefaultKubernetesDeploymentReplicas returns the default replica settings.
-func DefaultKubernetesDeploymentReplicas() *int32 {
-	repl := int32(DefaultDeploymentReplicas)
-	return &repl
-}
-
 // DefaultKubernetesDeploymentStrategy returns the default deployment strategy settings.
 func DefaultKubernetesDeploymentStrategy() *appv1.DeploymentStrategy {
 	return &appv1.DeploymentStrategy{
@@ -38,7 +32,6 @@ func DefaultKubernetesContainerImage(image string) *string {
 // DefaultKubernetesDeployment returns a new KubernetesDeploymentSpec with default settings.
 func DefaultKubernetesDeployment(image string) *KubernetesDeploymentSpec {
 	return &KubernetesDeploymentSpec{
-		Replicas:  DefaultKubernetesDeploymentReplicas(),
 		Strategy:  DefaultKubernetesDeploymentStrategy(),
 		Pod:       DefaultKubernetesPod(),
 		Container: DefaultKubernetesContainer(image),
@@ -96,10 +89,6 @@ func GetKubernetesServiceExternalTrafficPolicy(serviceExternalTrafficPolicy Serv
 
 // defaultKubernetesDeploymentSpec fill a default KubernetesDeploymentSpec if unspecified.
 func (deployment *KubernetesDeploymentSpec) defaultKubernetesDeploymentSpec(image string) {
-	if deployment.Replicas == nil {
-		deployment.Replicas = DefaultKubernetesDeploymentReplicas()
-	}
-
 	if deployment.Strategy == nil {
 		deployment.Strategy = DefaultKubernetesDeploymentStrategy()
 	}
@@ -121,6 +110,7 @@ func (deployment *KubernetesDeploymentSpec) defaultKubernetesDeploymentSpec(imag
 	}
 }
 
+// setDefault fill a default HorizontalPodAutoscalerSpec if unspecified
 func (hpa *KubernetesHorizontalPodAutoscalerSpec) setDefault() {
 	if len(hpa.Metrics) == 0 {
 		hpa.Metrics = DefaultEnvoyProxyHpaMetrics()
 
@@ -31,7 +31,7 @@ type SecurityPolicy struct {
 	Spec SecurityPolicySpec `json:"spec"`
 
 	// Status defines the current status of SecurityPolicy.
-	Status SecurityPolicyStatus `json:"status,omitempty"`
+	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
 }
 
 // SecurityPolicySpec defines the desired state of SecurityPolicy.
 
@@ -126,10 +126,6 @@ type KubernetesPodSpec struct {
 	// +optional
 	Volumes []corev1.Volume `json:"volumes,omitempty"`
 
-	// HostNetwork, If this is set to true, the pod will use host's network namespace.
-	// +optional
-	HostNetwork bool `json:"hostNetwork,omitempty"`
-
 	// ImagePullSecrets is an optional list of references to secrets
 	// in the same namespace to use for pulling any of the images used by this PodSpec.
 	// If specified, these secrets will be passed to individual puller implementations for them to use.
@@ -348,6 +344,8 @@ const (
 )
 
 // KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment.
+// When HPA is enabled, it is recommended that the value in `KubernetesDeploymentSpec.replicas` be removed, otherwise
+// Envoy Gateway will revert back to this value every time reconciliation occurs.
 // See k8s.io.autoscaling.v2.HorizontalPodAutoScalerSpec.
 //
 // +kubebuilder:validation:XValidation:message="maxReplicas cannot be less than minReplicas",rule="!has(self.minReplicas) || self.maxReplicas >= self.minReplicas"
 
@@ -668,8 +668,7 @@ func TestEnvoyGatewayProvider(t *testing.T) {
 
 	envoyGatewayProvider.Kubernetes = &v1alpha1.EnvoyGatewayKubernetesProvider{
 		RateLimitDeployment: &v1alpha1.KubernetesDeploymentSpec{
-			Replicas: nil,
-			Pod:      nil,
+			Pod: nil,
 			Container: &v1alpha1.KubernetesContainerSpec{
 				Resources:       nil,
 				SecurityContext: nil,
@@ -684,8 +683,6 @@ func TestEnvoyGatewayProvider(t *testing.T) {
 
 	assert.NotNil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment)
 	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment, v1alpha1.DefaultKubernetesDeployment(v1alpha1.DefaultRateLimitImage))
-	assert.NotNil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas)
-	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas, v1alpha1.DefaultKubernetesDeploymentReplicas())
 	assert.NotNil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod)
 	assert.Equal(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod, v1alpha1.DefaultKubernetesPod())
 	assert.NotNil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container)
 
@@ -9,17 +9,15 @@ import (
 	"errors"
 	"fmt"
 	"net/netip"
-	"reflect"
 
 	bootstrapv3 "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3"
 	clusterv3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	"github.com/google/go-cmp/cmp"
-	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/testing/protocmp"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
-	"sigs.k8s.io/yaml"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
+	"github.com/envoyproxy/gateway/internal/utils/proto"
 	"github.com/envoyproxy/gateway/internal/xds/bootstrap"
 	_ "github.com/envoyproxy/gateway/internal/xds/extensions" // register the generated types to support protojson unmarshalling
 )
@@ -140,42 +138,33 @@ func validateService(spec *egv1a1.EnvoyProxySpec) []error {
 }
 
 func validateBootstrap(boostrapConfig *egv1a1.ProxyBootstrap) error {
+	// Validate user bootstrap config
 	defaultBootstrap := &bootstrapv3.Bootstrap{}
 	// TODO: need validate when enable prometheus?
 	defaultBootstrapStr, err := bootstrap.GetRenderedBootstrapConfig(nil)
 	if err != nil {
 		return err
 	}
+	if err := proto.FromYAML([]byte(defaultBootstrapStr), defaultBootstrap); err != nil {
+		return fmt.Errorf("unable to unmarshal default bootstrap: %w", err)
+	}
+	if err := defaultBootstrap.Validate(); err != nil {
+		return fmt.Errorf("default bootstrap validation failed: %w", err)
+	}
 
+	// Validate user bootstrap config
 	userBootstrapStr, err := bootstrap.ApplyBootstrapConfig(boostrapConfig, defaultBootstrapStr)
 	if err != nil {
 		return err
 	}
-
-	jsonData, err := yaml.YAMLToJSON([]byte(userBootstrapStr))
-	if err != nil {
-		return fmt.Errorf("unable to convert user bootstrap to json: %w", err)
-	}
-
 	userBootstrap := &bootstrapv3.Bootstrap{}
-	if err := protojson.Unmarshal(jsonData, userBootstrap); err != nil {
-		return fmt.Errorf("unable to unmarshal user bootstrap: %w", err)
+	if err := proto.FromYAML([]byte(userBootstrapStr), userBootstrap); err != nil {
+		return fmt.Errorf("failed to parse default bootstrap config: %w", err)
 	}
-
-	// Call Validate method
 	if err := userBootstrap.Validate(); err != nil {
 		return fmt.Errorf("validation failed for user bootstrap: %w", err)
 	}
 
-	jsonData, err = yaml.YAMLToJSON([]byte(defaultBootstrapStr))
-	if err != nil {
-		return fmt.Errorf("unable to convert default bootstrap to json: %w", err)
-	}
-
-	if err := protojson.Unmarshal(jsonData, defaultBootstrap); err != nil {
-		return fmt.Errorf("unable to unmarshal default bootstrap: %w", err)
-	}
-
 	// Ensure dynamic resources config is same
 	if userBootstrap.DynamicResources == nil ||
 		cmp.Diff(userBootstrap.DynamicResources, defaultBootstrap.DynamicResources, protocmp.Transform()) != "" {
@@ -196,9 +185,8 @@ func validateBootstrap(boostrapConfig *egv1a1.ProxyBootstrap) error {
 			break
 		}
 	}
-
-	// nolint // Circumvents this error "Error: copylocks: call of reflect.DeepEqual copies lock value:"
-	if userXdsCluster == nil || !reflect.DeepEqual(*userXdsCluster.LoadAssignment, *defaultXdsCluster.LoadAssignment) {
+	if userXdsCluster == nil ||
+		cmp.Diff(userXdsCluster.LoadAssignment, defaultXdsCluster.LoadAssignment, protocmp.Transform()) != "" {
 		return fmt.Errorf("xds_cluster's loadAssigntment cannot be modified")
 	}
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ type SecurityPolicy struct {`
`31`	`31`	Spec SecurityPolicySpec `json:"spec"`
`32`	`32`
`33`	`33`	`// Status defines the current status of SecurityPolicy.`
`34`		- Status SecurityPolicyStatus `json:"status,omitempty"`
	`34`	+ Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`// SecurityPolicySpec defines the desired state of SecurityPolicy.`