Setting invalid values in EnvoyProxy deletes Deployment all together #7735
Description
Description:
Setting invalid Envoy configuration in bootstrap field in EnvoyProxy causes Envoy Gateway to delete Envoy Proxy resources all together including the deployment.
In my case I was trying to merge in additional settings to stats_tags and I set an invalid regex; but to my surprise the EnvoyProxy Kubernetes Deployment was instantly deleted, as well as the PDB, but not the service.
Error showing in gateway:
2025-12-14T04:20:46.917Z ERROR gateway-api gatewayapi/translator.go:347 Skipping GatewayClass because EnvoyProxy is invalid {"runner": "gateway-api", "gatewayclass": "envoy-gateway-internal", "envoyproxy": "envoy-gateway-internal", "namespace": "platform-envoy-gateway", "error": "failed to parse override bootstrap config: yaml: line 9: did not find expected key"}
I understand that setting with bootstrap is considered advanced. It is however still a very handy escape hatch, and I would expect Envoy Gateway to not react the way it's doing which you can imagine how disastrous this can be in Production environment; but instead I'd expect Envoy Gateway to reject the configuration and be a bit more forgiving.
Repro steps:
Include sample requests, environment, etc. All data and inputs
required to reproduce the bug.
- Have a working EnvoyProxy with active deloyment.
- Set the following bootstrap
bootstrap:
type: "Merge"
value: |
admin:
address:
socket_address:
address: 0.0.0.0
stats_config:
stats_tags:
- tag_name: route_kind
regex: '^cluster\.((\w+)/)"(notice the unmatched quote " at the end of the regex.)
3. Observe EnvoyGateway deleting the Deployment.
4. Fix the syntax issue by setting " to `
Environment:
Image Version: docker.io/envoyproxy/gateway:v1.6.0