fix: validate EnvoyGateway configuration before reload #7412

zirain · 2025-11-03T06:10:51Z

Signed-off-by: zirain <[email protected]>

codecov · 2025-11-03T06:19:55Z

Codecov Report

❌ Patch coverage is 0% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.25%. Comparing base (e9e1ba9) to head (9674595).
⚠️ Report is 24 commits behind head on main.

Files with missing lines	Patch %	Lines
...nternal/envoygateway/config/loader/configloader.go	0.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7412      +/-   ##
==========================================
- Coverage   72.33%   72.25%   -0.09%     
==========================================
  Files         231      231              
  Lines       33999    34002       +3     
==========================================
- Hits        24593    24567      -26     
- Misses       7637     7662      +25     
- Partials     1769     1773       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Signed-off-by: zirain <[email protected]>

* chore(examples): fix extensionserver build (#7398) Signed-off-by: Maxime Brunet <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * chore: add missing endpoints in the crl test (#7402) fix test for #7199 Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * chore(make): exit on failure (#7387) Signed-off-by: Maxime Brunet <[email protected]> Co-authored-by: zirain <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix: port typo (#7397) Signed-off-by: cong <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * build(deps): bump busybox from `2f590fc` to `e3652a0` in /tools/docker/envoy-gateway (#7409) build(deps): bump busybox in /tools/docker/envoy-gateway Bumps busybox from `2f590fc` to `e3652a0`. --- updated-dependencies: - dependency-name: busybox dependency-version: e3652a00a2fabd16ce889f0aa32c38eec347b997e73bd09e69c962ec7f8732ee dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix: validate EnvoyGateway configuration before reload (#7412) Signed-off-by: zirain <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * build(deps): bump the actions group across 1 directory with 2 updates (#7410) Bumps the actions group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [google/osv-scanner-action](https://github.com/google/osv-scanner-action). Updates `github/codeql-action` from 4.31.0 to 4.31.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@4e94bd1...0499de3) Updates `google/osv-scanner-action` from 2.2.3 to 2.2.4 - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@e92b5d0...9bb6957) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: google/osv-scanner-action dependency-version: 2.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix: missing onInvalidMessage for ClientTrafficPolicy (#7417) Signed-off-by: i.makarychev <[email protected]> Signed-off-by: i.makarychev <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * chore: add missing filters in the filter order configuration (#7404) * add missing filters in the filter order configuration Signed-off-by: Huabing Zhao <[email protected]> * fix wrong filter name Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * test: tcp security policy e2e (#7226) * feat(securitypolicy): Added e2e tests for tcp security policies Signed-off-by: davem-git <[email protected]> * removed commented out line Signed-off-by: davem-git <[email protected]> --------- Signed-off-by: davem-git <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * Docs: tcp security policy (#7247) * updated release notes Signed-off-by: davem-git <[email protected]> * updated docs Signed-off-by: davem-git <[email protected]> * fixed merge conflict Signed-off-by: davem-git <[email protected]> --------- Signed-off-by: davem-git <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * feat: support both local and global ratelimit simultaneously (#7334) * update rate limit type Signed-off-by: kkk777-7 <[email protected]> * feat: support both type rate limit Signed-off-by: kkk777-7 <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * feat: support separated path match in ratelimit path (#7413) * update: path match ratelimit e2e Signed-off-by: kkk777-7 <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix: handle optional next update for CRL (#7422) fix: handle optional next update for crl Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix: missing jwt provider when jwt is configured on multiple listeners sharing the same port (#7337) * fix jwt provider missing when jwt is configured at multiple ir listeners Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix: only insert proxy service once it exists (#7424) * maybe this is the fix? Signed-off-by: jukie <[email protected]> * fixes Signed-off-by: jukie <[email protected]> * cleanup Signed-off-by: jukie <[email protected]> * consolidate Signed-off-by: jukie <[email protected]> * fix Signed-off-by: jukie <[email protected]> --------- Signed-off-by: jukie <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix error when updating invalid gateway status (#7415) * fix error when updating invalid gateway status Signed-off-by: zirain <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix: avoid calling the issuer's well-known endpoint for every routes (#7394) * fix: avoid calling the issuer's well-known endpoint for every routes with Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix: memory leak (#7429) Fix memory leak. Two watchable.Maps were never closed when shutting down the provider: - GatewayClassStatuses.Close() - missing in GatewayAPIStatuses.Close() - BackendTrafficPolicyStatuses.Close() - missing in PolicyStatuses.Close() Each unclosed map leaked 3 goroutines: 1. Internal watchable.Map.coalesce goroutine 2. HandleSubscription goroutine blocked on channel read 3. Error handler goroutine blocked on channel read Signed-off-by: Gonzalo Serrano <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * perf: move snapshot update above status update in xds layer (#7423) Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * chore: cleanup logging when inserting proxy service cluster (#7431) cleanup Signed-off-by: jukie <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * upgrade gofumpt (#7420) Signed-off-by: fabian4 <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * feat(translator): relax backend restrictions for localhost when running standalone with Host infrastructure (#7427) Signed-off-by: Rudrakh Panigrahi <[email protected]> * chore: improve api docs for http10.useDefaultHost (#7435) * imporove api docs for useDefaultHost Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * ci: disable lint.dependabot (#7445) Signed-off-by: zirain <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * chore: bump github.com/containerd/containerd (#7448) Signed-off-by: zirain <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * perf: do not set last transition time for status in watcher layer (#7268) Signed-off-by: Rudrakh Panigrahi <[email protected]> * docs: fix gwapi docs (#7408) * docs: fix gwapi docs Signed-off-by: zirain <[email protected]> * fix Signed-off-by: zirain <[email protected]> * update Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * chore: renable lint.dependabot (#7454) Signed-off-by: zirain <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * chore: remove last transition time comparison as no longer set (#7451) chore: remove last transition time comparision as no longer set Signed-off-by: Rudrakh Panigrahi <[email protected]> Co-authored-by: zirain <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix: merged policy status (#7376) Signed-off-by: kkk777-7 <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix: header modifier doesn't permit multiple values with commas (#7436) * revert: separate headers with commas Signed-off-by: kkk777-7 <[email protected]> * add e2e Signed-off-by: kkk777-7 <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * fix auto http config with proxy protocol (#7439) * don't set TypedExtensionProtocolOptions when ProxyProtocol enabled Signed-off-by: zirain <[email protected]> * update test Signed-off-by: zirain <[email protected]> * enable auto ALPN for proxy protocol Signed-off-by: zirain <[email protected]> * add e2e Signed-off-by: zirain <[email protected]> * update Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> * build(deps): bump sigs.k8s.io/controller-runtime from 0.22.3 to 0.22.4 in /examples/extension-server (#7470) build(deps): bump sigs.k8s.io/controller-runtime Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.22.3 to 0.22.4. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.22.3...v0.22.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.22.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <[email protected]> * build(deps): bump softprops/action-gh-release from 2.4.1 to 2.4.2 in the actions group across 1 directory (#7461) build(deps): bump softprops/action-gh-release Bumps the actions group with 1 update in the / directory: [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `softprops/action-gh-release` from 2.4.1 to 2.4.2 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@6da8fa9...5be0e66) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <[email protected]> * build(deps): bump github.com/envoyproxy/go-control-plane/envoy from 1.35.0 to 1.36.0 in /examples/grpc-ext-proc (#7471) build(deps): bump github.com/envoyproxy/go-control-plane/envoy Bumps [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) from 1.35.0 to 1.36.0. - [Release notes](https://github.com/envoyproxy/go-control-plane/releases) - [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md) - [Commits](envoyproxy/go-control-plane@envoy/v1.35.0...envoy/v1.36.0) --- updated-dependencies: - dependency-name: github.com/envoyproxy/go-control-plane/envoy dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <[email protected]> * build(deps): bump github.com/envoyproxy/go-control-plane/envoy from 1.35.0 to 1.36.0 in /examples/envoy-ext-auth (#7467) build(deps): bump github.com/envoyproxy/go-control-plane/envoy Bumps [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) from 1.35.0 to 1.36.0. - [Release notes](https://github.com/envoyproxy/go-control-plane/releases) - [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md) - [Commits](envoyproxy/go-control-plane@envoy/v1.35.0...envoy/v1.36.0) --- updated-dependencies: - dependency-name: github.com/envoyproxy/go-control-plane/envoy dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <[email protected]> * build(deps): bump github.com/envoyproxy/go-control-plane/envoy from 1.35.1-0.20251029084203-42a4a9261f66 to 1.36.0 in /examples/extension-server (#7468) build(deps): bump github.com/envoyproxy/go-control-plane/envoy Bumps [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) from 1.35.1-0.20251029084203-42a4a9261f66 to 1.36.0. - [Release notes](https://github.com/envoyproxy/go-control-plane/releases) - [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md) - [Commits](https://github.com/envoyproxy/go-control-plane/commits/envoy/v1.36.0) --- updated-dependencies: - dependency-name: github.com/envoyproxy/go-control-plane/envoy dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rudrakh Panigrahi <[email protected]> * [release/v1.6] v1.6.0 release docs (#7475) Signed-off-by: Rudrakh Panigrahi <[email protected]> --------- Signed-off-by: Maxime Brunet <[email protected]> Signed-off-by: Rudrakh Panigrahi <[email protected]> Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: cong <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: zirain <[email protected]> Signed-off-by: i.makarychev <[email protected]> Signed-off-by: i.makarychev <[email protected]> Signed-off-by: davem-git <[email protected]> Signed-off-by: kkk777-7 <[email protected]> Signed-off-by: jukie <[email protected]> Signed-off-by: Gonzalo Serrano <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: fabian4 <[email protected]> Co-authored-by: Maxime Brunet <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: 聪 <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Inode1 <[email protected]> Co-authored-by: davem-git <[email protected]> Co-authored-by: Kota Kimura <[email protected]> Co-authored-by: Isaac <[email protected]> Co-authored-by: Gonzalo Serrano <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: Fabian Bao <[email protected]> Co-authored-by: Ignasi Barrera <[email protected]>

fix: validate EnvoyGateway configuration before reload

9674595

Signed-off-by: zirain <[email protected]>

zirain requested a review from a team as a code owner November 3, 2025 06:10

kkk777-7 approved these changes Nov 3, 2025

View reviewed changes

arkodg approved these changes Nov 3, 2025

View reviewed changes

arkodg merged commit 63e94a3 into envoyproxy:main Nov 3, 2025
31 of 32 checks passed

zirain deleted the validate-envoygateway-cfg branch November 3, 2025 22:50

arkodg added the cherrypick/release-v1.5.5 label Nov 8, 2025

rudrakhp pushed a commit that referenced this pull request Nov 10, 2025

fix: validate EnvoyGateway configuration before reload (#7412)

3bb7cc8

Signed-off-by: zirain <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: validate EnvoyGateway configuration before reload #7412

fix: validate EnvoyGateway configuration before reload #7412

Uh oh!

zirain commented Nov 3, 2025

Uh oh!

codecov bot commented Nov 3, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

fix: validate EnvoyGateway configuration before reload #7412

fix: validate EnvoyGateway configuration before reload #7412

Uh oh!

Conversation

zirain commented Nov 3, 2025

Uh oh!

codecov bot commented Nov 3, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

codecov bot commented Nov 3, 2025 •

edited

Loading