feat: egctl x translate support for EnvoyPatchPolicy

docs/latest/design/envoy-patch-policy.md

@@ -31,43 +31,66 @@ Here is an example highlighting how a user can configure global ratelimiting usi
 
 ```
 apiVersion: gateway.networking.k8s.io/v1beta1
+kind: GatewayClass
+metadata:
+  name: eg
+spec:
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
 kind: Gateway
 metadata:
-  name: eg-gw
+  name: eg
   namespace: default
 spec:
-  gatewayClassName: eg-gc
+  gatewayClassName: eg
   listeners:
-    - name: example
-      protocol: HTTPS
-      port: 443
-      hostname: example.com
-      tls:
-        certificateRefs:
-          - kind: Secret
-            group: ""
-            name: example-cert
----            
+    - name: http
+      protocol: HTTP
+      port: 80
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+  name: backend
+  namespace: default
+spec:
+  parentRefs:
+    - name: eg
+  hostnames:
+    - "www.example.com"
+  rules:
+    - backendRefs:
+        - group: ""
+          kind: Service
+          name: backend
+          port: 3000
+          weight: 1
+      matches:
+        - path:
+            type: PathPrefix
+            value: /
+---
 apiVersion: gateway.envoyproxy.io/v1alpha1
 kind: EnvoyPatchPolicy
 metadata:
   name: ratelimit-patch-policy
   namespace: default
 spec:
   targetRef:
-    group: gateway.networking.k8s.io/v1beta1
+    group: gateway.networking.k8s.io
     kind: Gateway
-    name: eg-gw
+    name: eg
     namespace: default
   type: JSONPatch
   jsonPatches:
     - type: "type.googleapis.com/envoy.config.listener.v3.Listener"
-      # The listener name is of the form <GatewayNamespace>-<GatewayName>-<GatewayListenerName>
-      name: default-eg-gw-example
+      # The listener name is of the form <GatewayNamespace>/<GatewayName>/<GatewayListenerName>
+      name: default/eg/http
       operation:
         op: add
-        path: "/filter_chains/0/filters/0/http_filters/0"
-        value: |
+        path: "/default_filter_chain/filters/0/typed_config/http_filters/0"
+        value:
           name: "envoy.filters.http.ratelimit"
           typed_config:
             "@type": "type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit"
@@ -80,20 +103,20 @@ spec:
                   cluster_name: rate-limit-cluster
               transport_api_version: V3
     - type: "type.googleapis.com/envoy.config.route.v3.RouteConfiguration"
-      # The route name is of the form <GatewayNamespace>-<GatewayName>-<GatewayListenerName>
-      name: default-eg-gw-example
+      # The route name is of the form <GatewayNamespace>/<GatewayName>/<GatewayListenerName>
+      name: default/eg/http
       operation:
         op: add
         path: "/virtual_hosts/0/rate_limits"
-        value: |
+        value:
           - actions:
               - remote_address: {}
-    - type: "type.googleapis.com/envoy.config.cluster.v3.Cluster" 
+    - type: "type.googleapis.com/envoy.config.cluster.v3.Cluster"
       name: rate-limit-cluster
       operation:
         op: add
-        path: "/"
-        value: |
+        path: ""
+        value:
           name: rate-limit-cluster
           type: STRICT_DNS
           connect_timeout: 10s
@@ -107,7 +130,7 @@ spec:
                       address:
                         socket_address:
                           address: ratelimit.svc.cluster.local
-                          port_value: 8081        
+                          port_value: 8081
 ```
 
 

internal/cmd/egctl/testdata/translate/in/envoy-patch-policy.yaml

@@ -0,0 +1,157 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: GatewayClass
+metadata:
+  name: eg
+spec:
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+  name: eg
+  namespace: default
+spec:
+  gatewayClassName: eg
+  listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: backend
+  namespace: default
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend
+  namespace: default
+  labels:
+    app: backend
+    service: backend
+spec:
+  ports:
+    - name: http
+      port: 3000
+      targetPort: 3000
+  selector:
+    app: backend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: backend
+      version: v1
+  template:
+    metadata:
+      labels:
+        app: backend
+        version: v1
+    spec:
+      serviceAccountName: backend
+      containers:
+        - image: gcr.io/k8s-staging-ingressconformance/echoserver:v20221109-7ee2f3e
+          imagePullPolicy: IfNotPresent
+          name: backend
+          ports:
+            - containerPort: 3000
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+  name: backend
+  namespace: default
+spec:
+  parentRefs:
+    - name: eg
+  hostnames:
+    - "www.example.com"
+  rules:
+    - backendRefs:
+        - group: ""
+          kind: Service
+          name: backend
+          port: 3000
+          weight: 1
+      matches:
+        - path:
+            type: PathPrefix
+            value: /
+---
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyPatchPolicy
+metadata:
+  name: ratelimit-patch-policy
+  namespace: default
+spec:
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: Gateway
+    name: eg
+    namespace: default
+  type: JSONPatch
+  jsonPatches:
+    - type: "type.googleapis.com/envoy.config.listener.v3.Listener"
+      # The listener name is of the form <GatewayNamespace>/<GatewayName>/<GatewayListenerName>
+      name: default/eg/http
+      operation:
+        op: add
+        path: "/default_filter_chain/filters/0/typed_config/http_filters/0"
+        value:
+          name: "envoy.filters.http.ratelimit"
+          typed_config:
+            "@type": "type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit"
+            domain: "eag-ratelimit"
+            failure_mode_deny: true
+            timeout: 1s
+            rate_limit_service:
+              grpc_service:
+                envoy_grpc:
+                  cluster_name: rate-limit-cluster
+              transport_api_version: V3
+    - type: "type.googleapis.com/envoy.config.route.v3.RouteConfiguration"
+      # The route name is of the form <GatewayNamespace>/<GatewayName>/<GatewayListenerName>
+      name: default/eg/http
+      operation:
+        op: add
+        path: "/virtual_hosts/0/rate_limits"
+        value:
+          - actions:
+              - remote_address: {}
+    - type: "type.googleapis.com/envoy.config.cluster.v3.Cluster"
+      name: rate-limit-cluster
+      operation:
+        op: add
+        path: ""
+        value:
+          name: rate-limit-cluster
+          type: STRICT_DNS
+          connect_timeout: 10s
+          lb_policy: ROUND_ROBIN
+          http2_protocol_options: {}
+          load_assignment:
+            cluster_name: rate-limit-cluster
+            endpoints:
+              - lb_endpoints:
+                  - endpoint:
+                      address:
+                        socket_address:
+                          address: ratelimit.svc.cluster.local
+                          port_value: 8081