Skip to content

GEP-713 enhancements #3609

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
k8s-ci-robot merged 49 commits into from
Nov 4, 2025
+1,130 −905
Merged

GEP-713 enhancements #3609

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
5124b12
GEP-713 resurrected
guicassolato Feb 11, 2025
bebddb2
update metadata files
guicassolato Feb 11, 2025
e61c5ae
not forcing annotations on objects not owned by the implementation
guicassolato Feb 11, 2025
2ee59c2
conflict resolution section rewritten to clarify that the merge strat…
guicassolato Feb 11, 2025
ab18890
Metaresource spelled as a single word
guicassolato Feb 12, 2025
1f8829d
addressing comments
guicassolato Feb 12, 2025
039d653
fixing escaping of arrows and gt/lw characters
guicassolato Feb 12, 2025
7b1144b
clarifying metaresource statuses' MUST vs SHOULD and example of targe…
guicassolato Feb 12, 2025
4dd0251
targeting strategy -> targeting method, to avoid overloading of the t…
guicassolato Feb 12, 2025
83a44dc
fix target object status MUST versus SHOULD
guicassolato Feb 12, 2025
8a3c404
diagrams to illustrate the abstract process for calculating effective…
guicassolato Feb 13, 2025
f1d4ba5
golang examples of target refs
guicassolato Feb 13, 2025
b9d19c0
fix broken anchors
guicassolato Feb 13, 2025
dad177f
diagrams for the end-to-end examples
guicassolato Feb 19, 2025
c29e239
sentence rephrased for improved readability
guicassolato Feb 20, 2025
46d6506
addressing a few comments by candita and robscott
guicassolato Mar 4, 2025
19ce8e2
typos
guicassolato Mar 4, 2025
3a0a6bb
Get GEP-713 back to Memorandum
guicassolato Mar 10, 2025
0cef5f6
Reorg (take 1)
guicassolato Mar 11, 2025
9a1bb4f
Reorg (take 2)
guicassolato Mar 12, 2025
3d8924b
minor fixes
guicassolato Mar 13, 2025
1745ce8
fix: typo in 'sectionName'
guicassolato Mar 13, 2025
79f9df4
minor fixes (2)
guicassolato Mar 13, 2025
790c5f3
fix: typos
guicassolato Mar 31, 2025
7e3c84f
sentence about different kinds possibly implying different targetting…
guicassolato Mar 31, 2025
47e0de1
small enhancements to description of' Hierarchy of target kinds' and …
guicassolato Mar 31, 2025
ffa7323
Clarifying enhancements to the definitions of merge strategy and rela…
guicassolato Apr 17, 2025
2a8f591
added motivation to define 'classes of metaresources'
guicassolato Apr 17, 2025
5515dc3
Preferring 'Policy' over 'Metaresource' when prescribing rules/schema…
guicassolato May 2, 2025
af91b62
Label selectors as a mechanism to target removed from the spec
guicassolato May 2, 2025
e3e0416
More thorough definitions for the spec'ed merge strategies
guicassolato May 2, 2025
a874f52
Further enhancements to the definition of Merge strategies after review
guicassolato May 16, 2025
a4a85d5
minor fix: plural targetRefs used in an example
guicassolato May 16, 2025
aeadd17
Tables highlighting the current state of policies across multiple imp…
guicassolato May 20, 2025
86b1571
fix Envoy Gateway SecurityPolicy merge strategy
guicassolato May 22, 2025
84b3b9e
cleanup redundant 'in other words' summary from the conflict resoluti…
guicassolato Jul 22, 2025
bae1452
Less negative disclaimer at the top
guicassolato Jul 22, 2025
c3cefcd
minor fix: change and augment are not synonyms
guicassolato Jul 22, 2025
a63dfbe
added goal: facilitate building tools + implementations should adopt,…
guicassolato Jul 22, 2025
dfc379e
keep support for singular form targetRef
guicassolato Jul 22, 2025
4ec1b0b
use example.com in the examples
guicassolato Jul 22, 2025
71d3b57
caveat to using sectionName
guicassolato Jul 22, 2025
835f548
fix: list items and broken links
guicassolato Jul 22, 2025
a6fd468
Reorg for more easily flagging of the status of each feature (each ki…
guicassolato Oct 29, 2025
94cbdd2
fix: several typos
guicassolato Oct 29, 2025
76d8f8a
warning, danger, and info blocks turned into regular paragraphs
guicassolato Oct 30, 2025
b57504c
PolicyAncestorStatus: Provisional -> Experimental
guicassolato Oct 30, 2025
787992b
fix: broken link to GEP-1897
guicassolato Oct 30, 2025
35e6bdb
links to known implementations
guicassolato Oct 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 6 additions & 8 deletions geps/gep-2648/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,17 @@
# GEP-2648: Direct Policy Attachment

* Issue: [#2648](https://github.com/kubernetes-sigs/gateway-api/issues/2648)
* Status: Provisional
* Status: Declined
Copy link
Member

@robscott robscott Apr 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Status: Declined
* Status: Replaced

Copy link
Contributor Author

@guicassolato guicassolato Apr 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think Declined was suggested before. OK with Replaced instead, @youngnick?

Copy link
Member

@shaneutt shaneutt Jun 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with Replaced it conveys the message well enough, and then they can see the warning in the tldr for more details.

Copy link
Contributor

@youngnick youngnick Jun 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replaced is fine.


(See [status definitions](../overview.md#gep-states).)

## TLDR

!!! warning
This GEP has been merged back into [GEP-713](https://gateway-api.sigs.k8s.io/geps/gep-713/)
and now it's now obsolete. Please refer the original specification of Metaresources
and Policy Attachment for the current state of the pattern.

Describe and specify a design pattern for a class of metaresource that can
affect specific settings across a single target object.

Expand All @@ -21,13 +26,6 @@ Policy.

This is a design for a _pattern_, not an API field or new object.

!!! danger
This GEP is in the process of being updated.
Please see the discussion at https://github.com/kubernetes-sigs/gateway-api/discussions/2927
and expect further changes.
Some options under discussion there may make the distinction between Direct
and Inherited Policies moot, which would require a rework.

## Goals

* Specify what common properties all Direct Attached Policies MUST have
Expand Down
6 changes: 3 additions & 3 deletions geps/gep-2648/metadata.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,17 @@ apiVersion: internal.gateway.networking.k8s.io/v1alpha1
kind: GEPDetails
number: 2648
name: Direct Policy Attachment
status: Provisional
status: Declined
Copy link
Member

@robscott robscott Apr 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
status: Declined
status: Replaced

# Any authors who contribute to the GEP in any way should be listed here using
# their GitHub handle.
authors:
- youngnick
- robscott
relationships:
extends:
obsoletedBy:
- name: Metaresources and Policy Attachment
number: 713
description: Split out Direct Policy Attachment into its own GEP
description: Merged back into the original spec for Metaresources and Policy Attachment where it's presented as a well-defined class of metaresource
# references is a list of hyperlinks to relevant external references.
# It's intended to be used for storing GitHub discussions, Google docs, etc.
references:
Expand Down
18 changes: 8 additions & 10 deletions geps/gep-2649/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,24 +1,22 @@
# GEP-2649: Inherited Policy Attachment

* Issue: [#2649](https://github.com/kubernetes-sigs/gateway-api/issues/2649)
* Status: Experimental
* Status: Declined
Copy link
Member

@robscott robscott Apr 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Status: Declined
* Status: Replaced


(See [status definitions](../overview.md#gep-states).)

## TLDR

!!! warning
This GEP has been merged back into [GEP-713](https://gateway-api.sigs.k8s.io/geps/gep-713/)
and now it's now obsolete. Please refer the original specification of Metaresources
and Policy Attachment for the current state of the pattern.

Describe and specify a design pattern for a class of metaresource that can
affect specific settings across a multiple target objects.

This is a design for a _pattern_, not an API field or new object.

!!! danger
This GEP is in the process of being updated.
Please see the discussion at https://github.com/kubernetes-sigs/gateway-api/discussions/2927
and expect further changes.
Some options under discussion there may make the distinction between Direct
and Inherited Policies moot, which would require a rework.

## Goals

* Specify what common properties all Inherited Policies MUST have
Expand Down Expand Up @@ -224,7 +222,7 @@ proposal](https://github.com/kubernetes-sigs/gateway-api/issues/611).

### Policy Attachment for Ingress
When talking about Direct Attached Policy attaching to Gateway resources for
ingress use cases (as discussed in GEP-2648), the flow is relatively
ingress use cases (as discussed in GEP-2648), the flow is relatively
straightforward. A policy can reference the resource it wants to apply to, and
only affects that resource.

Expand All @@ -245,7 +243,7 @@ namespaces.
![Complex Ingress Example](images/2649-ingress-complex.png)

In this example, the Gateway has a TimeoutPolicy attached, which affects the
HTTPRoute in the App namespace. That HTTPRoute also has the Direct Attached
HTTPRoute in the App namespace. That HTTPRoute also has the Direct Attached
RetryPolicy attached, which affects the HTTPRoute itself, and one of the backends
has a HealthCheckPolicy attached to the Service, which is also a Direct Attached
Policy.
Expand Down
6 changes: 3 additions & 3 deletions geps/gep-2649/metadata.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@ apiVersion: internal.gateway.networking.k8s.io/v1alpha1
kind: GEPDetails
number: 2649
name: Inherited Policy Attachment
status: Experimental
status: Declined
Copy link
Member

@robscott robscott Apr 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
status: Declined
status: Replaced

authors:
- youngnick
- robscott
relationships:
extends:
obsoletedBy:
- name: Metaresources and Policy Attachment
number: 713
description: Split out Inherited Policy Attachment
description: Merged back into the original spec for Metaresources and Policy Attachment where it's presented as a well-defined class of metaresource
# references is a list of hyperlinks to relevant external references.
# It's intended to be used for storing GitHub discussions, Google docs, etc.
references:
Expand Down
Loading