From 00e98ef8bdfd5c4ace0010e7f262af3bcfd47fb8 Mon Sep 17 00:00:00 2001 From: wucm667 Date: Fri, 1 May 2026 21:44:58 +0800 Subject: [PATCH 1/4] fix(api): increase RateLimitSelectCondition.headers MaxItems from 16 to 64 Co-Authored-By: Claude Sonnet 4.6 Signed-off-by: wucm667 --- api/v1alpha1/ratelimit_types.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/api/v1alpha1/ratelimit_types.go b/api/v1alpha1/ratelimit_types.go index 4603b26bdc..cdc3fc84c8 100644 --- a/api/v1alpha1/ratelimit_types.go +++ b/api/v1alpha1/ratelimit_types.go @@ -228,7 +228,9 @@ type RateLimitSelectCondition struct { // meaning, a request MUST match all the specified headers. // // +optional - // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:MaxItems=64 + // Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. + // Revert this change once the upstream Gateway API supports items more than 64. Headers []HeaderMatch `json:"headers,omitempty"` // Methods is a list of request methods to match. Multiple method values are ORed together, From 15991956291b62b52e2c0daee8a57281657031a8 Mon Sep 17 00:00:00 2001 From: wucm667 Date: Sat, 2 May 2026 08:31:31 +0800 Subject: [PATCH 2/4] fix(api): regenerate CRDs to reflect RateLimitSelectCondition headers MaxItems change Running make generate updated the pre-generated CRD YAML files and API docs to reflect the MaxItems increase from 16 to 64. Without these changes, clusters installed from the charts would still reject headers lists longer than 16. Signed-off-by: wucm667 --- .../gateway.envoyproxy.io_backendtrafficpolicies.yaml | 10 ++++++++-- .../gateway.envoyproxy.io_backendtrafficpolicies.yaml | 10 ++++++++-- site/content/en/latest/api/extension_types.md | 2 +- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml index e9a2c99e6f..b286c62571 100644 --- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml +++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml @@ -1468,6 +1468,9 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. + + Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. + Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -1506,7 +1509,7 @@ spec: required: - name type: object - maxItems: 16 + maxItems: 64 type: array methods: description: |- @@ -1852,6 +1855,9 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. + + Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. + Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -1890,7 +1896,7 @@ spec: required: - name type: object - maxItems: 16 + maxItems: 64 type: array methods: description: |- diff --git a/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml index 3fc645eaf2..7d2504468f 100644 --- a/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml +++ b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml @@ -1467,6 +1467,9 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. + + Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. + Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -1505,7 +1508,7 @@ spec: required: - name type: object - maxItems: 16 + maxItems: 64 type: array methods: description: |- @@ -1851,6 +1854,9 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. + + Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. + Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -1889,7 +1895,7 @@ spec: required: - name type: object - maxItems: 16 + maxItems: 64 type: array methods: description: |- diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 130bddae4d..cb39e682ae 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -5228,7 +5228,7 @@ _Appears in:_ | Field | Type | Required | Default | Description | | --- | --- | --- | --- | --- | -| `headers` | _[HeaderMatch](#headermatch) array_ | false | | Headers is a list of request headers to match. Multiple header values are ANDed together,
meaning, a request MUST match all the specified headers. | +| `headers` | _[HeaderMatch](#headermatch) array_ | false | | Headers is a list of request headers to match. Multiple header values are ANDed together,
meaning, a request MUST match all the specified headers.
Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter.
Revert this change once the upstream Gateway API supports items more than 64. | | `methods` | _[MethodMatch](#methodmatch) array_ | false | | Methods is a list of request methods to match. Multiple method values are ORed together,
meaning, a request can match any one of the specified methods. If not specified, it matches all methods. | | `path` | _[PathMatch](#pathmatch)_ | false | | Path is the request path to match.
Support Exact, PathPrefix and RegularExpression match types. | | `sourceCIDR` | _[SourceMatch](#sourcematch)_ | false | | SourceCIDR is the client IP Address range to match on. | From 5576d33a74a7dc39f0ba8d40715d101d3acfde5d Mon Sep 17 00:00:00 2001 From: wucm667 Date: Sat, 2 May 2026 18:13:11 +0800 Subject: [PATCH 3/4] test: regenerate helm test fixtures for RateLimitSelectCondition headers MaxItems change These generated test fixtures reflect the API change from the previous commit that increased RateLimitSelectCondition.headers MaxItems from 16 to 64. Run `make generate` to reproduce. Signed-off-by: wucm667 --- test/helm/gateway-crds-helm/all.out.yaml | 10 ++++++++-- test/helm/gateway-crds-helm/e2e.out.yaml | 10 ++++++++-- .../helm/gateway-crds-helm/envoy-gateway-crds.out.yaml | 10 ++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/test/helm/gateway-crds-helm/all.out.yaml b/test/helm/gateway-crds-helm/all.out.yaml index 00fbbaec7a..3780965e21 100644 --- a/test/helm/gateway-crds-helm/all.out.yaml +++ b/test/helm/gateway-crds-helm/all.out.yaml @@ -23995,6 +23995,9 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. + + Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. + Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -24033,7 +24036,7 @@ spec: required: - name type: object - maxItems: 16 + maxItems: 64 type: array methods: description: |- @@ -24379,6 +24382,9 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. + + Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. + Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -24417,7 +24423,7 @@ spec: required: - name type: object - maxItems: 16 + maxItems: 64 type: array methods: description: |- diff --git a/test/helm/gateway-crds-helm/e2e.out.yaml b/test/helm/gateway-crds-helm/e2e.out.yaml index 9886bff5e0..188dc5f6d9 100644 --- a/test/helm/gateway-crds-helm/e2e.out.yaml +++ b/test/helm/gateway-crds-helm/e2e.out.yaml @@ -1968,6 +1968,9 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. + + Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. + Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -2006,7 +2009,7 @@ spec: required: - name type: object - maxItems: 16 + maxItems: 64 type: array methods: description: |- @@ -2352,6 +2355,9 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. + + Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. + Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -2390,7 +2396,7 @@ spec: required: - name type: object - maxItems: 16 + maxItems: 64 type: array methods: description: |- diff --git a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml index 4781857643..1c70303444 100644 --- a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml +++ b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml @@ -1968,6 +1968,9 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. + + Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. + Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -2006,7 +2009,7 @@ spec: required: - name type: object - maxItems: 16 + maxItems: 64 type: array methods: description: |- @@ -2352,6 +2355,9 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. + + Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. + Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -2390,7 +2396,7 @@ spec: required: - name type: object - maxItems: 16 + maxItems: 64 type: array methods: description: |- From 41ba83e5355b59d2b0cd0d453eeffa64a7437582 Mon Sep 17 00:00:00 2001 From: wucm667 Date: Sun, 3 May 2026 22:47:46 +0800 Subject: [PATCH 4/4] fix(api): remove implementation note from RateLimitSelectCondition headers field The comment about reverting once upstream Gateway API supports >64 items was appearing in generated CRD descriptions and API docs. Per reviewer feedback, remove it from the source file. Signed-off-by: wucm667 --- api/v1alpha1/ratelimit_types.go | 2 -- .../gateway.envoyproxy.io_backendtrafficpolicies.yaml | 6 ------ .../gateway.envoyproxy.io_backendtrafficpolicies.yaml | 6 ------ site/content/en/latest/api/extension_types.md | 2 +- test/helm/gateway-crds-helm/all.out.yaml | 6 ------ test/helm/gateway-crds-helm/e2e.out.yaml | 6 ------ test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml | 6 ------ 7 files changed, 1 insertion(+), 33 deletions(-) diff --git a/api/v1alpha1/ratelimit_types.go b/api/v1alpha1/ratelimit_types.go index cdc3fc84c8..65fd174c78 100644 --- a/api/v1alpha1/ratelimit_types.go +++ b/api/v1alpha1/ratelimit_types.go @@ -229,8 +229,6 @@ type RateLimitSelectCondition struct { // // +optional // +kubebuilder:validation:MaxItems=64 - // Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. - // Revert this change once the upstream Gateway API supports items more than 64. Headers []HeaderMatch `json:"headers,omitempty"` // Methods is a list of request methods to match. Multiple method values are ORed together, diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml index b286c62571..0b8ce0f5fd 100644 --- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml +++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml @@ -1468,9 +1468,6 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. - - Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. - Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -1855,9 +1852,6 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. - - Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. - Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. diff --git a/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml index 7d2504468f..30739c66ba 100644 --- a/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml +++ b/charts/gateway-helm/charts/crds/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml @@ -1467,9 +1467,6 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. - - Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. - Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -1854,9 +1851,6 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. - - Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. - Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index cb39e682ae..130bddae4d 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -5228,7 +5228,7 @@ _Appears in:_ | Field | Type | Required | Default | Description | | --- | --- | --- | --- | --- | -| `headers` | _[HeaderMatch](#headermatch) array_ | false | | Headers is a list of request headers to match. Multiple header values are ANDed together,
meaning, a request MUST match all the specified headers.
Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter.
Revert this change once the upstream Gateway API supports items more than 64. | +| `headers` | _[HeaderMatch](#headermatch) array_ | false | | Headers is a list of request headers to match. Multiple header values are ANDed together,
meaning, a request MUST match all the specified headers. | | `methods` | _[MethodMatch](#methodmatch) array_ | false | | Methods is a list of request methods to match. Multiple method values are ORed together,
meaning, a request can match any one of the specified methods. If not specified, it matches all methods. | | `path` | _[PathMatch](#pathmatch)_ | false | | Path is the request path to match.
Support Exact, PathPrefix and RegularExpression match types. | | `sourceCIDR` | _[SourceMatch](#sourcematch)_ | false | | SourceCIDR is the client IP Address range to match on. | diff --git a/test/helm/gateway-crds-helm/all.out.yaml b/test/helm/gateway-crds-helm/all.out.yaml index 3780965e21..c826ebb424 100644 --- a/test/helm/gateway-crds-helm/all.out.yaml +++ b/test/helm/gateway-crds-helm/all.out.yaml @@ -23995,9 +23995,6 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. - - Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. - Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -24382,9 +24379,6 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. - - Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. - Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. diff --git a/test/helm/gateway-crds-helm/e2e.out.yaml b/test/helm/gateway-crds-helm/e2e.out.yaml index 188dc5f6d9..e814908295 100644 --- a/test/helm/gateway-crds-helm/e2e.out.yaml +++ b/test/helm/gateway-crds-helm/e2e.out.yaml @@ -1968,9 +1968,6 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. - - Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. - Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -2355,9 +2352,6 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. - - Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. - Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. diff --git a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml index 1c70303444..d8def29527 100644 --- a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml +++ b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml @@ -1968,9 +1968,6 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. - - Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. - Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request. @@ -2355,9 +2352,6 @@ spec: description: |- Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers. - - Increase the maxItems from 16 to 64, aligning with HTTPHeaderFilter. - Revert this change once the upstream Gateway API supports items more than 64. items: description: HeaderMatch defines the match attributes within the HTTP Headers of the request.