From b443fa1a107a0d54d4d5119583b140fd1a10499e Mon Sep 17 00:00:00 2001 From: Jacob Bohanon Date: Sat, 26 Oct 2024 11:44:55 -0400 Subject: [PATCH] Clarify envoy validation api comment (#10235) Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com> Co-authored-by: changelog-bot --- .../v1.18.0-beta30/clarify-envoy-validation-api.yaml | 8 ++++++++ .../gloo/projects/gloo/api/v1/settings.proto.sk.md | 2 +- projects/gloo/api/v1/settings.proto | 3 ++- projects/gloo/pkg/api/v1/settings.pb.go | 3 ++- 4 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 changelog/v1.18.0-beta30/clarify-envoy-validation-api.yaml diff --git a/changelog/v1.18.0-beta30/clarify-envoy-validation-api.yaml b/changelog/v1.18.0-beta30/clarify-envoy-validation-api.yaml new file mode 100644 index 00000000000..604edd16db4 --- /dev/null +++ b/changelog/v1.18.0-beta30/clarify-envoy-validation-api.yaml @@ -0,0 +1,8 @@ +changelog: + - type: NON_USER_FACING + issueLink: https://github.com/solo-io/gloo/issues/5720 + resolvesIssue: false + description: >- + Update comment for Envoy validation API since it is now implemented + + skipCI-kube-tests:true diff --git a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md index ad2250b4f1b..cc582853163 100644 --- a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md +++ b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md @@ -948,7 +948,7 @@ options for configuring admission control / validation | `validationServerGrpcMaxSizeBytes` | [.google.protobuf.Int32Value](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/int-32-value) | By default, gRPC validation messages between gateway and gloo pods have a max message size of 100 MB. Setting this value sets the gRPC max message size in bytes for the gloo validation server. This should only be changed if necessary. If not included, the gRPC max message size will be the default of 100 MB. | | `serverEnabled` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | By providing the validation field (parent of this object) the user is implicitly opting into validation. This field allows the user to opt out of the validation server, while still configuring pre-existing fields such as `warn_route_short_circuiting` and `disable_transformation_validation`. If not included, the validation server will be enabled. | | `warnMissingTlsSecret` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | Allows configuring validation to report a missing TLS secret referenced by a SslConfig or UpstreamSslConfig as a warning instead of an error. This will allow for eventually consistent workloads, but will also permit the accidental deletion of secrets being referenced, which would cause disruption in traffic. | -| `fullEnvoyValidation` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | Configures the Gloo translation loop to send the final product of translation through Envoy validation mode. This has an negative impact on the total translation throughput, but it helps ensure the configuration will not be nacked when served to Envoy. This feature is not yet implemented. | +| `fullEnvoyValidation` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | Configures the Gloo translation loop to send the final product of translation through Envoy validation mode. This has an negative impact on the total translation throughput, but it helps ensure the configuration will not be nacked when served to Envoy. This feature is disabled by default and is not recommended for production deployments unless the performance implications are well understood and acceptable. | diff --git a/projects/gloo/api/v1/settings.proto b/projects/gloo/api/v1/settings.proto index 97dc6dcc0fe..31157ffade1 100644 --- a/projects/gloo/api/v1/settings.proto +++ b/projects/gloo/api/v1/settings.proto @@ -916,7 +916,8 @@ message GatewayOptions { // validation mode. This has an negative impact on the total translation throughput, but it // helps ensure the configuration will not be nacked when served to Envoy. // - // This feature is not yet implemented. + // This feature is disabled by default and is not recommended for production deployments unless + // the performance implications are well understood and acceptable. google.protobuf.BoolValue full_envoy_validation = 14; } diff --git a/projects/gloo/pkg/api/v1/settings.pb.go b/projects/gloo/pkg/api/v1/settings.pb.go index 70494f65b6f..56aa6dcb858 100644 --- a/projects/gloo/pkg/api/v1/settings.pb.go +++ b/projects/gloo/pkg/api/v1/settings.pb.go @@ -3501,7 +3501,8 @@ type GatewayOptions_ValidationOptions struct { // validation mode. This has an negative impact on the total translation throughput, but it // helps ensure the configuration will not be nacked when served to Envoy. // - // This feature is not yet implemented. + // This feature is disabled by default and is not recommended for production deployments unless + // the performance implications are well understood and acceptable. FullEnvoyValidation *wrapperspb.BoolValue `protobuf:"bytes,14,opt,name=full_envoy_validation,json=fullEnvoyValidation,proto3" json:"full_envoy_validation,omitempty"` }