chore: Replace envoy xds v3 with dubbo xds v1

.github/workflows/ci.yml

@@ -138,7 +138,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v1
         with:
           version: '3.13.0'
 

dubbod/discovery/pkg/bootstrap/discovery.go

@@ -22,7 +22,7 @@ import (
 	"github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/networking/core"
 	"github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/networking/grpcgen"
 	"github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/xds"
-	v3 "github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/xds/v3"
+	v1 "github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/xds/v1"
 )
 
 func InitGenerators(
@@ -32,19 +32,19 @@ func InitGenerators(
 	env := s.Env
 	generators := map[string]model.XdsResourceGenerator{}
 	edsGen := &xds.EdsGenerator{Cache: s.Cache, EndpointIndex: env.EndpointIndex}
-	generators[v3.ClusterType] = &xds.CdsGenerator{ConfigGenerator: cg}
-	generators[v3.ListenerType] = &xds.LdsGenerator{ConfigGenerator: cg}
-	generators[v3.RouteType] = &xds.RdsGenerator{ConfigGenerator: cg}
-	generators[v3.EndpointType] = edsGen
+	generators[v1.ClusterType] = &xds.CdsGenerator{ConfigGenerator: cg}
+	generators[v1.ListenerType] = &xds.LdsGenerator{ConfigGenerator: cg}
+	generators[v1.RouteType] = &xds.RdsGenerator{ConfigGenerator: cg}
+	generators[v1.EndpointType] = edsGen
 
 	generators["grpc"] = &grpcgen.GrpcConfigGenerator{}
-	generators["grpc/"+v3.EndpointType] = edsGen
-	generators["grpc/"+v3.ListenerType] = generators["grpc"]
-	generators["grpc/"+v3.RouteType] = generators["grpc"]
-	generators["grpc/"+v3.ClusterType] = generators["grpc"]
+	generators["grpc/"+v1.EndpointType] = edsGen
+	generators["grpc/"+v1.ListenerType] = generators["grpc"]
+	generators["grpc/"+v1.RouteType] = generators["grpc"]
+	generators["grpc/"+v1.ClusterType] = generators["grpc"]
 
 	generators["api"] = apigen.NewGenerator(env.ConfigStore)
-	generators["api/"+v3.EndpointType] = edsGen
+	generators["api/"+v1.EndpointType] = edsGen
 
 	generators["event"] = xds.NewStatusGen(s)
 	s.Generators = generators

dubbod/discovery/pkg/networking/grpcgen/cds.go

@@ -30,7 +30,7 @@ import (
 	"github.com/apache/dubbo-kubernetes/pkg/util/sets"
 	cluster "github.com/dubbo-kubernetes/xds-api/cluster/v1"
 	core "github.com/dubbo-kubernetes/xds-api/core/v1"
-	tlsv3 "github.com/dubbo-kubernetes/xds-api/extensions/transport_sockets/tls/v1"
+	tlsv1 "github.com/dubbo-kubernetes/xds-api/extensions/transport_sockets/tls/v1"
 )
 
 type clusterBuilder struct {
@@ -393,13 +393,13 @@ func (b *clusterBuilder) applyTLSForCluster(c *cluster.Cluster, subset *networki
 
 // buildUpstreamTLSContext builds an UpstreamTlsContext that conforms to gRPC xDS expectations,
 // reusing the common certificate-provider setup from buildCommonTLSContext.
-func (b *clusterBuilder) buildUpstreamTLSContext(c *cluster.Cluster, tlsSettings *networking.ClientTLSSettings) *tlsv3.UpstreamTlsContext {
+func (b *clusterBuilder) buildUpstreamTLSContext(c *cluster.Cluster, tlsSettings *networking.ClientTLSSettings) *tlsv1.UpstreamTlsContext {
 	common := buildCommonTLSContext()
 	if common == nil {
 		return nil
 	}
 
-	tlsContext := &tlsv3.UpstreamTlsContext{
+	tlsContext := &tlsv1.UpstreamTlsContext{
 		CommonTlsContext: common,
 	}
 	// SNI must be the service hostname, not the cluster name

dubbod/discovery/pkg/networking/grpcgen/grpcgen.go

@@ -18,9 +18,9 @@ package grpcgen
 
 import (
 	"github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/model"
-	v3 "github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/xds/v3"
+	v1 "github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/xds/v1"
 	dubbolog "github.com/apache/dubbo-kubernetes/pkg/log"
-	tlsv3 "github.com/dubbo-kubernetes/xds-api/extensions/transport_sockets/tls/v1"
+	tlsv1 "github.com/dubbo-kubernetes/xds-api/extensions/transport_sockets/tls/v1"
 )
 
 var log = dubbolog.RegisterScope("grpcgen", "xDS Generator for Proxyless gRPC")
@@ -37,14 +37,14 @@ func (g *GrpcConfigGenerator) Generate(proxy *model.Proxy, w *model.WatchedResou
 	}
 
 	switch w.TypeUrl {
-	case v3.ListenerType:
+	case v1.ListenerType:
 		// Pass requested names to BuildListeners to ensure consistent behavior
 		// When requestedNames is empty (wildcard), BuildListeners generates all listeners
 		// When requestedNames is non-empty, BuildListeners only generates requested listeners
 		return g.BuildListeners(proxy, req.Push, requestedNames), model.DefaultXdsLogDetails, nil
-	case v3.ClusterType:
+	case v1.ClusterType:
 		return g.BuildClusters(proxy, req.Push, requestedNames), model.DefaultXdsLogDetails, nil
-	case v3.RouteType:
+	case v1.RouteType:
 		resources, logDetails := g.BuildHTTPRoutes(proxy, req, requestedNames)
 		return resources, logDetails, nil
 	}
@@ -55,25 +55,25 @@ func (g *GrpcConfigGenerator) Generate(proxy *model.Proxy, w *model.WatchedResou
 // buildCommonTLSContext creates a TLS context that matches gRPC xDS expectations.
 // - Uses certificate provider "default" for workload certs and root CA
 // - Does not configure explicit SAN matches (left to future hardening)
-func buildCommonTLSContext() *tlsv3.CommonTlsContext {
-	return &tlsv3.CommonTlsContext{
+func buildCommonTLSContext() *tlsv1.CommonTlsContext {
+	return &tlsv1.CommonTlsContext{
 		// Workload certificate provider instance (SPIFFE workload cert chain)
-		TlsCertificateCertificateProviderInstance: &tlsv3.CommonTlsContext_CertificateProviderInstance{
+		TlsCertificateCertificateProviderInstance: &tlsv1.CommonTlsContext_CertificateProviderInstance{
 			InstanceName:    "default",
 			CertificateName: "default",
 		},
 		// Root CA provider instance
-		ValidationContextType: &tlsv3.CommonTlsContext_CombinedValidationContext{
-			CombinedValidationContext: &tlsv3.CommonTlsContext_CombinedCertificateValidationContext{
-				ValidationContextCertificateProviderInstance: &tlsv3.CommonTlsContext_CertificateProviderInstance{
+		ValidationContextType: &tlsv1.CommonTlsContext_CombinedValidationContext{
+			CombinedValidationContext: &tlsv1.CommonTlsContext_CombinedCertificateValidationContext{
+				ValidationContextCertificateProviderInstance: &tlsv1.CommonTlsContext_CertificateProviderInstance{
 					InstanceName:    "default",
 					CertificateName: "ROOTCA",
 				},
 				// DefaultValidationContext: Configure basic certificate validation
 				// The certificate provider instance (ROOTCA) provides the root CA for validation
 				// For gRPC proxyless, we rely on the certificate provider for root CA validation
 				// SAN matching can be added later if needed for stricter validation
-				DefaultValidationContext: &tlsv3.CertificateValidationContext{
+				DefaultValidationContext: &tlsv1.CertificateValidationContext{
 					// Trust the root CA from the certificate provider
 					// The certificate provider instance "default" with "ROOTCA" will provide
 					// the root CA certificates for validating peer certificates

dubbod/discovery/pkg/networking/grpcgen/lds.go

@@ -30,9 +30,9 @@ import (
 	"github.com/apache/dubbo-kubernetes/pkg/util/sets"
 	"github.com/apache/dubbo-kubernetes/pkg/wellknown"
 	core "github.com/dubbo-kubernetes/xds-api/core/v1"
-	routerv3 "github.com/dubbo-kubernetes/xds-api/extensions/filters/v1/http/router"
-	hcmv3 "github.com/dubbo-kubernetes/xds-api/extensions/filters/v1/network/http_connection_manager"
-	tlsv3 "github.com/dubbo-kubernetes/xds-api/extensions/transport_sockets/tls/v1"
+	routerv1 "github.com/dubbo-kubernetes/xds-api/extensions/filters/v1/http/router"
+	hcmv1 "github.com/dubbo-kubernetes/xds-api/extensions/filters/v1/network/http_connection_manager"
+	tlsv1 "github.com/dubbo-kubernetes/xds-api/extensions/transport_sockets/tls/v1"
 	listener "github.com/dubbo-kubernetes/xds-api/listener/v1"
 	route "github.com/dubbo-kubernetes/xds-api/route/v1"
 	discovery "github.com/dubbo-kubernetes/xds-api/service/discovery/v1"
@@ -213,7 +213,7 @@ func buildInboundListeners(node *model.Proxy, push *model.PushContext, names []s
 		// "missing HttpConnectionManager filter", gRPC proxyless clients require HttpConnectionManager
 		// in the FilterChain for inbound listeners.
 		routeName := fmt.Sprintf("%d", listenPort)
-		var hcm *hcmv3.HttpConnectionManager
+		var hcm *hcmv1.HttpConnectionManager
 
 		// For Gateway Pods (router type), use RDS to get route configuration from HTTPRoute
 		// This allows Gateway to route external traffic to backend services based on HTTPRoute rules
@@ -223,11 +223,11 @@ func buildInboundListeners(node *model.Proxy, push *model.PushContext, names []s
 			}
 			log.Infof(" Gateway Pod (router) using RDS for listener %s, routeName=%s, node.ID=%s, node.Type=%v, service=%s", name, routeName, node.ID, node.Type, si.Service.Attributes.Name)
 			// Gateway Pods need RDS to route traffic based on HTTPRoute
-			hcm = &hcmv3.HttpConnectionManager{
-				CodecType:  hcmv3.HttpConnectionManager_AUTO,
+			hcm = &hcmv1.HttpConnectionManager{
+				CodecType:  hcmv1.HttpConnectionManager_AUTO,
 				StatPrefix: fmt.Sprintf("inbound_%d", listenPort),
-				RouteSpecifier: &hcmv3.HttpConnectionManager_Rds{
-					Rds: &hcmv3.Rds{
+				RouteSpecifier: &hcmv1.HttpConnectionManager_Rds{
+					Rds: &hcmv1.Rds{
 						ConfigSource: &core.ConfigSource{
 							ConfigSourceSpecifier: &core.ConfigSource_Ads{
 								Ads: &core.AggregatedConfigSource{},
@@ -236,11 +236,11 @@ func buildInboundListeners(node *model.Proxy, push *model.PushContext, names []s
 						RouteConfigName: routeName,
 					},
 				},
-				HttpFilters: []*hcmv3.HttpFilter{
+				HttpFilters: []*hcmv1.HttpFilter{
 					{
 						Name: "filters.http.router",
-						ConfigType: &hcmv3.HttpFilter_TypedConfig{
-							TypedConfig: protoconv.MessageToAny(&routerv3.Router{}),
+						ConfigType: &hcmv1.HttpFilter_TypedConfig{
+							TypedConfig: protoconv.MessageToAny(&routerv1.Router{}),
 						},
 					},
 				},
@@ -250,10 +250,10 @@ func buildInboundListeners(node *model.Proxy, push *model.PushContext, names []s
 			// For regular service Pods, use inline RouteConfig with NonForwardingAction
 			// Use inline RouteConfig instead of RDS to avoid triggering additional RDS requests that cause push loops
 			// For proxyless gRPC, inline configuration is preferred to minimize round-trips
-			hcm = &hcmv3.HttpConnectionManager{
-				CodecType:  hcmv3.HttpConnectionManager_AUTO,
+			hcm = &hcmv1.HttpConnectionManager{
+				CodecType:  hcmv1.HttpConnectionManager_AUTO,
 				StatPrefix: fmt.Sprintf("inbound_%d", listenPort),
-				RouteSpecifier: &hcmv3.HttpConnectionManager_RouteConfig{
+				RouteSpecifier: &hcmv1.HttpConnectionManager_RouteConfig{
 					RouteConfig: &route.RouteConfiguration{
 						Name: routeName,
 						VirtualHosts: []*route.VirtualHost{
@@ -274,11 +274,11 @@ func buildInboundListeners(node *model.Proxy, push *model.PushContext, names []s
 						},
 					},
 				},
-				HttpFilters: []*hcmv3.HttpFilter{
+				HttpFilters: []*hcmv1.HttpFilter{
 					{
 						Name: "filters.http.router",
-						ConfigType: &hcmv3.HttpFilter_TypedConfig{
-							TypedConfig: protoconv.MessageToAny(&routerv3.Router{}),
+						ConfigType: &hcmv1.HttpFilter_TypedConfig{
+							TypedConfig: protoconv.MessageToAny(&routerv1.Router{}),
 						},
 					},
 				},
@@ -359,7 +359,7 @@ func buildDownstreamTransportSocket(mode model.MutualTLSMode) *core.TransportSoc
 	// For STRICT mTLS, we require client certificates and validate them
 	// The validation context is already configured in buildCommonTLSContext
 	// via the certificate provider instance (ROOTCA)
-	tlsContext := &tlsv3.DownstreamTlsContext{
+	tlsContext := &tlsv1.DownstreamTlsContext{
 		CommonTlsContext:         common,
 		RequireClientCertificate: wrapperspb.Bool(true),
 		// Note: gRPC proxyless uses certificate provider for validation
@@ -516,11 +516,11 @@ func buildOutboundListeners(node *model.Proxy, push *model.PushContext, filter l
 			// For gRPC proxyless, outbound listeners MUST use ApiListener with RDS
 			// This is the correct pattern used by Dubbo for gRPC xDS clients
 			// Using FilterChain with inline RouteConfig causes the gRPC client to remain in IDLE state
-			hcm := &hcmv3.HttpConnectionManager{
-				CodecType:  hcmv3.HttpConnectionManager_AUTO,
+			hcm := &hcmv1.HttpConnectionManager{
+				CodecType:  hcmv1.HttpConnectionManager_AUTO,
 				StatPrefix: fmt.Sprintf("outbound_%d_%s", port, svc.Attributes.Name),
-				RouteSpecifier: &hcmv3.HttpConnectionManager_Rds{
-					Rds: &hcmv3.Rds{
+				RouteSpecifier: &hcmv1.HttpConnectionManager_Rds{
+					Rds: &hcmv1.Rds{
 						ConfigSource: &core.ConfigSource{
 							ConfigSourceSpecifier: &core.ConfigSource_Ads{
 								Ads: &core.AggregatedConfigSource{},
@@ -529,11 +529,11 @@ func buildOutboundListeners(node *model.Proxy, push *model.PushContext, filter l
 						RouteConfigName: routeName,
 					},
 				},
-				HttpFilters: []*hcmv3.HttpFilter{
+				HttpFilters: []*hcmv1.HttpFilter{
 					{
 						Name: "filters.http.router",
-						ConfigType: &hcmv3.HttpFilter_TypedConfig{
-							TypedConfig: protoconv.MessageToAny(&routerv3.Router{}),
+						ConfigType: &hcmv1.HttpFilter_TypedConfig{
+							TypedConfig: protoconv.MessageToAny(&routerv1.Router{}),
 						},
 					},
 				},

dubbod/discovery/pkg/xds/ads.go

@@ -26,7 +26,7 @@ import (
 	"github.com/apache/dubbo-kubernetes/pkg/maps"
 
 	"github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/model"
-	v3 "github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/xds/v3"
+	v1 "github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/xds/v1"
 	"github.com/apache/dubbo-kubernetes/pkg/util/sets"
 	"github.com/apache/dubbo-kubernetes/pkg/xds"
 	core "github.com/dubbo-kubernetes/xds-api/core/v1"
@@ -323,8 +323,8 @@ func (s *DiscoveryServer) pushConnection(con *Connection, pushEv *Event) error {
 }
 
 func (s *DiscoveryServer) processRequest(req *discovery.DiscoveryRequest, con *Connection) error {
-	stype := v3.GetShortType(req.TypeUrl)
-	if req.TypeUrl == v3.HealthInfoType {
+	stype := v1.GetShortType(req.TypeUrl)
+	if req.TypeUrl == v1.HealthInfoType {
 		return nil
 	}
 
@@ -414,11 +414,11 @@ func (s *DiscoveryServer) processRequest(req *discovery.DiscoveryRequest, con *C
 }
 
 func (s *DiscoveryServer) processDeltaRequest(req *discovery.DeltaDiscoveryRequest, con *Connection) error {
-	stype := v3.GetShortType(req.TypeUrl)
+	stype := v1.GetShortType(req.TypeUrl)
 	deltaLog.Infof("%s: REQ %s resources sub:%d unsub:%d nonce:%s", stype,
 		con.ID(), len(req.ResourceNamesSubscribe), len(req.ResourceNamesUnsubscribe), req.ResponseNonce)
 
-	if req.TypeUrl == v3.HealthInfoType {
+	if req.TypeUrl == v1.HealthInfoType {
 		return nil
 	}
 
@@ -444,7 +444,7 @@ func (s *DiscoveryServer) processDeltaRequest(req *discovery.DeltaDiscoveryReque
 	if err != nil {
 		return err
 	}
-	if req.TypeUrl != v3.ClusterType {
+	if req.TypeUrl != v1.ClusterType {
 		return nil
 	}
 	return s.forceEDSPush(con)
@@ -465,10 +465,10 @@ func newDeltaConnection(peerAddr string, stream DeltaDiscoveryStream) *Connectio
 }
 
 var PushOrder = []string{
-	v3.ClusterType,
-	v3.EndpointType,
-	v3.ListenerType,
-	v3.RouteType,
+	v1.ClusterType,
+	v1.EndpointType,
+	v1.ListenerType,
+	v1.RouteType,
 }
 
 var KnownOrderedTypeUrls = sets.New(PushOrder...)

dubbod/discovery/pkg/xds/delta.go

@@ -23,7 +23,7 @@ import (
 
 	dubbogrpc "github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/grpc"
 	"github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/model"
-	v3 "github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/xds/v3"
+	v1 "github.com/apache/dubbo-kubernetes/dubbod/discovery/pkg/xds/v1"
 	"github.com/apache/dubbo-kubernetes/pkg/util/sets"
 	discovery "github.com/dubbo-kubernetes/xds-api/service/discovery/v1"
 	"github.com/google/uuid"
@@ -35,15 +35,15 @@ import (
 var deltaLog = dubbolog.RegisterScope("delta", "delta xds debugging")
 
 func (s *DiscoveryServer) forceEDSPush(con *Connection) error {
-	if dwr := con.proxy.GetWatchedResource(v3.EndpointType); dwr != nil {
+	if dwr := con.proxy.GetWatchedResource(v1.EndpointType); dwr != nil {
 		request := &model.PushRequest{
 			Full:   true,
 			Push:   con.proxy.LastPushContext,
 			Reason: model.NewReasonStats(model.DependentResource),
 			Start:  con.proxy.LastPushTime,
 			Forced: true,
 		}
-		deltaLog.Infof("%s: FORCE %s PUSH for warming.", v3.GetShortType(v3.EndpointType), con.ID())
+		deltaLog.Infof("%s: FORCE %s PUSH for warming.", v1.GetShortType(v1.EndpointType), con.ID())
 		return s.pushDeltaXds(con, dwr, request)
 	}
 	return nil
@@ -138,7 +138,7 @@ func (s *DiscoveryServer) receiveDelta(con *Connection, identities []string) {
 			return
 		}
 		if firstRequest {
-			if req.TypeUrl == v3.HealthInfoType {
+			if req.TypeUrl == v1.HealthInfoType {
 				deltaLog.Warnf("%q %s send health check probe before normal xDS request", con.Peer(), con.ID())
 				continue
 			}
@@ -164,7 +164,7 @@ func (s *DiscoveryServer) receiveDelta(con *Connection, identities []string) {
 			unsubscribeStr = " unsubscribe:[" + strings.Join(req.ResourceNamesUnsubscribe, ", ") + "]"
 		}
 		deltaLog.Infof("%s: RAW DELTA REQ %s sub:%d%s nonce:%s%s",
-			v3.GetShortType(req.TypeUrl), con.ID(), len(req.ResourceNamesSubscribe), subscribeStr,
+			v1.GetShortType(req.TypeUrl), con.ID(), len(req.ResourceNamesSubscribe), subscribeStr,
 			req.ResponseNonce, unsubscribeStr)
 
 		select {
@@ -254,7 +254,7 @@ func deltaWatchedResources(existing sets.String, request *discovery.DeltaDiscove
 }
 
 func shouldRespondDelta(con *Connection, request *discovery.DeltaDiscoveryRequest) bool {
-	stype := v3.GetShortType(request.TypeUrl)
+	stype := v1.GetShortType(request.TypeUrl)
 
 	if request.ErrorDetail != nil {
 		errCode := codes.Code(request.ErrorDetail.Code)
@@ -336,7 +336,7 @@ func (conn *Connection) sendDelta(res *discovery.DeltaDiscoveryResponse, newReso
 	}
 	err := sendResonse()
 	if status.Convert(err).Code() == codes.DeadlineExceeded {
-		deltaLog.Infof("Timeout writing %s: %v", conn.ID(), v3.GetShortType(res.TypeUrl))
+		deltaLog.Infof("Timeout writing %s: %v", conn.ID(), v1.GetShortType(res.TypeUrl))
 	}
 	return err
 }

dubbod/discovery/pkg/xds/discovery.go

@@ -99,7 +99,7 @@ func NewDiscoveryServer(env *model.Environment, clusterAliases map[string]string
 }
 
 func (s *DiscoveryServer) Register(rpcs *grpc.Server) {
-	// Register v3 server
+	// Register v1 server
 	discovery.RegisterAggregatedDiscoveryServiceServer(rpcs, s)
 }