Cherry pick/v1.6.0 (#7482)

* chore(examples): fix extensionserver build (#7398)

Signed-off-by: Maxime Brunet <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* chore: add missing endpoints in the crl test (#7402)

fix test for #7199

Signed-off-by: Huabing Zhao <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* chore(make): exit on failure (#7387)

Signed-off-by: Maxime Brunet <[email protected]>
Co-authored-by: zirain <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix: port typo (#7397)

Signed-off-by: cong <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* build(deps): bump busybox from `2f590fc` to `e3652a0` in /tools/docker/envoy-gateway (#7409)

build(deps): bump busybox in /tools/docker/envoy-gateway

Bumps busybox from `2f590fc` to `e3652a0`.

---
updated-dependencies:
- dependency-name: busybox
  dependency-version: e3652a00a2fabd16ce889f0aa32c38eec347b997e73bd09e69c962ec7f8732ee
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix: validate EnvoyGateway configuration before reload (#7412)

Signed-off-by: zirain <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* build(deps): bump the actions group across 1 directory with 2 updates (#7410)

Bumps the actions group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [google/osv-scanner-action](https://github.com/google/osv-scanner-action).

Updates `github/codeql-action` from 4.31.0 to 4.31.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4e94bd1...0499de3)

Updates `google/osv-scanner-action` from 2.2.3 to 2.2.4
- [Release notes](https://github.com/google/osv-scanner-action/releases)
- [Commits](google/osv-scanner-action@e92b5d0...9bb6957)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: google/osv-scanner-action
  dependency-version: 2.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix: missing onInvalidMessage for ClientTrafficPolicy (#7417)

Signed-off-by: i.makarychev <[email protected]>
Signed-off-by: i.makarychev <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* chore: add missing filters in the filter order configuration (#7404)

* add missing filters in the filter order configuration

Signed-off-by: Huabing Zhao <[email protected]>

* fix wrong filter name

Signed-off-by: Huabing Zhao <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* test: tcp security policy e2e (#7226)

* feat(securitypolicy): Added e2e tests for tcp security policies

Signed-off-by: davem-git <[email protected]>

* removed commented out line

Signed-off-by: davem-git <[email protected]>

---------

Signed-off-by: davem-git <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* Docs: tcp security policy (#7247)

* updated release notes

Signed-off-by: davem-git <[email protected]>

* updated docs

Signed-off-by: davem-git <[email protected]>

* fixed merge conflict

Signed-off-by: davem-git <[email protected]>

---------

Signed-off-by: davem-git <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* feat: support both local and global ratelimit simultaneously (#7334)

* update rate limit type

Signed-off-by: kkk777-7 <[email protected]>

* feat: support both type rate limit

Signed-off-by: kkk777-7 <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* feat: support separated path match in ratelimit path (#7413)

* update: path match ratelimit e2e

Signed-off-by: kkk777-7 <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix: handle optional next update for CRL (#7422)

fix: handle optional next update for crl

Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix: missing  jwt provider when jwt is configured on multiple listeners sharing the same port (#7337)

* fix jwt provider missing when jwt is configured at multiple ir listeners

Signed-off-by: Huabing Zhao <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix: only insert proxy service once it exists (#7424)

* maybe this is the fix?

Signed-off-by: jukie <[email protected]>

* fixes

Signed-off-by: jukie <[email protected]>

* cleanup

Signed-off-by: jukie <[email protected]>

* consolidate

Signed-off-by: jukie <[email protected]>

* fix

Signed-off-by: jukie <[email protected]>

---------

Signed-off-by: jukie <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix error when updating invalid gateway status (#7415)

* fix error when updating invalid gateway status

Signed-off-by: zirain <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix: avoid calling the issuer's well-known endpoint for every routes (#7394)

* fix: avoid calling the issuer's well-known endpoint for every routes with

Signed-off-by: Huabing Zhao <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix: memory leak (#7429)

Fix memory leak.

Two watchable.Maps were never closed when shutting down the provider:
- GatewayClassStatuses.Close() - missing in GatewayAPIStatuses.Close()
- BackendTrafficPolicyStatuses.Close() - missing in PolicyStatuses.Close()

Each unclosed map leaked 3 goroutines:
1. Internal watchable.Map.coalesce goroutine
2. HandleSubscription goroutine blocked on channel read
3. Error handler goroutine blocked on channel read

Signed-off-by: Gonzalo Serrano <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* perf: move snapshot update above status update in xds layer (#7423)

Signed-off-by: Arko Dasgupta <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* chore: cleanup logging when inserting proxy service cluster (#7431)

cleanup

Signed-off-by: jukie <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* upgrade gofumpt (#7420)

Signed-off-by: fabian4 <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* feat(translator): relax backend restrictions for localhost when running standalone with Host infrastructure (#7427)

Signed-off-by: Rudrakh Panigrahi <[email protected]>

* chore: improve api docs for http10.useDefaultHost (#7435)

* imporove api docs for useDefaultHost

Signed-off-by: Huabing Zhao <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* ci: disable lint.dependabot (#7445)

Signed-off-by: zirain <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* chore: bump github.com/containerd/containerd (#7448)

Signed-off-by: zirain <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* perf: do not set last transition time for status in watcher layer (#7268)

Signed-off-by: Rudrakh Panigrahi <[email protected]>

* docs: fix gwapi docs (#7408)

* docs: fix gwapi docs

Signed-off-by: zirain <[email protected]>

* fix

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* chore: renable lint.dependabot (#7454)

Signed-off-by: zirain <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* chore: remove last transition time comparison as no longer set (#7451)

chore: remove last transition time comparision as no longer set

Signed-off-by: Rudrakh Panigrahi <[email protected]>
Co-authored-by: zirain <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix: merged policy status (#7376)

Signed-off-by: kkk777-7 <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix: header modifier doesn't permit multiple values with commas (#7436)

* revert: separate headers with commas

Signed-off-by: kkk777-7 <[email protected]>

* add e2e

Signed-off-by: kkk777-7 <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* fix auto http config with proxy protocol (#7439)

* don't set TypedExtensionProtocolOptions when ProxyProtocol enabled

Signed-off-by: zirain <[email protected]>

* update test

Signed-off-by: zirain <[email protected]>

* enable auto ALPN for proxy protocol

Signed-off-by: zirain <[email protected]>

* add e2e

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* build(deps): bump sigs.k8s.io/controller-runtime from 0.22.3 to 0.22.4 in /examples/extension-server (#7470)

build(deps): bump sigs.k8s.io/controller-runtime

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.22.3 to 0.22.4.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.22.3...v0.22.4)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.22.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* build(deps): bump softprops/action-gh-release from 2.4.1 to 2.4.2 in the actions group across 1 directory (#7461)

build(deps): bump softprops/action-gh-release

Bumps the actions group with 1 update in the / directory: [softprops/action-gh-release](https://github.com/softprops/action-gh-release).

Updates `softprops/action-gh-release` from 2.4.1 to 2.4.2
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@6da8fa9...5be0e66)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 2.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* build(deps): bump github.com/envoyproxy/go-control-plane/envoy from 1.35.0 to 1.36.0 in /examples/grpc-ext-proc (#7471)

build(deps): bump github.com/envoyproxy/go-control-plane/envoy

Bumps [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) from 1.35.0 to 1.36.0.
- [Release notes](https://github.com/envoyproxy/go-control-plane/releases)
- [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md)
- [Commits](envoyproxy/go-control-plane@envoy/v1.35.0...envoy/v1.36.0)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/go-control-plane/envoy
  dependency-version: 1.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* build(deps): bump github.com/envoyproxy/go-control-plane/envoy from 1.35.0 to 1.36.0 in /examples/envoy-ext-auth (#7467)

build(deps): bump github.com/envoyproxy/go-control-plane/envoy

Bumps [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) from 1.35.0 to 1.36.0.
- [Release notes](https://github.com/envoyproxy/go-control-plane/releases)
- [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md)
- [Commits](envoyproxy/go-control-plane@envoy/v1.35.0...envoy/v1.36.0)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/go-control-plane/envoy
  dependency-version: 1.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* build(deps): bump github.com/envoyproxy/go-control-plane/envoy from 1.35.1-0.20251029084203-42a4a9261f66 to 1.36.0 in /examples/extension-server (#7468)

build(deps): bump github.com/envoyproxy/go-control-plane/envoy

Bumps [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) from 1.35.1-0.20251029084203-42a4a9261f66 to 1.36.0.
- [Release notes](https://github.com/envoyproxy/go-control-plane/releases)
- [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md)
- [Commits](https://github.com/envoyproxy/go-control-plane/commits/envoy/v1.36.0)

---
updated-dependencies:
- dependency-name: github.com/envoyproxy/go-control-plane/envoy
  dependency-version: 1.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Rudrakh Panigrahi <[email protected]>

* [release/v1.6] v1.6.0 release docs (#7475)

Signed-off-by: Rudrakh Panigrahi <[email protected]>

---------

Signed-off-by: Maxime Brunet <[email protected]>
Signed-off-by: Rudrakh Panigrahi <[email protected]>
Signed-off-by: Huabing Zhao <[email protected]>
Signed-off-by: cong <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: zirain <[email protected]>
Signed-off-by: i.makarychev <[email protected]>
Signed-off-by: i.makarychev <[email protected]>
Signed-off-by: davem-git <[email protected]>
Signed-off-by: kkk777-7 <[email protected]>
Signed-off-by: jukie <[email protected]>
Signed-off-by: Gonzalo Serrano <[email protected]>
Signed-off-by: Arko Dasgupta <[email protected]>
Signed-off-by: fabian4 <[email protected]>
Co-authored-by: Maxime Brunet <[email protected]>
Co-authored-by: Huabing (Robin) Zhao <[email protected]>
Co-authored-by: zirain <[email protected]>
Co-authored-by: 聪 <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Inode1 <[email protected]>
Co-authored-by: davem-git <[email protected]>
Co-authored-by: Kota Kimura <[email protected]>
Co-authored-by: Isaac <[email protected]>
Co-authored-by: Gonzalo Serrano <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]>
Co-authored-by: Fabian Bao <[email protected]>
Co-authored-by: Ignasi Barrera <[email protected]>

Author: 14 people

.github/workflows/codeql.yml

@@ -36,14 +36,14 @@ jobs:
     - uses: ./tools/github-actions/setup-deps
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb  # v3.29.5
+      uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee  # v3.29.5
       with:
         languages: ${{ matrix.language }}
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@4e94bd11f71e507f7f87df81788dff88d1dacbfb  # v3.29.5
+      uses: github/codeql-action/autobuild@0499de31b99561a6d14a36a5f662c2a54f91beee  # v3.29.5
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb  # v3.29.5
+      uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee  # v3.29.5
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/license-scan.yml

@@ -18,7 +18,7 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
     - name: Run scanner
-      uses: google/osv-scanner-action/osv-scanner-action@e92b5d07338d4f0ba0981dffed17c48976ca4730  # v2.2.3
+      uses: google/osv-scanner-action/osv-scanner-action@9bb69575e74019c2ad085a1860787043adf47ccb  # v2.2.4
       with:
         scan-args: |-  # See allowed licenses at https://github.com/cncf/foundation/blob/main/policies-guidance/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
           --licenses=Apache-2.0,0BSD,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-3-Clause,MIT,MIT-0,ISC,OpenSSL,OpenSSL-standalone,PSF-2.0,Python-2.0,Python-2.0.1,PostgreSQL,SSLeay-standalone,UPL-1.0,X11,Zlib

.github/workflows/osv-scanner.yml

@@ -19,7 +19,7 @@ permissions:
 jobs:
   scan-scheduled:
     if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@e92b5d07338d4f0ba0981dffed17c48976ca4730"  # v2.2.3
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@9bb69575e74019c2ad085a1860787043adf47ccb"  # v2.2.4
     with:
       scan-args: |-
         --recursive
@@ -32,7 +32,7 @@ jobs:
 
   scan-pr:
     if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@e92b5d07338d4f0ba0981dffed17c48976ca4730"  # v2.2.3
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@9bb69575e74019c2ad085a1860787043adf47ccb"  # v2.2.4
     with:
       scan-args: |-
         --recursive

.github/workflows/release.yaml

@@ -100,7 +100,7 @@ jobs:
           zip -r egctl_${{ env.release_tag }}_windows_amd64.zip bin/windows/amd64/egctl
 
       - name: Upload Release Manifests
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090  # v2.4.1
+        uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe  # v2.4.2
         with:
           files: |
             release-artifacts/install.yaml

.github/workflows/scorecard.yml

@@ -40,6 +40,6 @@ jobs:
         retention-days: 5
 
     - name: "Upload to code-scanning"
-      uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb  # v3.29.5
+      uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee  # v3.29.5
       with:
         sarif_file: results.sarif

VERSION

@@ -1 +1 @@
-v1.6.0-rc.1
+v1.6.0

api/v1alpha1/clienttrafficpolicy_types.go

@@ -357,11 +357,19 @@ type HTTP1Settings struct {
 
 // HTTP10Settings provides HTTP/1.0 configuration on the listener.
 type HTTP10Settings struct {
-	// UseDefaultHost defines if the HTTP/1.0 request is missing the Host header,
-	// then the hostname associated with the listener should be injected into the
-	// request.
-	// If this is not set and an HTTP/1.0 request arrives without a host, then
-	// it will be rejected.
+	// UseDefaultHost specifies whether a default Host header should be injected
+	// into HTTP/1.0 requests that do not include one.
+	//
+	// When set to true, Envoy Gateway injects the hostname associated with the
+	// listener or route into the request, in the following order:
+	//
+	//   1. If the targeted listener has a non-wildcard hostname, use that hostname.
+	//   2. If there is exactly one HTTPRoute with a non-wildcard hostname under
+	//      the targeted listener, use that hostname.
+	//
+	//  Note: Setting this field to true without a non-wildcard hostname makes the
+	// ClientTrafficPolicy invalid.
+	//
 	// +optional
 	UseDefaultHost *bool `json:"useDefaultHost,omitempty"`
 }

api/v1alpha1/envoyproxy_types.go

@@ -106,6 +106,8 @@ type EnvoyProxySpec struct {
 	//
 	// - envoy.filters.http.ext_authz
 	//
+	// - envoy.filters.http.api_key_auth
+	//
 	// - envoy.filters.http.basic_auth
 	//
 	// - envoy.filters.http.oauth2
@@ -114,6 +116,8 @@ type EnvoyProxySpec struct {
 	//
 	// - envoy.filters.http.stateful_session
 	//
+	// - envoy.filters.http.buffer
+	//
 	// - envoy.filters.http.lua
 	//
 	// - envoy.filters.http.ext_proc
@@ -126,8 +130,16 @@ type EnvoyProxySpec struct {
 	//
 	// - envoy.filters.http.ratelimit
 	//
+	// - envoy.filters.http.grpc_web
+	//
+	// - envoy.filters.http.grpc_stats
+	//
 	// - envoy.filters.http.custom_response
 	//
+	// - envoy.filters.http.credential_injector
+	//
+	// - envoy.filters.http.compressor
+	//
 	// - envoy.filters.http.router
 	//
 	// Note: "envoy.filters.http.router" cannot be reordered, it's always the last filter in the chain.
@@ -222,7 +234,7 @@ type FilterPosition struct {
 }
 
 // EnvoyFilter defines the type of Envoy HTTP filter.
-// +kubebuilder:validation:Enum=envoy.filters.http.health_check;envoy.filters.http.fault;envoy.filters.http.cors;envoy.filters.http.ext_authz;envoy.filters.http.api_key_auth;envoy.filters.http.basic_auth;envoy.filters.http.oauth2;envoy.filters.http.jwt_authn;envoy.filters.http.stateful_session;envoy.filters.http.lua;envoy.filters.http.ext_proc;envoy.filters.http.wasm;envoy.filters.http.rbac;envoy.filters.http.local_ratelimit;envoy.filters.http.ratelimit;envoy.filters.http.custom_response;envoy.filters.http.compressor
+// +kubebuilder:validation:Enum=envoy.filters.http.health_check;envoy.filters.http.fault;envoy.filters.http.cors;envoy.filters.http.ext_authz;envoy.filters.http.api_key_auth;envoy.filters.http.basic_auth;envoy.filters.http.oauth2;envoy.filters.http.jwt_authn;envoy.filters.http.stateful_session;envoy.filters.http.buffer;envoy.filters.http.lua;envoy.filters.http.ext_proc;envoy.filters.http.wasm;envoy.filters.http.rbac;envoy.filters.http.local_ratelimit;envoy.filters.http.ratelimit;envoy.filters.http.grpc_web;envoy.filters.http.grpc_stats;envoy.filters.http.custom_response;envoy.filters.http.credential_injector;envoy.filters.http.compressor
 type EnvoyFilter string
 
 const (

api/v1alpha1/ratelimit_types.go

@@ -10,13 +10,14 @@ import (
 )
 
 // RateLimitSpec defines the desired state of RateLimitSpec.
-// +union
 type RateLimitSpec struct {
 	// Type decides the scope for the RateLimits.
 	// Valid RateLimitType values are "Global" or "Local".
 	//
-	// +unionDiscriminator
-	Type RateLimitType `json:"type"`
+	// Deprecated: Use Global and/or Local fields directly instead. Both can be specified simultaneously for combined rate limiting.
+	//
+	// +optional
+	Type *RateLimitType `json:"type,omitempty"`
 	// Global defines global rate limit configuration.
 	//
 	// +optional