rel: Release 1.3.6 (#918)

Signed-off-by: johnlanni <zty98751@alibaba-inc.com>

.github/workflows/build-and-test-plugin.yaml

@@ -7,7 +7,7 @@ on:
       - 'plugins/**'
       - 'test/**'
   pull_request:
-    branches: ["*"]
+    branches: [ "*" ]
     paths:
       - 'plugins/**'
       - 'test/**'
@@ -16,10 +16,10 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
-    - uses: actions/setup-go@v3
-      with:
-        go-version: 1.19
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
     # There are too many lint errors in current code bases
     # uncomment when we decide what lint should be addressed or ignored.
     # - run: make lint
@@ -31,40 +31,53 @@ jobs:
         # TODO(Xunzhuo): Enable C WASM Filters in CI
         wasmPluginType: [ GO ]
     steps:
-    - uses: actions/checkout@v3
-      
-    - name: "Setup Go"
-      uses: actions/setup-go@v3
-      with:
-        go-version: 1.19
+      - uses: actions/checkout@v3
 
-    - name: Setup Golang Caches
-      uses: actions/cache@v3
-      with:
-        path: |-
-          ~/.cache/go-build
-          ~/go/pkg/mod
-        key: ${{ runner.os }}-go-${{ github.run_id }}
-        restore-keys: |
-          ${{ runner.os }}-go
-      
-    - name: Setup Submodule Caches
-      uses: actions/cache@v3
-      with:
-        path: |-
-            envoy
-            istio
+      - name: Free Up GitHub Actions Ubuntu Runner Disk Space 🔧
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: false
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: true
+          swap-storage: true      
+
+      - name: "Setup Go"
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+
+      - name: Setup Golang Caches
+        uses: actions/cache@v3
+        with:
+          path: |-
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-go
+
+      - name: Setup Submodule Caches
+        uses: actions/cache@v3
+        with:
+          path: |-
             .git/modules
-        key: ${{ runner.os }}-submodules-new-${{ github.run_id }}
-        restore-keys: ${{ runner.os }}-submodules-new
-          
-    - run: git stash # restore patch
+          key: ${{ runner.os }}-submodules-cache-${{ github.run_id }}
+          restore-keys: ${{ runner.os }}-submodules-cache
 
-    - name: "Run Ingress WasmPlugins Tests"
-      run: GOPROXY="https://proxy.golang.org,direct" PLUGIN_TYPE=${{ matrix.wasmPluginType }} make higress-wasmplugin-test
+      - run: git stash # restore patch
+
+      - name: "Run Ingress WasmPlugins Tests"
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 25
+          max_attempts: 3
+          retry_on: error
+          command: GOPROXY="https://proxy.golang.org,direct" PLUGIN_TYPE=${{ matrix.wasmPluginType }} make higress-wasmplugin-test
 
   publish:
     runs-on: ubuntu-latest
-    needs: [higress-wasmplugin-test]
+    needs: [ higress-wasmplugin-test ]
     steps:
-    - uses: actions/checkout@v3
+      - uses: actions/checkout@v3

.github/workflows/build-and-test.yaml

@@ -36,11 +36,9 @@ jobs:
       uses: actions/cache@v3
       with:
         path: |-
-            envoy
-            istio
             .git/modules
-        key: ${{ runner.os }}-submodules-new-${{ github.run_id }}
-        restore-keys: ${{ runner.os }}-submodules-new
+        key: ${{ runner.os }}-submodules-cache-${{ github.run_id }}
+        restore-keys: ${{ runner.os }}-submodules-cache
     
     - run: git stash # restore patch
 
@@ -50,7 +48,7 @@ jobs:
     - name: Upload coverage to Codecov
       uses: codecov/codecov-action@v3
       with:
-        fail_ci_if_error: true
+        fail_ci_if_error: false
         files: ./coverage.xml
         verbose: true
 
@@ -82,11 +80,9 @@ jobs:
         uses: actions/cache@v3
         with:
           path: |-
-            envoy
-            istio
             .git/modules
-          key: ${{ runner.os }}-submodules-new-${{ github.run_id }}
-          restore-keys: ${{ runner.os }}-submodules-new
+          key: ${{ runner.os }}-submodules-cache-${{ github.run_id }}
+          restore-keys: ${{ runner.os }}-submodules-cache
 
       - run: git stash # restore patch
 
@@ -130,11 +126,9 @@ jobs:
       uses: actions/cache@v3
       with:
         path: |-
-            envoy
-            istio
             .git/modules
-        key: ${{ runner.os }}-submodules-new-${{ github.run_id }}
-        restore-keys: ${{ runner.os }}-submodules-new
+        key: ${{ runner.os }}-submodules-cache-${{ github.run_id }}
+        restore-keys: ${{ runner.os }}-submodules-cache
           
     - run: git stash # restore patch
 

.github/workflows/build-image-and-push.yaml

@@ -20,6 +20,16 @@ jobs:
         with:
           fetch-depth: 1
 
+      - name: Free Up GitHub Actions Ubuntu Runner Disk Space 🔧
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: false
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: true
+          swap-storage: true
+
       - name: "Setup Go"
         uses: actions/setup-go@v3
         with:
@@ -86,6 +96,16 @@ jobs:
         with:
           fetch-depth: 1
 
+      - name: Free Up GitHub Actions Ubuntu Runner Disk Space 🔧
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: false
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: true
+          swap-storage: true
+
       - name: "Setup Go"
         uses: actions/setup-go@v3
         with:
@@ -153,6 +173,16 @@ jobs:
         with:
           fetch-depth: 1
 
+      - name: Free Up GitHub Actions Ubuntu Runner Disk Space 🔧
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: false
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: true
+          swap-storage: true
+
       - name: "Setup Go"
         uses: actions/setup-go@v3
         with:

.github/workflows/release-hgctl.yaml

@@ -0,0 +1,37 @@
+name: Release hgctl to GitHub
+
+on:
+  push:
+    tags:
+    - "v*.*.*"
+  workflow_dispatch: ~
+
+jobs:
+  release-hgctl:
+    runs-on: ubuntu-latest
+    env:
+      HGCTL_VERSION: ${{github.ref_name}}
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Build hgctl latest multiarch binaries
+      run: |
+        GOPROXY="https://proxy.golang.org,direct" make build-hgctl-multiarch
+        tar -zcvf hgctl_${{ env.HGCTL_VERSION }}_linux_amd64.tar.gz out/linux_amd64/
+        tar -zcvf hgctl_${{ env.HGCTL_VERSION }}_linux_arm64.tar.gz out/linux_arm64/
+        tar -zcvf hgctl_${{ env.HGCTL_VERSION }}_darwin_amd64.tar.gz out/darwin_amd64/
+        tar -zcvf hgctl_${{ env.HGCTL_VERSION }}_darwin_arm64.tar.gz out/darwin_arm64/
+        zip -q -r hgctl_${{ env.HGCTL_VERSION }}_windows_amd64.zip out/windows_amd64/
+        zip -q -r hgctl_${{ env.HGCTL_VERSION }}_windows_arm64.zip out/windows_arm64/
+
+    - name: Upload hgctl packages to the GitHub release
+      uses: softprops/action-gh-release@v1
+      if: startsWith(github.ref, 'refs/tags/')
+      with:
+        files: |
+          hgctl_${{ env.HGCTL_VERSION }}_linux_amd64.tar.gz
+          hgctl_${{ env.HGCTL_VERSION }}_linux_arm64.tar.gz
+          hgctl_${{ env.HGCTL_VERSION }}_darwin_amd64.tar.gz
+          hgctl_${{ env.HGCTL_VERSION }}_darwin_arm64.tar.gz
+          hgctl_${{ env.HGCTL_VERSION }}_windows_amd64.zip
+          hgctl_${{ env.HGCTL_VERSION }}_windows_arm64.zip

.licenserc.yaml

@@ -26,6 +26,7 @@ header:
     - 'VERSION'
     - 'tools/'
     - 'test/README.md'
+    - 'test/README_CN.md'
     - 'cmd/hgctl/config/testdata/config'
     - 'pkg/cmd/hgctl/manifests'
 

CODEOWNERS

@@ -1,7 +1,7 @@
 /api @johnlanni @CH3CHO
 /envoy @gengleilei @johnlanni
 /istio @SpecialYang @johnlanni
-/pkg @SpecialYang @johnlanni @CH3CHO @Xunzhuo
+/pkg @SpecialYang @johnlanni @CH3CHO
 /plugins @johnlanni @WeixinX
 /registry @NameHaibinZhang @2456868764 @johnlanni
 /test @Xunzhuo @2456868764 @CH3CHO

CONTRIBUTING_CN.md

@@ -73,6 +73,7 @@
 * [分支定义](#分支定义)
 * [提交规则](#提交规则)
 * [PR说明](#PR说明)
+* [开发前准备](#开发前准备)
 
 ### 工作区准备
 
@@ -168,6 +169,12 @@ git config --get user.email
 
 PR 是更改 Higress 项目文件的唯一方法。为了帮助审查人更好地理解你的目的，PR 描述不能太详细。我们鼓励贡献者遵循 [PR 模板](./.github/PULL_REQUEST_TEMPLATE.md) 来完成拉取请求。
 
+### 开发前准备
+
+```shell
+make prebuild && go mod tidy
+```
+
 ## 测试用例贡献
 
 任何测试用例都会受到欢迎。目前，Higress 功能测试用例是高优先级的。

CONTRIBUTING_EN.md

@@ -169,6 +169,12 @@ No matter commit message, or commit content, we do take more emphasis on code re
 
 PR is the only way to make change to Higress project files. To help reviewers better get your purpose, PR description could not be too detailed. We encourage contributors to follow the [PR template](./.github/PULL_REQUEST_TEMPLATE.md) to finish the pull request.
 
+### Pre-development preparation
+
+```shell
+make prebuild && go mod tidy
+```
+
 ## Test case contribution
 
 Any test case would be welcomed. Currently, Higress function test cases are high priority.

Makefile.core.mk

@@ -15,7 +15,7 @@ GO_LDFLAGS += -X $(VERSION_PACKAGE).higressVersion=$(shell cat VERSION) \
 
 GO ?= go
 
-export GOPROXY ?= https://proxy.golang.com.cn,direct
+export GOPROXY ?= https://proxy.golang.org,direct
 
 TARGET_ARCH ?= amd64
 
@@ -138,11 +138,11 @@ export ENVOY_TAR_PATH:=/home/package/envoy.tar.gz
 
 external/package/envoy-amd64.tar.gz:
 #	cd external/proxy; BUILD_WITH_CONTAINER=1  make test_release
-	cd external/package; wget -O envoy-amd64.tar.gz "https://github.com/alibaba/higress/releases/download/v1.3.3/envoy-symbol-amd64.tar.gz"
+	cd external/package; wget -O envoy-amd64.tar.gz "https://github.com/alibaba/higress/releases/download/v1.3.4-rc.1/envoy-symbol-amd64.tar.gz"
 
 external/package/envoy-arm64.tar.gz:
 #	cd external/proxy; BUILD_WITH_CONTAINER=1  make test_release
-	cd external/package; wget -O envoy-arm64.tar.gz "https://github.com/alibaba/higress/releases/download/v1.3.3/envoy-symbol-arm64.tar.gz"
+	cd external/package; wget -O envoy-arm64.tar.gz "https://github.com/alibaba/higress/releases/download/v1.3.4-rc.1/envoy-symbol-arm64.tar.gz"
 
 build-pilot:
 	cd external/istio; rm -rf out/linux_amd64; GOOS_LOCAL=linux TARGET_OS=linux TARGET_ARCH=amd64 BUILD_WITH_CONTAINER=1 make build-linux
@@ -154,13 +154,13 @@ build-pilot-local:
 build-gateway: prebuild external/package/envoy-amd64.tar.gz external/package/envoy-arm64.tar.gz build-pilot
 	cd external/istio; BUILD_WITH_CONTAINER=1 BUILDX_PLATFORM=true DOCKER_BUILD_VARIANTS=default DOCKER_TARGETS="docker.proxyv2" make docker
 
-build-gateway-local: prebuild external/package/envoy-amd64.tar.gz external/package/envoy-arm64.tar.gz build-pilot
+build-gateway-local: prebuild external/package/envoy-amd64.tar.gz external/package/envoy-arm64.tar.gz
 	cd external/istio; rm -rf out/linux_${GOARCH_LOCAL}; GOOS_LOCAL=linux TARGET_OS=linux BUILD_WITH_CONTAINER=1 BUILDX_PLATFORM=false DOCKER_BUILD_VARIANTS=default DOCKER_TARGETS="docker.proxyv2" make docker
 
 build-istio: prebuild build-pilot
 	cd external/istio; BUILD_WITH_CONTAINER=1 BUILDX_PLATFORM=true DOCKER_BUILD_VARIANTS=default DOCKER_TARGETS="docker.pilot" make docker
 
-build-istio-local: prebuild build-pilot-local
+build-istio-local: prebuild
 	cd external/istio; rm -rf out/linux_${GOARCH_LOCAL}; GOOS_LOCAL=linux TARGET_OS=linux BUILD_WITH_CONTAINER=1 BUILDX_PLATFORM=false DOCKER_BUILD_VARIANTS=default DOCKER_TARGETS="docker.pilot" make docker
 
 build-wasmplugins:
@@ -177,13 +177,13 @@ install: pre-install
 	cd helm/higress; helm dependency build
 	helm install higress helm/higress -n higress-system --create-namespace --set 'global.local=true'
 
-ENVOY_LATEST_IMAGE_TAG ?= sha-87c39d3
-ISTIO_LATEST_IMAGE_TAG ?= sha-87c39d3
+ENVOY_LATEST_IMAGE_TAG ?= sha-29baf85
+ISTIO_LATEST_IMAGE_TAG ?= sha-29baf85
 
 install-dev: pre-install
 	helm install higress helm/core -n higress-system --create-namespace --set 'controller.tag=$(TAG)' --set 'gateway.replicas=1' --set 'pilot.tag=$(ISTIO_LATEST_IMAGE_TAG)' --set 'gateway.tag=$(ENVOY_LATEST_IMAGE_TAG)' --set 'global.local=true'
 install-dev-wasmplugin: build-wasmplugins pre-install
-	helm install higress helm/core -n higress-system --create-namespace --set 'controller.tag=$(TAG)' --set 'gateway.replicas=1' --set 'pilot.tag=$(ISTIO_LATEST_IMAGE_TAG)' --set 'gateway.tag=$(ENVOY_LATEST_IMAGE_TAG)' --set 'global.local=true'  --set 'global.volumeWasmPlugins=true'
+	helm install higress helm/core -n higress-system --create-namespace --set 'controller.tag=$(TAG)' --set 'gateway.replicas=1' --set 'pilot.tag=$(ISTIO_LATEST_IMAGE_TAG)' --set 'gateway.tag=$(ENVOY_LATEST_IMAGE_TAG)' --set 'global.local=true'  --set 'global.volumeWasmPlugins=true' --set 'global.onlyPushRouteCluster=false'
 
 uninstall:
 	helm uninstall higress -n higress-system
@@ -233,14 +233,30 @@ include tools/lint.mk
 .PHONY: gateway-conformance-test
 gateway-conformance-test:
 
+# higress-conformance-test-prepare prepares the environment for higress conformance tests.
+.PHONY: higress-conformance-test-prepare
+higress-conformance-test-prepare: $(tools/kind) delete-cluster create-cluster docker-build kube-load-image install-dev
+
 # higress-conformance-test runs ingress api conformance tests.
 .PHONY: higress-conformance-test
 higress-conformance-test: $(tools/kind) delete-cluster create-cluster docker-build kube-load-image install-dev run-higress-e2e-test delete-cluster
 
+# higress-conformance-test-clean cleans the environment for higress conformance tests.
+.PHONY: higress-conformance-test-clean
+higress-conformance-test-clean: $(tools/kind) delete-cluster
+
+# higress-wasmplugin-test-prepare prepares the environment for higress wasmplugin tests.
+.PHONY: higress-wasmplugin-test-prepare
+higress-wasmplugin-test-prepare: $(tools/kind) delete-cluster create-cluster docker-build kube-load-image install-dev-wasmplugin
+
 # higress-wasmplugin-test runs ingress wasmplugin tests.
 .PHONY: higress-wasmplugin-test
 higress-wasmplugin-test: $(tools/kind) delete-cluster create-cluster docker-build kube-load-image install-dev-wasmplugin run-higress-e2e-test-wasmplugin delete-cluster
 
+# higress-wasmplugin-test-clean cleans the environment for higress wasmplugin tests.
+.PHONY: higress-wasmplugin-test-clean
+higress-wasmplugin-test-clean: $(tools/kind) delete-cluster
+
 # create-cluster creates a kube cluster with kind.
 .PHONY: create-cluster
 create-cluster: $(tools/kind)
@@ -270,6 +286,17 @@ kube-load-image: $(tools/kind) ## Install the Higress image to a kind cluster us
 	tools/hack/kind-load-image.sh docker.io/alihigress/httpbin 1.0.2
 	tools/hack/kind-load-image.sh docker.io/charlie1380/eureka-registry-provider v0.3.0
 	tools/hack/kind-load-image.sh docker.io/bitinit/eureka latest
+
+# run-higress-e2e-test-setup starts to setup ingress e2e tests.
+.PHONT: run-higress-e2e-test-setup
+run-higress-e2e-test-setup:
+	@echo -e "\n\033[36mRunning higress conformance tests...\033[0m"
+	@echo -e "\n\033[36mWaiting higress-controller to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-controller --for=condition=Available
+	@echo -e "\n\033[36mWaiting higress-gateway to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-gateway --for=condition=Available
+	go test -v -tags conformance ./test/e2e/e2e_test.go --ingress-class=higress --debug=true --test-area=setup
+
 # run-higress-e2e-test starts to run ingress e2e tests.
 .PHONY: run-higress-e2e-test
 run-higress-e2e-test:
@@ -278,9 +305,39 @@ run-higress-e2e-test:
 	kubectl wait --timeout=10m -n higress-system deployment/higress-controller --for=condition=Available
 	@echo -e "\n\033[36mWaiting higress-gateway to be ready...\033[0m\n"
 	kubectl wait --timeout=10m -n higress-system deployment/higress-gateway --for=condition=Available
-	go test -v -tags conformance ./test/e2e/e2e_test.go --ingress-class=higress --debug=true
+	go test -v -tags conformance ./test/e2e/e2e_test.go --ingress-class=higress --debug=true --test-area=all
 
-# run-higress-e2e-test starts to run ingress e2e tests.
+# run-higress-e2e-test-run starts to run ingress e2e conformance tests.
+.PHONY: run-higress-e2e-test-run
+run-higress-e2e-test-run:
+	@echo -e "\n\033[36mRunning higress conformance tests...\033[0m"
+	@echo -e "\n\033[36mWaiting higress-controller to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-controller --for=condition=Available
+	@echo -e "\n\033[36mWaiting higress-gateway to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-gateway --for=condition=Available
+	go test -v -tags conformance ./test/e2e/e2e_test.go --ingress-class=higress --debug=true --test-area=run
+
+# run-higress-e2e-test-clean starts to clean ingress e2e tests.
+.PHONY: run-higress-e2e-test-clean
+run-higress-e2e-test-clean:
+	@echo -e "\n\033[36mRunning higress conformance tests...\033[0m"
+	@echo -e "\n\033[36mWaiting higress-controller to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-controller --for=condition=Available
+	@echo -e "\n\033[36mWaiting higress-gateway to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-gateway --for=condition=Available
+	go test -v -tags conformance ./test/e2e/e2e_test.go --ingress-class=higress --debug=true --test-area=clean
+
+# run-higress-e2e-test-wasmplugin-setup starts to prepare ingress e2e tests.
+.PHONY: run-higress-e2e-test-wasmplugin-setup
+run-higress-e2e-test-wasmplugin-setup:
+	@echo -e "\n\033[36mRunning higress conformance tests...\033[0m"
+	@echo -e "\n\033[36mWaiting higress-controller to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-controller --for=condition=Available
+	@echo -e "\n\033[36mWaiting higress-gateway to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-gateway --for=condition=Available
+	go test -v -tags conformance ./test/e2e/e2e_test.go -isWasmPluginTest=true -wasmPluginType=$(PLUGIN_TYPE) -wasmPluginName=$(PLUGIN_NAME) --ingress-class=higress --debug=true --test-area=setup
+
+# run-higress-e2e-test-wasmplugin starts to run ingress e2e tests.
 .PHONY: run-higress-e2e-test-wasmplugin
 run-higress-e2e-test-wasmplugin:
 	@echo -e "\n\033[36mRunning higress conformance tests...\033[0m"
@@ -288,4 +345,24 @@ run-higress-e2e-test-wasmplugin:
 	kubectl wait --timeout=10m -n higress-system deployment/higress-controller --for=condition=Available
 	@echo -e "\n\033[36mWaiting higress-gateway to be ready...\033[0m\n"
 	kubectl wait --timeout=10m -n higress-system deployment/higress-gateway --for=condition=Available
-	go test -v -tags conformance ./test/e2e/e2e_test.go -isWasmPluginTest=true -wasmPluginType=$(PLUGIN_TYPE) -wasmPluginName=$(PLUGIN_NAME) --ingress-class=higress --debug=true
+	go test -v -tags conformance ./test/e2e/e2e_test.go -isWasmPluginTest=true -wasmPluginType=$(PLUGIN_TYPE) -wasmPluginName=$(PLUGIN_NAME) --ingress-class=higress --debug=true --test-area=all
+
+# run-higress-e2e-test-wasmplugin-run starts to run ingress e2e conformance tests.
+.PHONY: run-higress-e2e-test-wasmplugin-run
+run-higress-e2e-test-wasmplugin-run:
+	@echo -e "\n\033[36mRunning higress conformance tests...\033[0m"
+	@echo -e "\n\033[36mWaiting higress-controller to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-controller --for=condition=Available
+	@echo -e "\n\033[36mWaiting higress-gateway to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-gateway --for=condition=Available
+	go test -v -tags conformance ./test/e2e/e2e_test.go -isWasmPluginTest=true -wasmPluginType=$(PLUGIN_TYPE) -wasmPluginName=$(PLUGIN_NAME) --ingress-class=higress --debug=true --test-area=run
+
+# run-higress-e2e-test-wasmplugin-clean starts to clean ingress e2e tests.
+.PHONY: run-higress-e2e-test-wasmplugin-clean
+run-higress-e2e-test-wasmplugin-clean:
+	@echo -e "\n\033[36mRunning higress conformance tests...\033[0m"
+	@echo -e "\n\033[36mWaiting higress-controller to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-controller --for=condition=Available
+	@echo -e "\n\033[36mWaiting higress-gateway to be ready...\033[0m\n"
+	kubectl wait --timeout=10m -n higress-system deployment/higress-gateway --for=condition=Available
+	go test -v -tags conformance ./test/e2e/e2e_test.go -isWasmPluginTest=true -wasmPluginType=$(PLUGIN_TYPE) -wasmPluginName=$(PLUGIN_NAME) --ingress-class=higress --debug=true --test-area=clean

README.md

@@ -1,10 +1,10 @@
 <h1 align="center">
     <img src="https://img.alicdn.com/imgextra/i2/O1CN01NwxLDd20nxfGBjxmZ_!!6000000006895-2-tps-960-290.png" alt="Higress" width="240" height="72.5">
   <br>
-  Next-generation Cloud Native Gateway
+  Cloud Native API Gateway
 </h1>
 
-[![Build Status](https://github.com/alibaba/higress/workflows/build%20and%20codecov/badge.svg?branch=main)](https://github.com/alibaba/higress/actions)
+[![Build Status](https://github.com/alibaba/higress/actions/workflows/build-and-test.yaml/badge.svg?branch=main)](https://github.com/alibaba/higress/actions)
 [![license](https://img.shields.io/github/license/alibaba/higress.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
 
 [**官网**](https://higress.io/) &nbsp; |
@@ -19,7 +19,7 @@
 </p>
 
 
-Higress 是基于阿里内部两年多的 Envoy Gateway 实践沉淀，以开源 [Istio](https://github.com/istio/istio) 与 [Envoy](https://github.com/envoyproxy/envoy) 为核心构建的下一代云原生网关。Higress 实现了安全防护网关、流量网关、微服务网关三层网关合一，可以显著降低网关的部署和运维成本。
+Higress 是基于阿里内部两年多的 Envoy Gateway 实践沉淀，以开源 [Istio](https://github.com/istio/istio) 与 [Envoy](https://github.com/envoyproxy/envoy) 为核心构建的云原生 API 网关。Higress 实现了安全防护网关、流量网关、微服务网关三层网关合一，可以显著降低网关的部署和运维成本。
 
 ![arch](https://img.alicdn.com/imgextra/i1/O1CN01iO9ph825juHbOIg75_!!6000000007563-2-tps-2483-2024.png)
 
@@ -119,9 +119,13 @@ Higress 是基于阿里内部两年多的 Envoy Gateway 实践沉淀，以开源
 
 如果没有 Envoy 和 Istio 的开源工作，Higress 就不可能实现，在这里向这两个项目献上最诚挚的敬意。
 
-### 联系我们
-
-社区交流群: 
+### 交流群
 
 ![image](https://img.alicdn.com/imgextra/i2/O1CN01qPd7Ix1uZPVEsWjWp_!!6000000006051-0-tps-720-405.jpg)
 
+### 技术分享
+
+微信公众号：
+
+![](https://img.alicdn.com/imgextra/i1/O1CN01WnQt0q1tcmqVDU73u_!!6000000005923-0-tps-258-258.jpg)
+

README_EN.md

@@ -1,10 +1,10 @@
 <h1 align="center">
     <img src="https://img.alicdn.com/imgextra/i2/O1CN01NwxLDd20nxfGBjxmZ_!!6000000006895-2-tps-960-290.png" alt="Higress" width="240" height="72.5">
   <br>
-  Next-generation Cloud Native Gateway
+  Cloud Native API Gateway
 </h1>
 
-[![Build Status](https://github.com/alibaba/higress/workflows/build%20and%20codecov/badge.svg?branch=main)](https://github.com/alibaba/higress/actions)
+[![Build Status](https://github.com/alibaba/higress/actions/workflows/build-and-test.yaml/badge.svg?branch=main)](https://github.com/alibaba/higress/actions)
 [![license](https://img.shields.io/github/license/alibaba/higress.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
 
 [**Official Site**](https://higress.io/en-us/) &nbsp; |
@@ -18,7 +18,7 @@
    English | <a href="README.md">中文<a/>
 </p>
 
-Higress is a next-generation cloud-native gateway based on Alibaba's internal gateway practices. 
+Higress is a cloud-native api gateway based on Alibaba's internal gateway practices. 
 
 Powered by [Istio](https://github.com/istio/istio) and [Envoy](https://github.com/envoyproxy/envoy), Higress realizes the integration of the triple gateway architecture of traffic gateway, microservice gateway and security gateway, thereby greatly reducing the costs of deployment, operation and maintenance.
 

VERSION

@@ -1 +1 @@
-v1.3.4-rc.1
+v1.3.6

api/extensions/v1alpha1/wasm.pb.go

@@ -166,7 +166,7 @@ type WasmPlugin struct {
 	// If `priority` is not set, or two `WasmPlugins` exist with the same
 	// value, the ordering will be deterministically derived from name and
 	// namespace of the `WasmPlugins`. Defaults to `0`.
-	Priority *types.Int64Value `protobuf:"bytes,10,opt,name=priority,proto3" json:"priority,omitempty"`
+	Priority *types.Int32Value `protobuf:"bytes,10,opt,name=priority,proto3" json:"priority,omitempty"`
 	// Extended by Higress, the default configuration takes effect globally
 	DefaultConfig *types.Struct `protobuf:"bytes,101,opt,name=default_config,json=defaultConfig,proto3" json:"default_config,omitempty"`
 	// Extended by Higress, matching rules take effect
@@ -267,7 +267,7 @@ func (m *WasmPlugin) GetPhase() PluginPhase {
 	return PluginPhase_UNSPECIFIED_PHASE
 }
 
-func (m *WasmPlugin) GetPriority() *types.Int64Value {
+func (m *WasmPlugin) GetPriority() *types.Int32Value {
 	if m != nil {
 		return m.Priority
 	}
@@ -377,46 +377,46 @@ func init() {
 func init() { proto.RegisterFile("extensions/v1alpha1/wasm.proto", fileDescriptor_4d60b240916c4e18) }
 
 var fileDescriptor_4d60b240916c4e18 = []byte{
-	// 617 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x94, 0xdf, 0x4e, 0x13, 0x41,
-	0x14, 0xc6, 0xd9, 0x16, 0x0a, 0x3d, 0x05, 0x5c, 0x26, 0x8a, 0x13, 0x30, 0xb5, 0x21, 0x51, 0x57,
-	0x2e, 0x76, 0x43, 0x45, 0xbc, 0x31, 0xc4, 0x02, 0x55, 0x1a, 0xb5, 0x6e, 0x76, 0x41, 0x23, 0x37,
-	0x9b, 0xe9, 0x32, 0xdd, 0x4e, 0x9c, 0xfd, 0x93, 0x9d, 0x59, 0xb0, 0x0f, 0xe2, 0x3b, 0x79, 0xe9,
-	0x23, 0x18, 0xde, 0xc2, 0x3b, 0xd3, 0xd9, 0x2d, 0x6d, 0xd1, 0xf4, 0x6e, 0xe6, 0x9c, 0xdf, 0x39,
-	0xe7, 0xfb, 0xce, 0x4e, 0x16, 0xea, 0xf4, 0xbb, 0xa4, 0x91, 0x60, 0x71, 0x24, 0xac, 0xab, 0x3d,
-	0xc2, 0x93, 0x01, 0xd9, 0xb3, 0xae, 0x89, 0x08, 0xcd, 0x24, 0x8d, 0x65, 0x8c, 0xb6, 0x07, 0x2c,
-	0x48, 0xa9, 0x10, 0xe6, 0x84, 0x33, 0xc7, 0xdc, 0x56, 0x3d, 0x88, 0xe3, 0x80, 0x53, 0x4b, 0xa1,
-	0xbd, 0xac, 0x6f, 0x5d, 0xa7, 0x24, 0x49, 0x68, 0x2a, 0xf2, 0xe2, 0xad, 0x47, 0x77, 0xf3, 0x42,
-	0xa6, 0x99, 0x2f, 0xf3, 0xec, 0xce, 0x9f, 0x45, 0x80, 0x2f, 0x44, 0x84, 0x36, 0xcf, 0x02, 0x16,
-	0x21, 0x1d, 0xca, 0x59, 0xca, 0x71, 0xa9, 0xa1, 0x19, 0x55, 0x67, 0x74, 0x44, 0x9b, 0x50, 0x11,
-	0x03, 0xd2, 0x7c, 0x79, 0x80, 0xcb, 0x2a, 0x58, 0xdc, 0x90, 0x0b, 0x1b, 0x2c, 0x24, 0x01, 0xf5,
-	0x92, 0x8c, 0x73, 0x2f, 0x89, 0x39, 0xf3, 0x87, 0x78, 0xb1, 0xa1, 0x19, 0xeb, 0xcd, 0x67, 0xe6,
-	0x1c, 0xbd, 0xa6, 0x9d, 0x71, 0x6e, 0x2b, 0xdc, 0xb9, 0xa7, 0x3a, 0x4c, 0x02, 0x68, 0x77, 0xa6,
-	0xa9, 0xa0, 0x7e, 0x4a, 0x25, 0x5e, 0x52, 0x73, 0x27, 0xac, 0xab, 0xc2, 0xe8, 0x39, 0xe8, 0x57,
-	0x34, 0x65, 0x7d, 0xe6, 0x13, 0xc9, 0xe2, 0xc8, 0xfb, 0x46, 0x87, 0xb8, 0x92, 0xa3, 0xd3, 0xf1,
-	0xf7, 0x74, 0x88, 0x5e, 0xc3, 0x5a, 0xa2, 0xfc, 0x79, 0x7e, 0x1c, 0xf5, 0x59, 0x80, 0x97, 0x1b,
-	0x9a, 0x51, 0x6b, 0x3e, 0x34, 0xf3, 0xd5, 0x98, 0xe3, 0xd5, 0x98, 0xae, 0x5a, 0x8d, 0xb3, 0x9a,
-	0xd3, 0xc7, 0x0a, 0x46, 0x8f, 0xa1, 0x56, 0x54, 0x47, 0x24, 0xa4, 0x78, 0x45, 0xcd, 0x80, 0x3c,
-	0xd4, 0x25, 0x21, 0x45, 0x87, 0xb0, 0x94, 0x0c, 0x88, 0xa0, 0xb8, 0xaa, 0xec, 0x1b, 0xf3, 0xed,
-	0xab, 0x3a, 0x7b, 0xc4, 0x3b, 0x79, 0x19, 0x7a, 0x05, 0x2b, 0x49, 0xca, 0xe2, 0x94, 0xc9, 0x21,
-	0x06, 0xa5, 0x6c, 0xfb, 0x1f, 0x65, 0x9d, 0x48, 0x1e, 0xec, 0x7f, 0x26, 0x3c, 0xa3, 0xce, 0x2d,
-	0x8c, 0x0e, 0x61, 0xfd, 0x92, 0xf6, 0x49, 0xc6, 0xe5, 0xd8, 0x18, 0x9d, 0x6f, 0x6c, 0xad, 0xc0,
-	0x0b, 0x67, 0xef, 0xa0, 0x16, 0x12, 0xe9, 0x0f, 0xbc, 0x34, 0xe3, 0x54, 0xe0, 0x7e, 0xa3, 0x6c,
-	0xd4, 0x9a, 0x4f, 0xe7, 0xca, 0xff, 0x38, 0xe2, 0x9d, 0x8c, 0x53, 0x07, 0xc2, 0xf1, 0x51, 0xa0,
-	0x7d, 0xd8, 0x9c, 0x15, 0xe2, 0x5d, 0x32, 0x41, 0x7a, 0x9c, 0xe2, 0xa0, 0xa1, 0x19, 0x2b, 0xce,
-	0xfd, 0x99, 0xb9, 0x27, 0x79, 0x6e, 0xe7, 0x87, 0x06, 0xd5, 0xdb, 0x7e, 0x08, 0xc3, 0x32, 0x8b,
-	0xd4, 0x60, 0xac, 0x35, 0xca, 0x46, 0xd5, 0x19, 0x5f, 0x47, 0x4f, 0xf0, 0x32, 0x0e, 0x09, 0x8b,
-	0x70, 0x49, 0x25, 0x8a, 0x1b, 0xb2, 0xa0, 0x52, 0xd8, 0x2e, 0xcf, 0xb7, 0x5d, 0x60, 0xe8, 0x09,
-	0xac, 0xdf, 0x91, 0xb7, 0xa8, 0xe4, 0xad, 0xf9, 0xd3, 0xba, 0x76, 0xdb, 0x50, 0x9b, 0xfa, 0x4a,
-	0xe8, 0x01, 0x6c, 0x9c, 0x77, 0x5d, 0xbb, 0x7d, 0xdc, 0x79, 0xdb, 0x69, 0x9f, 0x78, 0xf6, 0x69,
-	0xcb, 0x6d, 0xeb, 0x0b, 0xa8, 0x0a, 0x4b, 0xad, 0xf3, 0xb3, 0xd3, 0xae, 0xae, 0x8d, 0x8f, 0x17,
-	0x7a, 0x69, 0x74, 0x74, 0xcf, 0x5a, 0x67, 0xae, 0x5e, 0xde, 0x3d, 0x02, 0x98, 0x7a, 0xda, 0x9b,
-	0x80, 0x66, 0xba, 0x7c, 0xfa, 0xd0, 0x39, 0xfe, 0xaa, 0x2f, 0x20, 0x1d, 0x56, 0x3b, 0xfd, 0x6e,
-	0x2c, 0xed, 0x94, 0x0a, 0x1a, 0x49, 0x5d, 0x43, 0x00, 0x95, 0x16, 0xbf, 0x26, 0x43, 0xa1, 0x97,
-	0x8e, 0xde, 0xfc, 0xbc, 0xa9, 0x6b, 0xbf, 0x6e, 0xea, 0xda, 0xef, 0x9b, 0xba, 0x76, 0xd1, 0x0c,
-	0x98, 0x1c, 0x64, 0x3d, 0xd3, 0x8f, 0x43, 0x8b, 0x70, 0xd6, 0x23, 0x3d, 0x62, 0x15, 0x1f, 0xcb,
-	0x22, 0x09, 0xb3, 0xfe, 0xf3, 0x1b, 0xe9, 0x55, 0xd4, 0x32, 0x5e, 0xfc, 0x0d, 0x00, 0x00, 0xff,
-	0xff, 0x48, 0x74, 0xbe, 0xc1, 0x64, 0x04, 0x00, 0x00,
+	// 619 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x94, 0xdd, 0x4e, 0xdb, 0x4c,
+	0x10, 0x86, 0x71, 0x02, 0x81, 0x4c, 0x80, 0xcf, 0xac, 0xbe, 0xd2, 0x15, 0x54, 0x69, 0x84, 0xd4,
+	0xd6, 0xe5, 0xc0, 0x16, 0xa1, 0x3f, 0x27, 0x15, 0x6a, 0x80, 0xb4, 0x44, 0x6d, 0x53, 0xcb, 0x86,
+	0x56, 0xe5, 0xc4, 0xda, 0x98, 0x8d, 0xb3, 0xea, 0xfa, 0x47, 0xde, 0x35, 0x34, 0x17, 0xd2, 0x7b,
+	0xea, 0x61, 0x2f, 0xa1, 0xe2, 0x2e, 0x7a, 0x56, 0x65, 0x6d, 0x43, 0x42, 0xab, 0x9c, 0xed, 0xce,
+	0x3c, 0x33, 0xf3, 0xbe, 0xe3, 0x95, 0xa1, 0x49, 0xbf, 0x49, 0x1a, 0x09, 0x16, 0x47, 0xc2, 0xba,
+	0xdc, 0x23, 0x3c, 0x19, 0x91, 0x3d, 0xeb, 0x8a, 0x88, 0xd0, 0x4c, 0xd2, 0x58, 0xc6, 0x68, 0x7b,
+	0xc4, 0x82, 0x94, 0x0a, 0x61, 0xde, 0x72, 0x66, 0xc9, 0x6d, 0x35, 0x83, 0x38, 0x0e, 0x38, 0xb5,
+	0x14, 0x3a, 0xc8, 0x86, 0xd6, 0x55, 0x4a, 0x92, 0x84, 0xa6, 0x22, 0x2f, 0xde, 0x7a, 0x70, 0x37,
+	0x2f, 0x64, 0x9a, 0xf9, 0x32, 0xcf, 0xee, 0xfc, 0x5e, 0x04, 0xf8, 0x4c, 0x44, 0x68, 0xf3, 0x2c,
+	0x60, 0x11, 0xd2, 0xa1, 0x9a, 0xa5, 0x1c, 0x57, 0x5a, 0x9a, 0x51, 0x77, 0x26, 0x47, 0xb4, 0x09,
+	0x35, 0x31, 0x22, 0xed, 0xe7, 0x2f, 0x70, 0x55, 0x05, 0x8b, 0x1b, 0x72, 0x61, 0x83, 0x85, 0x24,
+	0xa0, 0x5e, 0x92, 0x71, 0xee, 0x25, 0x31, 0x67, 0xfe, 0x18, 0x2f, 0xb6, 0x34, 0x63, 0xbd, 0xfd,
+	0xc4, 0x9c, 0xa3, 0xd7, 0xb4, 0x33, 0xce, 0x6d, 0x85, 0x3b, 0xff, 0xa9, 0x0e, 0xb7, 0x01, 0xb4,
+	0x3b, 0xd3, 0x54, 0x50, 0x3f, 0xa5, 0x12, 0x2f, 0xa9, 0xb9, 0xb7, 0xac, 0xab, 0xc2, 0xe8, 0x29,
+	0xe8, 0x97, 0x34, 0x65, 0x43, 0xe6, 0x13, 0xc9, 0xe2, 0xc8, 0xfb, 0x4a, 0xc7, 0xb8, 0x96, 0xa3,
+	0xd3, 0xf1, 0x77, 0x74, 0x8c, 0x5e, 0xc1, 0x5a, 0xa2, 0xfc, 0x79, 0x7e, 0x1c, 0x0d, 0x59, 0x80,
+	0x97, 0x5b, 0x9a, 0xd1, 0x68, 0xdf, 0x37, 0xf3, 0xd5, 0x98, 0xe5, 0x6a, 0x4c, 0x57, 0xad, 0xc6,
+	0x59, 0xcd, 0xe9, 0x23, 0x05, 0xa3, 0x87, 0xd0, 0x28, 0xaa, 0x23, 0x12, 0x52, 0xbc, 0xa2, 0x66,
+	0x40, 0x1e, 0xea, 0x93, 0x90, 0xa2, 0x03, 0x58, 0x4a, 0x46, 0x44, 0x50, 0x5c, 0x57, 0xf6, 0x8d,
+	0xf9, 0xf6, 0x55, 0x9d, 0x3d, 0xe1, 0x9d, 0xbc, 0x0c, 0xbd, 0x84, 0x95, 0x24, 0x65, 0x71, 0xca,
+	0xe4, 0x18, 0x83, 0x52, 0xb6, 0xfd, 0x97, 0xb2, 0x5e, 0x24, 0xf7, 0xdb, 0x9f, 0x08, 0xcf, 0xa8,
+	0x73, 0x03, 0xa3, 0x03, 0x58, 0xbf, 0xa0, 0x43, 0x92, 0x71, 0x59, 0x1a, 0xa3, 0xf3, 0x8d, 0xad,
+	0x15, 0x78, 0xe1, 0xec, 0x2d, 0x34, 0x42, 0x22, 0xfd, 0x91, 0x97, 0x66, 0x9c, 0x0a, 0x3c, 0x6c,
+	0x55, 0x8d, 0x46, 0xfb, 0xf1, 0x5c, 0xf9, 0x1f, 0x26, 0xbc, 0x93, 0x71, 0xea, 0x40, 0x58, 0x1e,
+	0x05, 0x7a, 0x06, 0x9b, 0xb3, 0x42, 0xbc, 0x0b, 0x26, 0xc8, 0x80, 0x53, 0x1c, 0xb4, 0x34, 0x63,
+	0xc5, 0xf9, 0x7f, 0x66, 0xee, 0x71, 0x9e, 0xdb, 0xf9, 0xae, 0x41, 0xfd, 0xa6, 0x1f, 0xc2, 0xb0,
+	0xcc, 0x22, 0x35, 0x18, 0x6b, 0xad, 0xaa, 0x51, 0x77, 0xca, 0xeb, 0xe4, 0x09, 0x5e, 0xc4, 0x21,
+	0x61, 0x11, 0xae, 0xa8, 0x44, 0x71, 0x43, 0x16, 0xd4, 0x0a, 0xdb, 0xd5, 0xf9, 0xb6, 0x0b, 0x0c,
+	0x3d, 0x82, 0xf5, 0x3b, 0xf2, 0x16, 0x95, 0xbc, 0x35, 0x7f, 0x5a, 0xd7, 0x6e, 0x17, 0x1a, 0x53,
+	0x5f, 0x09, 0xdd, 0x83, 0x8d, 0xb3, 0xbe, 0x6b, 0x77, 0x8f, 0x7a, 0x6f, 0x7a, 0xdd, 0x63, 0xcf,
+	0x3e, 0xe9, 0xb8, 0x5d, 0x7d, 0x01, 0xd5, 0x61, 0xa9, 0x73, 0x76, 0x7a, 0xd2, 0xd7, 0xb5, 0xf2,
+	0x78, 0xae, 0x57, 0x26, 0x47, 0xf7, 0xb4, 0x73, 0xea, 0xea, 0xd5, 0xdd, 0x43, 0x80, 0xa9, 0xa7,
+	0xbd, 0x09, 0x68, 0xa6, 0xcb, 0xc7, 0xf7, 0xbd, 0xa3, 0x2f, 0xfa, 0x02, 0xd2, 0x61, 0xb5, 0x37,
+	0xec, 0xc7, 0xd2, 0x4e, 0xa9, 0xa0, 0x91, 0xd4, 0x35, 0x04, 0x50, 0xeb, 0xf0, 0x2b, 0x32, 0x16,
+	0x7a, 0xe5, 0xf0, 0xf5, 0x8f, 0xeb, 0xa6, 0xf6, 0xf3, 0xba, 0xa9, 0xfd, 0xba, 0x6e, 0x6a, 0xe7,
+	0xed, 0x80, 0xc9, 0x51, 0x36, 0x30, 0xfd, 0x38, 0xb4, 0x08, 0x67, 0x03, 0x32, 0x20, 0x56, 0xf1,
+	0xb1, 0x2c, 0x92, 0x30, 0xeb, 0x1f, 0xbf, 0x91, 0x41, 0x4d, 0x2d, 0x63, 0xff, 0x4f, 0x00, 0x00,
+	0x00, 0xff, 0xff, 0xb9, 0xf2, 0x67, 0xbe, 0x64, 0x04, 0x00, 0x00,
 }
 
 func (m *WasmPlugin) Marshal() (dAtA []byte, err error) {
@@ -1024,7 +1024,7 @@ func (m *WasmPlugin) Unmarshal(dAtA []byte) error {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Priority == nil {
-				m.Priority = &types.Int64Value{}
+				m.Priority = &types.Int32Value{}
 			}
 			if err := m.Priority.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err

api/extensions/v1alpha1/wasm.proto

@@ -98,7 +98,7 @@ message WasmPlugin {
   // If `priority` is not set, or two `WasmPlugins` exist with the same
   // value, the ordering will be deterministically derived from name and
   // namespace of the `WasmPlugins`. Defaults to `0`.
-  google.protobuf.Int64Value priority = 10;
+  google.protobuf.Int32Value priority = 10;
 
   // Extended by Higress, the default configuration takes effect globally
   google.protobuf.Struct default_config = 101;

cmd/higress/main.go

@@ -18,10 +18,13 @@ import (
 	"fmt"
 	"os"
 
+	"istio.io/pkg/log"
+
 	"github.com/alibaba/higress/pkg/cmd"
 )
 
 func main() {
+	log.EnableKlogWithCobra()
 	if err := cmd.GetRootCommand().Execute(); err != nil {
 		_, _ = fmt.Fprintln(os.Stderr, err)
 		os.Exit(1)

codecov.yml

@@ -2,7 +2,11 @@ codecov:
   require_ci_to_pass: yes
 coverage:
   status:
-    patch: no
+    patch: 
+      default:
+        target: 50%
+        threshold: 0%
+        if_ci_failed: error # success, failure, error, ignore
     project:
       default:
         target: auto
@@ -17,4 +21,4 @@ ignore:
 comment:
   layout: "reach,diff,flags,tree"
   behavior: default
-  require_changes: no
+  require_changes: no

go.mod

@@ -15,7 +15,7 @@ replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.5
 
 require (
 	github.com/AlecAivazis/survey/v2 v2.3.6
-	github.com/agiledragon/gomonkey/v2 v2.9.0
+	github.com/agiledragon/gomonkey/v2 v2.11.0
 	github.com/avast/retry-go/v4 v4.3.4
 	github.com/compose-spec/compose-go v1.8.2
 	github.com/docker/cli v20.10.20+incompatible

go.sum

@@ -160,8 +160,8 @@ github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmx
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
 github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
-github.com/agiledragon/gomonkey/v2 v2.9.0 h1:PDiKKybR596O6FHW+RVSG0Z7uGCBNbmbUXh3uCNQ7Hc=
-github.com/agiledragon/gomonkey/v2 v2.9.0/go.mod h1:ap1AmDzcVOAz1YpeJ3TCzIgstoaWLA6jbbgxfB4w2iY=
+github.com/agiledragon/gomonkey/v2 v2.11.0 h1:5oxSgA+tC1xuGsrIorR+sYiziYltmJyEZ9qA25b6l5U=
+github.com/agiledragon/gomonkey/v2 v2.11.0/go.mod h1:ap1AmDzcVOAz1YpeJ3TCzIgstoaWLA6jbbgxfB4w2iY=
 github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412/go.mod h1:WPjqKcmVOxf0XSf3YxCJs6N6AOSrOx3obionmG7T0y0=
 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0/go.mod h1:TdjdkYhlOifCQWPs1UdTma97kQQMozf5h26hTuG70u8=
 github.com/alecthomas/jsonschema v0.0.0-20180308105923-f2c93856175a/go.mod h1:qpebaTNSsyUn5rPSJMsfqEtDw71TTggXM6stUDI16HA=

helm/core/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.3.4-rc.1
+appVersion: 1.3.6
 description: Helm chart for deploying higress gateways
 icon: https://higress.io/img/higress_logo_small.png
 home: http://higress.io/
@@ -10,4 +10,4 @@ name: higress-core
 sources:
 - http://github.com/alibaba/higress
 type: application
-version: 1.3.4-rc.1
+version: 1.3.6

helm/core/crds/customresourcedefinitions.gen.yaml

@@ -154,6 +154,11 @@ spec:
                           type: array
                         httpPath:
                           type: string
+                        paramFromEntireBody:
+                          properties:
+                            paramType:
+                              type: string
+                          type: object
                         params:
                           items:
                             properties:

helm/core/templates/controller-deployment.yaml

@@ -70,6 +70,12 @@ spec:
             periodSeconds: 3
             timeoutSeconds: 5
           env:
+          - name: HIGRESS_SYSTEM_NS
+            value: "{{ .Release.Namespace }}"
+          - name: DEFAULT_UPSTREAM_CONCURRENCY_THRESHOLD
+            value: "{{ .Values.global.defaultUpstreamConcurrencyThreshold }}"
+          - name: ISTIO_GPRC_MAXRECVMSGSIZE
+            value: "{{ .Values.global.xdsMaxRecvMsgSize }}"
           - name: ENBALE_SCOPED_RDS
             value: "{{ .Values.global.enableSRDS }}"
           - name: ON_DEMAND_RDS
@@ -191,6 +197,8 @@ spec:
           - "serve"
           - --gatewaySelectorKey=higress
           - --gatewaySelectorValue={{ .Release.Namespace }}-{{ include "gateway.name" . }}
+          - --gatewayHttpPort={{ .Values.gateway.httpPort }}
+          - --gatewayHttpsPort={{ .Values.gateway.httpsPort }}
           {{- if not .Values.global.enableStatus }}
           - --enableStatus={{ .Values.global.enableStatus }}
           {{- end }}

helm/core/templates/deployment.yaml

@@ -165,25 +165,25 @@ spec:
             protocol: TCP
             name: http-envoy-prom
           {{- if or .Values.global.local .Values.global.kind }}
-          - containerPort: 80
-            hostPort: 80
+          - containerPort: {{ .Values.gateway.httpPort }}
+            hostPort:  {{ .Values.gateway.httpPort }}
             name: http
             protocol: TCP
-          - containerPort: 443
-            hostPort: 443
+          - containerPort:  {{ .Values.gateway.httpsPort }}
+            hostPort:  {{ .Values.gateway.httpsPort }}
             name: https
             protocol: TCP
           {{- end }}
           readinessProbe:
-            failureThreshold: 30
+            failureThreshold: {{ .Values.gateway.readinessFailureThreshold }}
             httpGet:
               path: /healthz/ready
               port: 15021
               scheme: HTTP
-            initialDelaySeconds: 1
-            periodSeconds: 2
-            successThreshold: 1
-            timeoutSeconds: 3
+            initialDelaySeconds: {{ .Values.gateway.readinessInitialDelaySeconds }}
+            periodSeconds: {{ .Values.gateway.readinessPeriodSeconds }}
+            successThreshold: {{ .Values.gateway.readinessSuccessThreshold }}
+            timeoutSeconds: {{ .Values.gateway.readinessTimeoutSeconds }}
           {{- if not (or .Values.global.local .Values.global.kind) }}
           resources:
             {{- toYaml .Values.gateway.resources | nindent 12 }}

helm/core/values.yaml

@@ -1,8 +1,10 @@
 revision: ""
 global:
-  enableSRDS: false
-  onDemandRDS: true
-  hostRDSMergeSubset: true
+  xdsMaxRecvMsgSize: 104857600
+  defaultUpstreamConcurrencyThreshold: 10000
+  enableSRDS: true
+  onDemandRDS: false
+  hostRDSMergeSubset: false
   onlyPushRouteCluster: true
   # IngressClass filters which ingress resources the higress controller watches.
   # The default ingress class is higress.
@@ -13,7 +15,7 @@ global:
   # resources in the k8s cluster.
   ingressClass: "higress"
   watchNamespace: ""
-  disableAlpnH2: true
+  disableAlpnH2: false
   enableStatus: true
   # whether to use autoscaling/v2 template for HPA settings
   # for internal usage only, not to be configured by users.
@@ -151,12 +153,18 @@ global:
     # The number of successive failed probes before indicating readiness failure.
     readinessFailureThreshold: 30
 
+    # The number of successive successed probes before indicating readiness success.
+    readinessSuccessThreshold: 30
+
     # The initial delay for readiness probes in seconds.
     readinessInitialDelaySeconds: 1
 
     # The period between readiness probes.
     readinessPeriodSeconds: 2
 
+    # The readiness timeout seconds
+    readinessTimeoutSeconds: 3
+
     # Resources for the sidecar.
     resources:
       requests:
@@ -373,6 +381,21 @@ gateway:
   replicas: 2
   image: gateway
 
+  # The number of successive failed probes before indicating readiness failure.
+  readinessFailureThreshold: 30
+
+  # The number of successive successed probes before indicating readiness success.
+  readinessSuccessThreshold: 1
+
+  # The initial delay for readiness probes in seconds.
+  readinessInitialDelaySeconds: 1
+
+  # The period between readiness probes.
+  readinessPeriodSeconds: 2
+
+  # The readiness timeout seconds
+  readinessTimeoutSeconds: 3
+
   hub: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress
   tag: ""
   # revision declares which revision this gateway is a part of
@@ -394,7 +417,8 @@ gateway:
 
   # Pod environment variables
   env: {}
-
+  httpPort: 80
+  httpsPort: 443
   hostNetwork: false
 
   # Labels to apply to all resources

helm/higress/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: higress-core
   repository: file://../core
-  version: 1.3.4-rc.1
+  version: 1.3.6
 - name: higress-console
   repository: https://higress.io/helm-charts/
-  version: 1.3.1
-digest: sha256:cdd2b6e7023f505c5a7d4851d2a7bdb999e11f19508661f07e1f862918c5e793
-generated: "2024-01-11T17:40:17.045364+08:00"
+  version: 1.3.3
+digest: sha256:6bf02020df81c81fedf69976ba0e2a2620527b7cbd11d7602e5e6ae3427b959f
+generated: "2024-04-22T19:32:07.927664+08:00"

helm/higress/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.3.4-rc.1
+appVersion: 1.3.6
 description: Helm chart for deploying Higress gateways
 icon: https://higress.io/img/higress_logo_small.png
 home: http://higress.io/
@@ -12,9 +12,9 @@ sources:
 dependencies:
 - name: higress-core
   repository: "file://../core"
-  version: 1.3.4-rc.1
+  version: 1.3.6
 - name: higress-console
   repository: "https://higress.io/helm-charts/"
-  version: 1.3.1
+  version: 1.3.3
 type: application
-version: 1.3.4-rc.1
+version: 1.3.6

istio/1.12/patches/istio/20240115-optimize-rds-cache.patch

@@ -0,0 +1,373 @@
+diff -Naur istio/pilot/pkg/model/push_context.go istio-new/pilot/pkg/model/push_context.go
+--- istio/pilot/pkg/model/push_context.go	2024-01-15 20:46:45.000000000 +0800
++++ istio-new/pilot/pkg/model/push_context.go	2024-01-15 19:20:45.000000000 +0800
+@@ -96,6 +96,9 @@
+ 	publicByGateway map[string][]config.Config
+ 	// root vs namespace/name ->delegate vs virtualservice gvk/namespace/name
+ 	delegates map[ConfigKey][]ConfigKey
++	// Added by ingress
++	byHost map[string][]config.Config
++	// End added by ingress
+ }
+ 
+ func newVirtualServiceIndex() virtualServiceIndex {
+@@ -104,6 +107,9 @@
+ 		privateByNamespaceAndGateway: map[string]map[string][]config.Config{},
+ 		exportedToNamespaceByGateway: map[string]map[string][]config.Config{},
+ 		delegates:                    map[ConfigKey][]ConfigKey{},
++		// Added by ingress
++		byHost: map[string][]config.Config{},
++		// End added by ingress
+ 	}
+ }
+ 
+@@ -857,6 +863,13 @@
+ 	return res
+ }
+ 
++// Added by ingress
++func (ps *PushContext) VirtualServicesForHost(proxy *Proxy, host string) []config.Config {
++	return ps.virtualServiceIndex.byHost[host]
++}
++
++// End added by ingress
++
+ // DelegateVirtualServicesConfigKey lists all the delegate virtual services configkeys associated with the provided virtual services
+ func (ps *PushContext) DelegateVirtualServicesConfigKey(vses []config.Config) []ConfigKey {
+ 	var out []ConfigKey
+@@ -1468,6 +1481,11 @@
+ 	for _, virtualService := range vservices {
+ 		ns := virtualService.Namespace
+ 		rule := virtualService.Spec.(*networking.VirtualService)
++		// Added by ingress
++		for _, host := range rule.Hosts {
++			ps.virtualServiceIndex.byHost[host] = append(ps.virtualServiceIndex.byHost[host], virtualService)
++		}
++		// End added by ingress
+ 		gwNames := getGatewayNames(rule)
+ 		if len(rule.ExportTo) == 0 {
+ 			// No exportTo in virtualService. Use the global default
+diff -Naur istio/pilot/pkg/networking/core/v1alpha3/gateway.go istio-new/pilot/pkg/networking/core/v1alpha3/gateway.go
+--- istio/pilot/pkg/networking/core/v1alpha3/gateway.go	2024-01-15 20:46:45.000000000 +0800
++++ istio-new/pilot/pkg/networking/core/v1alpha3/gateway.go	2024-01-15 20:04:05.000000000 +0800
+@@ -28,6 +28,7 @@
+ 	route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
+ 	hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
+ 	tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
++	discovery "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
+ 	"github.com/hashicorp/go-multierror"
+ 
+ 	meshconfig "istio.io/api/mesh/v1alpha1"
+@@ -35,6 +36,7 @@
+ 	"istio.io/istio/pilot/pkg/features"
+ 	"istio.io/istio/pilot/pkg/model"
+ 	istionetworking "istio.io/istio/pilot/pkg/networking"
++	"istio.io/istio/pilot/pkg/networking/core/v1alpha3/envoyfilter"
+ 	"istio.io/istio/pilot/pkg/networking/core/v1alpha3/extension"
+ 	"istio.io/istio/pilot/pkg/networking/core/v1alpha3/mseingress"
+ 	istio_route "istio.io/istio/pilot/pkg/networking/core/v1alpha3/route"
+@@ -423,8 +425,15 @@
+ 	gatewayName    string
+ }
+ 
+-func (configgen *ConfigGeneratorImpl) buildHostRDSConfig(node *model.Proxy, push *model.PushContext,
+-	routeName string) *route.RouteConfiguration {
++func (configgen *ConfigGeneratorImpl) buildHostRDSConfig(
++	node *model.Proxy,
++	req *model.PushRequest,
++	routeName string,
++	vsCache map[int][]virtualServiceContext,
++	efw *model.EnvoyFilterWrapper,
++	efKeys []string,
++) (*discovery.Resource, bool) {
++	push := req.Push
+ 	var (
+ 		hostRDSPort string
+ 		hostRDSHost string
+@@ -432,7 +441,7 @@
+ 	portAndHost := strings.SplitN(strings.TrimPrefix(routeName, constants.HigressHostRDSNamePrefix), ".", 2)
+ 	if len(portAndHost) != 2 {
+ 		log.Errorf("Invalid route %s when using Higress hostRDS", routeName)
+-		return nil
++		return nil, false
+ 	}
+ 	hostRDSPort = portAndHost[0]
+ 	hostRDSHost = portAndHost[1]
+@@ -441,10 +450,24 @@
+ 	rdsPort, err := strconv.Atoi(hostRDSPort)
+ 	if err != nil {
+ 		log.Errorf("Invalid port %s of route %s when using Higress hostRDS", hostRDSPort, routeName)
+-		return nil
++		return nil, false
++	}
++
++	routeCache := &istio_route.Cache{
++		RouteName:    routeName,
++		ProxyVersion: node.Metadata.IstioVersion,
++		ListenerPort: rdsPort,
++		// Use same host vs to cache, although the cache can be cleared when the port is different, this can be accepted
++		VirtualServices: push.VirtualServicesForHost(node, hostRDSHost),
++		EnvoyFilterKeys: efKeys,
++	}
++
++	resource, exist := configgen.Cache.Get(routeCache)
++	if exist {
++		return resource, true
+ 	}
++
+ 	listenerPort := uint32(rdsPort)
+-	globalHTTPFilters := mseingress.ExtractGlobalHTTPFilters(node, push)
+ 
+ 	isH3DiscoveryNeeded := false
+ 
+@@ -457,9 +480,9 @@
+ 			break
+ 		}
+ 	}
+-
+ 	gatewayRoutes := make(map[string]map[string][]*route.Route)
+ 	gatewayVirtualServices := make(map[string][]config.Config)
++	var listenerVirtualServices []virtualServiceContext
+ 	var selectedVirtualServices []virtualServiceContext
+ 	var vHost *route.VirtualHost
+ 	serverIterator := func(mergedServers map[model.ServerPort]*model.MergedServers) {
+@@ -478,31 +501,8 @@
+ 					gatewayVirtualServices[gatewayName] = virtualServices
+ 				}
+ 				for _, virtualService := range virtualServices {
+-					hostMatch := false
+-					var selectHost string
+-					virtualServiceHosts := host.NewNames(virtualService.Spec.(*networking.VirtualService).Hosts)
+-					for _, hostname := range virtualServiceHosts {
+-						// exact match
+-						if hostname == host.Name(hostRDSHost) {
+-							hostMatch = true
+-							selectHost = hostRDSHost
+-							break
+-						}
+-						if features.HostRDSMergeSubset {
+-							// subset match
+-							if host.Name(hostRDSHost).SubsetOf(hostname) {
+-								hostMatch = true
+-								selectHost = string(hostname)
+-							}
+-						}
+-					}
+-					if !hostMatch {
+-						continue
+-					}
+-					copiedVS := virtualService.DeepCopy()
+-					copiedVS.Spec.(*networking.VirtualService).Hosts = []string{selectHost}
+-					selectedVirtualServices = append(selectedVirtualServices, virtualServiceContext{
+-						virtualService: copiedVS,
++					listenerVirtualServices = append(listenerVirtualServices, virtualServiceContext{
++						virtualService: virtualService,
+ 						server:         server,
+ 						gatewayName:    gatewayName,
+ 					})
+@@ -510,15 +510,63 @@
+ 			}
+ 		}
+ 	}
+-	serverIterator(merged.MergedServers)
+-	serverIterator(merged.MergedQUICTransportServers)
+-	// Sort by subset
+-	// before: ["*.abc.com", "*.com", "www.abc.com"]
+-	// after: ["www.abc.com", "*.abc.com", "*.com"]
+-	sort.SliceStable(selectedVirtualServices, func(i, j int) bool {
+-		return host.Name(selectedVirtualServices[i].virtualService.Spec.(*networking.VirtualService).Hosts[0]).SubsetOf(
+-			host.Name(selectedVirtualServices[j].virtualService.Spec.(*networking.VirtualService).Hosts[0]))
+-	})
++	var vsExists bool
++	if listenerVirtualServices, vsExists = vsCache[rdsPort]; !vsExists {
++		serverIterator(merged.MergedServers)
++		serverIterator(merged.MergedQUICTransportServers)
++		vsCache[rdsPort] = listenerVirtualServices
++	}
++	for _, vsCtx := range listenerVirtualServices {
++		virtualService := vsCtx.virtualService
++		hostMatch := false
++		var selectHost string
++		for _, hostname := range virtualService.Spec.(*networking.VirtualService).Hosts {
++			// exact match
++			if hostname == hostRDSHost {
++				hostMatch = true
++				selectHost = hostRDSHost
++				break
++			}
++			if features.HostRDSMergeSubset {
++				// subset match
++				if host.Name(hostRDSHost).SubsetOf(host.Name(hostname)) {
++					hostMatch = true
++					selectHost = hostname
++				}
++			}
++		}
++		if !hostMatch {
++			continue
++		}
++		if len(virtualService.Spec.(*networking.VirtualService).Hosts) > 1 {
++			copiedVS := &networking.VirtualService{}
++			copiedVS = virtualService.Spec.(*networking.VirtualService)
++			copiedVS.Hosts = []string{selectHost}
++			selectedVirtualServices = append(selectedVirtualServices, virtualServiceContext{
++				virtualService: config.Config{
++					Meta:   virtualService.Meta,
++					Spec:   copiedVS,
++					Status: virtualService.Status,
++				},
++				server:      vsCtx.server,
++				gatewayName: vsCtx.gatewayName,
++			})
++		} else {
++			selectedVirtualServices = append(selectedVirtualServices, vsCtx)
++		}
++	}
++	if features.HostRDSMergeSubset {
++		// Sort by subset
++		// before: ["*.abc.com", "*.com", "www.abc.com"]
++		// after: ["www.abc.com", "*.abc.com", "*.com"]
++		sort.SliceStable(selectedVirtualServices, func(i, j int) bool {
++			return host.Name(selectedVirtualServices[i].virtualService.Spec.(*networking.VirtualService).Hosts[0]).SubsetOf(
++				host.Name(selectedVirtualServices[j].virtualService.Spec.(*networking.VirtualService).Hosts[0]))
++		})
++	}
++
++	globalHTTPFilters := mseingress.ExtractGlobalHTTPFilters(node, push)
++
+ 	port := int(listenerPort)
+ 	for _, ctx := range selectedVirtualServices {
+ 		virtualService := ctx.virtualService
+@@ -605,25 +653,42 @@
+ 		ValidateClusters: proto.BoolFalse,
+ 	}
+ 
+-	return routeCfg
++	routeCfg = envoyfilter.ApplyRouteConfigurationPatches(networking.EnvoyFilter_GATEWAY, node, efw, routeCfg)
++	resource = &discovery.Resource{
++		Name:     routeName,
++		Resource: util.MessageToAny(routeCfg),
++	}
++
++	if features.EnableRDSCaching {
++		configgen.Cache.Add(routeCache, req, resource)
++	}
++
++	return resource, false
+ }
+ 
+ // End added by ingress
+ 
+-func (configgen *ConfigGeneratorImpl) buildGatewayHTTPRouteConfig(node *model.Proxy, push *model.PushContext,
+-	routeName string) *route.RouteConfiguration {
++// Modifed by ingress
++func (configgen *ConfigGeneratorImpl) buildGatewayHTTPRouteConfig(
++	node *model.Proxy,
++	req *model.PushRequest,
++	routeName string,
++	vsCache map[int][]virtualServiceContext,
++	efw *model.EnvoyFilterWrapper,
++	efKeys []string,
++) (*discovery.Resource, bool) {
+ 	if node.MergedGateway == nil {
+ 		log.Warnf("buildGatewayRoutes: no gateways for router %v", node.ID)
+-		return &route.RouteConfiguration{
+-			Name:             routeName,
+-			VirtualHosts:     []*route.VirtualHost{},
+-			ValidateClusters: proto.BoolFalse,
+-		}
++		return nil, false
+ 	}
+-
+ 	// Added by ingress
++	push := req.Push
+ 	if strings.HasPrefix(routeName, constants.HigressHostRDSNamePrefix) {
+-		return configgen.buildHostRDSConfig(node, push, routeName)
++		resource, cacheHit := configgen.buildHostRDSConfig(node, req, routeName, vsCache, efw, efKeys)
++		if resource == nil {
++			return nil, false
++		}
++		return resource, cacheHit
+ 	}
+ 	// End added by ingress
+ 
+@@ -636,7 +701,7 @@
+ 
+ 		// This can happen when a gateway has recently been deleted. Envoy will still request route
+ 		// information due to the draining of listeners, so we should not return an error.
+-		return nil
++		return nil, false
+ 	}
+ 
+ 	servers := merged.ServersByRouteName[routeName]
+@@ -768,9 +833,16 @@
+ 		ValidateClusters: proto.BoolFalse,
+ 	}
+ 
+-	return routeCfg
++	routeCfg = envoyfilter.ApplyRouteConfigurationPatches(networking.EnvoyFilter_GATEWAY, node, efw, routeCfg)
++	resource := &discovery.Resource{
++		Name:     routeName,
++		Resource: util.MessageToAny(routeCfg),
++	}
++	return resource, false
+ }
+ 
++// End modified by ingress
++
+ // hashRouteList returns a hash of a list of pointers
+ func hashRouteList(r []*route.Route) uint64 {
+ 	hash := md5.New()
+diff -Naur istio/pilot/pkg/networking/core/v1alpha3/httproute.go istio-new/pilot/pkg/networking/core/v1alpha3/httproute.go
+--- istio/pilot/pkg/networking/core/v1alpha3/httproute.go	2024-01-15 20:46:41.000000000 +0800
++++ istio-new/pilot/pkg/networking/core/v1alpha3/httproute.go	2024-01-15 10:29:09.000000000 +0800
+@@ -78,17 +78,30 @@
+ 			routeConfigurations = append(routeConfigurations, rc)
+ 		}
+ 	case model.Router:
++		// Modified by ingress
++		vsCache := make(map[int][]virtualServiceContext)
++		envoyfilterKeys := efw.Keys()
+ 		for _, routeName := range routeNames {
+-			rc := configgen.buildGatewayHTTPRouteConfig(node, req.Push, routeName)
+-			if rc != nil {
+-				rc = envoyfilter.ApplyRouteConfigurationPatches(networking.EnvoyFilter_GATEWAY, node, efw, rc)
+-				resource := &discovery.Resource{
++			rc, cached := configgen.buildGatewayHTTPRouteConfig(node, req, routeName, vsCache, efw, envoyfilterKeys)
++			if cached && !features.EnableUnsafeAssertions {
++				hit++
++			} else {
++				miss++
++			}
++			if rc == nil {
++				emptyRoute := &route.RouteConfiguration{
++					Name:             routeName,
++					VirtualHosts:     []*route.VirtualHost{},
++					ValidateClusters: proto.BoolFalse,
++				}
++				rc = &discovery.Resource{
+ 					Name:     routeName,
+-					Resource: util.MessageToAny(rc),
++					Resource: util.MessageToAny(emptyRoute),
+ 				}
+-				routeConfigurations = append(routeConfigurations, resource)
+ 			}
++			routeConfigurations = append(routeConfigurations, rc)
+ 		}
++		// End modified by ingress
+ 	}
+ 	if !features.EnableRDSCaching {
+ 		return routeConfigurations, model.DefaultXdsLogDetails
+diff -Naur istio/pilot/pkg/xds/discovery.go istio-new/pilot/pkg/xds/discovery.go
+--- istio/pilot/pkg/xds/discovery.go	2024-01-15 20:46:45.000000000 +0800
++++ istio-new/pilot/pkg/xds/discovery.go	2024-01-12 19:56:02.000000000 +0800
+@@ -392,6 +392,9 @@
+ // ConfigUpdate implements ConfigUpdater interface, used to request pushes.
+ // It replaces the 'clear cache' from v1.
+ func (s *DiscoveryServer) ConfigUpdate(req *model.PushRequest) {
++	if req.Full {
++		log.Infof("full push happen, reason:%v", req.Reason)
++	}
+ 	inboundConfigUpdates.Increment()
+ 	s.InboundUpdates.Inc()
+ 	s.pushChannel <- req

istio/1.12/patches/istio/20240201-optimize-default-arg.patch

@@ -0,0 +1,60 @@
+diff -Naur istio/pilot/cmd/pilot-agent/status/util/stats.go istio-new/pilot/cmd/pilot-agent/status/util/stats.go
+--- istio/pilot/cmd/pilot-agent/status/util/stats.go	2024-02-01 10:20:13.000000000 +0800
++++ istio-new/pilot/cmd/pilot-agent/status/util/stats.go	2024-01-31 22:44:53.000000000 +0800
+@@ -73,7 +73,7 @@
+ 		localHostAddr = "localhost"
+ 	}
+ 
+-	readinessURL := fmt.Sprintf("http://%s:%d/stats?usedonly&filter=%s", localHostAddr, adminPort, readyStatsRegex)
++	readinessURL := fmt.Sprintf("http://%s:%d/stats?usedonly", localHostAddr, adminPort)
+ 	stats, err := http.DoHTTPGetWithTimeout(readinessURL, readinessTimeout)
+ 	if err != nil {
+ 		return nil, false, err
+@@ -105,7 +105,7 @@
+ 		localHostAddr = "localhost"
+ 	}
+ 
+-	stats, err := http.DoHTTPGet(fmt.Sprintf("http://%s:%d/stats?usedonly&filter=%s", localHostAddr, adminPort, updateStatsRegex))
++	stats, err := http.DoHTTPGet(fmt.Sprintf("http://%s:%d/stats?usedonly", localHostAddr, adminPort))
+ 	if err != nil {
+ 		return nil, err
+ 	}
+diff -Naur istio/pilot/pkg/features/pilot.go istio-new/pilot/pkg/features/pilot.go
+--- istio/pilot/pkg/features/pilot.go	2024-02-01 10:20:17.000000000 +0800
++++ istio-new/pilot/pkg/features/pilot.go	2024-02-01 10:16:18.000000000 +0800
+@@ -575,6 +575,8 @@
+ 		"If enabled, each host in virtualservice will have an independent RDS, which is used with SRDS").Get()
+ 	OnDemandRDS = env.RegisterBoolVar("ON_DEMAND_RDS", false,
+ 		"If enabled, the on demand filter will be added to the HCM filters").Get()
++	DefaultUpstreamConcurrencyThreshold = env.RegisterIntVar("DEFAULT_UPSTREAM_CONCURRENCY_THRESHOLD", 1000000,
++		"The default threshold of max_requests/max_pending_requests/max_connections of circuit breaker").Get()
+ 	// End added by ingress
+ )
+ 
+diff -Naur istio/pilot/pkg/networking/core/v1alpha3/cluster.go istio-new/pilot/pkg/networking/core/v1alpha3/cluster.go
+--- istio/pilot/pkg/networking/core/v1alpha3/cluster.go	2024-02-01 10:20:17.000000000 +0800
++++ istio-new/pilot/pkg/networking/core/v1alpha3/cluster.go	2024-02-01 10:16:05.000000000 +0800
+@@ -61,6 +61,7 @@
+ 
+ // getDefaultCircuitBreakerThresholds returns a copy of the default circuit breaker thresholds for the given traffic direction.
+ func getDefaultCircuitBreakerThresholds() *cluster.CircuitBreakers_Thresholds {
++	// Modified by ingress
+ 	return &cluster.CircuitBreakers_Thresholds{
+ 		// DefaultMaxRetries specifies the default for the Envoy circuit breaker parameter max_retries. This
+ 		// defines the maximum number of parallel retries a given Envoy will allow to the upstream cluster. Envoy defaults
+@@ -68,11 +69,12 @@
+ 		// where multiple endpoints in a cluster are terminated. In these scenarios the circuit breaker can kick
+ 		// in before Pilot is able to deliver an updated endpoint list to Envoy, leading to client-facing 503s.
+ 		MaxRetries:         &wrappers.UInt32Value{Value: math.MaxUint32},
+-		MaxRequests:        &wrappers.UInt32Value{Value: math.MaxUint32},
+-		MaxConnections:     &wrappers.UInt32Value{Value: math.MaxUint32},
+-		MaxPendingRequests: &wrappers.UInt32Value{Value: math.MaxUint32},
++		MaxRequests:        &wrappers.UInt32Value{Value: uint32(features.DefaultUpstreamConcurrencyThreshold)},
++		MaxConnections:     &wrappers.UInt32Value{Value: uint32(features.DefaultUpstreamConcurrencyThreshold)},
++		MaxPendingRequests: &wrappers.UInt32Value{Value: uint32(features.DefaultUpstreamConcurrencyThreshold)},
+ 		TrackRemaining:     true,
+ 	}
++	// End modified by ingress
+ }
+ 
+ // BuildClusters returns the list of clusters for the given proxy. This is the CDS output

istio/1.12/patches/istio/20240201-virtual-host-allow-server-name.patch

@@ -0,0 +1,88 @@
+diff -Naur istio/pilot/pkg/networking/core/v1alpha3/gateway.go istio-new/pilot/pkg/networking/core/v1alpha3/gateway.go
+--- istio/pilot/pkg/networking/core/v1alpha3/gateway.go	2024-02-01 13:53:17.000000000 +0800
++++ istio-new/pilot/pkg/networking/core/v1alpha3/gateway.go	2024-02-01 13:52:11.000000000 +0800
+@@ -501,6 +501,16 @@
+ 					gatewayVirtualServices[gatewayName] = virtualServices
+ 				}
+ 				for _, virtualService := range virtualServices {
++					virtualServiceHosts := host.NewNames(virtualService.Spec.(*networking.VirtualService).Hosts)
++					serverHosts := host.NamesForNamespace(server.Hosts, virtualService.Namespace)
++
++					// We have two cases here:
++					// 1. virtualService hosts are 1.foo.com, 2.foo.com, 3.foo.com and server hosts are ns/*.foo.com
++					// 2. virtualService hosts are *.foo.com, and server hosts are ns/1.foo.com, ns/2.foo.com, ns/3.foo.com
++					intersectingHosts := serverHosts.Intersection(virtualServiceHosts)
++					if len(intersectingHosts) == 0 {
++						continue
++					}
+ 					listenerVirtualServices = append(listenerVirtualServices, virtualServiceContext{
+ 						virtualService: virtualService,
+ 						server:         server,
+@@ -615,22 +625,24 @@
+ 
+ 		// check all hostname if is not exist with HttpsRedirect set to true
+ 		// create VirtualHost to redirect
+-		for _, hostname := range server.Hosts {
+-			if !server.GetTls().GetHttpsRedirect() {
+-				continue
+-			}
+-			if vHost != nil && host.Name(hostname) == host.Name(hostRDSHost) {
++		if server.GetTls().GetHttpsRedirect() {
++			if vHost != nil {
+ 				vHost.RequireTls = route.VirtualHost_ALL
+-				continue
++			} else {
++				vHost = &route.VirtualHost{
++					Name:                       util.DomainName(hostRDSHost, port),
++					Domains:                    buildGatewayVirtualHostDomains(hostRDSHost, port),
++					IncludeRequestAttemptCount: true,
++					RequireTls:                 route.VirtualHost_ALL,
++				}
+ 			}
+-			vHost = &route.VirtualHost{
+-				Name:                       util.DomainName(hostname, port),
+-				Domains:                    buildGatewayVirtualHostDomains(hostname, port),
+-				IncludeRequestAttemptCount: true,
+-				RequireTls:                 route.VirtualHost_ALL,
++		} else if vHost != nil {
++			mode := server.GetTls().GetMode()
++			if mode == networking.ServerTLSSettings_MUTUAL ||
++				mode == networking.ServerTLSSettings_ISTIO_MUTUAL {
++				vHost.AllowServerNames = append(vHost.AllowServerNames, server.Hosts...)
+ 			}
+ 		}
+-
+ 	}
+ 	var virtualHosts []*route.VirtualHost
+ 	if vHost == nil {
+@@ -642,6 +654,30 @@
+ 			Routes: []*route.Route{},
+ 		}}
+ 	} else {
++		sort.SliceStable(vHost.AllowServerNames, func(i, j int) bool {
++			hostI := vHost.AllowServerNames[i]
++			hostJ := vHost.AllowServerNames[j]
++			if host.Name(hostI).SubsetOf(host.Name(hostJ)) {
++				return true
++			}
++			return hostI < hostJ
++		})
++		var uniqueServerNames []string
++		hasAllCatch := false
++		for i, name := range vHost.AllowServerNames {
++			if name == "*" {
++				hasAllCatch = true
++				break
++			}
++			if i == 0 || vHost.AllowServerNames[i-1] != name {
++				uniqueServerNames = append(uniqueServerNames, name)
++			}
++		}
++		if hasAllCatch {
++			vHost.AllowServerNames = nil
++		} else {
++			vHost.AllowServerNames = uniqueServerNames
++		}
+ 		vHost.Routes = istio_route.CombineVHostRoutes(vHost.Routes)
+ 		virtualHosts = append(virtualHosts, vHost)
+ 	}

istio/1.12/patches/istio/20240202-fix-rds-cache.patch

@@ -0,0 +1,41 @@
+diff -Naur istio/pilot/pkg/xds/discovery.go istio-new/pilot/pkg/xds/discovery.go
+--- istio/pilot/pkg/xds/discovery.go	2024-02-02 16:26:49.000000000 +0800
++++ istio-new/pilot/pkg/xds/discovery.go	2024-02-02 15:38:53.000000000 +0800
+@@ -18,6 +18,7 @@
+ 	"context"
+ 	"fmt"
+ 	"strconv"
++	"strings"
+ 	"sync"
+ 	"time"
+ 
+@@ -41,6 +42,7 @@
+ 	"istio.io/istio/pilot/pkg/util/sets"
+ 	v3 "istio.io/istio/pilot/pkg/xds/v3"
+ 	"istio.io/istio/pkg/cluster"
++	"istio.io/istio/pkg/config/constants"
+ 	"istio.io/istio/pkg/security"
+ )
+ 
+@@ -332,6 +334,21 @@
+ 	} else {
+ 		// Otherwise, just clear the updated configs
+ 		s.Cache.Clear(req.ConfigsUpdated)
++		//Added by ingress
++		trimKeyMap := make(map[model.ConfigKey]struct{})
++		for configKey := range req.ConfigsUpdated {
++			if strings.HasPrefix(configKey.Name, constants.IstioIngressGatewayName+"-") {
++				trimKeyMap[model.ConfigKey{
++					Kind:      configKey.Kind,
++					Name:      strings.TrimPrefix(configKey.Name, constants.IstioIngressGatewayName+"-"),
++					Namespace: configKey.Namespace,
++				}] = struct{}{}
++			}
++		}
++		if len(trimKeyMap) > 0 {
++			s.Cache.Clear(trimKeyMap)
++		}
++		//End added by ingress
+ 	}
+ }
+ 

istio/1.12/patches/istio/20240204-increase-healthcheck-timeout.patch

@@ -0,0 +1,21 @@
+diff -Naur istio/pilot/cmd/pilot-agent/status/util/stats.go istio-new/pilot/cmd/pilot-agent/status/util/stats.go
+--- istio/pilot/cmd/pilot-agent/status/util/stats.go	2024-02-04 18:48:18.000000000 +0800
++++ istio-new/pilot/cmd/pilot-agent/status/util/stats.go	2024-02-04 09:35:42.000000000 +0800
+@@ -37,7 +37,7 @@
+ 	updateStatsRegex   = "^(cluster_manager\\.cds|listener_manager\\.lds)\\.(update_success|update_rejected)$"
+ )
+ 
+-var readinessTimeout = time.Second * 3 // Default Readiness timeout. It is set the same in helm charts.
++var readinessTimeout = time.Second * 60 // Default Readiness timeout. It is set the same in helm charts.
+ 
+ type stat struct {
+ 	name  string
+@@ -105,7 +105,7 @@
+ 		localHostAddr = "localhost"
+ 	}
+ 
+-	stats, err := http.DoHTTPGet(fmt.Sprintf("http://%s:%d/stats?usedonly", localHostAddr, adminPort))
++	stats, err := http.DoHTTPGetWithTimeout(fmt.Sprintf("http://%s:%d/stats?usedonly", localHostAddr, adminPort), readinessTimeout)
+ 	if err != nil {
+ 		return nil, err
+ 	}

istio/1.12/patches/istio/20240304-fix-gwapi-rds-cache.patch

@@ -0,0 +1,132 @@
+diff -Naur istio/pilot/pkg/config/kube/gateway/conversion.go istio-new/pilot/pkg/config/kube/gateway/conversion.go
+--- istio/pilot/pkg/config/kube/gateway/conversion.go	2024-03-04 17:35:34.000000000 +0800
++++ istio-new/pilot/pkg/config/kube/gateway/conversion.go	2024-03-04 16:58:26.000000000 +0800
+@@ -450,7 +450,7 @@
+ 		name = fmt.Sprintf("%s/%s/%s.%s", obj.GroupVersionKind.Kind, obj.Name, *sectionName, obj.Namespace)
+ 	}
+ 	return map[string]string{
+-		constants.InternalParentName: name,
++		constants.InternalParentNames: name,
+ 	}
+ }
+ 
+diff -Naur istio/pilot/pkg/networking/core/v1alpha3/gateway.go istio-new/pilot/pkg/networking/core/v1alpha3/gateway.go
+--- istio/pilot/pkg/networking/core/v1alpha3/gateway.go	2024-03-04 17:35:34.000000000 +0800
++++ istio-new/pilot/pkg/networking/core/v1alpha3/gateway.go	2024-03-04 17:23:10.000000000 +0800
+@@ -49,6 +49,7 @@
+ 	"istio.io/istio/pkg/config/gateway"
+ 	"istio.io/istio/pkg/config/host"
+ 	"istio.io/istio/pkg/config/protocol"
++	"istio.io/istio/pkg/config/schema/gvk"
+ 	"istio.io/istio/pkg/config/security"
+ 	"istio.io/istio/pkg/proto"
+ 	"istio.io/istio/pkg/util/istiomultierror"
+@@ -453,12 +454,43 @@
+ 		return nil, false
+ 	}
+ 
++	hostVs := push.VirtualServicesForHost(node, hostRDSHost)
++
++	var httpRoutes []config.Config
++
++	for _, vs := range hostVs {
++		if len(vs.Annotations) == 0 {
++			continue
++		}
++		if parents, ok := vs.Annotations[constants.InternalParentNames]; ok {
++			typeNames := strings.Split(parents, ",")
++			for _, typeName := range typeNames {
++				if !strings.HasPrefix(typeName, "HTTPRoute/") {
++					continue
++				}
++				nsNameStr := strings.TrimPrefix(typeName, "HTTPRoute/")
++				nsName := strings.SplitN(nsNameStr, ".", 2)
++				if len(nsName) != 2 {
++					continue
++				}
++				httpRoutes = append(httpRoutes, config.Config{
++					Meta: config.Meta{
++						GroupVersionKind: gvk.HTTPRoute,
++						Name:             nsName[0],
++						Namespace:        nsName[1],
++					},
++				})
++			}
++		}
++	}
++
+ 	routeCache := &istio_route.Cache{
+ 		RouteName:    routeName,
+ 		ProxyVersion: node.Metadata.IstioVersion,
+ 		ListenerPort: rdsPort,
+ 		// Use same host vs to cache, although the cache can be cleared when the port is different, this can be accepted
+-		VirtualServices: push.VirtualServicesForHost(node, hostRDSHost),
++		VirtualServices: hostVs,
++		HTTPRoutes:      httpRoutes,
+ 		EnvoyFilterKeys: efKeys,
+ 	}
+ 
+diff -Naur istio/pilot/pkg/networking/core/v1alpha3/route/route_cache.go istio-new/pilot/pkg/networking/core/v1alpha3/route/route_cache.go
+--- istio/pilot/pkg/networking/core/v1alpha3/route/route_cache.go	2024-03-04 17:35:30.000000000 +0800
++++ istio-new/pilot/pkg/networking/core/v1alpha3/route/route_cache.go	2024-03-04 17:24:19.000000000 +0800
+@@ -43,9 +43,12 @@
+ 	// This depends on DNSCapture.
+ 	DNSAutoAllocate bool
+ 
+-	ListenerPort     int
+-	Services         []*model.Service
+-	VirtualServices  []config.Config
++	ListenerPort    int
++	Services        []*model.Service
++	VirtualServices []config.Config
++	// Added by ingress
++	HTTPRoutes []config.Config
++	// End added by ingress
+ 	DestinationRules []*config.Config
+ 	EnvoyFilterKeys  []string
+ }
+@@ -81,6 +84,11 @@
+ 	for _, vs := range r.VirtualServices {
+ 		configs = append(configs, model.ConfigKey{Kind: gvk.VirtualService, Name: vs.Name, Namespace: vs.Namespace})
+ 	}
++	// Added by ingress
++	for _, route := range r.HTTPRoutes {
++		configs = append(configs, model.ConfigKey{Kind: gvk.HTTPRoute, Name: route.Name, Namespace: route.Namespace})
++	}
++	// End added by ingress
+ 	for _, dr := range r.DestinationRules {
+ 		configs = append(configs, model.ConfigKey{Kind: gvk.DestinationRule, Name: dr.Name, Namespace: dr.Namespace})
+ 	}
+@@ -107,6 +115,11 @@
+ 	for _, vs := range r.VirtualServices {
+ 		params = append(params, vs.Name+"/"+vs.Namespace)
+ 	}
++	// Added by ingress
++	for _, route := range r.HTTPRoutes {
++		params = append(params, route.Name+"/"+route.Namespace)
++	}
++	// End added by ingress
+ 	for _, dr := range r.DestinationRules {
+ 		params = append(params, dr.Name+"/"+dr.Namespace)
+ 	}
+diff -Naur istio/pkg/config/constants/constants.go istio-new/pkg/config/constants/constants.go
+--- istio/pkg/config/constants/constants.go	2024-03-04 17:35:34.000000000 +0800
++++ istio-new/pkg/config/constants/constants.go	2024-03-04 16:58:05.000000000 +0800
+@@ -15,8 +15,6 @@
+ package constants
+ 
+ const (
+-	InternalParentNames = "internal.istio.io/parents"
+-
+ 	InternalRouteSemantics = "internal.istio.io/route-semantics"
+ 
+ 	RouteSemanticsGateway = "gateway"
+@@ -129,7 +127,7 @@
+ 	AlwaysPushLabel = "internal.istio.io/always-push"
+ 
+ 	// InternalParentName declares the original resource of an internally-generate config. This is used by the gateway-api.
+-	InternalParentName = "internal.istio.io/parent"
++	InternalParentNames = "internal.istio.io/parents"
+ 
+ 	// TrustworthyJWTPath is the default 3P token to authenticate with third party services
+ 	TrustworthyJWTPath = "./var/run/secrets/tokens/istio-token"

istio/1.12/patches/istio/20240308-fix-gateway-api-route-name.patch

@@ -0,0 +1,56 @@
+diff -Naur istio/pilot/pkg/config/kube/gateway/conversion.go istio-new/pilot/pkg/config/kube/gateway/conversion.go
+--- istio/pilot/pkg/config/kube/gateway/conversion.go	2024-03-08 17:23:49.000000000 +0800
++++ istio-new/pilot/pkg/config/kube/gateway/conversion.go	2024-03-08 17:02:50.000000000 +0800
+@@ -16,6 +16,7 @@
+ 
+ import (
+ 	"fmt"
++	"path"
+ 	"regexp"
+ 	"sort"
+ 	"strconv"
+@@ -28,6 +29,7 @@
+ 	gatewayapiV1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
+ 
+ 	istio "istio.io/api/networking/v1alpha3"
++	"istio.io/istio/pilot/pkg/features"
+ 	"istio.io/istio/pilot/pkg/model"
+ 	"istio.io/istio/pilot/pkg/model/credentials"
+ 	"istio.io/istio/pilot/pkg/model/kstatus"
+@@ -290,6 +292,16 @@
+ 	return ret
+ }
+ 
++// Added by ingress
++func generateRouteName(obj config.Config) string {
++	if obj.Namespace == features.HigressSystemNs {
++		return obj.Name
++	}
++	return path.Join(obj.Namespace, obj.Name)
++}
++
++// End added by ingress
++
+ func buildHTTPVirtualServices(ctx *KubernetesResources, obj config.Config, gateways map[parentKey]map[gatewayapiV1beta1.SectionName]*parentInfo, gatewayRoutes map[string]map[string]*config.Config, domain string) {
+ 	route := obj.Spec.(*gatewayapiV1beta1.HTTPRouteSpec)
+ 
+@@ -307,7 +319,7 @@
+ 	for _, r := range route.Rules {
+ 		// TODO: implement rewrite, timeout, mirror, corspolicy, retries
+ 		vs := &istio.HTTPRoute{
+-			Name: obj.Name,
++			Name: generateRouteName(obj),
+ 		}
+ 		for _, match := range r.Matches {
+ 			uri, err := createURIMatch(match)
+diff -Naur istio/pilot/pkg/features/pilot.go istio-new/pilot/pkg/features/pilot.go
+--- istio/pilot/pkg/features/pilot.go	2024-03-08 17:23:49.000000000 +0800
++++ istio-new/pilot/pkg/features/pilot.go	2024-03-08 17:00:05.000000000 +0800
+@@ -577,6 +577,7 @@
+ 		"If enabled, the on demand filter will be added to the HCM filters").Get()
+ 	DefaultUpstreamConcurrencyThreshold = env.RegisterIntVar("DEFAULT_UPSTREAM_CONCURRENCY_THRESHOLD", 1000000,
+ 		"The default threshold of max_requests/max_pending_requests/max_connections of circuit breaker").Get()
++	HigressSystemNs = env.RegisterStringVar("HIGRESS_SYSTEM_NS", "higress-system", "The system namespace of Higress").Get()
+ 	// End added by ingress
+ )
+ 

istio/1.12/patches/istio/20240422-fix-copyvs.patch

@@ -0,0 +1,20 @@
+diff -Naur istio/pilot/pkg/networking/core/v1alpha3/gateway.go istio-new/pilot/pkg/networking/core/v1alpha3/gateway.go
+--- istio/pilot/pkg/networking/core/v1alpha3/gateway.go	2024-04-22 18:08:26.000000000 +0800
++++ istio-new/pilot/pkg/networking/core/v1alpha3/gateway.go	2024-04-22 18:07:46.000000000 +0800
+@@ -581,13 +581,13 @@
+ 			continue
+ 		}
+ 		if len(virtualService.Spec.(*networking.VirtualService).Hosts) > 1 {
+-			copiedVS := &networking.VirtualService{}
+-			copiedVS = virtualService.Spec.(*networking.VirtualService)
++			copiedVS := networking.VirtualService{}
++			copiedVS = *(virtualService.Spec.(*networking.VirtualService))
+ 			copiedVS.Hosts = []string{selectHost}
+ 			selectedVirtualServices = append(selectedVirtualServices, virtualServiceContext{
+ 				virtualService: config.Config{
+ 					Meta:   virtualService.Meta,
+-					Spec:   copiedVS,
++					Spec:   &copiedVS,
+ 					Status: virtualService.Status,
+ 				},
+ 				server:      vsCtx.server,

pkg/bootstrap/server.go

@@ -110,6 +110,8 @@ type ServerArgs struct {
 	KeepStaleWhenEmpty   bool
 	GatewaySelectorKey   string
 	GatewaySelectorValue string
+	GatewayHttpPort      uint32
+	GatewayHttpsPort     uint32
 }
 
 type readinessProbe func() (bool, error)
@@ -220,6 +222,8 @@ func (s *Server) initConfigController() error {
 		SystemNamespace:      ns,
 		GatewaySelectorKey:   s.GatewaySelectorKey,
 		GatewaySelectorValue: s.GatewaySelectorValue,
+		GatewayHttpPort:      s.GatewayHttpPort,
+		GatewayHttpsPort:     s.GatewayHttpsPort,
 	}
 	if options.ClusterId == "Kubernetes" {
 		options.ClusterId = ""

pkg/cmd/hgctl/dashboard.go

@@ -24,14 +24,13 @@ import (
 	"runtime"
 	"strings"
 
-	"github.com/alibaba/higress/pkg/cmd/hgctl/kubernetes"
-	"github.com/alibaba/higress/pkg/cmd/options"
-	"github.com/docker/cli/cli/command"
-	"github.com/docker/cli/cli/flags"
-	types2 "github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
+
+	"github.com/alibaba/higress/pkg/cmd/hgctl/docker"
+	"github.com/alibaba/higress/pkg/cmd/hgctl/kubernetes"
+	"github.com/alibaba/higress/pkg/cmd/options"
 )
 
 var (
@@ -55,7 +54,9 @@ var (
 
 	proxyAdminPort int
 
-	docker = false
+	project = "higress"
+
+	dockerCli = false
 )
 
 const (
@@ -107,7 +108,7 @@ func newDashboardCmd() *cobra.Command {
 
 	consoleCmd := consoleDashCmd()
 	consoleCmd.PersistentFlags().IntVar(&consolePort, "ui-port", defaultConsolePort, "The component dashboard UI port.")
-	consoleCmd.PersistentFlags().BoolVar(&docker, "docker", false, "Search higress console from docker")
+	consoleCmd.PersistentFlags().BoolVar(&dockerCli, "docker", false, "Search higress console from docker")
 	dashboardCmd.AddCommand(consoleCmd)
 
 	controllerDebugCmd := controllerDebugCmd()
@@ -165,23 +166,23 @@ func consoleDashCmd() *cobra.Command {
   hgctl dash console
   hgctl d console`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			if docker {
-				return accessDocker(cmd)
+			if dockerCli {
+				return accessDockerCompose(cmd)
 			}
 			client, err := kubernetes.NewCLIClient(options.DefaultConfigFlags.ToRawKubeConfigLoader())
 			if err != nil {
 				fmt.Printf("build kubernetes CLI client fail: %v\ntry to access docker container\n", err)
-				return accessDocker(cmd)
+				return accessDockerCompose(cmd)
 			}
 			pl, err := client.PodsForSelector(addonNamespace, "app.kubernetes.io/name=higress-console")
 			if err != nil {
 				fmt.Printf("build kubernetes CLI client fail: %v\ntry to access docker container\n", err)
-				return accessDocker(cmd)
+				return accessDockerCompose(cmd)
 			}
 
 			if len(pl.Items) < 1 {
 				fmt.Printf("no higress console pods found\ntry to access docker container\n")
-				return accessDocker(cmd)
+				return accessDockerCompose(cmd)
 			}
 
 			// only use the first pod in the list
@@ -193,27 +194,26 @@ func consoleDashCmd() *cobra.Command {
 	return cmd
 }
 
-// accessDocker access docker container
-func accessDocker(cmd *cobra.Command) error {
-	dockerCli, err := command.NewDockerCli(command.WithCombinedStreams(os.Stdout))
+// accessDockerCompose access docker compose ps
+func accessDockerCompose(cmd *cobra.Command) error {
+	cli, err := docker.NewCompose(cmd.OutOrStdout())
 	if err != nil {
-		return fmt.Errorf("build docker CLI client fail: %w", err)
+		return errors.Wrap(err, "failed to build the docker compose client")
 	}
-	err = dockerCli.Initialize(flags.NewClientOptions())
+
+	list, err := cli.Ps(context.TODO(), project)
 	if err != nil {
-		return fmt.Errorf("docker client initialize fail: %w", err)
+		return errors.Wrap(err, "failed to build the docker compose ps")
 	}
-	apiClient := dockerCli.Client()
-	list, err := apiClient.ContainerList(context.Background(), types2.ContainerListOptions{})
 	for _, container := range list {
-		for i, name := range container.Names {
-			if strings.Contains(name, "higress-console") {
-				port := container.Ports[i].PublicPort
-				// not support define ip address
-				url := fmt.Sprintf("http://localhost:%d", port)
+		if strings.Contains(container.Service, "console") {
+			// not support define ip address
+			if container.Publishers != nil {
+				url := fmt.Sprintf("http://localhost:%d", container.Publishers[0].PublishedPort)
 				openBrowser(url, cmd.OutOrStdout(), browser)
-				return nil
 			}
+
+			return nil
 		}
 	}
 	return errors.New("no higress console container found")

pkg/cmd/hgctl/docker/compose.go

@@ -109,3 +109,7 @@ func (c Compose) List(ctx context.Context) ([]api.Stack, error) {
 func (c Compose) Down(ctx context.Context, name string) error {
 	return c.client.Down(ctx, name, api.DownOptions{})
 }
+
+func (c Compose) Ps(ctx context.Context, name string) ([]api.ContainerSummary, error) {
+	return c.client.Ps(ctx, name, api.PsOptions{})
+}

pkg/cmd/hgctl/helm/profile.go

@@ -17,6 +17,7 @@ package helm
 import (
 	"errors"
 	"fmt"
+	"regexp"
 	"strings"
 
 	"istio.io/istio/operator/pkg/util"
@@ -84,9 +85,10 @@ func (p ProfileGlobal) Validate(install InstallMode) []error {
 }
 
 type ProfileConsole struct {
-	Port        uint32 `json:"port,omitempty"`
-	Replicas    uint32 `json:"replicas,omitempty"`
-	O11yEnabled bool   `json:"o11YEnabled,omitempty"`
+	Port        uint32   `json:"port,omitempty"`
+	Replicas    uint32   `json:"replicas,omitempty"`
+	O11yEnabled bool     `json:"o11YEnabled,omitempty"`
+	Resources   Resource `json:"resources,omitempty"`
 }
 
 func (p ProfileConsole) SetFlags(install InstallMode) ([]string, error) {
@@ -112,14 +114,31 @@ func (p ProfileConsole) Validate(install InstallMode) []error {
 		}
 	}
 
+	// set default value
+	if p.Resources.Requests.CPU == "" {
+		p.Resources.Requests.CPU = "250m"
+	}
+	if p.Resources.Requests.Memory == "" {
+		p.Resources.Requests.Memory = "512Mi"
+	}
+	if p.Resources.Limits.CPU == "" {
+		p.Resources.Limits.CPU = "2000m"
+	}
+	if p.Resources.Limits.Memory == "" {
+		p.Resources.Limits.Memory = "2048Mi"
+	}
+
+	errs = append(errs, p.Resources.Validate()...)
+
 	return errs
 }
 
 type ProfileGateway struct {
-	Replicas    uint32 `json:"replicas,omitempty"`
-	HttpPort    uint32 `json:"httpPort,omitempty"`
-	HttpsPort   uint32 `json:"httpsPort,omitempty"`
-	MetricsPort uint32 `json:"metricsPort,omitempty"`
+	Replicas    uint32   `json:"replicas,omitempty"`
+	HttpPort    uint32   `json:"httpPort,omitempty"`
+	HttpsPort   uint32   `json:"httpsPort,omitempty"`
+	MetricsPort uint32   `json:"metricsPort,omitempty"`
+	Resources   Resource `json:"resources,omitempty"`
 }
 
 func (p ProfileGateway) SetFlags(install InstallMode) ([]string, error) {
@@ -149,11 +168,29 @@ func (p ProfileGateway) Validate(install InstallMode) []error {
 			errs = append(errs, errors.New("gateway.MetricsPort need be large than zero"))
 		}
 	}
+
+	// set default value
+	if p.Resources.Requests.CPU == "" {
+		p.Resources.Requests.CPU = "2000m"
+	}
+	if p.Resources.Requests.Memory == "" {
+		p.Resources.Requests.Memory = "2048Mi"
+	}
+	if p.Resources.Limits.CPU == "" {
+		p.Resources.Limits.CPU = "2000m"
+	}
+	if p.Resources.Limits.Memory == "" {
+		p.Resources.Limits.Memory = "2048Mi"
+	}
+
+	errs = append(errs, p.Resources.Validate()...)
+
 	return errs
 }
 
 type ProfileController struct {
-	Replicas uint32 `json:"replicas,omitempty"`
+	Replicas  uint32   `json:"replicas,omitempty"`
+	Resources Resource `json:"resources,omitempty"`
 }
 
 func (p ProfileController) SetFlags(install InstallMode) ([]string, error) {
@@ -171,6 +208,23 @@ func (p ProfileController) Validate(install InstallMode) []error {
 			errs = append(errs, errors.New("controller.replica need be large than zero"))
 		}
 	}
+
+	// set default value
+	if p.Resources.Requests.CPU == "" {
+		p.Resources.Requests.CPU = "500m"
+	}
+	if p.Resources.Requests.Memory == "" {
+		p.Resources.Requests.Memory = "2048Mi"
+	}
+	if p.Resources.Limits.CPU == "" {
+		p.Resources.Limits.CPU = "1000m"
+	}
+	if p.Resources.Limits.Memory == "" {
+		p.Resources.Limits.Memory = "2048Mi"
+	}
+
+	errs = append(errs, p.Resources.Validate()...)
+
 	return errs
 }
 
@@ -248,14 +302,62 @@ func (p *Profile) ValuesYaml() (string, error) {
 	setFlags = append(setFlags, controllerFlags...)
 
 	valueOverlayYAML := ""
-	if p.Values != nil {
-		out, err := yaml.Marshal(p.Values)
-		if err != nil {
-			return "", err
-		}
-		valueOverlayYAML = string(out)
+	if p.Values == nil {
+		p.Values = make(map[string]any)
 	}
 
+	resourceMap := make(map[string]any)
+	resourceMap["higress-core"] = map[string]interface{}{
+		"controller": map[string]interface{}{
+			"resources": map[string]interface{}{
+				"requests": map[string]interface{}{
+					"cpu":    p.Controller.Resources.Requests.CPU,
+					"memory": p.Controller.Resources.Requests.Memory,
+				},
+				"limits": map[string]interface{}{
+					"cpu":    p.Controller.Resources.Limits.CPU,
+					"memory": p.Controller.Resources.Limits.Memory,
+				},
+			},
+		},
+		"gateway": map[string]interface{}{
+			"resources": map[string]interface{}{
+				"requests": map[string]interface{}{
+					"cpu":    p.Gateway.Resources.Requests.CPU,
+					"memory": p.Gateway.Resources.Requests.Memory,
+				},
+				"limits": map[string]interface{}{
+					"cpu":    p.Gateway.Resources.Limits.CPU,
+					"memory": p.Gateway.Resources.Limits.Memory,
+				},
+			},
+		},
+	}
+	resourceMap["higress-console"] = map[string]interface{}{
+		"resources": map[string]interface{}{
+			"requests": map[string]interface{}{
+				"cpu":    p.Console.Resources.Requests.CPU,
+				"memory": p.Console.Resources.Requests.Memory,
+			},
+			"limits": map[string]interface{}{
+				"cpu":    p.Console.Resources.Limits.CPU,
+				"memory": p.Console.Resources.Limits.Memory,
+			},
+		},
+	}
+
+	resourceYAML, err := yaml.Marshal(resourceMap)
+	if err != nil {
+		return "", err
+	}
+
+	out, err := yaml.Marshal(p.Values)
+	if err != nil {
+		return "", err
+	}
+
+	valueOverlayYAML, err = util.OverlayYAML(string(resourceYAML), string(out))
+
 	flagsYAML, err := overlaySetFlagValues("", setFlags)
 	if err != nil {
 		return "", err
@@ -343,3 +445,54 @@ func ToString(errors []error, separator string) string {
 	}
 	return out
 }
+
+type Resource struct {
+	Requests Requests `json:"requests,omitempty"`
+	Limits   Limits   `json:"limits,omitempty"`
+}
+
+type Requests struct {
+	CPU    string `json:"cpu,omitempty"`
+	Memory string `json:"memory,omitempty"`
+}
+
+type Limits struct {
+	CPU    string `json:"cpu,omitempty"`
+	Memory string `json:"memory,omitempty"`
+}
+
+func (r Resource) Validate() []error {
+	errs := make([]error, 0)
+
+	r.Requests.CPU = strings.ReplaceAll(r.Requests.CPU, " ", "")
+	r.Requests.Memory = strings.ReplaceAll(r.Requests.Memory, " ", "")
+	r.Limits.CPU = strings.ReplaceAll(r.Limits.CPU, " ", "")
+	r.Limits.Memory = strings.ReplaceAll(r.Limits.Memory, " ", "")
+
+	if !isValidK8SResourceFormat(r.Requests.CPU) {
+		errs = append(errs, fmt.Errorf("requests CPU has invalid format"))
+	}
+	if !isValidK8SResourceFormat(r.Requests.Memory) {
+		errs = append(errs, fmt.Errorf("requests memory has invalid format"))
+	}
+	if !isValidK8SResourceFormat(r.Limits.CPU) {
+		errs = append(errs, fmt.Errorf("limits CPU has invalid format"))
+	}
+	if !isValidK8SResourceFormat(r.Limits.Memory) {
+		errs = append(errs, fmt.Errorf("limits memory has invalid format"))
+	}
+	return errs
+}
+
+func isValidK8SResourceFormat(resource string) bool {
+	pattern := `^\d+((n|u|m|k|Ki|M|Mi|G|Gi|T|Ti|P|Pi|E|Ei)?)$`
+	match, _ := regexp.MatchString(pattern, resource)
+	if !match {
+		return false
+	}
+
+	if len(resource) == 0 || resource[0] == '-' || resource[0] == '0' {
+		return false
+	}
+	return true
+}

pkg/cmd/hgctl/helm/render.go

@@ -584,7 +584,7 @@ func locateChart(cpOpts *action.ChartPathOptions, name string, settings *cli.Env
 	return fileAbsPath, nil
 }
 
-func ParseLatestVersion(repoUrl string, version string) (string, error) {
+func ParseLatestVersion(repoUrl string, version string, devel bool) (string, error) {
 
 	cpOpts := &action.ChartPathOptions{
 		RepoURL: repoUrl,
@@ -632,7 +632,16 @@ func ParseLatestVersion(repoUrl string, version string) (string, error) {
 
 	// get higress helm chart latest version
 	if entries, ok := indexFile.Entries[RepoChartIndexYamlHigressIndex]; ok {
-		return entries[0].AppVersion, nil
+		if devel {
+			return entries[0].AppVersion, nil
+		}
+
+		if chatVersion, err := indexFile.Get(RepoChartIndexYamlHigressIndex, ""); err != nil {
+			return "", errors.New("can't find higress latest version")
+		} else {
+			return chatVersion.Version, nil
+		}
+
 	}
 
 	return "", errors.New("can't find higress latest version")

pkg/cmd/hgctl/install.go

@@ -52,6 +52,8 @@ type InstallArgs struct {
 	Set []string
 	// ManifestsPath is a path to a ManifestsPath and profiles directory in the local filesystem with a release tgz.
 	ManifestsPath string
+	// Devel if set true when version is latest, it will get latest version, otherwise it will get latest stable version
+	Devel bool
 }
 
 func (a *InstallArgs) String() string {
@@ -67,6 +69,7 @@ func addInstallFlags(cmd *cobra.Command, args *InstallArgs) {
 	cmd.PersistentFlags().StringSliceVarP(&args.InFilenames, "filename", "f", nil, filenameFlagHelpStr)
 	cmd.PersistentFlags().StringArrayVarP(&args.Set, "set", "s", nil, setFlagHelpStr)
 	cmd.PersistentFlags().StringVarP(&args.ManifestsPath, "manifests", "d", "", manifestsFlagHelpStr)
+	cmd.PersistentFlags().BoolVar(&args.Devel, "devel", false, "use development versions (alpha, beta, and release candidate releases), If version is set, this is ignored")
 }
 
 // --manifests is an alias for --set installPackagePath=
@@ -141,7 +144,7 @@ func install(writer io.Writer, iArgs *InstallArgs) error {
 		return err
 	}
 
-	err = installManifests(profile, writer)
+	err = installManifests(profile, writer, iArgs.Devel)
 	if err != nil {
 		return fmt.Errorf("failed to install manifests: %v", err)
 	}
@@ -192,8 +195,8 @@ func promptProfileName(writer io.Writer) string {
 
 }
 
-func installManifests(profile *helm.Profile, writer io.Writer) error {
-	installer, err := installer.NewInstaller(profile, writer, false)
+func installManifests(profile *helm.Profile, writer io.Writer, devel bool) error {
+	installer, err := installer.NewInstaller(profile, writer, false, devel, installer.InstallInstallerMode)
 	if err != nil {
 		return err
 	}

pkg/cmd/hgctl/installer/component.go

@@ -52,6 +52,8 @@ type ComponentOptions struct {
 	Quiet     bool
 	// Capabilities
 	Capabilities *chartutil.Capabilities
+	// devel
+	Devel bool
 }
 
 type ComponentOption func(*ComponentOptions)
@@ -98,6 +100,12 @@ func WithQuiet() ComponentOption {
 	}
 }
 
+func WithDevel(devel bool) ComponentOption {
+	return func(opts *ComponentOptions) {
+		opts.Devel = devel
+	}
+}
+
 func renderComponentManifest(spec any, renderer helm.Renderer, addOn bool, name ComponentName, namespace string) (string, error) {
 	var valsBytes []byte
 	var valsYaml string

pkg/cmd/hgctl/installer/higress.go

@@ -52,7 +52,7 @@ func (h *HigressComponent) Run() error {
 	// Parse latest version
 	if h.opts.Version == helm.RepoLatestVersion {
 
-		latestVersion, err := helm.ParseLatestVersion(h.opts.RepoURL, h.opts.Version)
+		latestVersion, err := helm.ParseLatestVersion(h.opts.RepoURL, h.opts.Version, h.opts.Devel)
 		if err != nil {
 			return err
 		}

pkg/cmd/hgctl/installer/installer.go

@@ -28,6 +28,8 @@ import (
 	"k8s.io/client-go/util/homedir"
 )
 
+type InstallerMode int32
+
 const (
 	HgctlHomeDirPath           = ".hgctl"
 	StandaloneInstalledPath    = "higress-standalone"
@@ -37,20 +39,26 @@ const (
 	DefaultIstioNamespace      = "istio-system"
 )
 
+const (
+	InstallInstallerMode InstallerMode = iota
+	UpgradeInstallerMode
+	UninstallInstallerMode
+)
+
 type Installer interface {
 	Install() error
 	UnInstall() error
 	Upgrade() error
 }
 
-func NewInstaller(profile *helm.Profile, writer io.Writer, quiet bool) (Installer, error) {
+func NewInstaller(profile *helm.Profile, writer io.Writer, quiet bool, devel bool, installerMode InstallerMode) (Installer, error) {
 	switch profile.Global.Install {
 	case helm.InstallK8s, helm.InstallLocalK8s:
 		cliClient, err := kubernetes.NewCLIClient(options.DefaultConfigFlags.ToRawKubeConfigLoader())
 		if err != nil {
 			return nil, fmt.Errorf("failed to build kubernetes client: %w", err)
 		}
-		installer, err := NewK8sInstaller(profile, cliClient, writer, quiet)
+		installer, err := NewK8sInstaller(profile, cliClient, writer, quiet, devel, installerMode)
 		return installer, err
 	case helm.InstallLocalDocker:
 		installer, err := NewDockerInstaller(profile, writer, quiet)

pkg/cmd/hgctl/installer/installer_k8s.go

@@ -254,7 +254,7 @@ func (o *K8sInstaller) isNamespacedObject(obj *object.K8sObject) bool {
 	return false
 }
 
-func NewK8sInstaller(profile *helm.Profile, cli kubernetes.CLIClient, writer io.Writer, quiet bool) (*K8sInstaller, error) {
+func NewK8sInstaller(profile *helm.Profile, cli kubernetes.CLIClient, writer io.Writer, quiet bool, devel bool, installerMode InstallerMode) (*K8sInstaller, error) {
 	if profile == nil {
 		return nil, errors.New("install profile is empty")
 	}
@@ -267,14 +267,20 @@ func NewK8sInstaller(profile *helm.Profile, cli kubernetes.CLIClient, writer io.
 	}
 	fmt.Fprintf(writer, "%s\n", capabilities.KubeVersion.Version)
 	// initialize components
+	higressVersion := profile.Charts.Higress.Version
+	if installerMode == UninstallInstallerMode {
+		// uninstall
+		higressVersion = profile.HigressVersion
+	}
 	components := make(map[ComponentName]Component)
 	opts := []ComponentOption{
 		WithComponentNamespace(profile.Global.Namespace),
 		WithComponentChartPath(profile.InstallPackagePath),
-		WithComponentVersion(profile.Charts.Higress.Version),
+		WithComponentVersion(higressVersion),
 		WithComponentRepoURL(profile.Charts.Higress.Url),
 		WithComponentChartName(profile.Charts.Higress.Name),
 		WithComponentCapabilities(capabilities),
+		WithDevel(devel),
 	}
 	if quiet {
 		opts = append(opts, WithQuiet())

pkg/cmd/hgctl/manifest.go

@@ -37,6 +37,8 @@ type ManifestArgs struct {
 	Set []string
 	// ManifestsPath is a path to a ManifestsPath and profiles directory in the local filesystem with a release tgz.
 	ManifestsPath string
+	// Devel if set true when version is latest, it will get latest version, otherwise it will get latest stable version
+	Devel bool
 }
 
 func (a *ManifestArgs) String() string {
@@ -70,6 +72,7 @@ func addManifestFlags(cmd *cobra.Command, args *ManifestArgs) {
 	cmd.PersistentFlags().StringSliceVarP(&args.InFilenames, "filename", "f", nil, filenameFlagHelpStr)
 	cmd.PersistentFlags().StringArrayVarP(&args.Set, "set", "s", nil, setFlagHelpStr)
 	cmd.PersistentFlags().StringVarP(&args.ManifestsPath, "manifests", "d", "", manifestsFlagHelpStr)
+	cmd.PersistentFlags().BoolVar(&args.Devel, "devel", false, "use development versions (alpha, beta, and release candidate releases), If version is set, this is ignored")
 }
 
 // newManifestGenerateCmd generates a higress install manifest and applies it to a cluster
@@ -113,20 +116,20 @@ func generate(writer io.Writer, iArgs *ManifestArgs) error {
 		return err
 	}
 
-	err = genManifests(profile, writer)
+	err = genManifests(profile, writer, iArgs.Devel)
 	if err != nil {
 		return fmt.Errorf("failed to install manifests: %v", err)
 	}
 	return nil
 }
 
-func genManifests(profile *helm.Profile, writer io.Writer) error {
+func genManifests(profile *helm.Profile, writer io.Writer, devel bool) error {
 	cliClient, err := kubernetes.NewCLIClient(options.DefaultConfigFlags.ToRawKubeConfigLoader())
 	if err != nil {
 		return fmt.Errorf("failed to build kubernetes client: %w", err)
 	}
 
-	op, err := installer.NewK8sInstaller(profile, cliClient, writer, true)
+	op, err := installer.NewK8sInstaller(profile, cliClient, writer, true, devel, installer.InstallInstallerMode)
 	if err != nil {
 		return err
 	}

pkg/cmd/hgctl/manifests/profiles/_all.yaml

@@ -10,15 +10,36 @@ console:
   port: 8080
   replicas: 1
   o11yEnabled: false
+  resources:
+    requests:
+      cpu: 250m
+      memory: 512Mi
+    limits:
+      cpu: 2000m
+      memory: 2048Mi
 
 gateway:
   replicas: 1
   httpPort: 80
   httpsPort: 443
   metricsPort: 15020
+  resources:
+    requests:
+      cpu: 2000m
+      memory: 2048Mi
+    limits:
+      cpu: 2000m
+      memory: 2048Mi
 
 controller:
   replicas: 1
+  resources:
+    requests:
+      cpu: 500m
+      memory: 2048Mi
+    limits:
+      cpu: 1000m
+      memory: 2048Mi
 
 storage:
   url: nacos://127.0.0.1:8848 #  file://opt/higress/conf

pkg/cmd/hgctl/manifests/profiles/k8s.yaml

@@ -9,12 +9,33 @@ global:
 console:
   replicas: 1
   o11yEnabled: false
+  resources:
+    requests:
+      cpu: 250m
+      memory: 512Mi
+    limits:
+      cpu: 2000m
+      memory: 2048Mi
 
 gateway:
   replicas: 2
+  resources:
+    requests:
+      cpu: 2000m
+      memory: 2048Mi
+    limits:
+      cpu: 2000m
+      memory: 2048Mi
 
 controller:
   replicas: 1
+  resources:
+    requests:
+      cpu: 500m
+      memory: 2048Mi
+    limits:
+      cpu: 1000m
+      memory: 2048Mi
 
 # values passed through to helm
 values:

pkg/cmd/hgctl/manifests/profiles/local-k8s.yaml

@@ -9,12 +9,33 @@ global:
 console:
   replicas: 1
   o11yEnabled: true
+  resources:
+    requests:
+      cpu: 250m
+      memory: 512Mi
+    limits:
+      cpu: 2000m
+      memory: 2048Mi
 
 gateway:
   replicas: 1
+  resources:
+    requests:
+      cpu: 2000m
+      memory: 2048Mi
+    limits:
+      cpu: 2000m
+      memory: 2048Mi
 
 controller:
   replicas: 1
+  resources:
+    requests:
+      cpu: 500m
+      memory: 2048Mi
+    limits:
+      cpu: 1000m
+      memory: 2048Mi
 
 # values passed through to helm
 values:

pkg/cmd/hgctl/plugin/types/model_parser.go

@@ -50,7 +50,7 @@ func IsObject(typ string) bool {
 
 var (
 	ErrInvalidModel     = errors.New("invalid model")
-	ErrInvalidFiledType = errors.New("invalid field type")
+	ErrInvalidFieldType = errors.New("invalid field type")
 )
 
 type ModelParser struct {
@@ -248,24 +248,24 @@ func (p *ModelParser) parseModelFields(model string) (fields []Model, err error)
 		if field.Tag != nil {
 			ignore, err := fd.setTag(field.Tag.Value)
 			if err != nil {
-				return nil, errors.Wrapf(err, "failed to parse tag %q of the field %q", fd.Tag, fd.Name)
+				return nil, errors.Wrapf(err, "failed to parse tag %q of the field %q", field.Tag, fd.Name)
 			}
 			if ignore {
 				continue
 			}
 		}
-		fd.Type, err = p.parseFiledType(pkgName, field.Type)
+		fd.Type, err = p.parseFieldType(pkgName, field.Type)
 		if err != nil {
-			return nil, err
+			return nil, errors.Wrapf(err, "failed to parse type %q of the field %q", field.Type, fd.Name)
 		}
 		if IsObject(fd.Type) {
 			subModel, err := p.getModelName(field.Type)
 			if err != nil {
-				return nil, err
+				return nil, errors.Wrapf(err, "failed to get the sub-model name of the field %q with type %q", fd.Name, field.Type)
 			}
 			fd.Fields, err = p.parseModelFields(subModel)
 			if err != nil {
-				return nil, err
+				return nil, errors.Wrapf(err, "failed to parse sub-model of the field %q with type %q", fd.Name, field.Type)
 			}
 		}
 		fields = append(fields, fd)
@@ -316,25 +316,25 @@ func (p *ModelParser) doGetModelName(pkgName string, typ ast.Expr) (string, erro
 	case *ast.SelectorExpr: // <pkg_name>.<field_name>
 		pkg, ok := t.X.(*ast.Ident)
 		if !ok {
-			return "", ErrInvalidFiledType
+			return "", ErrInvalidFieldType
 		}
 		pName := pkg.Name + "."
 		return p.doGetModelName(pName, t.Sel)
 	case *ast.Ident:
 		return pkgName + t.Name, nil
 	default:
-		return "", ErrInvalidFiledType
+		return "", ErrInvalidFieldType
 	}
 }
 
-func (p *ModelParser) parseFiledType(pkgName string, typ ast.Expr) (string, error) {
+func (p *ModelParser) parseFieldType(pkgName string, typ ast.Expr) (string, error) {
 	switch t := typ.(type) {
 	case *ast.StructType: // nested struct
 		return string(JsonTypeObject), nil
 	case *ast.StarExpr: // *int -> int
-		return p.parseFiledType(pkgName, t.X)
+		return p.parseFieldType(pkgName, t.X)
 	case *ast.ArrayType: // slice or array
-		ret, err := p.parseFiledType(pkgName, t.Elt)
+		ret, err := p.parseFieldType(pkgName, t.Elt)
 		if err != nil {
 			return "", err
 		}
@@ -342,22 +342,22 @@ func (p *ModelParser) parseFiledType(pkgName string, typ ast.Expr) (string, erro
 	case *ast.SelectorExpr: // <pkg_name>.<field_name>
 		pkg, ok := t.X.(*ast.Ident)
 		if !ok {
-			return "", ErrInvalidFiledType
+			return "", ErrInvalidFieldType
 		}
 		pName := pkg.Name + "."
-		return p.parseFiledType(pName, t.Sel)
+		return p.parseFieldType(pName, t.Sel)
 	case *ast.Ident:
 		fName := pkgName + t.Name
 		if _, ok := p.structs[fName]; ok {
 			return string(JsonTypeObject), nil
 		}
 		if alias, ok := p.alias[fName]; ok {
-			return p.parseFiledType(pkgName, alias.expr)
+			return p.parseFieldType(pkgName, alias.expr)
 		}
 		jsonType, err := convert2JsonType(t.Name)
 		return string(jsonType), err
 	default:
-		return "", ErrInvalidFiledType
+		return "", ErrInvalidFieldType
 	}
 }
 
@@ -375,7 +375,7 @@ func convert2JsonType(typ string) (JsonType, error) {
 	case "struct":
 		return JsonTypeObject, nil
 	default:
-		return "", ErrInvalidFiledType
+		return "", ErrInvalidFieldType
 	}
 }
 

pkg/cmd/hgctl/uninstall.go

@@ -126,7 +126,7 @@ func promptUninstall(writer io.Writer) bool {
 }
 
 func uninstallManifests(profile *helm.Profile, writer io.Writer, uiArgs *uninstallArgs) error {
-	installer, err := installer.NewInstaller(profile, writer, false)
+	installer, err := installer.NewInstaller(profile, writer, false, false, installer.UninstallInstallerMode)
 	if err != nil {
 		return err
 	}

pkg/cmd/hgctl/upgrade.go

@@ -37,6 +37,7 @@ func addUpgradeFlags(cmd *cobra.Command, args *upgradeArgs) {
 	cmd.PersistentFlags().StringSliceVarP(&args.InFilenames, "filename", "f", nil, filenameFlagHelpStr)
 	cmd.PersistentFlags().StringArrayVarP(&args.Set, "set", "s", nil, setFlagHelpStr)
 	cmd.PersistentFlags().StringVarP(&args.ManifestsPath, "manifests", "d", "", manifestsFlagHelpStr)
+	cmd.PersistentFlags().BoolVar(&args.Devel, "devel", false, "use development versions (alpha, beta, and release candidate releases), If version is set, this is ignored")
 }
 
 // newUpgradeCmd upgrades Istio control plane in-place with eligibility checks.
@@ -91,7 +92,7 @@ func upgrade(writer io.Writer, iArgs *InstallArgs) error {
 		return nil
 	}
 
-	err = upgradeManifests(profile, writer)
+	err = upgradeManifests(profile, writer, iArgs.Devel)
 	if err != nil {
 		return err
 	}
@@ -120,8 +121,8 @@ func promptUpgrade(writer io.Writer) bool {
 	}
 }
 
-func upgradeManifests(profile *helm.Profile, writer io.Writer) error {
-	installer, err := installer.NewInstaller(profile, writer, false)
+func upgradeManifests(profile *helm.Profile, writer io.Writer, devel bool) error {
+	installer, err := installer.NewInstaller(profile, writer, false, devel, installer.UpgradeInstallerMode)
 	if err != nil {
 		return err
 	}

pkg/cmd/server.go

@@ -112,6 +112,10 @@ func getServerCommand() *cobra.Command {
 
 	serveCmd.PersistentFlags().IntVar(&serverArgs.RegistryOptions.KubeOptions.KubernetesAPIBurst, "kubernetesApiBurst", 160,
 		"Maximum burst for throttle when communicating with the kubernetes API")
+	serveCmd.PersistentFlags().Uint32Var(&serverArgs.GatewayHttpPort, "gatewayHttpPort", 80,
+		"Http listening port of gateway pod")
+	serveCmd.PersistentFlags().Uint32Var(&serverArgs.GatewayHttpsPort, "gatewayHttpsPort", 443,
+		"Https listening port of gateway pod")
 
 	loggingOptions.AttachCobraFlags(serveCmd)
 	serverArgs.GrpcKeepAliveOptions.AttachCobraFlags(serveCmd)

pkg/ingress/config/ingress_config.go

@@ -19,6 +19,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"sort"
 	"strings"
 	"sync"
 
@@ -474,9 +475,6 @@ func (m *IngressConfig) convertVirtualService(configs []common.WrapperConfig) []
 		gateways := []string{m.namespace + "/" +
 			common.CreateConvertedName(m.clusterId, cleanHost),
 			common.CreateConvertedName(constants.IstioIngressGatewayName, cleanHost)}
-		if host != "*" {
-			gateways = append(gateways, m.namespace+"/"+common.CreateConvertedName(m.clusterId, common.CleanHost("*")))
-		}
 
 		wrapperVS, exist := convertOptions.VirtualServices[host]
 		if !exist {
@@ -673,6 +671,18 @@ func (m *IngressConfig) convertDestinationRule(configs []common.WrapperConfig) [
 
 	out := make([]config.Config, 0, len(destinationRules))
 	for _, dr := range destinationRules {
+		sort.SliceStable(dr.DestinationRule.TrafficPolicy.PortLevelSettings, func(i, j int) bool {
+			portI := dr.DestinationRule.TrafficPolicy.PortLevelSettings[i].Port
+			portJ := dr.DestinationRule.TrafficPolicy.PortLevelSettings[j].Port
+			if portI == nil && portJ == nil {
+				return true
+			} else if portI == nil {
+				return true
+			} else if portJ == nil {
+				return false
+			}
+			return portI.Number < portJ.Number
+		})
 		drName := util.CreateDestinationRuleName(m.clusterId, dr.ServiceKey.Namespace, dr.ServiceKey.Name)
 		out = append(out, config.Config{
 			Meta: config.Meta{
@@ -788,7 +798,9 @@ func (m *IngressConfig) convertIstioWasmPlugin(obj *higressext.WasmPlugin) (*ext
 		PluginConfig:    obj.PluginConfig,
 		PluginName:      obj.PluginName,
 		Phase:           extensions.PluginPhase(obj.Phase),
-		Priority:        obj.Priority,
+	}
+	if obj.GetPriority() != nil {
+		result.Priority = &types.Int64Value{Value: int64(obj.GetPriority().Value)}
 	}
 	if result.PluginConfig != nil {
 		return result, nil
@@ -809,7 +821,9 @@ func (m *IngressConfig) convertIstioWasmPlugin(obj *higressext.WasmPlugin) (*ext
 				continue
 			}
 			if rule.Config == nil {
-				return nil, errors.New("invalid rule has no config")
+				rule.Config = &types.Struct{
+					Fields: map[string]*types.Value{},
+				}
 			}
 			v := &types.Value_StructValue{
 				StructValue: rule.Config,

pkg/ingress/config/ingress_config_test.go

@@ -111,14 +111,18 @@ func TestNormalizeWeightedCluster(t *testing.T) {
 func TestConvertGatewaysForIngress(t *testing.T) {
 	fake := kube.NewFakeClient()
 	v1Beta1Options := common.Options{
-		Enable:       true,
-		ClusterId:    "ingress-v1beta1",
-		RawClusterId: "ingress-v1beta1__",
+		Enable:           true,
+		ClusterId:        "ingress-v1beta1",
+		RawClusterId:     "ingress-v1beta1__",
+		GatewayHttpPort:  80,
+		GatewayHttpsPort: 443,
 	}
 	v1Options := common.Options{
-		Enable:       true,
-		ClusterId:    "ingress-v1",
-		RawClusterId: "ingress-v1__",
+		Enable:           true,
+		ClusterId:        "ingress-v1",
+		RawClusterId:     "ingress-v1__",
+		GatewayHttpPort:  80,
+		GatewayHttpsPort: 443,
 	}
 	ingressV1Beta1Controller := controllerv1beta1.NewController(fake, fake, v1Beta1Options, nil)
 	ingressV1Controller := controllerv1.NewController(fake, fake, v1Options, nil)

pkg/ingress/config/kingress_config.go

@@ -314,9 +314,6 @@ func (m *KIngressConfig) convertVirtualService(configs []common.WrapperConfig) [
 		gateways := []string{m.namespace + "/" +
 			common.CreateConvertedName(m.clusterId, cleanHost),
 			common.CreateConvertedName(constants.IstioIngressGatewayName, cleanHost)}
-		if host != "*" {
-			gateways = append(gateways, m.namespace+"/"+common.CreateConvertedName(m.clusterId, common.CleanHost("*")))
-		}
 
 		wrapperVS, exist := convertOptions.VirtualServices[host]
 		if !exist {

pkg/ingress/kube/annotations/annotations.go

@@ -83,7 +83,7 @@ func (i *Ingress) NeedRegexMatch(path string) bool {
 	if i.Rewrite == nil {
 		return false
 	}
-	if strings.ContainsAny(path, `\.+*?()|[]{}^$`) {
+	if i.Rewrite.RewriteTarget != "" && strings.ContainsAny(path, `\.+*?()|[]{}^$`) {
 		return true
 	}
 	if strings.ContainsAny(i.Rewrite.RewriteTarget, `$\`) {

pkg/ingress/kube/annotations/annotations_test.go

@@ -67,6 +67,15 @@ func TestNeedRegexMatch(t *testing.T) {
 			inputPath: "/.*",
 			expect:    true,
 		},
+		{
+			input: &Ingress{
+				Rewrite: &RewriteConfig{
+					UseRegex: false,
+				},
+			},
+			inputPath: "/.",
+			expect:    false,
+		},
 		{
 			input: &Ingress{
 				Rewrite: &RewriteConfig{

pkg/ingress/kube/annotations/match.go

@@ -23,13 +23,14 @@ import (
 )
 
 const (
-	exact       = "exact"
-	regex       = "regex"
-	prefix      = "prefix"
-	MatchMethod = "match-method"
-	MatchQuery  = "match-query"
-	MatchHeader = "match-header"
-	sep         = " "
+	exact             = "exact"
+	regex             = "regex"
+	prefix            = "prefix"
+	MatchMethod       = "match-method"
+	MatchQuery        = "match-query"
+	MatchHeader       = "match-header"
+	MatchPseudoHeader = "match-pseudo-header"
+	sep               = " "
 )
 
 var (
@@ -56,6 +57,24 @@ func (m match) Parse(annotations Annotations, config *Ingress, _ *GlobalContext)
 		IngressLog.Errorf("parse headers error %v within ingress %s/%s", err, config.Namespace, config.Name)
 	}
 
+	var pseudoHeaderMatches map[string]map[string]string
+	if pseudoHeaderMatches, err = m.matchByHeaderOrQueryParma(annotations, MatchPseudoHeader, pseudoHeaderMatches); err != nil {
+		IngressLog.Errorf("parse headers error %v within ingress %s/%s", err, config.Namespace, config.Name)
+	}
+	if pseudoHeaderMatches != nil && len(pseudoHeaderMatches) > 0 {
+		if config.Match.Headers == nil {
+			config.Match.Headers = make(map[string]map[string]string)
+		}
+		for typ, mmap := range pseudoHeaderMatches {
+			if config.Match.Headers[typ] == nil {
+				config.Match.Headers[typ] = make(map[string]string)
+			}
+			for k, v := range mmap {
+				config.Match.Headers[typ][":"+k] = v
+			}
+		}
+	}
+
 	if config.Match.QueryParams, err = m.matchByHeaderOrQueryParma(annotations, MatchQuery, config.Match.QueryParams); err != nil {
 		IngressLog.Errorf("parse query params error %v within ingress %s/%s", err, config.Namespace, config.Name)
 	}

pkg/ingress/kube/annotations/match_test.go

@@ -15,6 +15,7 @@
 package annotations
 
 import (
+	"strings"
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
@@ -112,11 +113,47 @@ func TestMatch_ParseHeaders(t *testing.T) {
 				},
 			},
 		},
+		{
+			typ:   "exact",
+			key:   ":method",
+			value: "GET",
+			expect: map[string]map[string]string{
+				exact: {
+					":method": "GET",
+				},
+			},
+		},
+		{
+			typ:   "prefix",
+			key:   ":path",
+			value: "/foo",
+			expect: map[string]map[string]string{
+				prefix: {
+					":path": "/foo",
+				},
+			},
+		},
+		{
+			typ:   "regex",
+			key:   ":authority",
+			value: "test\\d+\\.com",
+			expect: map[string]map[string]string{
+				regex: {
+					":authority": "test\\d+\\.com",
+				},
+			},
+		},
 	}
 
 	for _, tt := range testCases {
 		t.Run("", func(t *testing.T) {
-			key := buildHigressAnnotationKey(tt.typ + "-" + MatchHeader + "-" + tt.key)
+			matchKeyword := MatchHeader
+			headerKey := tt.key
+			if strings.HasPrefix(headerKey, ":") {
+				headerKey = strings.TrimPrefix(headerKey, ":")
+				matchKeyword = MatchPseudoHeader
+			}
+			key := buildHigressAnnotationKey(tt.typ + "-" + matchKeyword + "-" + headerKey)
 			input := Annotations{key: tt.value}
 			config := &Ingress{}
 			_ = parser.Parse(input, config, nil)

pkg/ingress/kube/annotations/upstreamtls.go

@@ -65,7 +65,12 @@ func (u upstreamTLS) Parse(annotations Annotations, config *Ingress, _ *GlobalCo
 	}
 
 	defer func() {
-		config.UpstreamTLS = upstreamTLSConfig
+		if upstreamTLSConfig.BackendProtocol == defaultBackendProtocol {
+			// no need destination rule when use HTTP protocol
+			config.UpstreamTLS = nil
+		} else {
+			config.UpstreamTLS = upstreamTLSConfig
+		}
 	}()
 
 	if proto, err := annotations.ParseStringASAP(backendProtocol); err == nil {

pkg/ingress/kube/annotations/upstreamtls_test.go

@@ -33,6 +33,12 @@ func TestUpstreamTLSParse(t *testing.T) {
 			input:  Annotations{},
 			expect: nil,
 		},
+		{
+			input: Annotations{
+				buildNginxAnnotationKey(backendProtocol): "HTTP",
+			},
+			expect: nil,
+		},
 		{
 			input: Annotations{
 				buildNginxAnnotationKey(proxySSLSecret):     "",

pkg/ingress/kube/common/model.go

@@ -105,6 +105,8 @@ type Options struct {
 	SystemNamespace      string
 	GatewaySelectorKey   string
 	GatewaySelectorValue string
+	GatewayHttpPort      uint32
+	GatewayHttpsPort     uint32
 }
 
 type BasicAuthRules struct {

pkg/ingress/kube/common/tool.go

@@ -36,7 +36,6 @@ func ValidateBackendResource(resource *v1.TypedLocalObjectReference) bool {
 	if resource == nil || resource.APIGroup == nil ||
 		*resource.APIGroup != netv1.SchemeGroupVersion.Group ||
 		resource.Kind != "McpBridge" || resource.Name != "default" {
-		IngressLog.Warnf("invalid mcpbridge resource: %v", resource)
 		return false
 	}
 	return true
@@ -49,13 +48,15 @@ func V1Available(client kube.Client) bool {
 
 	serverVersion, err := client.GetKubernetesVersion()
 	if err != nil {
-		return false
+		// Consider the new ingress package is available as default
+		return true
 	}
 
 	runningVersion, err := version.ParseGeneric(serverVersion.String())
 	if err != nil {
+		// Consider the new ingress package is available as default
 		IngressLog.Errorf("unexpected error parsing running Kubernetes version: %v", err)
-		return false
+		return true
 	}
 
 	return runningVersion.AtLeast(version119)

pkg/ingress/kube/configmap/config.go

@@ -37,6 +37,7 @@ type HigressConfig struct {
 	Tracing              *Tracing    `json:"tracing,omitempty"`
 	Gzip                 *Gzip       `json:"gzip,omitempty"`
 	Downstream           *Downstream `json:"downstream,omitempty"`
+	Upstream             *Upstream   `json:"upstream,omitempty"`
 	DisableXEnvoyHeaders bool        `json:"disableXEnvoyHeaders,omitempty"`
 	AddXRealIpHeader     bool        `json:"addXRealIpHeader,omitempty"`
 }
@@ -47,6 +48,7 @@ func NewDefaultHigressConfig() *HigressConfig {
 		Tracing:              NewDefaultTracing(),
 		Gzip:                 NewDefaultGzip(),
 		Downstream:           globalOption.Downstream,
+		Upstream:             globalOption.Upstream,
 		DisableXEnvoyHeaders: globalOption.DisableXEnvoyHeaders,
 		AddXRealIpHeader:     globalOption.AddXRealIpHeader,
 	}

pkg/ingress/kube/configmap/global.go

@@ -15,7 +15,6 @@
 package configmap
 
 import (
-	"encoding/json"
 	"fmt"
 	"reflect"
 	"sync/atomic"
@@ -38,19 +37,23 @@ const (
 	minInitialConnectionWindowSize = 65535
 	maxInitialConnectionWindowSize = 2147483647
 
-	defaultIdleTimeout                 = 180
-	defaultMaxRequestHeadersKb         = 60
-	defaultConnectionBufferLimits      = 32768
-	defaultMaxConcurrentStreams        = 100
-	defaultInitialStreamWindowSize     = 65535
-	defaultInitialConnectionWindowSize = 1048576
-	defaultAddXRealIpHeader            = false
-	defaultDisableXEnvoyHeaders        = false
+	defaultIdleTimeout                    = 180
+	defaultRouteTimeout                   = 0
+	defaultUpStreamIdleTimeout            = 10
+	defaultUpStreamConnectionBufferLimits = 10485760
+	defaultMaxRequestHeadersKb            = 60
+	defaultConnectionBufferLimits         = 32768
+	defaultMaxConcurrentStreams           = 100
+	defaultInitialStreamWindowSize        = 65535
+	defaultInitialConnectionWindowSize    = 1048576
+	defaultAddXRealIpHeader               = false
+	defaultDisableXEnvoyHeaders           = false
 )
 
 // Global configures the behavior of the downstream connection, x-real-ip header and x-envoy headers.
 type Global struct {
 	Downstream           *Downstream `json:"downstream,omitempty"`
+	Upstream             *Upstream   `json:"upstream,omitempty"`
 	AddXRealIpHeader     bool        `json:"addXRealIpHeader,omitempty"`
 	DisableXEnvoyHeaders bool        `json:"disableXEnvoyHeaders,omitempty"`
 }
@@ -58,13 +61,23 @@ type Global struct {
 // Downstream configures the behavior of the downstream connection.
 type Downstream struct {
 	// IdleTimeout limits the time that a connection may be idle and stream idle.
-	IdleTimeout uint32 `json:"idleTimeout,omitempty"`
+	IdleTimeout uint32 `json:"idleTimeout"`
 	// MaxRequestHeadersKb limits the size of request headers allowed.
 	MaxRequestHeadersKb uint32 `json:"maxRequestHeadersKb,omitempty"`
 	// ConnectionBufferLimits configures the buffer size limits for connections.
 	ConnectionBufferLimits uint32 `json:"connectionBufferLimits,omitempty"`
 	// Http2 configures HTTP/2 specific options.
 	Http2 *Http2 `json:"http2,omitempty"`
+	//RouteTimeout limits the time that timeout for the route.
+	RouteTimeout uint32 `json:"routeTimeout"`
+}
+
+// Upstream configures the behavior of the upstream connection.
+type Upstream struct {
+	// IdleTimeout limits the time that a connection may be idle on the upstream.
+	IdleTimeout uint32 `json:"idleTimeout"`
+	// ConnectionBufferLimits configures the buffer size limits for connections.
+	ConnectionBufferLimits uint32 `json:"connectionBufferLimits,omitempty"`
 }
 
 // Http2 configures HTTP/2 specific options.
@@ -125,7 +138,7 @@ func compareGlobal(old *Global, new *Global) (Result, error) {
 		return ResultDelete, nil
 	}
 
-	if new.Downstream == nil && !new.AddXRealIpHeader && !new.DisableXEnvoyHeaders {
+	if new.Downstream == nil && new.Upstream == nil && !new.AddXRealIpHeader && !new.DisableXEnvoyHeaders {
 		return ResultDelete, nil
 	}
 
@@ -139,18 +152,31 @@ func compareGlobal(old *Global, new *Global) (Result, error) {
 // deepCopyGlobal deep copies the global option.
 func deepCopyGlobal(global *Global) (*Global, error) {
 	newGlobal := NewDefaultGlobalOption()
-	bytes, err := json.Marshal(global)
-	if err != nil {
-		return nil, err
+	if global.Downstream != nil {
+		newGlobal.Downstream.IdleTimeout = global.Downstream.IdleTimeout
+		newGlobal.Downstream.MaxRequestHeadersKb = global.Downstream.MaxRequestHeadersKb
+		newGlobal.Downstream.ConnectionBufferLimits = global.Downstream.ConnectionBufferLimits
+		if global.Downstream.Http2 != nil {
+			newGlobal.Downstream.Http2.MaxConcurrentStreams = global.Downstream.Http2.MaxConcurrentStreams
+			newGlobal.Downstream.Http2.InitialStreamWindowSize = global.Downstream.Http2.InitialStreamWindowSize
+			newGlobal.Downstream.Http2.InitialConnectionWindowSize = global.Downstream.Http2.InitialConnectionWindowSize
+		}
+		newGlobal.Downstream.RouteTimeout = global.Downstream.RouteTimeout
 	}
-	err = json.Unmarshal(bytes, newGlobal)
-	return newGlobal, err
+	if global.Upstream != nil {
+		newGlobal.Upstream.IdleTimeout = global.Upstream.IdleTimeout
+		newGlobal.Upstream.ConnectionBufferLimits = global.Upstream.ConnectionBufferLimits
+	}
+	newGlobal.AddXRealIpHeader = global.AddXRealIpHeader
+	newGlobal.DisableXEnvoyHeaders = global.DisableXEnvoyHeaders
+	return newGlobal, nil
 }
 
 // NewDefaultGlobalOption returns a default global config.
 func NewDefaultGlobalOption() *Global {
 	return &Global{
 		Downstream:           NewDefaultDownstream(),
+		Upstream:             NewDefaultUpStream(),
 		AddXRealIpHeader:     defaultAddXRealIpHeader,
 		DisableXEnvoyHeaders: defaultDisableXEnvoyHeaders,
 	}
@@ -163,6 +189,15 @@ func NewDefaultDownstream() *Downstream {
 		MaxRequestHeadersKb:    defaultMaxRequestHeadersKb,
 		ConnectionBufferLimits: defaultConnectionBufferLimits,
 		Http2:                  NewDefaultHttp2(),
+		RouteTimeout:           defaultRouteTimeout,
+	}
+}
+
+// NewDefaultUpStream returns a default upstream config.
+func NewDefaultUpStream() *Upstream {
+	return &Upstream{
+		IdleTimeout:            defaultUpStreamIdleTimeout,
+		ConnectionBufferLimits: defaultUpStreamConnectionBufferLimits,
 	}
 }
 
@@ -215,12 +250,14 @@ func (g *GlobalOptionController) GetName() string {
 func (g *GlobalOptionController) AddOrUpdateHigressConfig(name util.ClusterNamespacedName, old *HigressConfig, new *HigressConfig) error {
 	newGlobal := &Global{
 		Downstream:           new.Downstream,
+		Upstream:             new.Upstream,
 		AddXRealIpHeader:     new.AddXRealIpHeader,
 		DisableXEnvoyHeaders: new.DisableXEnvoyHeaders,
 	}
 
 	oldGlobal := &Global{
 		Downstream:           old.Downstream,
+		Upstream:             old.Upstream,
 		AddXRealIpHeader:     old.AddXRealIpHeader,
 		DisableXEnvoyHeaders: old.DisableXEnvoyHeaders,
 	}
@@ -264,6 +301,7 @@ func (g *GlobalOptionController) ValidHigressConfig(higressConfig *HigressConfig
 
 	global := &Global{
 		Downstream:           higressConfig.Downstream,
+		Upstream:             higressConfig.Upstream,
 		AddXRealIpHeader:     higressConfig.AddXRealIpHeader,
 		DisableXEnvoyHeaders: higressConfig.DisableXEnvoyHeaders,
 	}
@@ -275,8 +313,7 @@ func (g *GlobalOptionController) ConstructEnvoyFilters() ([]*config.Config, erro
 	configPatch := make([]*networking.EnvoyFilter_EnvoyConfigObjectPatch, 0)
 	global := g.GetGlobal()
 	if global == nil {
-		configs := make([]*config.Config, 0)
-		return configs, nil
+		return []*config.Config{}, nil
 	}
 
 	namespace := g.Namespace
@@ -293,18 +330,28 @@ func (g *GlobalOptionController) ConstructEnvoyFilters() ([]*config.Config, erro
 		configPatch = append(configPatch, disableXEnvoyHeadersConfig...)
 	}
 
-	if global.Downstream == nil {
-		return generateEnvoyFilter(namespace, configPatch), nil
+	if global.Downstream != nil {
+		downstreamStruct := g.constructDownstream(global.Downstream)
+		bufferLimitStruct := g.constructBufferLimit(global.Downstream)
+		routeTimeoutStruct := g.constructRouteTimeout(global.Downstream)
+		downstreamConfig := g.generateDownstreamEnvoyFilter(downstreamStruct, bufferLimitStruct, routeTimeoutStruct, namespace)
+		if downstreamConfig != nil {
+			configPatch = append(configPatch, downstreamConfig...)
+		}
 	}
 
-	downstreamStruct := g.constructDownstream(global.Downstream)
-	bufferLimitStruct := g.constructBufferLimit(global.Downstream)
-	if len(downstreamStruct) == 0 && len(bufferLimitStruct) == 0 {
-		return generateEnvoyFilter(namespace, configPatch), nil
+	if global.Upstream != nil {
+		upstreamStruct := g.constructUpstream(global.Upstream)
+		bufferLimitStruct := g.constructUpstreamBufferLimit(global.Upstream)
+		upstreamConfig := g.generateUpstreamEnvoyFilter(upstreamStruct, bufferLimitStruct, namespace)
+		if upstreamConfig != nil {
+			configPatch = append(configPatch, upstreamConfig...)
+		}
 	}
 
-	downstreamConfig := g.generateDownstreamEnvoyFilter(downstreamStruct, bufferLimitStruct, namespace)
-	configPatch = append(configPatch, downstreamConfig...)
+	if len(configPatch) == 0 {
+		return []*config.Config{}, nil
+	}
 
 	return generateEnvoyFilter(namespace, configPatch), nil
 }
@@ -330,9 +377,11 @@ func (g *GlobalOptionController) RegisterItemEventHandler(eventHandler ItemEvent
 }
 
 // generateDownstreamEnvoyFilter generates the downstream envoy filter.
-func (g *GlobalOptionController) generateDownstreamEnvoyFilter(downstreamValueStruct string, bufferLimitStruct string, namespace string) []*networking.EnvoyFilter_EnvoyConfigObjectPatch {
-	downstreamConfig := []*networking.EnvoyFilter_EnvoyConfigObjectPatch{
-		{
+func (g *GlobalOptionController) generateDownstreamEnvoyFilter(downstreamValueStruct string, bufferLimitStruct string, routeTimeoutStruct string, namespace string) []*networking.EnvoyFilter_EnvoyConfigObjectPatch {
+	var downstreamConfig []*networking.EnvoyFilter_EnvoyConfigObjectPatch
+
+	if len(downstreamValueStruct) != 0 {
+		downstreamConfig = append(downstreamConfig, &networking.EnvoyFilter_EnvoyConfigObjectPatch{
 			ApplyTo: networking.EnvoyFilter_NETWORK_FILTER,
 			Match: &networking.EnvoyFilter_EnvoyConfigObjectMatch{
 				Context: networking.EnvoyFilter_GATEWAY,
@@ -350,8 +399,11 @@ func (g *GlobalOptionController) generateDownstreamEnvoyFilter(downstreamValueSt
 				Operation: networking.EnvoyFilter_Patch_MERGE,
 				Value:     util.BuildPatchStruct(downstreamValueStruct),
 			},
-		},
-		{
+		})
+	}
+
+	if len(bufferLimitStruct) != 0 {
+		downstreamConfig = append(downstreamConfig, &networking.EnvoyFilter_EnvoyConfigObjectPatch{
 			ApplyTo: networking.EnvoyFilter_LISTENER,
 			Match: &networking.EnvoyFilter_EnvoyConfigObjectMatch{
 				Context: networking.EnvoyFilter_GATEWAY,
@@ -360,11 +412,66 @@ func (g *GlobalOptionController) generateDownstreamEnvoyFilter(downstreamValueSt
 				Operation: networking.EnvoyFilter_Patch_MERGE,
 				Value:     util.BuildPatchStruct(bufferLimitStruct),
 			},
-		},
+		})
 	}
+
+	if len(routeTimeoutStruct) != 0 {
+		downstreamConfig = append(downstreamConfig, &networking.EnvoyFilter_EnvoyConfigObjectPatch{
+			ApplyTo: networking.EnvoyFilter_HTTP_ROUTE,
+			Match: &networking.EnvoyFilter_EnvoyConfigObjectMatch{
+				Context: networking.EnvoyFilter_GATEWAY,
+				ObjectTypes: &networking.EnvoyFilter_EnvoyConfigObjectMatch_RouteConfiguration{
+					RouteConfiguration: &networking.EnvoyFilter_RouteConfigurationMatch{
+						Vhost: &networking.EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch{
+							Route: &networking.EnvoyFilter_RouteConfigurationMatch_RouteMatch{
+								Action: networking.EnvoyFilter_RouteConfigurationMatch_RouteMatch_ROUTE,
+							},
+						},
+					},
+				},
+			},
+			Patch: &networking.EnvoyFilter_Patch{
+				Operation: networking.EnvoyFilter_Patch_MERGE,
+				Value:     util.BuildPatchStruct(routeTimeoutStruct),
+			},
+		})
+	}
+
 	return downstreamConfig
 }
 
+func (g *GlobalOptionController) generateUpstreamEnvoyFilter(upstreamValueStruct string, bufferLimit string, namespace string) []*networking.EnvoyFilter_EnvoyConfigObjectPatch {
+	var upstreamConfig []*networking.EnvoyFilter_EnvoyConfigObjectPatch
+
+	if len(upstreamValueStruct) != 0 {
+		upstreamConfig = append(upstreamConfig, &networking.EnvoyFilter_EnvoyConfigObjectPatch{
+			ApplyTo: networking.EnvoyFilter_CLUSTER,
+			Match: &networking.EnvoyFilter_EnvoyConfigObjectMatch{
+				Context: networking.EnvoyFilter_GATEWAY,
+			},
+			Patch: &networking.EnvoyFilter_Patch{
+				Operation: networking.EnvoyFilter_Patch_MERGE,
+				Value:     util.BuildPatchStruct(upstreamValueStruct),
+			},
+		})
+	}
+
+	if len(bufferLimit) != 0 {
+		upstreamConfig = append(upstreamConfig, &networking.EnvoyFilter_EnvoyConfigObjectPatch{
+			ApplyTo: networking.EnvoyFilter_CLUSTER,
+			Match: &networking.EnvoyFilter_EnvoyConfigObjectMatch{
+				Context: networking.EnvoyFilter_GATEWAY,
+			},
+			Patch: &networking.EnvoyFilter_Patch{
+				Operation: networking.EnvoyFilter_Patch_MERGE,
+				Value:     util.BuildPatchStruct(bufferLimit),
+			},
+		})
+	}
+
+	return upstreamConfig
+}
+
 // generateAddXRealIpHeaderEnvoyFilter generates the add x-real-ip header envoy filter.
 func (g *GlobalOptionController) generateAddXRealIpHeaderEnvoyFilter(addXRealIpHeaderStruct string, namespace string) []*networking.EnvoyFilter_EnvoyConfigObjectPatch {
 	addXRealIpHeaderConfig := []*networking.EnvoyFilter_EnvoyConfigObjectPatch{
@@ -460,6 +567,32 @@ func (g *GlobalOptionController) constructDownstream(downstream *Downstream) str
 	return downstreamConfig
 }
 
+// constructUpstream constructs the upstream config.
+func (g *GlobalOptionController) constructUpstream(upstream *Upstream) string {
+	upstreamConfig := ""
+	idleTimeout := upstream.IdleTimeout
+
+	upstreamConfig = fmt.Sprintf(`
+		{
+			"common_http_protocol_options": {
+					"idleTimeout": "%ds"
+            }
+		}
+`, idleTimeout)
+
+	return upstreamConfig
+}
+
+// constructUpstreamBufferLimit constructs the upstream buffer limit config.
+func (g *GlobalOptionController) constructUpstreamBufferLimit(upstream *Upstream) string {
+	upstreamBufferLimitStruct := fmt.Sprintf(`
+		{
+			"per_connection_buffer_limit_bytes": %d
+		}
+	`, upstream.ConnectionBufferLimits)
+	return upstreamBufferLimitStruct
+}
+
 // constructAddXRealIpHeader constructs the add x-real-ip header config.
 func (g *GlobalOptionController) constructAddXRealIpHeader() string {
 	addXRealIpHeaderStruct := fmt.Sprintf(`
@@ -500,3 +633,14 @@ func (g *GlobalOptionController) constructBufferLimit(downstream *Downstream) st
 		}
 	`, downstream.ConnectionBufferLimits)
 }
+
+// constructRouteTimeout constructs the route timeout config.
+func (g *GlobalOptionController) constructRouteTimeout(downstream *Downstream) string {
+	return fmt.Sprintf(`
+	{
+		"route": {
+			"timeout": "%ds"
+		}
+	}
+	`, downstream.RouteTimeout)
+}

pkg/ingress/kube/configmap/global_test.go

@@ -41,6 +41,7 @@ func Test_validGlobal(t *testing.T) {
 			name: "downstream nil",
 			global: &Global{
 				Downstream:           nil,
+				Upstream:             NewDefaultUpStream(),
 				AddXRealIpHeader:     true,
 				DisableXEnvoyHeaders: true,
 			},
@@ -131,35 +132,27 @@ func Test_deepCopyGlobal(t *testing.T) {
 			name: "deep copy 2",
 			global: &Global{
 				Downstream: &Downstream{
-					IdleTimeout:            1,
+					IdleTimeout:            0,
 					MaxRequestHeadersKb:    9600,
 					ConnectionBufferLimits: 4096,
 					Http2:                  NewDefaultHttp2(),
 				},
+				Upstream: &Upstream{
+					IdleTimeout: 10,
+				},
 				AddXRealIpHeader:     true,
 				DisableXEnvoyHeaders: true,
 			},
 			want: &Global{
 				Downstream: &Downstream{
-					IdleTimeout:            1,
+					IdleTimeout:            0,
 					MaxRequestHeadersKb:    9600,
 					ConnectionBufferLimits: 4096,
 					Http2:                  NewDefaultHttp2(),
 				},
-				AddXRealIpHeader:     true,
-				DisableXEnvoyHeaders: true,
-			},
-			wantErr: nil,
-		},
-		{
-			name: "deep copy 3",
-			global: &Global{
-				Downstream:           &Downstream{},
-				AddXRealIpHeader:     true,
-				DisableXEnvoyHeaders: true,
-			},
-			want: &Global{
-				Downstream:           NewDefaultDownstream(),
+				Upstream: &Upstream{
+					IdleTimeout: 10,
+				},
 				AddXRealIpHeader:     true,
 				DisableXEnvoyHeaders: true,
 			},
@@ -203,7 +196,13 @@ func Test_AddOrUpdateHigressConfig(t *testing.T) {
 			old:  NewDefaultHigressConfig(),
 			new: &HigressConfig{
 				Downstream: &Downstream{
-					IdleTimeout: 1,
+					IdleTimeout:            1,
+					MaxRequestHeadersKb:    defaultMaxRequestHeadersKb,
+					ConnectionBufferLimits: defaultConnectionBufferLimits,
+					Http2:                  NewDefaultHttp2(),
+				},
+				Upstream: &Upstream{
+					IdleTimeout: 10,
 				},
 				AddXRealIpHeader:     true,
 				DisableXEnvoyHeaders: true,
@@ -217,6 +216,9 @@ func Test_AddOrUpdateHigressConfig(t *testing.T) {
 					ConnectionBufferLimits: defaultConnectionBufferLimits,
 					Http2:                  NewDefaultHttp2(),
 				},
+				Upstream: &Upstream{
+					IdleTimeout: 10,
+				},
 				AddXRealIpHeader:     true,
 				DisableXEnvoyHeaders: true,
 			},
@@ -225,6 +227,7 @@ func Test_AddOrUpdateHigressConfig(t *testing.T) {
 			name: "delete and push",
 			old: &HigressConfig{
 				Downstream:           NewDefaultDownstream(),
+				Upstream:             NewDefaultUpStream(),
 				AddXRealIpHeader:     defaultAddXRealIpHeader,
 				DisableXEnvoyHeaders: defaultDisableXEnvoyHeaders,
 			},
@@ -233,6 +236,7 @@ func Test_AddOrUpdateHigressConfig(t *testing.T) {
 			wantEventPush: "push",
 			wantGlobal: &Global{
 				Downstream:           NewDefaultDownstream(),
+				Upstream:             NewDefaultUpStream(),
 				AddXRealIpHeader:     defaultAddXRealIpHeader,
 				DisableXEnvoyHeaders: defaultDisableXEnvoyHeaders,
 			},

pkg/ingress/kube/ingress/controller.go

@@ -1279,8 +1279,10 @@ func createRuleKey(annots map[string]string, hostAndPath string) string {
 		if idx := strings.Index(k, annotations.MatchHeader); idx != -1 {
 			key := k[start:idx] + k[idx+len(annotations.MatchHeader)+1:]
 			headers = append(headers, [2]string{key, val})
-		}
-		if idx := strings.Index(k, annotations.MatchQuery); idx != -1 {
+		} else if idx := strings.Index(k, annotations.MatchPseudoHeader); idx != -1 {
+			key := k[start:idx] + ":" + k[idx+len(annotations.MatchPseudoHeader)+1:]
+			headers = append(headers, [2]string{key, val})
+		} else if idx := strings.Index(k, annotations.MatchQuery); idx != -1 {
 			key := k[start:idx] + k[idx+len(annotations.MatchQuery)+1:]
 			params = append(params, [2]string{key, val})
 		}

pkg/ingress/kube/ingress/controller_test.go

@@ -1302,15 +1302,18 @@ func TestCreateRuleKey(t *testing.T) {
 	}
 
 	annots := annotations.Annotations{
-		buildHigressAnnotationKey(annotations.MatchMethod):                         "GET PUT",
-		buildHigressAnnotationKey("exact-" + annotations.MatchHeader + "-abc"):     "123",
-		buildHigressAnnotationKey("prefix-" + annotations.MatchHeader + "-def"):    "456",
-		buildHigressAnnotationKey("exact-" + annotations.MatchQuery + "-region"):   "beijing",
-		buildHigressAnnotationKey("prefix-" + annotations.MatchQuery + "-user-id"): "user-",
+		buildHigressAnnotationKey(annotations.MatchMethod):                                 "GET PUT",
+		buildHigressAnnotationKey("exact-" + annotations.MatchHeader + "-abc"):             "123",
+		buildHigressAnnotationKey("prefix-" + annotations.MatchHeader + "-def"):            "456",
+		buildHigressAnnotationKey("exact-" + annotations.MatchPseudoHeader + "-authority"): "foo.bar.com",
+		buildHigressAnnotationKey("prefix-" + annotations.MatchPseudoHeader + "-scheme"):   "htt",
+		buildHigressAnnotationKey("exact-" + annotations.MatchQuery + "-region"):           "beijing",
+		buildHigressAnnotationKey("prefix-" + annotations.MatchQuery + "-user-id"):         "user-",
 	}
 	expect := "higress.com-prefix-/foo" + sep + //host-pathType-path
 		"GET PUT" + sep + // method
-		"exact-abc\t123" + "\n" + "prefix-def\t456" + sep + // header
+		"exact-:authority\tfoo.bar.com" + "\n" + "exact-abc\t123" + "\n" +
+		"prefix-:scheme\thtt" + "\n" + "prefix-def\t456" + sep + // header
 		"exact-region\tbeijing" + "\n" + "prefix-user-id\tuser-" + sep // params
 
 	key := createRuleKey(annots, wrapperHttpRoute.PathFormat())

pkg/ingress/kube/ingressv1/controller.go

@@ -20,6 +20,7 @@ import (
 	"path"
 	"reflect"
 	"sort"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -357,6 +358,7 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 		return fmt.Errorf("invalid ingress rule %s:%s in cluster %s, either `defaultBackend` or `rules` must be specified", cfg.Namespace, cfg.Name, c.options.ClusterId)
 	}
 
+
 	for _, rule := range ingressV1.Rules {
 		// Need create builder for every rule.
 		domainBuilder := &common.IngressDomainBuilder{
@@ -383,9 +385,9 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 			}
 			wrapperGateway.Gateway.Servers = append(wrapperGateway.Gateway.Servers, &networking.Server{
 				Port: &networking.Port{
-					Number:   80,
+					Number:   c.options.GatewayHttpPort,
 					Protocol: string(protocol.HTTP),
-					Name:     common.CreateConvertedName("http-80-ingress", c.options.ClusterId),
+					Name:     common.CreateConvertedName("http-"+strconv.FormatUint(uint64(c.options.GatewayHttpPort), 10)+"-ingress", c.options.ClusterId),
 				},
 				Hosts: []string{rule.Host},
 			})
@@ -428,9 +430,9 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 		// Append https server
 		wrapperGateway.Gateway.Servers = append(wrapperGateway.Gateway.Servers, &networking.Server{
 			Port: &networking.Port{
-				Number:   443,
+				Number:   uint32(c.options.GatewayHttpsPort),
 				Protocol: string(protocol.HTTPS),
-				Name:     common.CreateConvertedName("https-443-ingress", c.options.ClusterId),
+				Name:     common.CreateConvertedName("https-"+strconv.FormatUint(uint64(c.options.GatewayHttpsPort), 10)+"-ingress", c.options.ClusterId),
 			},
 			Hosts: []string{rule.Host},
 			Tls: &networking.ServerTLSSettings{
@@ -1226,8 +1228,10 @@ func createRuleKey(annots map[string]string, hostAndPath string) string {
 		if idx := strings.Index(k, annotations.MatchHeader); idx != -1 {
 			key := k[start:idx] + k[idx+len(annotations.MatchHeader)+1:]
 			headers = append(headers, [2]string{key, val})
-		}
-		if idx := strings.Index(k, annotations.MatchQuery); idx != -1 {
+		} else if idx := strings.Index(k, annotations.MatchPseudoHeader); idx != -1 {
+			key := k[start:idx] + ":" + k[idx+len(annotations.MatchPseudoHeader)+1:]
+			headers = append(headers, [2]string{key, val})
+		} else if idx := strings.Index(k, annotations.MatchQuery); idx != -1 {
 			key := k[start:idx] + k[idx+len(annotations.MatchQuery)+1:]
 			params = append(params, [2]string{key, val})
 		}

pkg/ingress/kube/kingress/controller.go

@@ -699,8 +699,10 @@ func createRuleKey(annots map[string]string, hostAndPath string) string {
 		if idx := strings.Index(k, annotations.MatchHeader); idx != -1 {
 			key := k[start:idx] + k[idx+len(annotations.MatchHeader)+1:]
 			headers = append(headers, [2]string{key, val})
-		}
-		if idx := strings.Index(k, annotations.MatchQuery); idx != -1 {
+		} else if idx := strings.Index(k, annotations.MatchPseudoHeader); idx != -1 {
+			key := k[start:idx] + ":" + k[idx+len(annotations.MatchPseudoHeader)+1:]
+			headers = append(headers, [2]string{key, val})
+		} else if idx := strings.Index(k, annotations.MatchQuery); idx != -1 {
 			key := k[start:idx] + k[idx+len(annotations.MatchQuery)+1:]
 			params = append(params, [2]string{key, val})
 		}

pkg/ingress/kube/kingress/controller_test.go

@@ -581,15 +581,18 @@ func TestCreateRuleKey(t *testing.T) {
 	}
 
 	annots := annotations.Annotations{
-		buildHigressAnnotationKey(annotations.MatchMethod):                         "GET PUT",
-		buildHigressAnnotationKey("exact-" + annotations.MatchHeader + "-abc"):     "123",
-		buildHigressAnnotationKey("prefix-" + annotations.MatchHeader + "-def"):    "456",
-		buildHigressAnnotationKey("exact-" + annotations.MatchQuery + "-region"):   "beijing",
-		buildHigressAnnotationKey("prefix-" + annotations.MatchQuery + "-user-id"): "user-",
+		buildHigressAnnotationKey(annotations.MatchMethod):                                 "GET PUT",
+		buildHigressAnnotationKey("exact-" + annotations.MatchHeader + "-abc"):             "123",
+		buildHigressAnnotationKey("prefix-" + annotations.MatchHeader + "-def"):            "456",
+		buildHigressAnnotationKey("exact-" + annotations.MatchPseudoHeader + "-authority"): "foo.bar.com",
+		buildHigressAnnotationKey("prefix-" + annotations.MatchPseudoHeader + "-scheme"):   "htt",
+		buildHigressAnnotationKey("exact-" + annotations.MatchQuery + "-region"):           "beijing",
+		buildHigressAnnotationKey("prefix-" + annotations.MatchQuery + "-user-id"):         "user-",
 	}
 	expect := "higress.com-prefix-/foo" + sep + //host-pathType-path
 		"GET PUT" + sep + // method
-		"exact-abc\t123" + "\n" + "prefix-def\t456" + sep + // header
+		"exact-:authority\tfoo.bar.com" + "\n" + "exact-abc\t123" + "\n" +
+		"prefix-:scheme\thtt" + "\n" + "prefix-def\t456" + sep + // header
 		"exact-region\tbeijing" + "\n" + "prefix-user-id\tuser-" + sep // params
 
 	key := createRuleKey(annots, wrapperHttpRoute.PathFormat())

plugins/wasm-cpp/extensions/custom_response/plugin.cc

@@ -74,9 +74,7 @@ bool PluginRootContext::parsePluginConfig(const json& configuration,
             }
             if (absl::AsciiStrToLower(pair[0]) ==
                 Wasm::Common::Http::Header::ContentType) {
-              rule.content_type = pair[1];
               has_content_type = true;
-              return true;
             }
             rule.headers.emplace_back(pair[0], pair[1]);
             return true;
@@ -105,13 +103,11 @@ bool PluginRootContext::parsePluginConfig(const json& configuration,
   if (!rule.body.empty() && !has_content_type) {
     auto try_decode_json = Wasm::Common::JsonParse(rule.body);
     if (try_decode_json.has_value()) {
-      rule.content_type = "application/json; charset=utf-8";
-      //      rule.headers.emplace_back(Wasm::Common::Http::Header::ContentType,
-      //                                "application/json; charset=utf-8");
+      rule.headers.emplace_back(Wasm::Common::Http::Header::ContentType,
+                                "application/json; charset=utf-8");
     } else {
-      rule.content_type = "text/plain; charset=utf-8";
-      //      rule.headers.emplace_back(Wasm::Common::Http::Header::ContentType,
-      //                                "text/plain; charset=utf-8");
+      rule.headers.emplace_back(Wasm::Common::Http::Header::ContentType,
+                                "text/plain; charset=utf-8");
     }
   }
   return true;
@@ -139,8 +135,6 @@ FilterHeadersStatus PluginRootContext::onResponse(
   if (!hit) {
     return FilterHeadersStatus::Continue;
   }
-  replaceResponseHeader(Wasm::Common::Http::Header::ContentType,
-                        rule.content_type);
   sendLocalResponse(rule.status_code, "", rule.body, rule.headers);
   return FilterHeadersStatus::StopIteration;
 }

plugins/wasm-cpp/extensions/custom_response/plugin.h

@@ -40,7 +40,6 @@ namespace custom_response {
 struct CustomResponseConfigRule {
   std::vector<std::string> enable_on_status;
   std::vector<std::pair<std::string, std::string>> headers;
-  std::string content_type;
   int32_t status_code = 200;
   std::string body;
 };

plugins/wasm-cpp/extensions/custom_response/plugin_test.cc

@@ -146,12 +146,66 @@ TEST_F(CustomResponseTest, EnableOnStatus) {
   status_code_ = "429";
   EXPECT_EQ(context_->onRequestHeaders(0, false),
             FilterHeadersStatus::Continue);
-  EXPECT_CALL(*mock_context_, sendLocalResponse(233, testing::_, testing::_,
-                                                testing::_, testing::_));
+  EXPECT_CALL(
+      *mock_context_,
+      sendLocalResponse(
+          233, testing::_,
+          testing::ElementsAre(
+              testing::Pair("abc", "123"), testing::Pair("zty", "test"),
+              testing::Pair("content-type", "application/json; charset=utf-8")),
+          testing::_, testing::_));
   EXPECT_EQ(context_->onResponseHeaders(0, false),
             FilterHeadersStatus::StopIteration);
 }
 
+TEST_F(CustomResponseTest, ContentTypePlain) {
+  std::string configuration = R"(
+{
+   "status_code": 200,
+   "body": "abc"
+})";
+
+  BufferBase buffer;
+  buffer.set({configuration.data(), configuration.size()});
+
+  EXPECT_CALL(*mock_context_, getBuffer(WasmBufferType::PluginConfiguration))
+      .WillOnce([&buffer](WasmBufferType) { return &buffer; });
+  EXPECT_TRUE(root_context_->configure(configuration.size()));
+
+  EXPECT_CALL(
+      *mock_context_,
+      sendLocalResponse(200, testing::_,
+                        testing::ElementsAre(testing::Pair(
+                            "content-type", "text/plain; charset=utf-8")),
+                        testing::_, testing::_));
+  EXPECT_EQ(context_->onRequestHeaders(0, false),
+            FilterHeadersStatus::StopIteration);
+}
+
+TEST_F(CustomResponseTest, ContentTypeCustom) {
+  std::string configuration = R"(
+{
+   "status_code": 200,
+   "headers": ["content-type=application/custom"],
+   "body": "abc"
+})";
+
+  BufferBase buffer;
+  buffer.set({configuration.data(), configuration.size()});
+
+  EXPECT_CALL(*mock_context_, getBuffer(WasmBufferType::PluginConfiguration))
+      .WillOnce([&buffer](WasmBufferType) { return &buffer; });
+  EXPECT_TRUE(root_context_->configure(configuration.size()));
+
+  EXPECT_CALL(*mock_context_,
+              sendLocalResponse(200, testing::_,
+                                testing::ElementsAre(testing::Pair(
+                                    "content-type", "application/custom")),
+                                testing::_, testing::_));
+  EXPECT_EQ(context_->onRequestHeaders(0, false),
+            FilterHeadersStatus::StopIteration);
+}
+
 TEST_F(CustomResponseTest, NoGlobalRule) {
   std::string configuration = R"(
 {

plugins/wasm-go/.devcontainer/Dockerfile

@@ -0,0 +1,23 @@
+FROM higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/gateway:1.3.1
+
+FROM ubuntu:20.04
+
+RUN apt -y update \
+    && apt install -y --no-install-recommends python3-pip net-tools vim wget make curl git 2>&1 \
+    && apt install -y --reinstall ca-certificates \
+    && apt-get autoremove -y && apt-get clean \
+    && rm -rf /tmp/* /var/tmp/* \
+    && rm -rf /var/lib/apt/lists/*
+
+ENV PATH=/opt/tinygo/bin:/opt/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+RUN wget --no-check-certificate https://github.com/tinygo-org/tinygo/releases/download/v0.29.0/tinygo0.29.0.linux-amd64.tar.gz \
+    && tar -zvxf tinygo0.29.0.linux-amd64.tar.gz -C /opt \
+    && rm tinygo0.29.0.linux-amd64.tar.gz
+
+RUN wget --no-check-certificate https://go.dev/dl/go1.19.linux-amd64.tar.gz \
+    && tar -zvxf go1.19.linux-amd64.tar.gz -C /opt \
+    && rm go1.19.linux-amd64.tar.gz \
+    && go install -v golang.org/x/tools/gopls@latest
+
+COPY --from=0 /usr/local/bin/envoy /usr/local/bin/envoy

plugins/wasm-go/.devcontainer/devcontainer.json

@@ -0,0 +1,21 @@
+{
+    "name": "Wasm Go Dev",
+    // "dockerFile": "Dockerfile",
+    "image": "liuxr25/wasm-go:tinygo-0.29.0",
+    "runArgs": [
+      "--user=root"
+    ],
+    "customizations": {
+      "vscode": {
+        "settings": {
+          "terminal.integrated.shell.linux": "/bin/bash",
+          "python.pythonPath": "/usr/bin/python3"
+        },
+        "extensions": [
+          "ms-python.python",
+          "golang.go"
+        ]
+      }
+    }
+  }
+  

plugins/wasm-go/.devcontainer/gen_config.py

@@ -0,0 +1,76 @@
+import json
+import sys
+
+
+plugin_name = sys.argv[1]
+
+with open("extensions/"+plugin_name+"/config.json", "r") as f:
+    plugin_config = json.load(f)
+
+config = f'''static_resources:
+  listeners:
+  - address:
+      socket_address:
+        address: 0.0.0.0
+        port_value: 8080
+    filter_chains:
+    - filters:
+      - name: envoy.filters.network.http_connection_manager
+        typed_config:
+          '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+          codec_type: AUTO
+          stat_prefix: ingress_http
+          route_config:
+            name: test
+            virtual_hosts:
+            - name: direct_response_service
+              domains: 
+              - "*"
+              routes:
+              - match:
+                  prefix: "/"
+                direct_response:
+                  status: 200
+                  body:
+                    inline_string: "hello world\\n"
+              # - match:
+              #     prefix: "/"
+              #   route:
+              #     cluster: service-backend
+          http_filters:
+          - name: {plugin_name}
+            typed_config:
+              "@type": type.googleapis.com/udpa.type.v1.TypedStruct
+              type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
+              value:
+                config:
+                  name: wasmdemo
+                  vm_config:
+                    runtime: envoy.wasm.runtime.v8
+                    code:
+                      local:
+                        filename: ./extensions/{plugin_name}/main.wasm
+                  configuration:
+                    "@type": "type.googleapis.com/google.protobuf.StringValue"
+                    value: '{json.dumps(plugin_config)}'
+          - name: envoy.filters.http.router
+            typed_config:
+              '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+  # clusters:
+  # - name: service-backend
+  #   connect_timeout: 600s
+  #   type: STATIC
+  #   lb_policy: ROUND_ROBIN
+  #   load_assignment:
+  #     cluster_name: service-backend
+  #     endpoints:
+  #       - lb_endpoints:
+  #           - endpoint:
+  #               address:
+  #                 socket_address:
+  #                   address: 127.0.0.1
+  #                   port_value: 8000
+'''
+
+with open("extensions/"+plugin_name+"/config.yaml", "w") as f:
+    f.write(config)

plugins/wasm-go/Makefile

@@ -29,7 +29,6 @@ build-image:
 	                            --build-arg BUILDER=${BUILDER}  \
 	                            --build-arg GOPROXY=$(GOPROXY) \
 	                            -t ${IMG} \
-	                            --load \
 	                            .
 	@echo ""
 	@echo "image:            ${IMG}"
@@ -60,3 +59,16 @@ builder:
 			.
 	@echo ""
 	@echo "image: ${BUILDER}"
+
+local-build:
+	tinygo build -scheduler=none -target=wasi -gc=custom -tags='custommalloc nottinygc_finalizer' \
+		-o extensions/${PLUGIN_NAME}/main.wasm \
+		extensions/${PLUGIN_NAME}/main.go
+	@echo ""
+	@echo "wasm: extensions/${PLUGIN_NAME}/main.wasm"
+
+local-run:
+	python3 .devcontainer/gen_config.py ${PLUGIN_NAME}
+	envoy -c extensions/${PLUGIN_NAME}/config.yaml --concurrency 0 --log-level info --component-log-level wasm:debug
+
+local-all: local-build local-run

plugins/wasm-go/extensions/basic-auth/go.mod

@@ -6,8 +6,8 @@ replace github.com/alibaba/higress/plugins/wasm-go => ../..
 
 require (
 	github.com/alibaba/higress/plugins/wasm-go v0.0.0
+	github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240226064518-b3dc4646a35a
 	github.com/pkg/errors v0.9.1
-	github.com/tetratelabs/proxy-wasm-go-sdk v0.22.0
 	github.com/tidwall/gjson v1.14.3
 )
 
@@ -17,4 +17,5 @@ require (
 	github.com/magefile/mage v1.14.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tidwall/resp v0.1.1 // indirect
 )

plugins/wasm-go/extensions/basic-auth/go.sum

@@ -3,18 +3,20 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/higress-group/nottinygc v0.0.0-20231101025119-e93c4c2f8520 h1:IHDghbGQ2DTIXHBHxWfqCYQW1fKjyJ/I7W1pMyUDeEA=
 github.com/higress-group/nottinygc v0.0.0-20231101025119-e93c4c2f8520/go.mod h1:Nz8ORLaFiLWotg6GeKlJMhv8cci8mM43uEnLA5t8iew=
+github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240226064518-b3dc4646a35a h1:luYRvxLTE1xYxrXYj7nmjd1U0HHh8pUPiKfdZ0MhCGE=
+github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240226064518-b3dc4646a35a/go.mod h1:hNFjhrLUIq+kJ9bOcs8QtiplSQ61GZXtd2xHKx4BYRo=
 github.com/magefile/mage v1.14.0 h1:6QDX3g6z1YvJ4olPhT1wksUcSa/V0a1B+pJb73fBjyo=
 github.com/magefile/mage v1.14.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/tetratelabs/proxy-wasm-go-sdk v0.22.0 h1:kS7BvMKN+FiptV4pfwiNX8e3q14evxAWkhYbxt8EI1M=
-github.com/tetratelabs/proxy-wasm-go-sdk v0.22.0/go.mod h1:qkW5MBz2jch2u8bS59wws65WC+Gtx3x0aPUX5JL7CXI=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/tidwall/gjson v1.14.3 h1:9jvXn7olKEHU1S9vwoMGliaT8jq1vJ7IH/n9zD9Dnlw=
 github.com/tidwall/gjson v1.14.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
 github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
 github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tidwall/resp v0.1.1 h1:Ly20wkhqKTmDUPlyM1S7pWo5kk0tDu8OoC/vFArXmwE=
+github.com/tidwall/resp v0.1.1/go.mod h1:3/FrruOBAxPTPtundW0VXgmsQ4ZBA0Aw714lVYgwFa0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

plugins/wasm-go/extensions/basic-auth/main.go

@@ -24,9 +24,9 @@ import (
 
 	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
 
+	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm"
+	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm/types"
 	"github.com/pkg/errors"
-	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm"
-	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm/types"
 	"github.com/tidwall/gjson"
 )
 

plugins/wasm-go/extensions/bot-detect/README.md

@@ -0,0 +1,58 @@
+<p>
+   <a href="README_EN.md"> English </a> | 中文
+</p>
+
+# 功能说明
+`bot-detect`插件可以用于识别并阻止互联网爬虫对站点资源的爬取
+
+# 配置字段
+
+| 名称 | 数据类型 | 填写要求 |  默认值 | 描述 |
+| -------- | -------- | -------- | -------- | -------- |
+|  allow     |  array of string     | 选填     |   -  |  配置匹配 User-Agent 请求头的正则表达式，匹配命中时将允许其访问   |
+|  deny     |  array of string     | 选填     |   -  |  配置匹配 User-Agent 请求头的正则表达式，匹配命中时将屏蔽请求   |
+|  blocked_code     |  number     | 选填     |   403  |  配置请求被屏蔽时返回的 HTTP 状态码   |
+|  blocked_message     |  string     | 选填     |   -  |  配置请求被屏蔽时返回的 HTTP 应答 Body   |
+
+`allow` 和 `deny` 字段可以均不配置，则执行默认的爬虫判断逻辑，通过配置 `allow` 字段可以将原本命中默认爬虫判断逻辑的请求放行，通过配置 `deny` 字段可以增加额外的爬虫判断逻辑。
+
+默认的爬虫判断正则表达式集合如下：
+
+```bash
+# Bots General matcher 'name/0.0'
+    (?:\/[A-Za-z0-9\.]+|) {0,5}([A-Za-z0-9 \-_\!\[\]:]{0,50}(?:[Aa]rchiver|[Ii]ndexer|[Ss]craper|[Bb]ot|[Ss]pider|[Cc]rawl[a-z]{0,50}))[/ ](\d+)(?:\.(\d+)(?:\.(\d+)|)|)
+# Bots General matcher 'name 0.0'
+    (?:\/[A-Za-z0-9\.]+|) {0,5}([A-Za-z0-9 \-_\!\[\]:]{0,50}(?:[Aa]rchiver|[Ii]ndexer|[Ss]craper|[Bb]ot|[Ss]pider|[Cc]rawl[a-z]{0,50})) (\d+)(?:\.(\d+)(?:\.(\d+)|)|)
+# Bots containing spider|scrape|bot(but not CUBOT)|Crawl
+    ((?:[A-z0-9]{1,50}|[A-z\-]{1,50} ?|)(?: the |)(?:[Ss][Pp][Ii][Dd][Ee][Rr]|[Ss]crape|[Cc][Rr][Aa][Ww][Ll])[A-z0-9]{0,50})(?:(?:[ /]| v)(\d+)(?:\.(\d+)|)(?:\.(\d+)|)|)
+# Bots Pattern '/name-0.0'
+    /((?:Ant-)?Nutch|[A-z]+[Bb]ot|[A-z]+[Ss]pider|Axtaris|fetchurl|Isara|ShopSalad|Tailsweep)[ \-](\d+)(?:\.(\d+)(?:\.(\d+))?)?
+# Bots Pattern 'name/0.0'
+    \b(008|Altresium|Argus|BaiduMobaider|BoardReader|DNSGroup|DataparkSearch|EDI|Goodzer|Grub|INGRID|Infohelfer|LinkedInBot|LOOQ|Nutch|OgScrper|PathDefender|Peew|PostPost|Steeler|Twitterbot|VSE|WebCrunch|WebZIP|Y!J-BR[A-Z]|YahooSeeker|envolk|sproose|wminer)/(\d+)(?:\.(\d+)|)(?:\.(\d+)|)
+# More bots
+    (CSimpleSpider|Cityreview Robot|CrawlDaddy|CrawlFire|Finderbots|Index crawler|Job Roboter|KiwiStatus Spider|Lijit Crawler|QuerySeekerSpider|ScollSpider|Trends Crawler|USyd-NLP-Spider|SiteCat Webbot|BotName\/\$BotVersion|123metaspider-Bot|1470\.net crawler|50\.nu|8bo Crawler Bot|Aboundex|Accoona-[A-z]{1,30}-Agent|AdsBot-Google(?:-[a-z]{1,30}|)|altavista|AppEngine-Google|archive.{0,30}\.org_bot|archiver|Ask Jeeves|[Bb]ai[Dd]u[Ss]pider(?:-[A-Za-z]{1,30})(?:-[A-Za-z]{1,30}|)|bingbot|BingPreview|blitzbot|BlogBridge|Bloglovin|BoardReader Blog Indexer|BoardReader Favicon Fetcher|boitho.com-dc|BotSeer|BUbiNG|\b\w{0,30}favicon\w{0,30}\b|\bYeti(?:-[a-z]{1,30}|)|Catchpoint(?: bot|)|[Cc]harlotte|Checklinks|clumboot|Comodo HTTP\(S\) Crawler|Comodo-Webinspector-Crawler|ConveraCrawler|CRAWL-E|CrawlConvera|Daumoa(?:-feedfetcher|)|Feed Seeker Bot|Feedbin|findlinks|Flamingo_SearchEngine|FollowSite Bot|furlbot|Genieo|gigabot|GomezAgent|gonzo1|(?:[a-zA-Z]{1,30}-|)Googlebot(?:-[a-zA-Z]{1,30}|)|Google SketchUp|grub-client|gsa-crawler|heritrix|HiddenMarket|holmes|HooWWWer|htdig|ia_archiver|ICC-Crawler|Icarus6j|ichiro(?:/mobile|)|IconSurf|IlTrovatore(?:-Setaccio|)|InfuzApp|Innovazion Crawler|InternetArchive|IP2[a-z]{1,30}Bot|jbot\b|KaloogaBot|Kraken|Kurzor|larbin|LEIA|LesnikBot|Linguee Bot|LinkAider|LinkedInBot|Lite Bot|Llaut|lycos|Mail\.RU_Bot|masscan|masidani_bot|Mediapartners-Google|Microsoft .{0,30} Bot|mogimogi|mozDex|MJ12bot|msnbot(?:-media {0,2}|)|msrbot|Mtps Feed Aggregation System|netresearch|Netvibes|NewsGator[^/]{0,30}|^NING|Nutch[^/]{0,30}|Nymesis|ObjectsSearch|OgScrper|Orbiter|OOZBOT|PagePeeker|PagesInventory|PaxleFramework|Peeplo Screenshot Bot|PlantyNet_WebRobot|Pompos|Qwantify|Read%20Later|Reaper|RedCarpet|Retreiver|Riddler|Rival IQ|scooter|Scrapy|Scrubby|searchsight|seekbot|semanticdiscovery|SemrushBot|Simpy|SimplePie|SEOstats|SimpleRSS|SiteCon|Slackbot-LinkExpanding|Slack-ImgProxy|Slurp|snappy|Speedy Spider|Squrl Java|Stringer|TheUsefulbot|ThumbShotsBot|Thumbshots\.ru|Tiny Tiny RSS|Twitterbot|WhatsApp|URL2PNG|Vagabondo|VoilaBot|^vortex|Votay bot|^voyager|WASALive.Bot|Web-sniffer|WebThumb|WeSEE:[A-z]{1,30}|WhatWeb|WIRE|WordPress|Wotbox|www\.almaden\.ibm\.com|Xenu(?:.s|) Link Sleuth|Xerka [A-z]{1,30}Bot|yacy(?:bot|)|YahooSeeker|Yahoo! Slurp|Yandex\w{1,30}|YodaoBot(?:-[A-z]{1,30}|)|YottaaMonitor|Yowedo|^Zao|^Zao-Crawler|ZeBot_www\.ze\.bz|ZooShot|ZyBorg)(?:[ /]v?(\d+)(?:\.(\d+)(?:\.(\d+)|)|)|)
+```
+
+# 配置示例
+
+## 放行原本命中爬虫规则的请求
+```yaml
+allow:
+- ".*Go-http-client.*"
+```
+
+若不作该配置，默认的 Golang 网络库请求会被视做爬虫，被禁止访问
+
+
+## 增加爬虫判断
+```yaml
+deny:
+- "spd-tools.*"
+```
+
+根据该配置，下列请求将被禁止访问：
+
+```bash
+curl http://example.com -H 'User-Agent: spd-tools/1.1'
+curl http://exmaple.com -H 'User-Agent: spd-tools'
+```

plugins/wasm-go/extensions/bot-detect/README_EN.md

@@ -0,0 +1,58 @@
+<p>
+   English | <a href="README.md">中文</a>
+</p>
+
+# Description
+`bot-detect` plugin can be used to identify and prevent web crawlers from crawling websites.
+
+# Configuration Fields
+
+| Name | Type | Requirement |  Default Value | Description |
+| -------- | -------- | -------- | -------- | -------- |
+|  allow     |  array of string     | Optional     |   -  |  A regular expression to match the User-Agent request header and will allow access if the match hits   |
+|  deny     |  array of string     | Optional     |   -  |  A regular expression to match the User-Agent request header and will block the request if the match hits   |
+|  blocked_code     |  number     | Optional     |   403  |  The HTTP status code returned when a request is blocked   |
+|  blocked_message     |  string     | Optional     |   -  |  The HTTP response Body returned when a request is blocked   |
+
+If field `allow` and field `deny` are not configured at the same time, the default logic to identify crawlers will be executed. By configuring the `allow` field, requests that would otherwise hit the default logic can be allowed. The judgement can be extended by configuring the `deny` field
+
+The default set of crawler judgment regular expressions is as follows：
+
+```bash
+# Bots General matcher 'name/0.0'
+    (?:\/[A-Za-z0-9\.]+|) {0,5}([A-Za-z0-9 \-_\!\[\]:]{0,50}(?:[Aa]rchiver|[Ii]ndexer|[Ss]craper|[Bb]ot|[Ss]pider|[Cc]rawl[a-z]{0,50}))[/ ](\d+)(?:\.(\d+)(?:\.(\d+)|)|)
+# Bots General matcher 'name 0.0'
+    (?:\/[A-Za-z0-9\.]+|) {0,5}([A-Za-z0-9 \-_\!\[\]:]{0,50}(?:[Aa]rchiver|[Ii]ndexer|[Ss]craper|[Bb]ot|[Ss]pider|[Cc]rawl[a-z]{0,50})) (\d+)(?:\.(\d+)(?:\.(\d+)|)|)
+# Bots containing spider|scrape|bot(but not CUBOT)|Crawl
+    ((?:[A-z0-9]{1,50}|[A-z\-]{1,50} ?|)(?: the |)(?:[Ss][Pp][Ii][Dd][Ee][Rr]|[Ss]crape|[Cc][Rr][Aa][Ww][Ll])[A-z0-9]{0,50})(?:(?:[ /]| v)(\d+)(?:\.(\d+)|)(?:\.(\d+)|)|)
+# Bots Pattern '/name-0.0'
+    /((?:Ant-)?Nutch|[A-z]+[Bb]ot|[A-z]+[Ss]pider|Axtaris|fetchurl|Isara|ShopSalad|Tailsweep)[ \-](\d+)(?:\.(\d+)(?:\.(\d+))?)?
+# Bots Pattern 'name/0.0'
+    \b(008|Altresium|Argus|BaiduMobaider|BoardReader|DNSGroup|DataparkSearch|EDI|Goodzer|Grub|INGRID|Infohelfer|LinkedInBot|LOOQ|Nutch|OgScrper|PathDefender|Peew|PostPost|Steeler|Twitterbot|VSE|WebCrunch|WebZIP|Y!J-BR[A-Z]|YahooSeeker|envolk|sproose|wminer)/(\d+)(?:\.(\d+)|)(?:\.(\d+)|)
+# More bots
+    (CSimpleSpider|Cityreview Robot|CrawlDaddy|CrawlFire|Finderbots|Index crawler|Job Roboter|KiwiStatus Spider|Lijit Crawler|QuerySeekerSpider|ScollSpider|Trends Crawler|USyd-NLP-Spider|SiteCat Webbot|BotName\/\$BotVersion|123metaspider-Bot|1470\.net crawler|50\.nu|8bo Crawler Bot|Aboundex|Accoona-[A-z]{1,30}-Agent|AdsBot-Google(?:-[a-z]{1,30}|)|altavista|AppEngine-Google|archive.{0,30}\.org_bot|archiver|Ask Jeeves|[Bb]ai[Dd]u[Ss]pider(?:-[A-Za-z]{1,30})(?:-[A-Za-z]{1,30}|)|bingbot|BingPreview|blitzbot|BlogBridge|Bloglovin|BoardReader Blog Indexer|BoardReader Favicon Fetcher|boitho.com-dc|BotSeer|BUbiNG|\b\w{0,30}favicon\w{0,30}\b|\bYeti(?:-[a-z]{1,30}|)|Catchpoint(?: bot|)|[Cc]harlotte|Checklinks|clumboot|Comodo HTTP\(S\) Crawler|Comodo-Webinspector-Crawler|ConveraCrawler|CRAWL-E|CrawlConvera|Daumoa(?:-feedfetcher|)|Feed Seeker Bot|Feedbin|findlinks|Flamingo_SearchEngine|FollowSite Bot|furlbot|Genieo|gigabot|GomezAgent|gonzo1|(?:[a-zA-Z]{1,30}-|)Googlebot(?:-[a-zA-Z]{1,30}|)|Google SketchUp|grub-client|gsa-crawler|heritrix|HiddenMarket|holmes|HooWWWer|htdig|ia_archiver|ICC-Crawler|Icarus6j|ichiro(?:/mobile|)|IconSurf|IlTrovatore(?:-Setaccio|)|InfuzApp|Innovazion Crawler|InternetArchive|IP2[a-z]{1,30}Bot|jbot\b|KaloogaBot|Kraken|Kurzor|larbin|LEIA|LesnikBot|Linguee Bot|LinkAider|LinkedInBot|Lite Bot|Llaut|lycos|Mail\.RU_Bot|masscan|masidani_bot|Mediapartners-Google|Microsoft .{0,30} Bot|mogimogi|mozDex|MJ12bot|msnbot(?:-media {0,2}|)|msrbot|Mtps Feed Aggregation System|netresearch|Netvibes|NewsGator[^/]{0,30}|^NING|Nutch[^/]{0,30}|Nymesis|ObjectsSearch|OgScrper|Orbiter|OOZBOT|PagePeeker|PagesInventory|PaxleFramework|Peeplo Screenshot Bot|PlantyNet_WebRobot|Pompos|Qwantify|Read%20Later|Reaper|RedCarpet|Retreiver|Riddler|Rival IQ|scooter|Scrapy|Scrubby|searchsight|seekbot|semanticdiscovery|SemrushBot|Simpy|SimplePie|SEOstats|SimpleRSS|SiteCon|Slackbot-LinkExpanding|Slack-ImgProxy|Slurp|snappy|Speedy Spider|Squrl Java|Stringer|TheUsefulbot|ThumbShotsBot|Thumbshots\.ru|Tiny Tiny RSS|Twitterbot|WhatsApp|URL2PNG|Vagabondo|VoilaBot|^vortex|Votay bot|^voyager|WASALive.Bot|Web-sniffer|WebThumb|WeSEE:[A-z]{1,30}|WhatWeb|WIRE|WordPress|Wotbox|www\.almaden\.ibm\.com|Xenu(?:.s|) Link Sleuth|Xerka [A-z]{1,30}Bot|yacy(?:bot|)|YahooSeeker|Yahoo! Slurp|Yandex\w{1,30}|YodaoBot(?:-[A-z]{1,30}|)|YottaaMonitor|Yowedo|^Zao|^Zao-Crawler|ZeBot_www\.ze\.bz|ZooShot|ZyBorg)(?:[ /]v?(\d+)(?:\.(\d+)(?:\.(\d+)|)|)|)
+```
+
+# Configuration Samples
+
+## Release Requests that would otherwise Hit the Crawler Rules
+```yaml
+allow:
+- ".*Go-http-client.*"
+```
+
+Without this configuration, the default Golang web library request will be treated as a crawler and access will be denied.
+
+
+## Add Crawler Judgement
+```yaml
+deny:
+- "spd-tools.*"
+```
+
+According to this configuration, the following requests will be denied:
+
+```bash
+curl http://example.com -H 'User-Agent: spd-tools/1.1'
+curl http://exmaple.com -H 'User-Agent: spd-tools'
+```

plugins/wasm-go/extensions/bot-detect/VERSION

@@ -0,0 +1 @@
+1.0.0

plugins/wasm-go/extensions/bot-detect/botdetect.yaml

@@ -0,0 +1,30 @@
+apiVersion: extensions.higress.io/v1alpha1
+kind: WasmPlugin
+metadata:
+  annotations:
+    higress.io/wasm-plugin-description: 用于识别并阻止互联网爬虫对站点资源的爬取
+    higress.io/wasm-plugin-title: Bot Detect
+  creationTimestamp: '2024-01-03T10:34:36Z'
+  generation: 2
+  labels:
+    higress.io/resource-definer: higress
+    higress.io/wasm-plugin-built-in: 'true'
+    higress.io/wasm-plugin-category: custom
+    higress.io/wasm-plugin-name: bot-detect
+    higress.io/wasm-plugin-version: 1.0.0
+  name: bot-detect
+  namespace: higress-system
+spec:
+  defaultConfigDisable: true
+  matchRules:
+    - config:
+        blocked_code: 401
+        blocked_message: a bot
+        deny:
+          - Chrome
+      configDisable: false
+      ingress:
+        - test
+  phase: AUTHN
+  priority: 310
+  url: oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/20240103/bot-detect:1.0.0

plugins/wasm-go/extensions/bot-detect/config/bot_detect_config.go

@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2022 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package config
+
+import (
+	regexp "github.com/wasilibs/go-re2"
+)
+
+var DefaultBotRegex = []*regexp.Regexp{
+	regexp.MustCompile(`(\/[A-Za-z0-9\.]+|) {0,5}([A-Za-z0-9 \-_\!\[\]:]{0,50}([Aa]rchiver|[Ii]ndexer|[Ss]craper|[Bb]ot|[Ss]pider|[Cc]rawl[a-z]{0,50}))[/ ](\d+)(\.(\d+)(\.(\d+)|)|)`),
+	regexp.MustCompile(`((\/[A-Za-z0-9\.]+|) {0,5}([A-Za-z0-9 \-_\!\[\]:]{0,50}([Aa]rchiver|[Ii]ndexer|[Ss]craper|[Bb]ot|[Ss]pider|[Cc]rawl[a-z]{0,50})) (\d+)(\.(\d+)(\.(\d+)|)|))`),
+	regexp.MustCompile(`((([A-z0-9]{1,50}|[A-z\-]{1,} ?|)( the |)(?:[Ss][Pp][Ii][Dd][Ee][Rr]|[Ss]crape|[Cc][Rr][Aa][Ww][Ll])[A-z0-9]{0,50})(([ /]| v)(\d+)(\.(\d+)|)(\.(\d+)|)|))`),
+	regexp.MustCompile(`((Ant-)?Nutch|[A-z]+[Bb]ot|[A-z]+[Ss]pider|Axtaris|fetchurl|Isara|ShopSalad|Tailsweep)[ \-](\d+)(\.(\d+)(\.(\d+))?)?`),
+	regexp.MustCompile(`\b(008|Altresium|Argus|BaiduMobaider|BoardReader|DNSGroup|DataparkSearch|EDI|Goodzer|Grub|INGRID|Infohelfer|LinkedInBot|LOOQ|Nutch|OgScrper|PathDefender|Peew|PostPost|Steeler|Twitterbot|VSE|WebCrunch|WebZIP|Y!J-BR[A-Z]|YahooSeeker|envolk|sproose|wminer)/(\d+)(?:\.(\d+)|)(?:\.(\d+)|)`),
+	regexp.MustCompile(`((CSimpleSpider|Cityreview Robot|CrawlDaddy|CrawlFire|Finderbots|Index crawler|Job Roboter|KiwiStatus Spider|Lijit Crawler|QuerySeekerSpider|ScollSpider|Trends Crawler|USyd-NLP-Spider|SiteCat Webbot|BotName\/\$BotVersion|123metaspider-Bot|1470\.net crawler|50\.nu|8bo Crawler Bot|Aboundex|Accoona-[A-z]{1,30}-Agent|AdsBot-Google(?:-[a-z]{1,30}|)|altavista|AppEngine-Google|archive.{0,30}\.org_bot|archiver|Ask Jeeves|[Bb]ai[Dd]u[Ss]pider(?:-[A-Za-z]{1,30})(?:-[A-Za-z]{1,30}|)|bingbot|BingPreview|blitzbot|BlogBridge|Bloglovin|BoardReader Blog Indexer|BoardReader Favicon Fetcher|boitho.com-dc|BotSeer|BUbiNG|\b\w{0,30}favicon\w{0,30}\b|\bYeti(?:-[a-z]{1,30}|)|Catchpoint(?: bot|)|[Cc]harlotte|Checklinks|clumboot|Comodo HTTP\(S\) Crawler|Comodo-Webinspector-Crawler|ConveraCrawler|CRAWL-E|CrawlConvera|Daumoa(?:-feedfetcher|)|Feed Seeker Bot|Feedbin|findlinks|Flamingo_SearchEngine|FollowSite Bot|furlbot|Genieo|gigabot|GomezAgent|gonzo1|(?:[a-zA-Z]{1,30}-|)Googlebot(?:-[a-zA-Z]{1,30}|)|Google SketchUp|grub-client|gsa-crawler|heritrix|HiddenMarket|holmes|HooWWWer|htdig|ia_archiver|ICC-Crawler|Icarus6j|ichiro(?:/mobile|)|IconSurf|IlTrovatore(?:-Setaccio|)|InfuzApp|Innovazion Crawler|InternetArchive|IP2[a-z]{1,30}Bot|jbot\b|KaloogaBot|Kraken|Kurzor|larbin|LEIA|LesnikBot|Linguee Bot|LinkAider|LinkedInBot|Lite Bot|Llaut|lycos|Mail\.RU_Bot|masscan|masidani_bot|Mediapartners-Google|Microsoft .{0,30} Bot|mogimogi|mozDex|MJ12bot|msnbot(?:-media {0,2}|)|msrbot|Mtps Feed Aggregation System|netresearch|Netvibes|NewsGator[^/]{0,30}|^NING|Nutch[^/]{0,30}|Nymesis|ObjectsSearch|OgScrper|Orbiter|OOZBOT|PagePeeker|PagesInventory|PaxleFramework|Peeplo Screenshot Bot|PlantyNet_WebRobot|Pompos|Qwantify|Read%20Later|Reaper|RedCarpet|Retreiver|Riddler|Rival IQ|scooter|Scrapy|Scrubby|searchsight|seekbot|semanticdiscovery|SemrushBot|Simpy|SimplePie|SEOstats|SimpleRSS|SiteCon|Slackbot-LinkExpanding|Slack-ImgProxy|Slurp|snappy|Speedy Spider|Squrl Java|Stringer|TheUsefulbot|ThumbShotsBot|Thumbshots\.ru|Tiny Tiny RSS|Twitterbot|WhatsApp|URL2PNG|Vagabondo|VoilaBot|^vortex|Votay bot|^voyager|WASALive.Bot|Web-sniffer|WebThumb|WeSEE:[A-z]{1,30}|WhatWeb|WIRE|WordPress|Wotbox|www\.almaden\.ibm\.com|Xenu(?:.s|) Link Sleuth|Xerka [A-z]{1,30}Bot|yacy(?:bot|)|YahooSeeker|Yahoo! Slurp|Yandex\w{1,30}|YodaoBot(?:-[A-z]{1,30}|)|YottaaMonitor|Yowedo|^Zao|^Zao-Crawler|ZeBot_www\.ze\.bz|ZooShot|ZyBorg)(?:[ /]v?(\d+)(?:\.(\d+)(?:\.(\d+)|)|)|))`),
+}
+
+type BotDetectConfig struct {
+	BlockedCode    uint32           `json:"blocked_code"`
+	BlockedMessage string           `json:"blocked_message"`
+	Allow          []*regexp.Regexp `json:"allow"`
+	Deny           []*regexp.Regexp `json:"deny"`
+}
+
+func (bdc *BotDetectConfig) FillDefaultValue() {
+	if bdc.BlockedCode == 0 {
+		bdc.BlockedCode = 403
+	}
+	if bdc.BlockedMessage == "" {
+		bdc.BlockedMessage = "Invalid User-Agent"
+	}
+}
+
+func (bdc *BotDetectConfig) Process(ua string) (bool, string) {
+	if ua == "" {
+		return false, "can not be empty"
+	}
+	for _, allowRule := range bdc.Allow {
+		if allowRule.MatchString(ua) {
+			return true, ""
+		}
+	}
+	for _, denyRule := range bdc.Deny {
+		if denyRule.MatchString(ua) {
+			return false, denyRule.String()
+		}
+	}
+	for _, defaultRule := range DefaultBotRegex {
+		if defaultRule.MatchString(ua) {
+			return false, defaultRule.String()
+		}
+	}
+	return true, ""
+}

plugins/wasm-go/extensions/bot-detect/config/bot_detect_config_test.go

@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 2022 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package config
+
+import (
+	"github.com/stretchr/testify/assert"
+	regexp "github.com/wasilibs/go-re2"
+	"log"
+	"testing"
+)
+
+func toRegexMatch(regexs []string) []*regexp.Regexp {
+	re := make([]*regexp.Regexp, 0)
+	for _, regex := range regexs {
+		c, err := regexp.Compile(regex)
+		if err != nil {
+			log.Default().Fatal(err.Error())
+		}
+		re = append(re, c)
+	}
+	return re
+}
+
+func TestBotDetectConfig_ProcessTest(t *testing.T) {
+
+	tests := []struct {
+		name         string
+		ua           string
+		allow        []string
+		deny         []string
+		blockCode    uint32
+		blockMessage string
+		want         bool
+	}{
+		{
+			"test empty bot detect",
+			"",
+			[]string{},
+			[]string{},
+			401,
+			"bot has been blocked",
+			false,
+		},
+		{
+			"test default bot detect",
+			"Ant-Tailsweep-1",
+			[]string{},
+			[]string{},
+			401,
+			"bot has been blocked",
+			false,
+		},
+		{
+			"test default bot detect",
+			"indexer/1.2",
+			[]string{},
+			[]string{},
+			401,
+			"bot has been blocked",
+			false,
+		},
+		{
+			"test default bot detect",
+			"indexer/1.1.0",
+			[]string{},
+			[]string{},
+			401,
+			"bot has been blocked",
+			false,
+		},
+		{
+			"test default bot detect",
+			"YottaaMonitor",
+			[]string{},
+			[]string{},
+			401,
+			"bot has been blocked",
+			false,
+		},
+		{
+			"test allow bot detect",
+			"BaiduMobaider",
+			[]string{"BaiduMobaider"},
+			[]string{},
+			401,
+			"bot has been blocked",
+			true,
+		},
+		{
+			"test deny bot detect",
+			"Chrome",
+			[]string{},
+			[]string{"Chrome"},
+			401,
+			"bot has been blocked",
+			false,
+		},
+		{
+			"test allow and deny bot detect",
+			"SameBotDetect",
+			[]string{"SameBotDetect"},
+			[]string{"SameBotDetect"},
+			401,
+			"bot has been blocked",
+			true,
+		},
+	}
+
+	for _, test := range tests {
+
+		t.Run(test.name, func(t *testing.T) {
+			bdc := BotDetectConfig{
+				BlockedCode:    test.blockCode,
+				BlockedMessage: test.blockMessage,
+				Allow:          toRegexMatch(test.allow),
+				Deny:           toRegexMatch(test.deny),
+			}
+			actual, _ := bdc.Process(test.ua)
+			assert.Equal(t, test.want, actual, "")
+		})
+
+	}
+
+}

plugins/wasm-go/extensions/bot-detect/go.mod

@@ -0,0 +1,26 @@
+module bot-detect
+
+go 1.19
+
+replace github.com/alibaba/higress/plugins/wasm-go => ../..
+
+require (
+	github.com/alibaba/higress/plugins/wasm-go v1.3.2
+	github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240226064518-b3dc4646a35a
+	github.com/stretchr/testify v1.8.4
+	github.com/tidwall/gjson v1.14.3
+	github.com/wasilibs/go-re2 v1.4.1
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/higress-group/nottinygc v0.0.0-20231101025119-e93c4c2f8520 // indirect
+	github.com/magefile/mage v1.15.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/tetratelabs/wazero v1.6.0 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tidwall/resp v0.1.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

plugins/wasm-go/extensions/bot-detect/go.sum

@@ -0,0 +1,31 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/higress-group/nottinygc v0.0.0-20231101025119-e93c4c2f8520 h1:IHDghbGQ2DTIXHBHxWfqCYQW1fKjyJ/I7W1pMyUDeEA=
+github.com/higress-group/nottinygc v0.0.0-20231101025119-e93c4c2f8520/go.mod h1:Nz8ORLaFiLWotg6GeKlJMhv8cci8mM43uEnLA5t8iew=
+github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240226064518-b3dc4646a35a h1:luYRvxLTE1xYxrXYj7nmjd1U0HHh8pUPiKfdZ0MhCGE=
+github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240226064518-b3dc4646a35a/go.mod h1:hNFjhrLUIq+kJ9bOcs8QtiplSQ61GZXtd2xHKx4BYRo=
+github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg=
+github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/tetratelabs/wazero v1.6.0 h1:z0H1iikCdP8t+q341xqepY4EWvHEw8Es7tlqiVzlP3g=
+github.com/tetratelabs/wazero v1.6.0/go.mod h1:0U0G41+ochRKoPKCJlh0jMg1CHkyfK8kDqiirMmKY8A=
+github.com/tidwall/gjson v1.14.3 h1:9jvXn7olKEHU1S9vwoMGliaT8jq1vJ7IH/n9zD9Dnlw=
+github.com/tidwall/gjson v1.14.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
+github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
+github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tidwall/resp v0.1.1 h1:Ly20wkhqKTmDUPlyM1S7pWo5kk0tDu8OoC/vFArXmwE=
+github.com/tidwall/resp v0.1.1/go.mod h1:3/FrruOBAxPTPtundW0VXgmsQ4ZBA0Aw714lVYgwFa0=
+github.com/wasilibs/go-re2 v1.4.1 h1:E5+9O1M8UoGeqLB2A9omeoaWImqpuYDs9cKwvTJq/Oo=
+github.com/wasilibs/go-re2 v1.4.1/go.mod h1:ynB8eCwd9JsqUnsk8WlPDk6cEeme8BguZmnqOSURE4Y=
+github.com/wasilibs/nottinygc v0.4.0 h1:h1TJMihMC4neN6Zq+WKpLxgd9xCFMw7O9ETLwY2exJQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

plugins/wasm-go/extensions/bot-detect/main.go

@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2022 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"bot-detect/config"
+
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
+	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm"
+	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm/types"
+	"github.com/tidwall/gjson"
+	regexp "github.com/wasilibs/go-re2"
+)
+
+func main() {
+	wrapper.SetCtx(
+		"bot-detect",
+		wrapper.ParseConfigBy(parseConfig),
+		wrapper.ProcessRequestHeadersBy(onHttpRequestHeaders),
+	)
+}
+
+func parseConfig(json gjson.Result, botDetectConfig *config.BotDetectConfig, log wrapper.Log) error {
+	log.Debug("parseConfig()")
+
+	if json.Get("blocked_code").Exists() {
+		botDetectConfig.BlockedCode = uint32(int(json.Get("blocked_code").Int()))
+	}
+
+	if json.Get("blocked_message").Exists() {
+		botDetectConfig.BlockedMessage = json.Get("blocked_message").String()
+	}
+
+	allowRules := make([]gjson.Result, 0)
+	denyRules := make([]gjson.Result, 0)
+
+	allowRulesValue := json.Get("allow")
+	if allowRulesValue.Exists() && allowRulesValue.IsArray() {
+		allowRules = json.Get("allow").Array()
+	}
+
+	denyRulesValue := json.Get("deny")
+	if denyRulesValue.Exists() && denyRulesValue.IsArray() {
+		denyRules = json.Get("deny").Array()
+	}
+
+	for _, allowRule := range allowRules {
+		c, err := regexp.Compile(allowRule.String())
+		if err != nil {
+			return err
+		}
+		botDetectConfig.Allow = append(botDetectConfig.Allow, c)
+	}
+
+	for _, denyRule := range denyRules {
+		c, err := regexp.Compile(denyRule.String())
+		if err != nil {
+			return err
+		}
+		botDetectConfig.Deny = append(botDetectConfig.Deny, c)
+	}
+
+	// Fill default values
+	botDetectConfig.FillDefaultValue()
+	log.Debugf("botDetectConfig:%+v", botDetectConfig)
+	return nil
+
+}
+
+func onHttpRequestHeaders(ctx wrapper.HttpContext, botDetectConfig config.BotDetectConfig, log wrapper.Log) types.Action {
+	log.Debug("onHttpRequestHeaders()")
+	//// Get user-agent header
+	ua, err := proxywasm.GetHttpRequestHeader("user-agent")
+	if err != nil {
+		log.Warnf("failed to get user-agent: %v", err)
+		return types.ActionPause
+	}
+	host := ctx.Host()
+	scheme := ctx.Scheme()
+	path := ctx.Path()
+	method := ctx.Method()
+
+	if ok, rule := botDetectConfig.Process(ua); !ok {
+		proxywasm.SendHttpResponse(botDetectConfig.BlockedCode, nil, []byte(botDetectConfig.BlockedMessage), -1)
+		log.Debugf("scheme:%s, host:%s, method:%s, path:%s user-agent:%s has been blocked by rule:%s", scheme, host, method, path, ua, rule)
+		return types.ActionPause
+	}
+
+	log.Debugf("scheme:%s, host:%s, method:%s, path:%s user-agent:%s has been passed", scheme, host, method, path, ua)
+	return types.ActionContinue
+}

plugins/wasm-go/extensions/cache-control/README.md

@@ -0,0 +1,28 @@
+# 功能说明
+`cache-control`插件实现了基于 URL 文件后缀来为请求的响应头部添加 `Expires` 和 `Cache-Control` 头部，从而方便浏览器对特定后缀的文件进行缓存，例如 `jpg`、`png` 等图片文件。
+
+# 配置字段
+
+| 名称      | 数据类型   | 填写要求                                                                                                | 默认值 | 描述                       |
+|---------|--------|-----------------------------------------------------------------------------------------------------|-|--------------------------|
+| suffix  | string | 选填，表示匹配的文件后缀名，例如 `jpg`、`png` 等。<br/>如果需要匹配多种后缀，需要用 `\|` 进行分割，例如 `png\|jpg`。<br/>如果不填写，表示匹配所有后缀      |   -  | 配置用于匹配的请求文件后缀            |
+| expires | string | 必填，表示缓存的最长时间。<br/>当填入的字符串为数字时，单位为秒，例如需要缓存1小时，需填写 3600。<br/>另外，还可以填写 epoch 或 max<br/>，与 nginx 中语义相同。 | - | 配置缓存的最大时间                |
+
+# 配置示例
+1. 缓存后缀为 `jpg`, `png`, `jpeg` 的文件，缓存时间为一小时
+```yaml
+suffix: jpg|png|jpeg
+expires: 3600
+```
+
+根据该配置，下列请求在访问时，将会在响应头中添加 `Expires` 和 `Cache-Control` 字段，且过期时间为 1 小时后。
+
+```bash
+curl http://example.com/test.png
+curl http://exmaple.com/test.jpg
+```
+2. 缓存所有文件，且缓存至最大时间 `“Thu, 31 Dec 2037 23:55:55 GMT”`
+```yaml
+expires: max 
+```
+

plugins/wasm-go/extensions/cache-control/VERSION

@@ -0,0 +1 @@
+1.0.0

plugins/wasm-go/extensions/cache-control/go.mod

@@ -0,0 +1,20 @@
+module github.com/alibaba/higress/plugins/wasm-go/extensions/cache-control
+
+go 1.18
+
+replace github.com/alibaba/higress/plugins/wasm-go => ../..
+
+require (
+	github.com/alibaba/higress/plugins/wasm-go v0.0.0
+	github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240226064518-b3dc4646a35a
+	github.com/tidwall/gjson v1.14.3
+)
+
+require (
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/higress-group/nottinygc v0.0.0-20231101025119-e93c4c2f8520 // indirect
+	github.com/magefile/mage v1.14.0 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tidwall/resp v0.1.1 // indirect
+)

plugins/wasm-go/extensions/cache-control/main.go

@@ -0,0 +1,86 @@
+package main
+
+import (
+	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
+	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm"
+	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm/types"
+	"github.com/tidwall/gjson"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+)
+
+func main() {
+	wrapper.SetCtx(
+		"cache-control",
+		wrapper.ParseConfigBy(parseConfig),
+		wrapper.ProcessRequestHeadersBy(onHttpRequestHeaders),
+		wrapper.ProcessResponseHeadersBy(onHttpResponseHeaders),
+	)
+}
+
+type CacheControlConfig struct {
+	suffix  []string
+	expires string
+}
+
+func parseConfig(json gjson.Result, config *CacheControlConfig, log wrapper.Log) error {
+	suffix := json.Get("suffix").String()
+	if suffix != "" {
+		parts := strings.Split(suffix, "|")
+		config.suffix = parts
+	}
+
+	config.expires = json.Get("expires").String()
+
+	log.Infof("suffix: %q, expires: %s", config.suffix, config.expires)
+	return nil
+}
+
+func onHttpRequestHeaders(ctx wrapper.HttpContext, config CacheControlConfig, log wrapper.Log) types.Action {
+	path := ctx.Path()
+	if strings.Contains(path, "?") {
+		path = strings.Split(path, "?")[0]
+	}
+	ctx.SetContext("path", path)
+	log.Debugf("path: %s", path)
+
+	return types.ActionContinue
+}
+
+func onHttpResponseHeaders(ctx wrapper.HttpContext, config CacheControlConfig, log wrapper.Log) types.Action {
+	hit := false
+	if len(config.suffix) == 0 {
+		hit = true
+	} else {
+		path, ok := ctx.GetContext("path").(string)
+		if !ok {
+			log.Error("failed to get request path")
+			return types.ActionContinue
+		}
+
+		for _, part := range config.suffix {
+			if strings.HasSuffix(path, "."+part) {
+				hit = true
+				break
+			}
+		}
+	}
+	if hit {
+		if config.expires == "max" {
+			proxywasm.AddHttpResponseHeader("Expires", "Thu, 31 Dec 2037 23:55:55 GMT")
+			proxywasm.AddHttpResponseHeader("Cache-Control", "maxAge=315360000")
+		} else if config.expires == "epoch" {
+			proxywasm.AddHttpResponseHeader("Expires", "Thu, 01 Jan 1970 00:00:01 GMT")
+			proxywasm.AddHttpResponseHeader("Cache-Control", "no-cache")
+		} else {
+			maxAge, _ := strconv.ParseInt(config.expires, 10, 64)
+			currentTime := time.Now()
+			expireTime := currentTime.Add(time.Duration(maxAge) * time.Second)
+			proxywasm.AddHttpResponseHeader("Expires", expireTime.UTC().Format(http.TimeFormat))
+			proxywasm.AddHttpResponseHeader("Cache-Control", "maxAge="+strconv.FormatInt(maxAge, 10))
+		}
+	}
+	return types.ActionContinue
+}

plugins/wasm-go/extensions/chatgpt-proxy/go.mod

@@ -6,7 +6,7 @@ replace github.com/alibaba/higress/plugins/wasm-go => ../..
 
 require (
 	github.com/alibaba/higress/plugins/wasm-go v0.0.0-20230629030002-81e467b6242d
-	github.com/tetratelabs/proxy-wasm-go-sdk v0.22.0
+	github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240226064518-b3dc4646a35a
 	github.com/tidwall/gjson v1.14.4
 )
 
@@ -16,4 +16,5 @@ require (
 	github.com/magefile/mage v1.14.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tidwall/resp v0.1.1 // indirect
 )

plugins/wasm-go/extensions/chatgpt-proxy/go.sum

@@ -3,16 +3,18 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/higress-group/nottinygc v0.0.0-20231101025119-e93c4c2f8520 h1:IHDghbGQ2DTIXHBHxWfqCYQW1fKjyJ/I7W1pMyUDeEA=
 github.com/higress-group/nottinygc v0.0.0-20231101025119-e93c4c2f8520/go.mod h1:Nz8ORLaFiLWotg6GeKlJMhv8cci8mM43uEnLA5t8iew=
+github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240226064518-b3dc4646a35a h1:luYRvxLTE1xYxrXYj7nmjd1U0HHh8pUPiKfdZ0MhCGE=
+github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240226064518-b3dc4646a35a/go.mod h1:hNFjhrLUIq+kJ9bOcs8QtiplSQ61GZXtd2xHKx4BYRo=
 github.com/magefile/mage v1.14.0 h1:6QDX3g6z1YvJ4olPhT1wksUcSa/V0a1B+pJb73fBjyo=
 github.com/magefile/mage v1.14.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/tetratelabs/proxy-wasm-go-sdk v0.22.0 h1:kS7BvMKN+FiptV4pfwiNX8e3q14evxAWkhYbxt8EI1M=
-github.com/tetratelabs/proxy-wasm-go-sdk v0.22.0/go.mod h1:qkW5MBz2jch2u8bS59wws65WC+Gtx3x0aPUX5JL7CXI=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM=
 github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
 github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
 github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tidwall/resp v0.1.1 h1:Ly20wkhqKTmDUPlyM1S7pWo5kk0tDu8OoC/vFArXmwE=
+github.com/tidwall/resp v0.1.1/go.mod h1:3/FrruOBAxPTPtundW0VXgmsQ4ZBA0Aw714lVYgwFa0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

plugins/wasm-go/extensions/chatgpt-proxy/main.go

@@ -8,8 +8,8 @@ import (
 	"strings"
 
 	"github.com/alibaba/higress/plugins/wasm-go/pkg/wrapper"
-	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm"
-	"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm/types"
+	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm"
+	"github.com/higress-group/proxy-wasm-go-sdk/proxywasm/types"
 	"github.com/tidwall/gjson"
 )
 

plugins/wasm-go/extensions/cors/go.mod

@@ -6,8 +6,8 @@ replace github.com/alibaba/higress/plugins/wasm-go => ../..
 
 require (
 	github.com/alibaba/higress/plugins/wasm-go v0.0.0-20230519024024-625c06e58f91
-	github.com/stretchr/testify v1.8.3
-	github.com/tetratelabs/proxy-wasm-go-sdk v0.22.0
+	github.com/higress-group/proxy-wasm-go-sdk v0.0.0-20240226064518-b3dc4646a35a
+	github.com/stretchr/testify v1.8.4
 	github.com/tidwall/gjson v1.14.4
 )
 
@@ -19,5 +19,6 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tidwall/resp v0.1.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )