gateway.envoyproxy.io/v1alpha1/EnvoyProxy is ignored

[christiancadieux]

Description: Installed v1.1 with a envoyproxy to update the envoyDeployment.container.image, but the new image is ignored Also tried different values for 'replicas' - also ignored. I can see there is an example https://github.com/envoyproxy/gateway/blob/main/examples/kubernetes/envoy-proxy-config.yaml so it probably works under certain conditions.

I was able to make it work when the envoyproxy resource is in the parametersRef is in the GatewayClass - but only once and I am not sure what I did exactly . The envoyproxy seems to be ignored most of the time - or maybe it work when all these resources are created in a specific order .

Repro steps:

Include sample requests, environment, etc. All data and inputs required to reproduce the bug.

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
name: eg-custom-proxy-config
spec:
provider:
type: Kubernetes
kubernetes:
envoyDeployment:
replicas: 1
pod:
labels:
tsf.io/tenant: tenant2
container:
image: hub.comcast.net/k8s-eng/envoyproxy/envoy:distroless-v1.29.3
resources:
requests:
cpu: 888m

Gateway

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: eg-tenant2
labels:
tsf.io/tenant: tenant2
tsf.io/service: service1
spec:
infrastructure:
parametersRef:
group: gateway.envoyproxy.io
kind: EnvoyProxy
name: eg-custom-proxy-config
annotations:
"lbipam.cilium.io/ips": "10.112.182.52"
labels:
tsf.io/tenant: tenant2
tsf.io/service: service1
tsf.io/rail: public

gatewayClassName: envoygateway-tenant2 listeners:

• name: http protocol: HTTP port: 8080

ConfigMap

apiVersion: v1 kind: ConfigMap metadata: name: envoy-gateway-config namespace: 'tenant2-ns1' labels: helm.sh/chart: gateway-helm-latest app.kubernetes.io/name: gateway-helm app.kubernetes.io/instance: eg-tenant2 app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm data: envoy-gateway.yaml: | apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyGateway gateway: controllerName: gateway.envoyproxy.io/tenant2-gatewayclass-controller logging: level: default: info provider: kubernetes: envoyDeployment: replicas: 3 container: image: hub.comcast.net/k8s-eng/envoyproxy/envoy:distroless-v1.29.3 rateLimitDeployment: container: image: hub.comcast.net/k8s-eng/envoyproxy/ratelimit:master patch: type: StrategicMerge value: spec: template: spec: containers:

• imagePullPolicy: IfNotPresent name: envoy-ratelimit shutdownManager: image: hub.comcast.net/k8s-eng/envoyproxy/gateway-dev:latest watch: namespaces:
  • tenant2-ns1
  • tenant2-ns2 type: Namespaces type: Kubernetes

Used this command to generate the chart . It sets all the images except for the image that will be used to 
cretae the envoy-proxy once the Gateway is created:

helm template \ --set config.envoyGateway.gateway.controllerName=gateway.envoyproxy.io/${TENANT}-gatewayclass-controller \ --set config.envoyGateway.provider.kubernetes.watch.namespaces={$NAMESPACES} \ --set config.envoyGateway.provider.kubernetes.shutdownManager.image="hub.comcast.net/k8s-eng/envoyproxy/gateway-dev:latest" \ --set deployment.envoyGateway.image.repository="hub.comcast.net/k8s-eng/envoyproxy/gateway-dev" \ --set config.envoyGateway.provider.kubernetes.watch.type=Namespaces \ --set deployment.pod.labels.tsf\.io/tenant=${TENANT} \ --version v1.1.0 \ -n ${NAMESPACE} \ eg-${TENANT} oci://docker.io/envoyproxy/gateway-helm > controller-1.1.yaml

so I have to patch it after creation:

deploy=$(k get deploy | grep envoy-tenant | awk '{print $1}') kubectl set image deployment/$deploy envoy=hub.comcast.net/k8s-eng/envoyproxy/envoy:distroless-v1.29.3

>**Note**: If there are privacy concerns, sanitize the data prior to
sharing.

*Environment*:
>Include the environment like gateway version, envoy version and so on.

*Logs*:
>Include the access logs and the Envoy logs.

[zirain]

we have an e2e for these, so it should work, are you facing this issue?

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had activity in the last 30 days.