agentgateway: add extproc translation in traffic policy plugin #12667

TheRealSibasishBehera · 2025-10-19T18:25:07Z

Description

Change Type

/kind new_feature

Changelog

Add extproc support for agentgateway

Additional Notes

NONE

Copilot

Pull Request Overview

Adds support for translating ExtProc (external processing) policies into AgentGateway policies within the traffic policy plugin.

Introduces extproc policy handling and integrates it into translateTrafficPolicyToAgw.
Implements processExtProcPolicy to resolve GatewayExtension, build backend reference, and emit an ExtProc policy.
Minor Makefile improvement for KinD image flag usage.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File	Description
pkg/agentgateway/plugins/traffic_plugin.go	Adds extproc policy suffix, integrates extproc processing in translation, and implements processExtProcPolicy.
Makefile	Fixes kind create cluster --image usage to use the full image from CLUSTER_NODE_VERSION directly.

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

pkg/agentgateway/plugins/traffic_plugin.go

Copilot · 2025-10-19T18:27:31Z

pkg/agentgateway/plugins/traffic_plugin.go

+	if err != nil {
+		return nil, err
+	}
+	extProc := (*gwExt).Spec.ExtProc


Potential nil dereference: Spec.ExtProc is accessed without a nil check. Add a guard (e.g., if extProc == nil { return nil, fmt.Errorf("gateway extension %s/%s missing extProc spec", …) }) before accessing extProc.GrpcService.

Suggested change

extProc := (*gwExt).Spec.ExtProc

extProc := (*gwExt).Spec.ExtProc

if extProc == nil {

return nil, fmt.Errorf("gateway extension %s/%s missing extProc spec", trafficPolicy.Namespace, trafficPolicy.Name)

}

pkg/agentgateway/plugins/traffic_plugin.go

TheRealSibasishBehera · 2025-10-21T11:24:46Z

The code is ready for review .
It will need a new agentgateway release to be used as a dependency here.
I will remove the WIP label once that’s sorted.

cc: @npolshakova @howardjohn

npolshakova · 2025-10-22T23:16:29Z

Makefile


 .PHONY: kind-create
 kind-create: ## Create a KinD cluster
-	$(KIND) get clusters | grep $(CLUSTER_NAME) || $(KIND) create cluster --name $(CLUSTER_NAME) --image kindest/node:$(CLUSTER_NODE_VERSION)


Why this change?

there was a bug introduced where kindset/node was repeated twice.
its solved in the upstream . so i will remove this

removed this

npolshakova · 2025-10-22T23:17:05Z

internal/kgateway/query/mocks/mock_queries.go

 	schema "k8s.io/apimachinery/pkg/runtime/schema"
 	v1 "sigs.k8s.io/gateway-api/apis/v1"
-
-	query "github.com/kgateway-dev/kgateway/v2/internal/kgateway/query"


I think we want to revert this change and keep the kgateway imports in a separate group

npolshakova · 2025-10-22T23:17:44Z

pkg/agentgateway/plugins/traffic_plugin.go

 }

+func processExtProcPolicy(ctx krt.HandlerContext, gatewayExtensions krt.Collection[*v1alpha1.GatewayExtension], trafficPolicy *v1alpha1.TrafficPolicy, policyName string, policyTarget *api.PolicyTarget) ([]AgwPolicy, error) {
+	// TODO: warn if unsupported policy parameters are used?


Yep, let's make sure we report an error if any unsupported policy fields are set.

added validation for both extproc policy and extproc provider settings

npolshakova · 2025-10-22T23:26:10Z

pkg/agentgateway/plugins/traffic_plugin.go

+		if backendRef.Namespace != nil {
+			namespace = string(*extProc.GrpcService.BackendRef.Namespace)
+		}
+		port := uint32(80) // default port


Can we reuse buildServiceHost

used buildAGWServiceRef which in turn calls buildServiceHost

npolshakova · 2025-10-22T23:27:28Z

test/e2e/features/agentgateway/extproc/testdata/extproc-service.yaml

+      containers:
+        - name: ext-proc-grpc
+          # uses https://github.com/TheRealSibasishBehera/ext-proc-examples/tree/ag-support
+          image: sibseh/basic-sink:fix-2


Is there a reason we can't use the same setup as the envoy test? https://github.com/kgateway-dev/kgateway/blob/main/test/kubernetes/e2e/features/extproc/testdata/setup.yaml#L40

agentgateway only supports streaming body responses
the extproc impl used for envoy tests were not based on that , resulting the connections to hang (the gateway sent the requests but the response body from ext_proc server were considered invalid )

more about agentgateway specific code here

This fork includes

updated implementation to send streaming responses with the end_of_stream flag set to true.

updated the Go bindings to align with the latest envoy control plane API, removing the previous solo.io fork (the reason for that fork’s use is unclear to me).

npolshakova · 2025-10-23T13:05:45Z

https://github.com/agentgateway/agentgateway/releases/tag/v0.10.4 is now out, so we should be able to bump to that and get the ext-proc xds support! 🎉

TheRealSibasishBehera · 2025-10-23T15:26:59Z

Thanks for the update. I will bump the version

TheRealSibasishBehera · 2025-10-24T00:15:49Z

pkg/agentgateway/plugins/traffic_plugin.go

+		errs = append(errs, fmt.Errorf("statPrefix field in ExtProcProvider is not supported for agentgateway"))
+	}
+
+	// TODO: RouteCacheAction has a kubebuilder default so we don't validate it here


can the default marker be removed and handled in envoy specific code ?
I dont think it would be a breaking change this way and validation can be performed here properly

update:
envoy specific code was already setting the default value for RouteCacheAction to FromResponse
So I had to just remove the kubebuilder marker and add validation here

npolshakova · 2025-10-29T17:49:15Z

Hey there are some up coming changes to the API as part of #12723 that will affect this. Let's also move the code used to build the test extproc image into the kgateway repo so we can rebuild it as necessary! This can live under the agentgateway/extproc directory similar to how we have the a2a example.

Signed-off-by: Sibasish Behera <[email protected]>

npolshakova · 2025-11-04T20:00:08Z

Now that #12723 has gone in, this should be unblocked! We'll just want to update the api to be on AgentgatewayPolicy!

Copilot AI review requested due to automatic review settings October 19, 2025 18:25

github-actions bot added do-not-merge/kind-invalid Indicates a PR lacks a `kind/foo` label and requires one. release-note labels Oct 19, 2025

Copilot AI reviewed Oct 19, 2025

View reviewed changes

github-actions bot added kind/feature Categorizes issue or PR as related to a new feature. and removed do-not-merge/kind-invalid Indicates a PR lacks a `kind/foo` label and requires one. labels Oct 19, 2025

TheRealSibasishBehera force-pushed the ag-extproc branch 3 times, most recently from 36b6099 to f96d5f9 Compare October 21, 2025 11:14

npolshakova reviewed Oct 22, 2025

View reviewed changes

TheRealSibasishBehera force-pushed the ag-extproc branch from f96d5f9 to 03d65a9 Compare October 23, 2025 23:08

TheRealSibasishBehera changed the title ~~WIP: Add extproc translation in the agentgateway traffic policy plugin~~ agentgateway: add extproc translation in traffic policy plugin Oct 23, 2025

TheRealSibasishBehera force-pushed the ag-extproc branch 3 times, most recently from f2606a5 to db41934 Compare October 24, 2025 00:08

TheRealSibasishBehera commented Oct 24, 2025

View reviewed changes

TheRealSibasishBehera force-pushed the ag-extproc branch from db41934 to 5cebb15 Compare October 24, 2025 12:19

TheRealSibasishBehera force-pushed the ag-extproc branch from 5cebb15 to e405149 Compare November 3, 2025 19:20

Add extproc translation in the agentgateway traffic policy plugin

fa2db6a

Signed-off-by: Sibasish Behera <[email protected]>

TheRealSibasishBehera force-pushed the ag-extproc branch from e405149 to 0fd7017 Compare November 3, 2025 19:49

add validation for route cache action

68730ef

Signed-off-by: Sibasish Behera <[email protected]>

TheRealSibasishBehera force-pushed the ag-extproc branch from 0fd7017 to 68730ef Compare November 3, 2025 20:07

TheRealSibasishBehera requested a review from npolshakova November 3, 2025 20:12

agentgateway: add extproc translation in traffic policy plugin #12667

Are you sure you want to change the base?

agentgateway: add extproc translation in traffic policy plugin #12667

Uh oh!

Conversation

TheRealSibasishBehera commented Oct 19, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Change Type

Changelog

Additional Notes

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Reviewed Changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI Oct 19, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

TheRealSibasishBehera commented Oct 21, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

npolshakova commented Oct 23, 2025

Uh oh!

TheRealSibasishBehera commented Oct 23, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

npolshakova commented Oct 29, 2025

Uh oh!

npolshakova commented Nov 4, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

TheRealSibasishBehera commented Oct 19, 2025 •

edited

Loading