Make cilium.l7policy filter a dual filter#581
Merged
jrajahalme merged 4 commits intomainfrom May 16, 2024
Merged
Conversation
jrajahalme
force-pushed
the
dual-filter-testing
branch
from
4702414 to
39b7f42
Compare
jrajahalme
force-pushed
the
dual-filter-testing
branch
from
39b7f42 to
fb824fe
Compare
Member
Author
|
rebased |
jrajahalme
changed the title
jrajahalme
force-pushed
the
dual-filter-testing
branch
from
fb824fe to
9d85e94
Compare
jrajahalme
added
kind/enhancement
and removed
wip
sayboras
approved these changes
May 14, 2024
Member
sayboras
left a comment
sayboras
left a comment
There was a problem hiding this comment.
I have below comments, the rest looks good
jrajahalme
force-pushed
the
dual-filter-testing
branch
from
9d85e94 to
22f12cb
Compare
Move access log entry to filter state so that it can be accessed from multiple filters. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
Envoy HTTP router and TCP proxy append the socket options in filter_state with key Network::UpstreamSocketOptionsFilterState::key() to the upstream socket's options. Use this to make Cilium BPF metadata accessible to Cilium upstream filters when needed. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
jrajahalme
force-pushed
the
dual-filter-testing
branch
2 times, most recently
from
db8400d to
f79836c
Compare
Allow cilium.l7policy filter to be used as an Envoy HTTP upstream filter. No longer use upstream callback for L7 LB policy enforcement. Upstream Envoy commit 26a4eb87428dbf3a39ff4f6f61b69538c34d07b6 introduced 'is_upstream' field in 'DualInfo' that allows filter operation to know if the filter is installed on upstream or downstream filter chain. Due to the semantic differences between the upstream and downstream filter execution this is generally needed for dual filter implementations. Backport this change. This backport will become moot in a future Envoy version bump with the upstream commit 26a4eb87428dbf3a39ff4f6f61b69538c34d07b6. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
jrajahalme
force-pushed
the
dual-filter-testing
branch
from
f79836c to
8b87626
Compare
Member
Author
|
Changed patch numbering as suggested & rebased. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Make cilium.l7policy filter into a dual filter. This allows removal and long term maintenance of the HTTP upstream callback patch.
Note: This should be merged only after the corresponding cilium/cilium PR is ready to merge.