[release/v1.1] cherry-pick main (envoyproxy#3935)

* fix quickstart link in helm chart (envoyproxy#3793) Signed-off-by: Huabing Zhao <[email protected]> * build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0 (envoyproxy#3780) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.21.0 to 0.22.0. - [Commits](golang/sys@v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain <[email protected]> Co-authored-by: Xunzhuo <[email protected]> * build(deps): bump distroless/static from `e9ac71e` to `8dd8d3c` in /tools/docker/envoy-gateway (envoyproxy#3778) build(deps): bump distroless/static in /tools/docker/envoy-gateway Bumps distroless/static from `e9ac71e` to `8dd8d3c`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Xunzhuo <[email protected]> * build(deps): bump fortio.org/log from 1.12.2 to 1.14.0 (envoyproxy#3782) Bumps [fortio.org/log](https://github.com/fortio/log) from 1.12.2 to 1.14.0. - [Release notes](https://github.com/fortio/log/releases) - [Commits](fortio/log@v1.12.2...v1.14.0) --- updated-dependencies: - dependency-name: fortio.org/log dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain <[email protected]> Co-authored-by: Xunzhuo <[email protected]> * build(deps): bump google.golang.org/grpc from 1.64.0 to 1.65.0 (envoyproxy#3783) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.64.0 to 1.65.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.64.0...v1.65.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: move release-notes out of version (envoyproxy#3765) * move release-notes out of version Signed-off-by: zirain <[email protected]> * fix Signed-off-by: zirain <[email protected]> * update release-notes Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> * ci: update cherry-pick v1.1.0 (envoyproxy#3803) Signed-off-by: Guy Daich <[email protected]> * doc: how to build a wasm image (envoyproxy#3806) * docs for building wasm images Signed-off-by: Huabing Zhao <[email protected]> * address comments Signed-off-by: Huabing Zhao <[email protected]> * minor change Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> * Use Wasm instead of WASM (envoyproxy#3812) * Use Wasm instead of WASM Signed-off-by: Takeshi Yoneda <[email protected]> * part2 Signed-off-by: Takeshi Yoneda <[email protected]> --------- Signed-off-by: Takeshi Yoneda <[email protected]> * docs: generate v1.1.0-rc.1 release note (envoyproxy#3794) * chore: release-notes-docs be part of generate (envoyproxy#3815) * fix: enable client timeout test (envoyproxy#3811) * enable client timeout test Signed-off-by: Guy Daich <[email protected]> * fix target of policy Signed-off-by: Guy Daich <[email protected]> --------- Signed-off-by: Guy Daich <[email protected]> * chore: add benchmark report into release artifacts (envoyproxy#3756) * add benchmark report save dir Signed-off-by: shawnh2 <[email protected]> * add benchmark report to latest release Signed-off-by: shawnh2 <[email protected]> * separate benchmark-test push and pull_request event Signed-off-by: shawnh2 <[email protected]> * add benchmark report to release workflow Signed-off-by: shawnh2 <[email protected]> * fix lint and update doc Signed-off-by: shawnh2 <[email protected]> * move out resource limit unit Signed-off-by: shawnh2 <[email protected]> --------- Signed-off-by: shawnh2 <[email protected]> Co-authored-by: Xunzhuo <[email protected]> * docs: fix grafana link (envoyproxy#3818) Signed-off-by: zirain <[email protected]> * e2e: make sure ALS server is ready (envoyproxy#3816) Signed-off-by: zirain <[email protected]> * Revert "docs: fix grafana link" (envoyproxy#3822) Revert "docs: fix grafana link (envoyproxy#3818)" This reverts commit 0af2f9f. Signed-off-by: zirain <[email protected]> * feat: support target selectors on Envoy Gateway Extension Server policies (envoyproxy#3800) * Support target selectors on Envoy Gateway Extension Server policies Signed-off-by: Lior Okman <[email protected]> * Fixed the linter errors Signed-off-by: Lior Okman <[email protected]> --------- Signed-off-by: Lior Okman <[email protected]> * docs: updating the documentation for Extension Servers and adding an example extension server (envoyproxy#3788) * Updating the documentation for Extension Servers and adding an example extension server. Signed-off-by: Lior Okman <[email protected]> * Make the docs linter happy Signed-off-by: Lior Okman <[email protected]> * Add license headers to every new source file, and make the yaml linter ignore the extension-server chart Signed-off-by: Lior Okman <[email protected]> * Add the boilerplate license for generated files. Signed-off-by: Lior Okman <[email protected]> --------- Signed-off-by: Lior Okman <[email protected]> * docs for ip allowlist/denylist (envoyproxy#3784) * docs for ip whitelisting/blacklisting Signed-off-by: Huabing Zhao <[email protected]> * replace terms based on CNCF INI doc Signed-off-by: Huabing Zhao <[email protected]> * address comments Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Co-authored-by: Guy Daich <[email protected]> * docs: gRPC Access Log Service (ALS) sink (envoyproxy#3768) * docs: gRPC Access Log Service (ALS) sink Signed-off-by: zirain <[email protected]> * ignore githubusercontent.com Signed-off-by: zirain <[email protected]> * update Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Co-authored-by: Guy Daich <[email protected]> * docs: update v1.1.0-rc.1 release notes (envoyproxy#3821) update v1.1.0-rc.1 release notes Signed-off-by: Guy Daich <[email protected]> * docs: add task for wasm extensions (envoyproxy#3796) * docs for wasm extensions Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> * address comments Signed-off-by: Huabing Zhao <[email protected]> * minor change Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Co-authored-by: Guy Daich <[email protected]> * community: promote shawnh2 to maintainer and move qicz to emeritus (envoyproxy#3760) Signed-off-by: bitliu <[email protected]> * chore: report a translate error to errChan to make it observed correctly (envoyproxy#3827) Signed-off-by: Kensei Nakada <[email protected]> * chore: upgrade to golang v1.22.5 (envoyproxy#3829) * chore: golang v1.22.5 Signed-off-by: Kensei Nakada <[email protected]> * chore: update golang version in example manifest Signed-off-by: Kensei Nakada <[email protected]> --------- Signed-off-by: Kensei Nakada <[email protected]> Co-authored-by: zirain <[email protected]> * chore: add `make lint.fix-golint` to address auto fixable lint issues (envoyproxy#3828) * chore: add make lint.fix to address auto fixable lint issues Signed-off-by: Kensei Nakada <[email protected]> * chore: rename to lint.fix-golint Signed-off-by: Kensei Nakada <[email protected]> * chore: golang v1.22.5 Signed-off-by: Kensei Nakada <[email protected]> * fix: correct a mistake on the name Signed-off-by: Kensei Nakada <[email protected]> --------- Signed-off-by: Kensei Nakada <[email protected]> * docs: patch field within EnvoyService (envoyproxy#3820) * add docs for patching field within EnvoyService Signed-off-by: shawnh2 <[email protected]> * update path service example Signed-off-by: shawnh2 <[email protected]> --------- Signed-off-by: shawnh2 <[email protected]> * accesslog: remove ALS gRPC initialMetadata (envoyproxy#3751) remove ALS gRPC initialMetadata Signed-off-by: zirain <[email protected]> * docs: add fixed links to the current version of eg docs (envoyproxy#3819) * rename v1.0.2 to docs Signed-off-by: Huabing Zhao <[email protected]> * retain v1.0.2 directory to avoid dead links Signed-off-by: Huabing Zhao <[email protected]> * fix link Signed-off-by: Huabing Zhao <[email protected]> * fix link Signed-off-by: Huabing Zhao <[email protected]> * copy v1.0.2 to docs in make file Signed-off-by: Huabing Zhao <[email protected]> * test auto copy Signed-off-by: Huabing Zhao <[email protected]> * test auto copy Signed-off-by: Huabing Zhao <[email protected]> * test auto copy Signed-off-by: Huabing Zhao <[email protected]> * test auto copy Signed-off-by: Huabing Zhao <[email protected]> * test auto copy Signed-off-by: Huabing Zhao <[email protected]> * copy latest version docs to docs directory Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Co-authored-by: zirain <[email protected]> * fix: backendtls minversion (envoyproxy#3835) fix backendtls Signed-off-by: Guy Daich <[email protected]> * fix: enable use-client-protocol test (envoyproxy#3825) * enable use-client-protocol test Signed-off-by: Guy Daich <[email protected]> * add retries to basic auth tests Signed-off-by: Guy Daich <[email protected]> --------- Signed-off-by: Guy Daich <[email protected]> * fix: backendtls client cert (envoyproxy#3839) fix backendtls client cert Signed-off-by: Guy Daich <[email protected]> * fix: prevent xdsIR updates from overwriting RateLimit configs from other xdsIR (envoyproxy#3771) * fix: prevent xdsIR updates from overwriting RateLimit configs from other xdsIR Signed-off-by: Kensei Nakada <[email protected]> * fix: handle deletion events appropriately Signed-off-by: Kensei Nakada <[email protected]> * test: add a unit test for subscribeAndTranslate Signed-off-by: Kensei Nakada <[email protected]> * chore: sort import order Signed-off-by: Kensei Nakada <[email protected]> --------- Signed-off-by: Kensei Nakada <[email protected]> Co-authored-by: zirain <[email protected]> * docs: use v[x.y] instead of v[x.y.z] (envoyproxy#3836) * docs: use vx.y instead of vx.y.z Signed-off-by: zirain <[email protected]> * fix deadlink Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> * e2e: fix basic auth flaky (envoyproxy#3833) Signed-off-by: zirain <[email protected]> Co-authored-by: Guy Daich <[email protected]> * design: add wasm extension supports OCI image code source (envoyproxy#3313) * desing docs for wasm oci support Signed-off-by: huabing zhao <[email protected]> * fix lint Signed-off-by: huabing zhao <[email protected]> * Update site/content/en/contributions/design/wasm-extension.md Co-authored-by: Arko Dasgupta <[email protected]> Signed-off-by: Huabing Zhao <[email protected]> * minor wording Signed-off-by: huabing zhao <[email protected]> * authn consideration Signed-off-by: huabing zhao <[email protected]> * address comments Signed-off-by: huabing zhao <[email protected]> * minor wording Signed-off-by: huabing zhao <[email protected]> * minor wording Signed-off-by: huabing zhao <[email protected]> * minor wording Signed-off-by: huabing zhao <[email protected]> * minor wording Signed-off-by: huabing zhao <[email protected]> * restrict access to priave images Signed-off-by: huabing zhao <[email protected]> * minor change Signed-off-by: Huabing Zhao <[email protected]> * move image to /img Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: huabing zhao <[email protected]> Signed-off-by: Huabing Zhao <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: Guy Daich <[email protected]> * fix: enable upgrade test (envoyproxy#3764) adapt upgrade test to v1.1 Signed-off-by: Guy Daich <[email protected]> Co-authored-by: zirain <[email protected]> * chore: go mod tidy (envoyproxy#3842) Signed-off-by: zirain <[email protected]> * fix flaky authorization tests (envoyproxy#3844) Signed-off-by: Huabing Zhao <[email protected]> * build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (envoyproxy#3849) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.26.0 to 0.27.0. - [Commits](golang/net@v0.26.0...v0.27.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump fortio.org/fortio from 1.65.0 to 1.66.0 (envoyproxy#3848) Bumps [fortio.org/fortio](https://github.com/fortio/fortio) from 1.65.0 to 1.66.0. - [Release notes](https://github.com/fortio/fortio/releases) - [Commits](fortio/fortio@v1.65.0...v1.66.0) --- updated-dependencies: - dependency-name: fortio.org/fortio dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump helm.sh/helm/v3 from 3.15.2 to 3.15.3 (envoyproxy#3850) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.15.2 to 3.15.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.15.2...v3.15.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: move UDP test resources out of the base (envoyproxy#3857) delay the creation for non-shared udp test resources Signed-off-by: Huabing Zhao <[email protected]> * chore: replace targetRef with targetRefs in e2e (envoyproxy#3858) * docs: Remove the older versions from linkinator ignore list (envoyproxy#3846) * upgrade hugo and postcss-cli Signed-off-by: zirain <[email protected]> * fix deadlink Signed-off-by: zirain <[email protected]> * remove linkinator timeout Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> * build(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 (envoyproxy#3854) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@7c2007b...6e7b7d1) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/norwoodj/helm-docs from 1.13.0 to 1.14.2 in /tools/src/helm-docs (envoyproxy#3847) build(deps): bump github.com/norwoodj/helm-docs in /tools/src/helm-docs Bumps [github.com/norwoodj/helm-docs](https://github.com/norwoodj/helm-docs) from 1.13.0 to 1.14.2. - [Release notes](https://github.com/norwoodj/helm-docs/releases) - [Changelog](https://github.com/norwoodj/helm-docs/blob/master/CHANGELOG.md) - [Commits](norwoodj/helm-docs@v1.13.0...v1.14.2) --- updated-dependencies: - dependency-name: github.com/norwoodj/helm-docs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: move connection limit test resources out of the base (envoyproxy#3859) * delay the creation for non-shared test resources Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> * build(deps): bump actions/setup-node from 4.0.2 to 4.0.3 (envoyproxy#3853) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.2 to 4.0.3. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@60edb5d...1e60f62) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google/osv-scanner-action from 1.8.1 to 1.8.2 (envoyproxy#3851) Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@3c399db...7ac94f9) --- updated-dependencies: - dependency-name: google/osv-scanner-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain <[email protected]> * build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 in /tools/github-actions/setup-deps (envoyproxy#3855) build(deps): bump actions/setup-go in /tools/github-actions/setup-deps Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@cdcb360...0a12ed9) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (envoyproxy#3852) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b611370...4fa2a79) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain <[email protected]> * docs: add backend tls docs (envoyproxy#3843) * add backend tls docs Signed-off-by: Guy Daich <[email protected]> * fix links Signed-off-by: Guy Daich <[email protected]> * add gateway paramsref Signed-off-by: Guy Daich <[email protected]> * nit Signed-off-by: Guy Daich <[email protected]> --------- Signed-off-by: Guy Daich <[email protected]> * chore: move zipkin test resources out of the base (envoyproxy#3864) move zipkin test resources out of the base Signed-off-by: Huabing Zhao <[email protected]> * chore: move tcp test resources out of the base (envoyproxy#3863) move tcp test resources out of the base Signed-off-by: Huabing Zhao <[email protected]> * docs: create concepts docs page and diagram (envoyproxy#3808) * Adding concept page with visual to docs site Signed-off-by: Erica Hughberg <[email protected]> * Fix EnvoyGatewayPatchPolicy to EnvoyPatchPolicy Signed-off-by: Erica Hughberg <[email protected]> * Fix ordering of columns and adding links. Signed-off-by: Erica Hughberg <[email protected]> * Adding to v1.0.2 as well Signed-off-by: Erica Hughberg <[email protected]> * Fixing links Signed-off-by: Erica Hughberg <[email protected]> * Added Backend resource to concept overview Signed-off-by: Erica Hughberg <[email protected]> * Tidy up and update docs for 1.0.2 Signed-off-by: Erica Hughberg <[email protected]> * Update arrow from Route to route targets Signed-off-by: Erica Hughberg <[email protected]> * fix: wrong path & title and add diagram Signed-off-by: bitliu <[email protected]> --------- Signed-off-by: Erica Hughberg <[email protected]> Signed-off-by: bitliu <[email protected]> Co-authored-by: Xunzhuo <[email protected]> * benchmark: enable prometheus to scrape metrics from (envoyproxy#3772) * chore: move backend tls test resources out of the base (envoyproxy#3862) * move backend tls test resources out of the base Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> * add notice Signed-off-by: Huabing Zhao <[email protected]> * fix test Signed-off-by: Huabing Zhao <[email protected]> * fix test Signed-off-by: Huabing Zhao <[email protected]> * print response body for debugging Signed-off-by: Huabing Zhao <[email protected]> * print policy for debugging Signed-off-by: Huabing Zhao <[email protected]> * increase timeout Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> * chore: remove cherrypicker action (envoyproxy#3831) Signed-off-by: zirain <[email protected]> * chore: update linkinator comment (envoyproxy#3870) Signed-off-by: zirain <[email protected]> * chore: make format as part of gen-check (envoyproxy#3877) Signed-off-by: zirain <[email protected]> * chore: update LINKINATOR_IGNORE (envoyproxy#3879) * chore: update LINKINATOR_IGNORE Signed-off-by: zirain <[email protected]> * remove example.com Signed-off-by: zirain <[email protected]> * Revert "remove example.com" This reverts commit 0c6e44c. Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> * return 500 error for failed SecurityPolicies to avoid unauthorized access to xRoutes (envoyproxy#3869) * return 500 error to avoid unauthorized access to xRoutes Signed-off-by: Huabing Zhao <[email protected]> * address comments Signed-off-by: Huabing Zhao <[email protected]> * address comments Signed-off-by: Huabing Zhao <[email protected]> * add e2e test for failed SecurityPolicy Signed-off-by: Huabing Zhao <[email protected]> * add e2e test for failed SecurityPolicy Signed-off-by: Huabing Zhao <[email protected]> * add e2e test for failed SecurityPolicy Signed-off-by: Huabing Zhao <[email protected]> * add e2e test for failed SecurityPolicy Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> * fix lint Signed-off-by: Huabing Zhao <[email protected]> * rename Signed-off-by: Huabing Zhao <[email protected]> * rename Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Co-authored-by: Xunzhuo <[email protected]> * lint: update yamllint and codespell skip (envoyproxy#3882) * lint: update yamllint and codespell skip Signed-off-by: zirain <[email protected]> * end with newline Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> * e2e: increase test timeout (envoyproxy#3883) Signed-off-by: zirain <[email protected]> * chore: client mtls test (envoyproxy#3874) client mtls test Signed-off-by: Guy Daich <[email protected]> * fix: nil pointer err during hash load balancing build (envoyproxy#3886) fix nil pointer err in buildHashPolicy Signed-off-by: shawnh2 <[email protected]> * fix override issue for EEP (envoyproxy#3881) * add test for empty policies Signed-off-by: Huabing Zhao <[email protected]> * add test for eep Signed-off-by: Huabing Zhao <[email protected]> * add teset for eep Signed-off-by: Huabing Zhao <[email protected]> * fix eep override issue Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> * accesslog: fix different CelMatches on AccessLog (envoyproxy#3885) * accesslog: fix different CelMatches on AccessLog Signed-off-by: zirain <[email protected]> * lint Signed-off-by: zirain <[email protected]> * text Signed-off-by: zirain <[email protected]> * lint Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Co-authored-by: Guy Daich <[email protected]> * rm gateway-api translation error message from direct response (envoyproxy#3878) * Responding back with an error message around translation errors may leak info to internet facing external clients around ingress internals Signed-off-by: Arko Dasgupta <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: Xunzhuo <[email protected]> * GetParentReferences should use namespace from RouteContext (envoyproxy#3876) * GetParentReferences should use namespace from RouteContext Signed-off-by: zirain <[email protected]> * lint Signed-off-by: zirain <[email protected]> * add test Signed-off-by: zirain <[email protected]> * fix test Signed-off-by: zirain <[email protected]> * update Signed-off-by: zirain <[email protected]> * add negative case Signed-off-by: zirain <[email protected]> * address review comment Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> * Add e2e test for load balancing (envoyproxy#3868) * update api doc and e2e test env for lb Signed-off-by: shawnh2 <[email protected]> * add e2e test for round robin lb Signed-off-by: shawnh2 <[email protected]> * fix gen-check Signed-off-by: shawnh2 <[email protected]> * add e2e test for source ip consistent hash lb Signed-off-by: shawnh2 <[email protected]> * add e2e test for header consistent hash lb Signed-off-by: shawnh2 <[email protected]> * add e2e test for cookie consistent hash lb Signed-off-by: shawnh2 <[email protected]> * add deployment only for lb test case Signed-off-by: shawnh2 <[email protected]> * rename deployment for different test setup Signed-off-by: shawnh2 <[email protected]> * wait deployment to have available replicas Signed-off-by: shawnh2 <[email protected]> --------- Signed-off-by: shawnh2 <[email protected]> Co-authored-by: zirain <[email protected]> * egctl: introduce `egctl x collect` (envoyproxy#3775) * e2e: add e2e test for cookie based consistent hash load balancing (envoyproxy#3890) * add e2e test for cookie based consistent hash load balancing Signed-off-by: shawnh2 <[email protected]> * fix lint Signed-off-by: shawnh2 <[email protected]> * lower the round robin lb test boundary Signed-off-by: shawnh2 <[email protected]> * add case for generated cookie Signed-off-by: shawnh2 <[email protected]> * fix lint Signed-off-by: shawnh2 <[email protected]> * remove response dump Signed-off-by: shawnh2 <[email protected]> --------- Signed-off-by: shawnh2 <[email protected]> * enable HTTPRouteBackendRequestHeaderModifier test (envoyproxy#3891) * enable HTTPRouteBackendRequestHeaderModifier test already supported with envoyproxy#3246 Signed-off-by: Arko Dasgupta <[email protected]> * make testdata Signed-off-by: Arko Dasgupta <[email protected]> --------- Signed-off-by: Arko Dasgupta <[email protected]> * disable writing into GatewayClass.Status.SupportedFeatures disable until the field moves from experiemental to stable so status writes for a GatewayClass dont fail when the datatypes differ Signed-off-by: Arko Dasgupta <[email protected]> * comment out test snippet Signed-off-by: Arko Dasgupta <[email protected]> * validate for reconcile should check reference from EnvoyProxy (envoyproxy#3895) validateEndpointSliceForReconcile should check reference from EnvoyProxy Signed-off-by: zirain <[email protected]> * chore: add grafonnet dashboards support (envoyproxy#3785) * add grafonnet lib and support for resources monitor dashboard Signed-off-by: shawnh2 <[email protected]> * update helm-generate to support grafonnet generate dashboards Signed-off-by: shawnh2 <[email protected]> * update doc Signed-off-by: shawnh2 <[email protected]> * fix doc-lint and osv-scan Signed-off-by: shawnh2 <[email protected]> * fix tools path Signed-off-by: shawnh2 <[email protected]> * resolve conflicts Signed-off-by: shawnh2 <[email protected]> * fix gen-check Signed-off-by: shawnh2 <[email protected]> * fix doc-lint Signed-off-by: shawnh2 <[email protected]> --------- Signed-off-by: shawnh2 <[email protected]> Co-authored-by: Xunzhuo <[email protected]> * add startupProbe to all provisioned containers (envoyproxy#3893) * This ensures the readinessProbe kicks in only after the container has started * max startup time is 300s - 30 (failureThreshold) x 10 (periodSeconds). After this the container is killed and the `restartPolicy` kicks in https://kubernetes.io/docs/concepts/configuration/liveness-readiness-startup-probes/#startup-probe Fixes: envoyproxy#3511 Signed-off-by: Arko Dasgupta <[email protected]> * e2e: move als test resources out of the base (envoyproxy#3884) Signed-off-by: zirain <[email protected]> * e2e: fix ZipkinTracing flaky (envoyproxy#3899) * e2e: make sure OTel-collector is ready Signed-off-by: zirain <[email protected]> * fix gen Signed-off-by: zirain <[email protected]> * fix retry Signed-off-by: zirain <[email protected]> * remove infrastructure.parametersRef from all-namespace Signed-off-by: zirain <[email protected]> * update Signed-off-by: zirain <[email protected]> * update Signed-off-by: zirain <[email protected]> * lint Signed-off-by: zirain <[email protected]> * fix bad request Signed-off-by: zirain <[email protected]> * increase time of one cycle Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> * doc: add load balancing usage (envoyproxy#3903) add load balancing usage Signed-off-by: shawnh2 <[email protected]> Co-authored-by: Xunzhuo <[email protected]> * fix: typos in release notes (envoyproxy#3909) Signed-off-by: bitliu <[email protected]> * fix: fix the CEL definitions to allow policies that use target selectors without explicit targetRefs (envoyproxy#3904) Fix the CEL definitions to allow policies that use target selectors without explicit targetRefs Signed-off-by: Lior Okman <[email protected]> * feat(logger): Add tlog for better test logging (envoyproxy#3913) Add tlog.Logf() logger Signed-off-by: Manoramsharma <[email protected]> * e2e: add hook to debug OIDC fail (envoyproxy#3914) * e2e: refactor and improve lb test (envoyproxy#3912) * e2e: refactor and improve lb test Signed-off-by: zirain <[email protected]> * tlog Signed-off-by: zirain <[email protected]> * update Signed-off-by: zirain <[email protected]> * lint Signed-off-by: zirain <[email protected]> * nit Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> * tools: remove sphinx (envoyproxy#3927) Signed-off-by: zirain <[email protected]> * release v1.1.0 (envoyproxy#3932) * release v1.1.0 Signed-off-by: Guy Daich <[email protected]> * update release notes with delta from v1.1.0-rc.1 Signed-off-by: Guy Daich <[email protected]> * fix lint Signed-off-by: Guy Daich <[email protected]> --------- Signed-off-by: Guy Daich <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: zirain <[email protected]> Signed-off-by: Guy Daich <[email protected]> Signed-off-by: Takeshi Yoneda <[email protected]> Signed-off-by: shawnh2 <[email protected]> Signed-off-by: Lior Okman <[email protected]> Signed-off-by: bitliu <[email protected]> Signed-off-by: Kensei Nakada <[email protected]> Signed-off-by: huabing zhao <[email protected]> Signed-off-by: Erica Hughberg <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: Manoramsharma <[email protected]> Co-authored-by: Huabing Zhao <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: zirain <[email protected]> Co-authored-by: Xunzhuo <[email protected]> Co-authored-by: Takeshi Yoneda <[email protected]> Co-authored-by: sh2 <[email protected]> Co-authored-by: Lior Okman <[email protected]> Co-authored-by: Kensei Nakada <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: Erica Hughberg <[email protected]> Co-authored-by: Arko Dasgupta <[email protected]> Co-authored-by: Manoramsharma <[email protected]>
guydc · Jul 23, 2024 · 604fcab · 604fcab
1 parent cc08e17
commit 604fcab
Show file tree

Hide file tree

Showing 863 changed files with 62,105 additions and 6,561 deletions.
diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml
@@ -18,7 +18,7 @@ permissions:
 
 jobs:
   lint:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
     - uses: ./tools/github-actions/setup-deps
@@ -137,6 +137,8 @@ jobs:
 
   benchmark-test:
     runs-on: ubuntu-latest
+    # There's a different workflow for benchmark-test on push.
+    if: ${{ ! startsWith(github.event_name, 'push') }}
     needs: [build]
     steps:
     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
@@ -151,12 +153,13 @@ jobs:
         BENCHMARK_RPS: 10000
         BENCHMARK_CONNECTIONS: 100
         BENCHMARK_DURATION: 30
-        BENCHMARK_CPU_LIMITS: 1000
-        BENCHMARK_MEMORY_LIMITS: 2000
+        BENCHMARK_CPU_LIMITS: 1000m
+        BENCHMARK_MEMORY_LIMITS: 2000Mi
+        BENCHMARK_REPORT_DIR: benchmark_report
       run: make benchmark
 
     - name: Read Benchmark report
-      run: cat test/benchmark/benchmark_report.md
+      run: cat test/benchmark/benchmark_report/benchmark_report.md
 
   publish:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/cherrypick.yaml b/.github/workflows/cherrypick.yaml
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -36,14 +36,14 @@ jobs:
     - uses: ./tools/github-actions/setup-deps
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c  # v3.25.11
+      uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f  # v3.25.12
       with:
         languages: ${{ matrix.language }}
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c  # v3.25.11
+      uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f  # v3.25.12
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c  # v3.25.11
+      uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f  # v3.25.12
       with:
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml
@@ -62,7 +62,7 @@ jobs:
         extended: true
 
     - name: Setup Node
-      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8  # v4.1.0
+      uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b  # v4.1.0
       with:
         node-version: '18'
 

diff --git a/.github/workflows/latest_release.yaml b/.github/workflows/latest_release.yaml
@@ -17,8 +17,40 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  # For push event, we run benchmark test here because we need to
+  # include benchmark report in the latest release.
+  benchmark-test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
+    - uses: ./tools/github-actions/setup-deps
+
+    # Benchmark
+    - name: Run Benchmark tests
+      env:
+        KIND_NODE_TAG: v1.28.9
+        IMAGE_PULL_POLICY: IfNotPresent
+        # Args for benchmark test
+        BENCHMARK_RPS: 10000
+        BENCHMARK_CONNECTIONS: 100
+        BENCHMARK_DURATION: 30
+        BENCHMARK_CPU_LIMITS: 1000m
+        BENCHMARK_MEMORY_LIMITS: 2000Mi
+        BENCHMARK_REPORT_DIR: benchmark_report
+      run: make benchmark
+
+    - name: Package benchmark report
+      run: cd test/benchmark && zip -r benchmark_report.zip benchmark_report
+
+    - name: Upload Benchmark Report
+      uses: actions/upload-artifact@v4  # version is better be consistent with actions/download-artifact
+      with:
+        name: benchmark_report
+        path: test/benchmark/benchmark_report.zip
+
   latest-release:
     runs-on: ubuntu-22.04
+    needs: [benchmark-test]
     permissions:
       contents: write
     steps:
@@ -29,6 +61,12 @@ jobs:
       # Use `Always` image pull policy for latest version.
       run: IMAGE_PULL_POLICY=Always make generate-manifests IMAGE=envoyproxy/gateway-dev TAG=latest OUTPUT_DIR=release-artifacts
 
+    - name: Download Benchmark Report
+      uses: actions/download-artifact@v4
+      with:
+        name: benchmark_report
+        path: release-artifacts
+
     - name: Build egctl latest multiarch binaries
       run: |
         make build-multiarch BINS="egctl"
@@ -70,6 +108,7 @@ jobs:
         files: |
           release-artifacts/install.yaml
           release-artifacts/quickstart.yaml
+          release-artifacts/benchmark_report.zip
           egctl_latest_linux_amd64.tar.gz
           egctl_latest_linux_arm64.tar.gz
           egctl_latest_darwin_amd64.tar.gz

diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml
@@ -18,7 +18,7 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
     - name: Run scanner
-      uses: google/osv-scanner-action/osv-scanner-action@3c399db9dd6dd8106a27d280d53c55077d3f7cea  # v1.8.1
+      uses: google/osv-scanner-action/osv-scanner-action@7ac94f9d40028db4cacf8d53adec6626f5d3d2f7  # v1.8.2
       with:
         scan-args: |-
           --skip-git

diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
@@ -16,16 +16,31 @@ on:
 jobs:
   scan-scheduled:
     if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@3c399db9dd6dd8106a27d280d53c55077d3f7cea"  # v1.8.1
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@7ac94f9d40028db4cacf8d53adec6626f5d3d2f7"  # v1.8.2
     permissions:
       actions: read
       contents: read
       # Require writing security events to upload SARIF file to security tab
       security-events: write
+    with:
+      scan-args: |-
+        --skip-git
+        --recursive
+        ./
+        --config
+        tools/osv-scanner/config.toml
+
   scan-pr:
     if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@3c399db9dd6dd8106a27d280d53c55077d3f7cea"  # v1.8.1
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@7ac94f9d40028db4cacf8d53adec6626f5d3d2f7"  # v1.8.2
     permissions:
       actions: read
       contents: read
       security-events: write
+    with:
+      scan-args: |-
+        --skip-git
+        --recursive
+        ./
+        --config
+        tools/osv-scanner/config.toml
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -10,8 +10,40 @@ on:
       - "v*.*.*"
 
 jobs:
+  # For push event, we run benchmark test here because we need to
+  # include benchmark report in the release.
+  benchmark-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
+      - uses: ./tools/github-actions/setup-deps
+
+      # Benchmark
+      - name: Run Benchmark tests
+        env:
+          KIND_NODE_TAG: v1.28.9
+          IMAGE_PULL_POLICY: IfNotPresent
+          # Args for benchmark test
+          BENCHMARK_RPS: 10000
+          BENCHMARK_CONNECTIONS: 100
+          BENCHMARK_DURATION: 30
+          BENCHMARK_CPU_LIMITS: 1000m
+          BENCHMARK_MEMORY_LIMITS: 2000Mi
+          BENCHMARK_REPORT_DIR: benchmark_report
+        run: make benchmark
+
+      - name: Package benchmark report
+        run: cd test/benchmark && zip -r benchmark_report.zip benchmark_report
+
+      - name: Upload Benchmark Report
+        uses: actions/upload-artifact@v4  # version is better be consistent with actions/download-artifact
+        with:
+          name: benchmark_report
+          path: test/benchmark/benchmark_report.zip
+
   release:
     runs-on: ubuntu-22.04
+    needs: [benchmark-test]
     permissions:
       contents: write
     steps:
@@ -39,13 +71,20 @@ jobs:
       - name: Build and Push EG Release Helm Chart
         run: IMAGE_PULL_POLICY=IfNotPresent OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=${{ env.release_tag }} IMAGE=docker.io/envoyproxy/gateway TAG=${{ env.release_tag }} make helm-package helm-push
 
+      - name: Download Benchmark Report
+        uses: actions/download-artifact@v4
+        with:
+          name: benchmark_report
+          path: release-artifacts
+
       - name: Upload Release Manifests
         uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0  # v0.1.15
         with:
           files: |
             release-artifacts/install.yaml
             release-artifacts/quickstart.yaml
             release-artifacts/release-notes.yaml
+            release-artifacts/benchmark_report.zip
             release-artifacts/egctl_${{ env.release_tag }}_linux_amd64.tar.gz
             release-artifacts/egctl_${{ env.release_tag }}_linux_arm64.tar.gz
             release-artifacts/egctl_${{ env.release_tag }}_darwin_amd64.tar.gz

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -40,6 +40,6 @@ jobs:
         retention-days: 5
 
     - name: "Upload to code-scanning"
-      uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c  # v3.25.11
+      uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f  # v3.25.12
       with:
         sarif_file: results.sarif
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -25,7 +25,7 @@ jobs:
         IMAGE=envoy-proxy/gateway-dev TAG=${{ github.sha }} make image
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2  # v0.23.0
+      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8  # v0.24.0
       with:
         image-ref: envoy-proxy/gateway-dev:${{ github.sha }}
         exit-code: '1'
diff --git a/.gitignore b/.gitignore
@@ -35,5 +35,10 @@ charts/gateway-helm/values.yaml
 # dependency charts generated by addons helm.
 charts/gateway-addons-helm/charts/
 
+# vendor for grafonnet
+charts/gateway-addons-helm/dashboards/vendor/
+
 # VIM
 .*.swp
+
+*.tar.gz
diff --git a/OWNERS b/OWNERS
@@ -13,9 +13,18 @@ maintainers:
 - arkodg
 - Xunzhuo
 - zirain
-- qicz
 - zhaohuabing
 - guydc
+- shawnh2
+
+emeritus-maintainers:
+
+- alexgervais
+- danehans
+- LukeShu
+- skriss
+- youngnick
+- qicz
 
 reviewers:
 
@@ -24,5 +33,4 @@ reviewers:
 - tmsnan
 - tanujd11
 - cnvergence
-- shawnh2
 - liorokman
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v1.1.0-rc.1
+v1.1.0
diff --git a/api/v1alpha1/accesslogging_types.go b/api/v1alpha1/accesslogging_types.go
@@ -20,7 +20,7 @@ type ProxyAccessLogSetting struct {
 	// Format defines the format of accesslog.
 	// This will be ignored if sink type is ALS.
 	// +optional
-	Format *ProxyAccessLogFormat `json:"format"`
+	Format *ProxyAccessLogFormat `json:"format,omitempty"`
 	// Matches defines the match conditions for accesslog in CEL expression.
 	// An accesslog will be emitted only when one or more match conditions are evaluated to true.
 	// Invalid [CEL](https://www.envoyproxy.io/docs/envoy/latest/xds/type/v3/cel.proto.html#common-expression-language-cel-proto) expressions will be ignored.

diff --git a/api/v1alpha1/backendtrafficpolicy_types.go b/api/v1alpha1/backendtrafficpolicy_types.go
@@ -34,7 +34,7 @@ type BackendTrafficPolicy struct {
 	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs))", message="either targetRef or targetRefs must be used"
+// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
 //
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true ", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute"

diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go
@@ -34,7 +34,7 @@ type ClientTrafficPolicy struct {
 	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs))", message="either targetRef or targetRefs must be used"
+// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
 //
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind == 'Gateway' : true", message="this policy can only have a targetRef.kind of Gateway"

diff --git a/api/v1alpha1/envoyextensionypolicy_types.go b/api/v1alpha1/envoyextensionypolicy_types.go
@@ -32,7 +32,7 @@ type EnvoyExtensionPolicy struct {
 	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs))", message="either targetRef or targetRefs must be used"
+// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
 //
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute"

diff --git a/api/v1alpha1/loadbalancer_types.go b/api/v1alpha1/loadbalancer_types.go
@@ -58,7 +58,10 @@ const (
 // +kubebuilder:validation:XValidation:rule="self.type == 'Header' ? has(self.header) : !has(self.header)",message="If consistent hash type is header, the header field must be set."
 // +kubebuilder:validation:XValidation:rule="self.type == 'Cookie' ? has(self.cookie) : !has(self.cookie)",message="If consistent hash type is cookie, the cookie field must be set."
 type ConsistentHash struct {
-	// ConsistentHashType defines the type of input to hash on. Valid Type values are "SourceIP" or "Header".
+	// ConsistentHashType defines the type of input to hash on. Valid Type values are
+	// "SourceIP",
+	// "Header",
+	// "Cookie".
 	//
 	// +unionDiscriminator
 	Type ConsistentHashType `json:"type"`

diff --git a/api/v1alpha1/securitypolicy_types.go b/api/v1alpha1/securitypolicy_types.go
@@ -33,7 +33,7 @@ type SecurityPolicy struct {
 	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
 }
 
-// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs))", message="either targetRef or targetRefs must be used"
+// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
 //
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
 // +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute"

diff --git a/charts/gateway-addons-helm/.helmignore b/charts/gateway-addons-helm/.helmignore
@@ -21,3 +21,8 @@
 .idea/
 *.tmproj
 .vscode/
+# Vendor and configs for Jsonnet and Grafonnet
+dashboards/lib/
+dashboards/vendor/
+dashboards/jsonnetfile.json
+dashboards/jsonnetfile.lock.json
diff --git a/charts/gateway-addons-helm/README.md b/charts/gateway-addons-helm/README.md
@@ -61,6 +61,7 @@ To uninstall the chart:
 | fluent-bit.config.service | string | `"[SERVICE]\n    Daemon Off\n    Flush {{ .Values.flush }}\n    Log_Level {{ .Values.logLevel }}\n    Parsers_File parsers.conf\n    Parsers_File custom_parsers.conf\n    HTTP_Server On\n    HTTP_Listen 0.0.0.0\n    HTTP_Port {{ .Values.metricsPort }}\n    Health_Check On\n"` |  |
 | fluent-bit.enabled | bool | `true` |  |
 | fluent-bit.fullnameOverride | string | `"fluent-bit"` |  |
+| fluent-bit.image.repository | string | `"fluent/fluent-bit"` |  |
 | fluent-bit.podAnnotations."fluentbit.io/exclude" | string | `"true"` |  |
 | fluent-bit.podAnnotations."prometheus.io/path" | string | `"/api/v1/metrics/prometheus"` |  |
 | fluent-bit.podAnnotations."prometheus.io/port" | string | `"2020"` |  |