cilium · nathanjsweet · Jun 26, 2023 · Jun 12, 2023 · Jun 18, 2023 · Jun 18, 2023
@@ -489,7 +489,6 @@ jenkinsfiles @cilium/ci-structure
 /pkg/versioncheck/ @cilium/sig-agent
 /plugins/cilium-cni/ @cilium/sig-k8s
 /plugins/cilium-docker/ @cilium/docker
-/proxylib/ @cilium/proxy
 /README.rst @cilium/docs-structure
 /SECURITY.md @cilium/contributing
 /stable.txt @cilium/tophat

diff --git a/Documentation/helm-values.rst b/Documentation/helm-values.rst
@@ -58,7 +58,6 @@ Known Limitations
 =================
 
 - Due to Pod-to-Pod communication with the Cilium Agent via UNIX domain sockets, Envoy DaemonSet isn't supported with SELinux enabled on the host. This is the default for Red Hat OpenShift.
-- Go Extensions (ProxyLib) aren't supported yet.
 
 *************
 Go Extensions

@@ -12,7 +12,7 @@ debug: all
 
 include Makefile.defs
 
-SUBDIRS_CILIUM_CONTAINER := proxylib envoy bpf cilium daemon cilium-health bugtool tools/mount tools/sysctlfix
+SUBDIRS_CILIUM_CONTAINER := envoy bpf cilium daemon cilium-health bugtool tools/mount tools/sysctlfix
 SUBDIR_OPERATOR_CONTAINER := operator
 
 # Add the ability to override variables

@@ -24,7 +24,7 @@ require (
 	github.com/cilium/fake v0.4.0
 	github.com/cilium/kafka v0.0.0-20180809090225-01ce283b732b
 	github.com/cilium/lumberjack/v2 v2.3.0
-	github.com/cilium/proxy v0.0.0-20230605062141-384b5008dce4
+	github.com/cilium/proxy v0.0.0-20230623092907-8fddead4e52c
 	github.com/cilium/workerpool v1.2.0
 	github.com/containernetworking/cni v1.1.2
 	github.com/containernetworking/plugins v1.3.0

@@ -6,7 +6,7 @@ ARG CILIUM_RUNTIME_IMAGE=quay.io/cilium/cilium-runtime:872b2f51be25274a0ce2261d0
 
 # cilium-envoy from github.com/cilium/proxy
 #
-FROM quay.io/cilium/cilium-envoy:v1.25.7-384b5008dce426eba89af8ef17f52e4fb066ff40@sha256:f165787c05050a4d57c5940dcd59de03cafecff9c02965a1d076c2b2935505d8 as cilium-envoy
+FROM quay.io/cilium/cilium-envoy:v1.25.7-8fddead4e52c704a6b189e3f80a69403c6cdc997@sha256:7edab48930186cc988baa6fb2ef6c352325306f0d6a0c89e43bef28941189095 as cilium-envoy
 
 #
 # Hubble CLI

@@ -1830,9 +1830,9 @@ envoy:
   image:
     override: ~
     repository: "quay.io/cilium/cilium-envoy"
-    tag: "v1.25.7-384b5008dce426eba89af8ef17f52e4fb066ff40"
+    tag: "v1.25.7-8fddead4e52c704a6b189e3f80a69403c6cdc997"
     pullPolicy: "${PULL_POLICY}"
-    digest: "sha256:f165787c05050a4d57c5940dcd59de03cafecff9c02965a1d076c2b2935505d8"
+    digest: "sha256:7edab48930186cc988baa6fb2ef6c352325306f0d6a0c89e43bef28941189095"
     useDigest: true
 
   # -- Additional containers added to the cilium Envoy DaemonSet.

@@ -14,14 +14,14 @@ import (
 	"time"
 
 	cilium "github.com/cilium/proxy/go/cilium/api"
+	kafka_api "github.com/cilium/proxy/pkg/policy/api/kafka"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 	"google.golang.org/protobuf/proto"
 
 	"github.com/cilium/cilium/pkg/flowdebug"
 	"github.com/cilium/cilium/pkg/identity"
 	"github.com/cilium/cilium/pkg/option"
-	kafka_api "github.com/cilium/cilium/pkg/policy/api/kafka"
 	"github.com/cilium/cilium/pkg/proxy/accesslog"
 	"github.com/cilium/cilium/pkg/proxy/logger"
 )

@@ -27,6 +27,7 @@ import (
 	envoy_config_tcp "github.com/cilium/proxy/go/envoy/extensions/filters/network/tcp_proxy/v3"
 	envoy_config_tls "github.com/cilium/proxy/go/envoy/extensions/transport_sockets/tls/v3"
 	envoy_type_matcher "github.com/cilium/proxy/go/envoy/type/matcher/v3"
+	"github.com/cilium/proxy/pkg/policy/api/kafka"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 	"google.golang.org/protobuf/proto"
@@ -44,7 +45,6 @@ import (
 	"github.com/cilium/cilium/pkg/option"
 	"github.com/cilium/cilium/pkg/policy"
 	"github.com/cilium/cilium/pkg/policy/api"
-	"github.com/cilium/cilium/pkg/policy/api/kafka"
 	"github.com/cilium/cilium/pkg/proxy/endpoint"
 	"github.com/cilium/cilium/pkg/u8proto"
 )

@@ -13,14 +13,14 @@ import (
 	envoy_config_listener "github.com/cilium/proxy/go/envoy/config/listener/v3"
 	envoy_config_route "github.com/cilium/proxy/go/envoy/config/route/v3"
 	envoy_type_matcher "github.com/cilium/proxy/go/envoy/type/matcher/v3"
+	"github.com/cilium/proxy/pkg/policy/api/kafka"
 
 	"github.com/cilium/cilium/pkg/checker"
 	"github.com/cilium/cilium/pkg/identity"
 	"github.com/cilium/cilium/pkg/identity/cache"
 	"github.com/cilium/cilium/pkg/labels"
 	"github.com/cilium/cilium/pkg/policy"
 	"github.com/cilium/cilium/pkg/policy/api"
-	"github.com/cilium/cilium/pkg/policy/api/kafka"
 	"github.com/cilium/cilium/pkg/proxy/endpoint"
 	"github.com/cilium/cilium/pkg/proxy/endpoint/test"
 	testidentity "github.com/cilium/cilium/pkg/testutils/identity"

diff --git a/pkg/kafka/policy.go b/pkg/kafka/policy.go
@@ -6,8 +6,9 @@ package kafka
 import (
 	"github.com/sirupsen/logrus"
 
+	api "github.com/cilium/proxy/pkg/policy/api/kafka"
+
 	"github.com/cilium/cilium/pkg/flowdebug"
-	api "github.com/cilium/cilium/pkg/policy/api/kafka"
 )
 
 type Rule struct {

diff --git a/pkg/kafka/policy_test.go b/pkg/kafka/policy_test.go
@@ -10,7 +10,7 @@ import (
 	. "github.com/cilium/checkmate"
 	"github.com/cilium/kafka/proto"
 
-	"github.com/cilium/cilium/pkg/policy/api/kafka"
+	"github.com/cilium/proxy/pkg/policy/api/kafka"
 )
 
 // Hook up gocheck into the "go test" runner.

@@ -4,7 +4,7 @@
 package api
 
 import (
-	"github.com/cilium/cilium/pkg/policy/api/kafka"
+	"github.com/cilium/proxy/pkg/policy/api/kafka"
 )
 
 // L4Proto is a layer 4 protocol name

@@ -7,11 +7,11 @@ import (
 	"fmt"
 
 	. "github.com/cilium/checkmate"
+	"github.com/cilium/proxy/pkg/policy/api/kafka"
 
 	slim_metav1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/meta/v1"
 	"github.com/cilium/cilium/pkg/labels"
 	"github.com/cilium/cilium/pkg/option"
-	"github.com/cilium/cilium/pkg/policy/api/kafka"
 )
 
 // This test ensures that only PortRules which have L7Rules associated with them

@@ -7,10 +7,10 @@ import (
 	"testing"
 
 	. "github.com/cilium/checkmate"
+	"github.com/cilium/proxy/pkg/policy/api/kafka"
 
 	"github.com/cilium/cilium/pkg/defaults"
 	"github.com/cilium/cilium/pkg/fqdn/re"
-	"github.com/cilium/cilium/pkg/policy/api/kafka"
 )
 
 // Hook up gocheck into the "go test" runner.