Merge branch 'sah/grpc-access-log-filter-states' of ssh://github.com/…

…solo-io/gloo into sah/grpc-access-log-filter-states

Makefile

@@ -1243,7 +1243,7 @@ $(TEST_ASSET_DIR)/conformance/conformance_test.go:
 	cat $(shell go list -json -m sigs.k8s.io/gateway-api | jq -r '.Dir')/conformance/conformance_test.go >> $@
 	go fmt $@
 
-CONFORMANCE_SUPPORTED_FEATURES ?= -supported-features=Gateway,ReferenceGrant,HTTPRoute,HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRouteResponseHeaderModification,HTTPRoutePortRedirect,HTTPRouteHostRewrite,HTTPRouteSchemeRedirect,HTTPRoutePathRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,HTTPRouteRequestMirror,TLSRoute
+CONFORMANCE_SUPPORTED_FEATURES ?= -supported-features=Gateway,ReferenceGrant,HTTPRoute,HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRouteResponseHeaderModification,HTTPRoutePortRedirect,HTTPRouteHostRewrite,HTTPRouteSchemeRedirect,HTTPRoutePathRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,HTTPRouteRequestMirror,TLSRoute,HTTPRouteBackendProtocolH2C
 CONFORMANCE_SUPPORTED_PROFILES ?= -conformance-profiles=GATEWAY-HTTP
 CONFORMANCE_REPORT_ARGS ?= -report-output=$(TEST_ASSET_DIR)/conformance/$(VERSION)-report.yaml -organization=solo.io -project=gloo-gateway -version=$(VERSION) -url=github.com/solo-io/gloo -contact=github.com/solo-io/gloo/issues/new/choose
 CONFORMANCE_ARGS := -gateway-class=gloo-gateway $(CONFORMANCE_SUPPORTED_FEATURES) $(CONFORMANCE_SUPPORTED_PROFILES) $(CONFORMANCE_REPORT_ARGS)

changelog/v1.19.0-beta13/discover-gloo-service-with-labels.yaml

@@ -0,0 +1,9 @@
+changelog:
+- type: FIX
+  description: >-
+    Discover the Gloo service using labels.
+    In some environments, services must be renamed.
+    This change allows the service to still be discovered when it's been renamed.
+    In the event that multiple services in the namespace have the gloo=gloo label, an error will occur.
+  issueLink: https://github.com/solo-io/solo-projects/issues/7646
+  resolvesIssue: false

changelog/v1.19.0-beta13/go-bump-1.24.1.yaml

@@ -0,0 +1,8 @@
+changelog:
+  - type: DEPENDENCY_BUMP
+    description: Bump Go version to 1.24.1
+    dependencyOwner: golang
+    dependencyRepo: go
+    dependencyTag: v1.24.1
+    issueLink: https://github.com/solo-io/solo-projects/issues/7958
+    resolvesIssue: false

changelog/v1.19.0-beta13/support-approto.yaml

@@ -0,0 +1,6 @@
+changelog:
+- type: NEW_FEATURE
+  issueLink: https://github.com/solo-io/solo-projects/issues/7824
+  resolvesIssue: false
+  description: Adds support for http2 via the service port appProtocol spec
+

ci/cloudbuild/publish-artifacts.yaml

@@ -1,6 +1,6 @@
 steps:
 
-- name: 'gcr.io/$PROJECT_ID/prepare-go-workspace:0.12.0'
+- name: 'gcr.io/$PROJECT_ID/prepare-go-workspace:0.12.1'
   id: 'prepare-workspace'
   args:
   - '--repo-name'
@@ -59,7 +59,7 @@ steps:
     - '-c'
     - 'docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -c yes'
 
-- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.0'
+- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.1'
   id: 'build-certgen-arm64-binary'
   args:
   - 'certgen-docker'
@@ -68,7 +68,7 @@ steps:
   - 'GOARCH=arm64'
 
 # Run make targets to push docker images to quay.io
-- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.0'
+- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.1'
   id: 'publish-docker'
   args:
   - 'publish-docker'
@@ -94,7 +94,7 @@ steps:
   waitFor:
   - 'publish-docker'
 
-- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.0'
+- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.1'
   id: 'release-chart'
   dir: *dir
   args:
@@ -109,7 +109,7 @@ steps:
   - 'gcr-auth'
 
 # Run make targets to build and push docker images to GCR
-- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.0'
+- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.1'
   id: 'publish-docker-extended-gcr'
   dir: *dir
   args:

ci/cloudbuild/run-tests.yaml

@@ -1,6 +1,6 @@
 steps:
 
-- name: 'gcr.io/$PROJECT_ID/prepare-go-workspace:0.12.0'
+- name: 'gcr.io/$PROJECT_ID/prepare-go-workspace:0.12.1'
   id: 'prepare-workspace'
   args:
   - '--repo-name'
@@ -23,7 +23,7 @@ steps:
     cd /go/pkg
     gsutil cat gs://$PROJECT_ID-cache/gloo/gloo-mod.tar.gz | tar -xzf - || echo "untar mod cache failed; continuing because we can download deps as we need them"
 
-- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.0'
+- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.1'
   id: 'prepare-envoy'
   dir: *dir
   entrypoint: 'bash'
@@ -77,7 +77,7 @@ steps:
   waitFor:
   - 'prepare-gcr-zone'
 
-- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.0'
+- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.12.1'
   id: 'prepare-test-tools'
   dir: *dir
   args:
@@ -88,7 +88,7 @@ steps:
   - 'prepare-gcr-zone'
   - 'prepare-test-credentials'
 
-- name: 'gcr.io/$PROJECT_ID/e2e-go-mod-ginkgo:0.12.0'
+- name: 'gcr.io/$PROJECT_ID/e2e-go-mod-ginkgo:0.12.1'
   id: 'run-tests'
   dir: *dir
   entrypoint: 'make'
@@ -99,7 +99,7 @@ steps:
   secretEnv:
   - 'JWT_PRIVATE_KEY'
 
-- name: 'gcr.io/$PROJECT_ID/e2e-go-mod-ginkgo:0.12.0'
+- name: 'gcr.io/$PROJECT_ID/e2e-go-mod-ginkgo:0.12.1'
   id: 'run-e2e-tests'
   dir: *dir
   entrypoint: 'make'
@@ -110,7 +110,7 @@ steps:
   secretEnv:
   - 'JWT_PRIVATE_KEY'
 
-- name: 'gcr.io/$PROJECT_ID/e2e-go-mod-ginkgo:0.12.0'
+- name: 'gcr.io/$PROJECT_ID/e2e-go-mod-ginkgo:0.12.1'
   id: 'run-hashicorp-e2e-tests'
   dir: *dir
   entrypoint: 'make'

cloudbuild-cache.yaml

@@ -1,6 +1,6 @@
 options:
   env:
-    - "_GO_VERSION=1.24.0"
+    - "_GO_VERSION=1.24.1"
 
 steps:
 - name: gcr.io/cloud-builders/gsutil

docs/content/static/content/version_geoss_latest.md

@@ -1 +1 @@
-1.19.0-beta3
+1.19.0-beta11

docs/content/static/content/version_geoss_n+1.md

@@ -1 +1 @@
-1.19.0-beta3
+1.19.0-beta12

docs/content/static/content/version_geoss_n-1.md

@@ -1 +1 @@
-1.18.10
+1.18.12

go.mod

@@ -1,6 +1,6 @@
 module github.com/solo-io/gloo
 
-go 1.24.0
+go 1.24.1
 
 // Note for developers: upgrading go will also require upgrading go in the following files:
 // ./cloudbuild-cache.yaml,

pkg/utils/kubeutils/names.go

@@ -1,12 +1,20 @@
 package kubeutils
 
 const (
-	GlooDeploymentName = "gloo"
-	GlooServiceName    = "gloo"
+	GlooDeploymentName   = "gloo"
+	GlooServiceName      = "gloo"
+	GlooServiceAppLabel  = "gloo"
+	GlooServiceGlooLabel = "gloo"
 
 	// GlooXdsPortName is the name of the port in the Gloo Gateway control plane Kubernetes Service that serves xDS config.
 	// See: install/helm/gloo/templates/2-gloo-service.yaml
 	GlooXdsPortName = "grpc-xds"
 
 	DiscoveryDeploymentName = "discovery"
 )
+
+var (
+	GlooServiceLabels = map[string]string{
+		"gloo": GlooServiceGlooLabel,
+	}
+)

projects/gloo/pkg/plugins/kubernetes/serviceconverter/use_http2_annotation_converter.go

@@ -19,6 +19,15 @@ var http2PortNames = []string{
 	"http2",
 }
 
+var http2AppProtocolNames = map[string]bool{
+	// Defined by istio : https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/
+	"http2":    true,
+	"grpc":     true,
+	"grpc-web": true,
+	// Defined by GEP-1911 : https://gateway-api.sigs.k8s.io/geps/gep-1911/#api-semantics
+	"kubernetes.io/h2c": true,
+}
+
 // UseHttp2Converter sets UseHttp2 on the upstream if:
 // (1) the service has the "h2_service" annotation; or
 // (2) the "h2_service" annotation defined in Settings.UpstreamOptions; or
@@ -46,6 +55,10 @@ func useHttp2(ctx context.Context, svc *corev1.Service, port corev1.ServicePort)
 		}
 	}
 
+	if port.AppProtocol != nil && http2AppProtocolNames[*port.AppProtocol] {
+		return &wrappers.BoolValue{Value: true}
+	}
+
 	for _, http2Name := range http2PortNames {
 		if strings.HasPrefix(port.Name, http2Name) {
 			return &wrappers.BoolValue{Value: true}

projects/gloo/pkg/plugins/kubernetes/uds_convert_test.go

@@ -101,6 +101,29 @@ var _ = Describe("UdsConvert", func() {
 			Entry("exactly http2", "http2"),
 		)
 
+		DescribeTable("should create upstream with use_http2=true when port appProtocol is a supported type", func(appProtocol string, useHttp2 bool) {
+			svc := &corev1.Service{
+				Spec: corev1.ServiceSpec{},
+			}
+			svc.Name = "test"
+			svc.Namespace = "test-ns"
+
+			port := corev1.ServicePort{
+				Port:        123,
+				AppProtocol: &appProtocol,
+			}
+			up := uc.CreateUpstream(context.TODO(), svc, port)
+			Expect(up.GetUseHttp2().GetValue()).To(Equal(useHttp2))
+		},
+			Entry("http2", "http2", true),
+			Entry("grpc", "grpc", true),
+			Entry("grpc-web", "grpc-web", true),
+			Entry("kubernetes.io/h2c", "kubernetes.io/h2c", true),
+			Entry("http2-suffix", "http2-suffix", false),
+			Entry("grpc-suffix", "grpc-suffix", false),
+			Entry("tcp", "tcp", false),
+		)
+
 		Describe("Upstream Config when Annotations Exist", func() {
 
 			It("Should create upstream with use_http2=true when annotation exists", testSetUseHttp2Converter)

projects/gloo/pkg/syncer/setup/controlplane.go

@@ -7,10 +7,8 @@ import (
 
 	"github.com/rotisserie/eris"
 	"github.com/solo-io/gloo/pkg/utils/kubeutils"
-	"github.com/solo-io/gloo/pkg/utils/namespaces"
 	"github.com/solo-io/solo-kit/pkg/api/v1/clients"
 	skkube "github.com/solo-io/solo-kit/pkg/api/v1/resources/common/kubernetes"
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
 )
 
 var (
@@ -19,42 +17,51 @@ var (
 		return eris.Wrapf(NoXdsPortFoundError, "no port with the name %s found in service %s.%s", portName, svcNamespace, svcName)
 	}
 	NoGlooSvcFoundError = eris.New("failed to find Gloo service")
-	noGlooSvcFoundError = func(err error, svcNamespace string, svcName string) error {
-		wrapped := eris.Wrap(err, NoGlooSvcFoundError.Error())
-		return eris.Wrapf(wrapped, "service %s.%s", svcNamespace, svcName)
+	noGlooSvcFoundError = func(svcNamespace string) error {
+		return eris.Wrapf(NoGlooSvcFoundError, "service in %s with gloo=gloo label", svcNamespace)
+	}
+	MultipleGlooSvcFoundError = eris.New("found multiple Gloo services")
+	multipleGlooSvcFoundError = func(svcNamespace string) error {
+		return eris.Wrapf(MultipleGlooSvcFoundError, "found multiple services in %s with gloo=glo label", svcNamespace)
 	}
 )
 
-// GetControlPlaneXdsPort gets the xDS port from the gloo Service.
-func GetControlPlaneXdsPort(ctx context.Context, svcClient skkube.ServiceClient) (int32, error) {
-	// When this code is invoked from within the running Pod, this will contain the namespace where Gloo is running
-	svcNamespace := namespaces.GetPodNamespace()
-	return GetNamespacedControlPlaneXdsPort(ctx, svcNamespace, svcClient)
-}
-
-// GetNamespacedControlPlaneXdsPort gets the xDS port from the Gloo Service, provided the namespace the Service is running in
-func GetNamespacedControlPlaneXdsPort(ctx context.Context, svcNamespace string, svcClient skkube.ServiceClient) (int32, error) {
-	glooSvc, err := svcClient.Read(svcNamespace, kubeutils.GlooServiceName, clients.ReadOpts{Ctx: ctx})
+func GetControlPlaneService(ctx context.Context, svcNamespace string, svcClient skkube.ServiceClient) (*skkube.Service, error) {
+	opts := clients.ListOpts{
+		Ctx:      ctx,
+		Selector: kubeutils.GlooServiceLabels,
+	}
+	services, err := svcClient.List(svcNamespace, opts)
 	if err != nil {
-		if apierrors.IsNotFound(err) {
-			return 0, noGlooSvcFoundError(err, svcNamespace, kubeutils.GlooServiceName)
-		}
-		return 0, err
+		return nil, err
 	}
 
+	if len(services) == 0 {
+		return nil, noGlooSvcFoundError(svcNamespace)
+	}
+
+	if len(services) > 1 {
+		return nil, multipleGlooSvcFoundError(svcNamespace)
+	}
+
+	return services[0], nil
+}
+
+// GetControlPlaneXdsPort gets the xDS port from the Gloo Service
+func GetControlPlaneXdsPort(service *skkube.Service) (int32, error) {
 	// find the xds port on the Gloo Service
-	for _, port := range glooSvc.Spec.Ports {
+	for _, port := range service.Spec.Ports {
 		if port.Name == kubeutils.GlooXdsPortName {
 			return port.Port, nil
 		}
 	}
-	return 0, noXdsPortFoundError(kubeutils.GlooXdsPortName, svcNamespace, kubeutils.GlooServiceName)
+	return 0, noXdsPortFoundError(kubeutils.GlooXdsPortName, service.Namespace, service.Name)
 }
 
 // GetControlPlaneXdsHost gets the xDS address from the gloo Service.
-func GetControlPlaneXdsHost() string {
+func GetControlPlaneXdsHost(service *skkube.Service) string {
 	return kubeutils.ServiceFQDN(metav1.ObjectMeta{
-		Name:      kubeutils.GlooServiceName,
-		Namespace: namespaces.GetPodNamespace(),
+		Name:      service.Name,
+		Namespace: service.Namespace,
 	})
 }