From c0ef9f26def48d73df6069779a8afb8681ef52e6 Mon Sep 17 00:00:00 2001 From: zirain Date: Wed, 30 Oct 2024 15:32:22 +0800 Subject: [PATCH 1/2] fix: listener on IPv6 first cluster Signed-off-by: zirain --- .../templates/envoy-gateway-deployment.yaml | 4 + .../translate/out/default-resources.all.yaml | 2 +- internal/cmd/envoy/shutdown_manager.go | 4 +- internal/envoygateway/config/config.go | 4 + internal/gatewayapi/listener.go | 13 +- internal/gatewayapi/runner/runner.go | 1 + internal/gatewayapi/translator.go | 3 + internal/infrastructure/host/proxy_infra.go | 2 + internal/infrastructure/kubernetes/infra.go | 3 + .../kubernetes/proxy/resource.go | 6 +- .../kubernetes/proxy/resource_provider.go | 11 +- .../proxy/resource_provider_test.go | 14 +- .../proxy/testdata/daemonsets/custom.yaml | 2 +- .../testdata/daemonsets/default-env.yaml | 2 +- .../proxy/testdata/daemonsets/default.yaml | 2 +- .../daemonsets/disable-prometheus.yaml | 2 +- .../testdata/daemonsets/extension-env.yaml | 2 +- .../override-labels-and-annotations.yaml | 2 +- .../testdata/daemonsets/patch-daemonset.yaml | 2 +- .../testdata/daemonsets/shutdown-manager.yaml | 2 +- .../proxy/testdata/daemonsets/volumes.yaml | 2 +- .../testdata/daemonsets/with-annotations.yaml | 2 +- .../testdata/daemonsets/with-extra-args.yaml | 2 +- .../daemonsets/with-image-pull-secrets.yaml | 2 +- .../proxy/testdata/daemonsets/with-name.yaml | 2 +- .../daemonsets/with-node-selector.yaml | 2 +- .../with-topology-spread-constraints.yaml | 2 +- .../proxy/testdata/deployments/custom.yaml | 2 +- .../custom_with_initcontainers.yaml | 2 +- .../testdata/deployments/default-env.yaml | 2 +- .../proxy/testdata/deployments/default.yaml | 2 +- .../deployments/disable-prometheus.yaml | 2 +- .../testdata/deployments/extension-env.yaml | 2 +- .../override-labels-and-annotations.yaml | 2 +- .../deployments/patch-deployment.yaml | 2 +- .../deployments/shutdown-manager.yaml | 2 +- .../proxy/testdata/deployments/volumes.yaml | 2 +- .../deployments/with-annotations.yaml | 2 +- .../deployments/with-empty-memory-limits.yaml | 2 +- .../testdata/deployments/with-extra-args.yaml | 2 +- .../deployments/with-image-pull-secrets.yaml | 2 +- .../proxy/testdata/deployments/with-name.yaml | 2 +- .../deployments/with-node-selector.yaml | 2 +- .../with-topology-spread-constraints.yaml | 2 +- .../kubernetes/proxy_configmap_test.go | 4 +- .../kubernetes/proxy_daemonset_test.go | 4 +- .../kubernetes/proxy_deployment_test.go | 6 +- .../infrastructure/kubernetes/proxy_infra.go | 4 +- .../kubernetes/proxy_service_test.go | 2 +- .../kubernetes/proxy_serviceaccount_test.go | 4 +- internal/utils/net/ip.go | 50 +++++ internal/utils/net/ip_test.go | 86 ++++++++ internal/xds/bootstrap/bootstrap.go | 34 +++- internal/xds/bootstrap/bootstrap.yaml.tpl | 2 +- internal/xds/bootstrap/bootstrap_test.go | 43 ++-- .../testdata/ipv6/custom-server-port.yaml | 168 ++++++++++++++++ .../testdata/ipv6/custom-stats-matcher.yaml | 179 +++++++++++++++++ .../testdata/ipv6/disable-prometheus.yaml | 146 ++++++++++++++ .../enable-prometheus-gzip-compression.yaml | 175 +++++++++++++++++ .../testdata/ipv6/enable-prometheus.yaml | 168 ++++++++++++++++ .../ipv6/otel-metrics-backendref.yaml | 171 ++++++++++++++++ .../bootstrap/testdata/ipv6/otel-metrics.yaml | 171 ++++++++++++++++ .../ipv6/with-max-heap-size-bytes.yaml | 183 ++++++++++++++++++ .../testdata/render/custom-server-port.yaml | 2 +- .../testdata/render/custom-stats-matcher.yaml | 2 +- .../testdata/render/disable-prometheus.yaml | 2 +- .../enable-prometheus-gzip-compression.yaml | 2 +- .../testdata/render/enable-prometheus.yaml | 2 +- .../render/otel-metrics-backendref.yaml | 2 +- .../testdata/render/otel-metrics.yaml | 2 +- .../render/with-max-heap-size-bytes.yaml | 2 +- internal/xds/bootstrap/util_test.go | 2 +- internal/xds/translator/listener.go | 64 +++--- .../certjen-custom-scheduling.out.yaml | 4 + .../control-plane-with-pdb.out.yaml | 4 + .../helm/gateway-helm/default-config.out.yaml | 4 + .../deployment-custom-topology.out.yaml | 4 + .../deployment-images-config.out.yaml | 4 + .../deployment-priorityclass.out.yaml | 4 + .../deployment-securitycontext.out.yaml | 4 + .../envoy-gateway-config.out.yaml | 4 + .../global-images-config.out.yaml | 4 + .../gateway-helm/service-annotations.out.yaml | 4 + 83 files changed, 1730 insertions(+), 123 deletions(-) create mode 100644 internal/utils/net/ip.go create mode 100644 internal/utils/net/ip_test.go create mode 100644 internal/xds/bootstrap/testdata/ipv6/custom-server-port.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/custom-stats-matcher.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/disable-prometheus.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/enable-prometheus-gzip-compression.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/enable-prometheus.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/otel-metrics-backendref.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/otel-metrics.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/with-max-heap-size-bytes.yaml diff --git a/charts/gateway-helm/templates/envoy-gateway-deployment.yaml b/charts/gateway-helm/templates/envoy-gateway-deployment.yaml index 7746dd2e4a..638497a07c 100644 --- a/charts/gateway-helm/templates/envoy-gateway-deployment.yaml +++ b/charts/gateway-helm/templates/envoy-gateway-deployment.yaml @@ -46,6 +46,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index 26e4249645..f3f4f3ade1 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -43,7 +43,7 @@ envoyProxyForGatewayClass: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/cmd/envoy/shutdown_manager.go b/internal/cmd/envoy/shutdown_manager.go index 48f624bb67..e0b8204a61 100644 --- a/internal/cmd/envoy/shutdown_manager.go +++ b/internal/cmd/envoy/shutdown_manager.go @@ -171,7 +171,7 @@ func Shutdown(drainTimeout time.Duration, minDrainDuration time.Duration, exitAt // postEnvoyAdminAPI sends a POST request to the Envoy admin API func postEnvoyAdminAPI(path string) error { if resp, err := http.Post(fmt.Sprintf("http://%s:%d/%s", - bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil { + "localhost", bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil { return err } else { defer resp.Body.Close() @@ -187,7 +187,7 @@ func postEnvoyAdminAPI(path string) error { func getTotalConnections() (*int, error) { // Send request to Envoy admin API to retrieve server.total_connections stat if resp, err := http.Get(fmt.Sprintf("http://%s:%d//stats?filter=^server\\.total_connections$&format=json", - bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort)); err != nil { + "localhost", bootstrap.EnvoyAdminPort)); err != nil { return nil, err } else { defer resp.Body.Close() diff --git a/internal/envoygateway/config/config.go b/internal/envoygateway/config/config.go index c842c184e4..d4b16cd019 100644 --- a/internal/envoygateway/config/config.go +++ b/internal/envoygateway/config/config.go @@ -12,6 +12,7 @@ import ( "github.com/envoyproxy/gateway/api/v1alpha1/validation" "github.com/envoyproxy/gateway/internal/logging" "github.com/envoyproxy/gateway/internal/utils/env" + "github.com/envoyproxy/gateway/internal/utils/net" ) const ( @@ -38,6 +39,8 @@ type Server struct { Logger logging.Logger // Elected chan is used to signal what a leader is elected Elected chan struct{} + // IPv6First is a flag to indicate if the server should prefer IPv6 addresses. + IPv6First bool } // New returns a Server with default parameters. @@ -46,6 +49,7 @@ func New() (*Server, error) { EnvoyGateway: egv1a1.DefaultEnvoyGateway(), Namespace: env.Lookup("ENVOY_GATEWAY_NAMESPACE", DefaultNamespace), DNSDomain: env.Lookup("KUBERNETES_CLUSTER_DOMAIN", DefaultDNSDomain), + IPv6First: net.IsIPv6FirstPod(), // the default logger Logger: logging.DefaultLogger(egv1a1.LogLevelInfo), Elected: make(chan struct{}), diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index 30e75ad619..cc1561d4c1 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -22,6 +22,7 @@ import ( "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/utils" "github.com/envoyproxy/gateway/internal/utils/naming" + "github.com/envoyproxy/gateway/internal/utils/net" ) var _ ListenersTranslator = (*Translator)(nil) @@ -99,6 +100,12 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource if !isReady { continue } + + address := net.IPv4ListenerAddress + if net.PreferIPFamily(t.IPv6First, gateway.envoyProxy) == egv1a1.IPv6 { + address = net.IPv6ListenerAddress + } + // Add the listener to the Xds IR servicePort := &protocolPort{protocol: listener.Protocol, port: int32(listener.Port)} containerPort := servicePortToContainerPort(int32(listener.Port), gateway.envoyProxy) @@ -107,7 +114,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource irListener := &ir.HTTPListener{ CoreListenerDetails: ir.CoreListenerDetails{ Name: irListenerName(listener), - Address: "0.0.0.0", + Address: address, Port: uint32(containerPort), Metadata: buildListenerMetadata(listener, gateway), IPFamily: getIPFamily(gateway.envoyProxy), @@ -134,7 +141,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource irListener := &ir.TCPListener{ CoreListenerDetails: ir.CoreListenerDetails{ Name: irListenerName(listener), - Address: "0.0.0.0", + Address: address, Port: uint32(containerPort), IPFamily: getIPFamily(gateway.envoyProxy), }, @@ -150,7 +157,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource irListener := &ir.UDPListener{ CoreListenerDetails: ir.CoreListenerDetails{ Name: irListenerName(listener), - Address: "0.0.0.0", + Address: address, Port: uint32(containerPort), }, } diff --git a/internal/gatewayapi/runner/runner.go b/internal/gatewayapi/runner/runner.go index 6297589291..d8f4940ef4 100644 --- a/internal/gatewayapi/runner/runner.go +++ b/internal/gatewayapi/runner/runner.go @@ -152,6 +152,7 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) { Namespace: r.Namespace, MergeGateways: gatewayapi.IsMergeGatewaysEnabled(resources), WasmCache: r.wasmCache, + IPv6First: r.IPv6First, } // If an extension is loaded, pass its supported groups/kinds to the translator diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index 23e651b6c6..8769e51a20 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -91,6 +91,9 @@ type Translator struct { // WasmCache is the cache for Wasm modules. WasmCache wasm.Cache + + // IPv6First is true when IPv6 addresses should be preferred + IPv6First bool } type TranslateResult struct { diff --git a/internal/infrastructure/host/proxy_infra.go b/internal/infrastructure/host/proxy_infra.go index 371aedc2be..72e11388ea 100644 --- a/internal/infrastructure/host/proxy_infra.go +++ b/internal/infrastructure/host/proxy_infra.go @@ -17,6 +17,7 @@ import ( "github.com/envoyproxy/gateway/internal/infrastructure/common" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/utils" + "github.com/envoyproxy/gateway/internal/utils/net" "github.com/envoyproxy/gateway/internal/xds/bootstrap" ) @@ -59,6 +60,7 @@ func (i *Infra) CreateOrUpdateProxyInfra(ctx context.Context, infra *ir.Infra) e WasmServerPort: ptr.To(int32(0)), AdminServerPort: ptr.To(int32(0)), ReadyServerPort: ptr.To(int32(0)), + IPFamily: net.PreferIPFamily(false, proxyConfig), } args, err := common.BuildProxyArgs(proxyInfra, proxyConfig.Spec.Shutdown, bootstrapConfigOptions, proxyName) diff --git a/internal/infrastructure/kubernetes/infra.go b/internal/infrastructure/kubernetes/infra.go index 4285f39596..b99651443a 100644 --- a/internal/infrastructure/kubernetes/infra.go +++ b/internal/infrastructure/kubernetes/infra.go @@ -58,6 +58,8 @@ type Infra struct { // Client wrap k8s client. Client *InfraClient + + IPv6First bool } // NewInfra returns a new Infra. @@ -67,6 +69,7 @@ func NewInfra(cli client.Client, cfg *config.Server) *Infra { DNSDomain: cfg.DNSDomain, EnvoyGateway: cfg.EnvoyGateway, Client: New(cli), + IPv6First: cfg.IPv6First, } } diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go index aa5a4d64e7..315ed3ad86 100644 --- a/internal/infrastructure/kubernetes/proxy/resource.go +++ b/internal/infrastructure/kubernetes/proxy/resource.go @@ -20,6 +20,7 @@ import ( "github.com/envoyproxy/gateway/internal/infrastructure/kubernetes/resource" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/utils" + "github.com/envoyproxy/gateway/internal/utils/net" "github.com/envoyproxy/gateway/internal/xds/bootstrap" ) @@ -83,8 +84,8 @@ func expectedProxyContainers(infra *ir.ProxyInfra, containerSpec *egv1a1.KubernetesContainerSpec, shutdownConfig *egv1a1.ShutdownConfig, shutdownManager *egv1a1.ShutdownManager, - namespace string, - dnsDomain string, + namespace string, dnsDomain string, + ipv6First bool, ) ([]corev1.Container, error) { // Define slice to hold container ports var ports []corev1.ContainerPort @@ -135,6 +136,7 @@ func expectedProxyContainers(infra *ir.ProxyInfra, }, MaxHeapSizeBytes: maxHeapSizeBytes, XdsServerHost: ptr.To(fmt.Sprintf("%s.%s.svc.%s", config.EnvoyGatewayServiceName, namespace, dnsDomain)), + IPFamily: net.PreferIPFamily(ipv6First, infra.Config), } args, err := common.BuildProxyArgs(infra, shutdownConfig, bootstrapConfigOptions, fmt.Sprintf("$(%s)", envoyPodEnvVar)) diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index 9830bafad7..6784d6f90b 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -49,14 +49,17 @@ type ResourceRender struct { DNSDomain string ShutdownManager *egv1a1.ShutdownManager + + IPv6First bool } -func NewResourceRender(ns string, dnsDomain string, infra *ir.ProxyInfra, gateway *egv1a1.EnvoyGateway) *ResourceRender { +func NewResourceRender(ipv6First bool, ns string, dnsDomain string, infra *ir.ProxyInfra, gateway *egv1a1.EnvoyGateway) *ResourceRender { return &ResourceRender{ Namespace: ns, DNSDomain: dnsDomain, infra: infra, ShutdownManager: gateway.GetEnvoyGatewayProvider().GetEnvoyGatewayKubeProvider().ShutdownManager, + IPv6First: ipv6First, } } @@ -262,7 +265,8 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { proxyConfig := r.infra.GetProxyConfig() // Get expected bootstrap configurations rendered ProxyContainers - containers, err := expectedProxyContainers(r.infra, deploymentConfig.Container, proxyConfig.Spec.Shutdown, r.ShutdownManager, r.Namespace, r.DNSDomain) + containers, err := expectedProxyContainers(r.infra, deploymentConfig.Container, proxyConfig.Spec.Shutdown, + r.ShutdownManager, r.Namespace, r.DNSDomain, r.IPv6First) if err != nil { return nil, err } @@ -364,7 +368,8 @@ func (r *ResourceRender) DaemonSet() (*appsv1.DaemonSet, error) { proxyConfig := r.infra.GetProxyConfig() // Get expected bootstrap configurations rendered ProxyContainers - containers, err := expectedProxyContainers(r.infra, daemonSetConfig.Container, proxyConfig.Spec.Shutdown, r.ShutdownManager, r.Namespace, r.DNSDomain) + containers, err := expectedProxyContainers(r.infra, daemonSetConfig.Container, proxyConfig.Spec.Shutdown, + r.ShutdownManager, r.Namespace, r.DNSDomain, r.IPv6First) if err != nil { return nil, err } diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go index 0cf54a4042..c37ca52949 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go @@ -564,7 +564,7 @@ func TestDeployment(t *testing.T) { tc.infra.Proxy.Config.Spec.ExtraArgs = tc.extraArgs } - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) dp, err := r.Deployment() require.NoError(t, err) @@ -993,7 +993,7 @@ func TestDaemonSet(t *testing.T) { tc.infra.Proxy.Config.Spec.ExtraArgs = tc.extraArgs } - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) ds, err := r.DaemonSet() require.NoError(t, err) @@ -1143,7 +1143,7 @@ func TestService(t *testing.T) { provider.EnvoyService = tc.service } - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) svc, err := r.Service() require.NoError(t, err) @@ -1186,7 +1186,7 @@ func TestConfigMap(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) cm, err := r.ConfigMap() require.NoError(t, err) @@ -1229,7 +1229,7 @@ func TestServiceAccount(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) sa, err := r.ServiceAccount() require.NoError(t, err) @@ -1285,7 +1285,7 @@ func TestPDB(t *testing.T) { provider.GetEnvoyProxyKubeProvider() - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) pdb, err := r.PodDisruptionBudget() require.NoError(t, err) @@ -1371,7 +1371,7 @@ func TestHorizontalPodAutoscaler(t *testing.T) { } provider.GetEnvoyProxyKubeProvider() - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) hpa, err := r.HorizontalPodAutoscaler() require.NoError(t, err) diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml index b3472d7ce4..eccd2e1071 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml @@ -75,7 +75,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml index 329cb6fcfd..71326042b1 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml index 7fd747bfc5..227dd070eb 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml index 8de53f5399..a6774a196d 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml @@ -70,7 +70,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml index ae4f11bf6a..2568b728c2 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml index fd9dad594d..0a9303bc82 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml @@ -83,7 +83,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml index 44303a333f..eec1360277 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml index f656e51276..7482104f31 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml index 268a27505a..70e9dd4427 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml index de2cfc52cb..6e71a309d3 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml @@ -79,7 +79,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml index bd684b6f4d..f29291743f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml index 924d99cee9..91fc2568e0 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml index 0f6bb5dcb8..b5ba0ae388 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml index 69797a95a4..5722180e88 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml index b8cf4d12a6..807d911c36 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index dff786a351..d546b53cb5 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -80,7 +80,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml index 65079b2316..10c2620802 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml @@ -80,7 +80,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml index 88371d81d1..21c82059e4 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml @@ -79,7 +79,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml index 57a62e569b..0d465c7747 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml index e575a3f311..6296fec801 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml index 9b84c2b417..b04577af8c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml @@ -79,7 +79,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml index 6300b90655..cf54334c39 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml @@ -87,7 +87,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml index 269909aec4..502e4dbf9c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml index 5774c9dc1d..e9c03a209e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml index 9f6f50940c..afd33f335b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml @@ -79,7 +79,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml index 3924adc486..4b68b2aa2a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml @@ -83,7 +83,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml index ce6f8b7b5d..2a3d17106e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml index bc0a7e23a5..22e1289641 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml index 360253c560..792a1a7c8a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml index 52ea316c85..cfbe0d4a92 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml index 6a8cfb126b..49c26a3ca2 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml index 3bdf275ce0..03949f1b9e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy_configmap_test.go b/internal/infrastructure/kubernetes/proxy_configmap_test.go index ec4c0ec74e..f045459dab 100644 --- a/internal/infrastructure/kubernetes/proxy_configmap_test.go +++ b/internal/infrastructure/kubernetes/proxy_configmap_test.go @@ -111,7 +111,7 @@ func TestCreateOrUpdateProxyConfigMap(t *testing.T) { Build() } kube := NewInfra(cli, cfg) - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) err := kube.createOrUpdateConfigMap(context.Background(), r) require.NoError(t, err) actual := &corev1.ConfigMap{ @@ -169,7 +169,7 @@ func TestDeleteConfigProxyMap(t *testing.T) { infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = infra.Proxy.Name - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) cm := &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Namespace: kube.Namespace, diff --git a/internal/infrastructure/kubernetes/proxy_daemonset_test.go b/internal/infrastructure/kubernetes/proxy_daemonset_test.go index 2c12658624..dd4e392289 100644 --- a/internal/infrastructure/kubernetes/proxy_daemonset_test.go +++ b/internal/infrastructure/kubernetes/proxy_daemonset_test.go @@ -66,7 +66,7 @@ func TestCreateOrUpdateProxyDaemonSet(t *testing.T) { }, } - r := proxy.NewResourceRender(cfg.Namespace, cfg.DNSDomain, infra.GetProxyInfra(), cfg.EnvoyGateway) + r := proxy.NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, infra.GetProxyInfra(), cfg.EnvoyGateway) ds, err := r.DaemonSet() require.NoError(t, err) @@ -245,7 +245,7 @@ func TestCreateOrUpdateProxyDaemonSet(t *testing.T) { } kube := NewInfra(cli, cfg) - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) err := kube.createOrUpdateDaemonSet(context.Background(), r) if tc.wantErr { require.Error(t, err) diff --git a/internal/infrastructure/kubernetes/proxy_deployment_test.go b/internal/infrastructure/kubernetes/proxy_deployment_test.go index 188c92961b..5da24ced98 100644 --- a/internal/infrastructure/kubernetes/proxy_deployment_test.go +++ b/internal/infrastructure/kubernetes/proxy_deployment_test.go @@ -59,7 +59,7 @@ func TestCreateOrUpdateProxyDeployment(t *testing.T) { infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = infra.Proxy.Name - r := proxy.NewResourceRender(cfg.Namespace, cfg.DNSDomain, infra.GetProxyInfra(), cfg.EnvoyGateway) + r := proxy.NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, infra.GetProxyInfra(), cfg.EnvoyGateway) deploy, err := r.Deployment() require.NoError(t, err) @@ -238,7 +238,7 @@ func TestCreateOrUpdateProxyDeployment(t *testing.T) { } kube := NewInfra(cli, cfg) - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) err := kube.createOrUpdateDeployment(context.Background(), r) if tc.wantErr { require.Error(t, err) @@ -284,7 +284,7 @@ func TestDeleteProxyDeployment(t *testing.T) { infra := ir.NewInfra() infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = infra.Proxy.Name - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) err := kube.createOrUpdateDeployment(context.Background(), r) require.NoError(t, err) diff --git a/internal/infrastructure/kubernetes/proxy_infra.go b/internal/infrastructure/kubernetes/proxy_infra.go index b7d96f3bb3..c489aa8926 100644 --- a/internal/infrastructure/kubernetes/proxy_infra.go +++ b/internal/infrastructure/kubernetes/proxy_infra.go @@ -23,7 +23,7 @@ func (i *Infra) CreateOrUpdateProxyInfra(ctx context.Context, infra *ir.Infra) e return errors.New("infra proxy ir is nil") } - r := proxy.NewResourceRender(i.Namespace, i.DNSDomain, infra.GetProxyInfra(), i.EnvoyGateway) + r := proxy.NewResourceRender(i.IPv6First, i.Namespace, i.DNSDomain, infra.GetProxyInfra(), i.EnvoyGateway) return i.createOrUpdate(ctx, r) } @@ -33,6 +33,6 @@ func (i *Infra) DeleteProxyInfra(ctx context.Context, infra *ir.Infra) error { return errors.New("infra ir is nil") } - r := proxy.NewResourceRender(i.Namespace, i.DNSDomain, infra.GetProxyInfra(), i.EnvoyGateway) + r := proxy.NewResourceRender(i.IPv6First, i.Namespace, i.DNSDomain, infra.GetProxyInfra(), i.EnvoyGateway) return i.delete(ctx, r) } diff --git a/internal/infrastructure/kubernetes/proxy_service_test.go b/internal/infrastructure/kubernetes/proxy_service_test.go index dab16d5b98..3dfd36e976 100644 --- a/internal/infrastructure/kubernetes/proxy_service_test.go +++ b/internal/infrastructure/kubernetes/proxy_service_test.go @@ -32,7 +32,7 @@ func TestDeleteProxyService(t *testing.T) { infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = infra.Proxy.Name - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) err := kube.createOrUpdateService(context.Background(), r) require.NoError(t, err) diff --git a/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go b/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go index 44732bf6b4..2013051bec 100644 --- a/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go +++ b/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go @@ -187,7 +187,7 @@ func TestCreateOrUpdateProxyServiceAccount(t *testing.T) { kube := NewInfra(cli, cfg) - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) err = kube.createOrUpdateServiceAccount(context.Background(), r) require.NoError(t, err) @@ -220,7 +220,7 @@ func TestDeleteProxyServiceAccount(t *testing.T) { infra := ir.NewInfra() infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = infra.Proxy.Name - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) err := kube.createOrUpdateServiceAccount(context.Background(), r) require.NoError(t, err) diff --git a/internal/utils/net/ip.go b/internal/utils/net/ip.go new file mode 100644 index 0000000000..99bde67706 --- /dev/null +++ b/internal/utils/net/ip.go @@ -0,0 +1,50 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package net + +import ( + "net" + "os" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" +) + +const ( + IPv4ListenerAddress = "0.0.0.0" + IPv6ListenerAddress = "::" +) + +func IsIPv6(s string) bool { + ip := net.ParseIP(s) + if ip == nil { + return false + } + return ip.To4() == nil +} + +// IsIPv6FirstPod returns true if the POD_IP environment variable is an IPv6 address. +// WARNING: This function is only intended to be used in the context of Kubernetes. +func IsIPv6FirstPod() bool { + return IsIPv6(os.Getenv("POD_IP")) +} + +func PreferIPFamily(ipv6First bool, envoyProxy *egv1a1.EnvoyProxy) egv1a1.IPFamily { + if ipv6First { + // return IPv4 if envoy proxy specifies IPv4 + if envoyProxy != nil && envoyProxy.Spec.IPFamily != nil && *envoyProxy.Spec.IPFamily == egv1a1.IPv4 { + return egv1a1.IPv4 + } + + return egv1a1.IPv6 + } + + // return IPv6 if envoy proxy specifies IPv6 + if envoyProxy != nil && envoyProxy.Spec.IPFamily != nil && *envoyProxy.Spec.IPFamily == egv1a1.IPv6 { + return egv1a1.IPv6 + } + + return egv1a1.IPv4 +} diff --git a/internal/utils/net/ip_test.go b/internal/utils/net/ip_test.go new file mode 100644 index 0000000000..77d4605256 --- /dev/null +++ b/internal/utils/net/ip_test.go @@ -0,0 +1,86 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package net + +import ( + "testing" + + "k8s.io/utils/ptr" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" +) + +func TestIsIPv6(t *testing.T) { + cases := []struct { + ip string + expected bool + }{ + { + ip: "", + expected: false, + }, + { + ip: "127.0.0.1", + expected: false, + }, + { + ip: "::1", + expected: true, + }, + } + + for _, tc := range cases { + t.Run(tc.ip, func(t *testing.T) { + actual := IsIPv6(tc.ip) + if actual != tc.expected { + t.Errorf("IsIPv6(%s) = %t; expected %t", tc.ip, actual, tc.expected) + } + }) + } +} + +func TestPreferIPFamily(t *testing.T) { + cases := []struct { + name string + ipv6First bool + envoyProxy *egv1a1.EnvoyProxy + expected egv1a1.IPFamily + }{ + { + name: "ipv6First=true,envoyProxy=nil", + ipv6First: true, + envoyProxy: nil, + expected: egv1a1.IPv6, + }, + { + name: "ipv6First=true,envoyProxy=ipv4", + ipv6First: true, + envoyProxy: &egv1a1.EnvoyProxy{Spec: egv1a1.EnvoyProxySpec{IPFamily: ptr.To(egv1a1.IPv4)}}, + expected: egv1a1.IPv4, + }, + { + name: "ipv6First=false,envoyProxy=nil", + ipv6First: false, + envoyProxy: nil, + expected: egv1a1.IPv4, + }, + { + name: "ipv6First=false,envoyProxy=IPv6", + ipv6First: true, + envoyProxy: &egv1a1.EnvoyProxy{Spec: egv1a1.EnvoyProxySpec{IPFamily: ptr.To(egv1a1.IPv6)}}, + expected: egv1a1.IPv6, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + actual := PreferIPFamily(tc.ipv6First, tc.envoyProxy) + if actual != tc.expected { + t.Errorf("PreferIPFamily(%t, %v) = %v; expected %v", tc.ipv6First, tc.envoyProxy, actual, tc.expected) + } + }) + } +} diff --git a/internal/xds/bootstrap/bootstrap.go b/internal/xds/bootstrap/bootstrap.go index e8aab4d836..fba5bc4b78 100644 --- a/internal/xds/bootstrap/bootstrap.go +++ b/internal/xds/bootstrap/bootstrap.go @@ -28,7 +28,8 @@ const ( // It defaults to the Envoy Gateway Kubernetes service. envoyGatewayXdsServerHost = "envoy-gateway" // EnvoyAdminAddress is the listening address of the envoy admin interface. - EnvoyAdminAddress = "127.0.0.1" + envoyAdminAddress = "127.0.0.1" + envoyAdminAddressIPv6 = "::1" // EnvoyAdminPort is the port used to expose admin interface. EnvoyAdminPort = 19000 // envoyAdminAccessLogPath is the path used to expose admin access log. @@ -41,14 +42,29 @@ const ( // DefaultWasmServerPort is the default listening port of the wasm HTTP server. wasmServerPort = 18002 - envoyReadinessAddress = "0.0.0.0" - EnvoyReadinessPort = 19001 - EnvoyReadinessPath = "/ready" + envoyReadinessAddress = "0.0.0.0" + envoyReadinessAddressIPv6 = "::" + EnvoyReadinessPort = 19001 + EnvoyReadinessPath = "/ready" defaultSdsTrustedCAPath = "/sds/xds-trusted-ca.json" defaultSdsCertificatePath = "/sds/xds-certificate.json" ) +func AdminAddress(family egv1a1.IPFamily) string { + if family == egv1a1.IPv6 { + return envoyAdminAddressIPv6 + } + return envoyAdminAddress +} + +func readinessAddress(family egv1a1.IPFamily) string { + if family == egv1a1.IPv6 { + return envoyReadinessAddressIPv6 + } + return envoyReadinessAddress +} + //go:embed bootstrap.yaml.tpl var bootstrapTmplStr string @@ -148,6 +164,7 @@ type RenderBootstrapConfigOptions struct { AdminServerPort *int32 ReadyServerPort *int32 MaxHeapSizeBytes uint64 + IPFamily egv1a1.IPFamily } type SdsConfigPath struct { @@ -240,6 +257,11 @@ func GetRenderedBootstrapConfig(opts *RenderBootstrapConfigOptions) (string, err } } + ipFamily := egv1a1.IPv4 + if opts != nil { + ipFamily = opts.IPFamily + } + cfg := &bootstrapConfig{ parameters: bootstrapParameters{ XdsServer: serverParameters{ @@ -251,12 +273,12 @@ func GetRenderedBootstrapConfig(opts *RenderBootstrapConfigOptions) (string, err Port: wasmServerPort, }, AdminServer: adminServerParameters{ - Address: EnvoyAdminAddress, + Address: AdminAddress(ipFamily), Port: EnvoyAdminPort, AccessLogPath: envoyAdminAccessLogPath, }, ReadyServer: readyServerParameters{ - Address: envoyReadinessAddress, + Address: readinessAddress(ipFamily), Port: EnvoyReadinessPort, ReadinessPath: EnvoyReadinessPath, }, diff --git a/internal/xds/bootstrap/bootstrap.yaml.tpl b/internal/xds/bootstrap/bootstrap.yaml.tpl index d243b7777e..10eb76c75f 100644 --- a/internal/xds/bootstrap/bootstrap.yaml.tpl +++ b/internal/xds/bootstrap/bootstrap.yaml.tpl @@ -65,7 +65,7 @@ static_resources: - name: envoy-gateway-proxy-ready-{{ .ReadyServer.Address }}-{{ .ReadyServer.Port }} address: socket_address: - address: {{ .ReadyServer.Address }} + address: '{{ .ReadyServer.Address }}' port_value: {{ .ReadyServer.Port }} protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/bootstrap_test.go b/internal/xds/bootstrap/bootstrap_test.go index 3c334eeaeb..ace84a0288 100644 --- a/internal/xds/bootstrap/bootstrap_test.go +++ b/internal/xds/bootstrap/bootstrap_test.go @@ -165,26 +165,43 @@ func TestGetRenderedBootstrapConfig(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - got, err := GetRenderedBootstrapConfig(tc.opts) - require.NoError(t, err) - - if *overrideTestData { - // nolint:gosec - err = os.WriteFile(path.Join("testdata", "render", fmt.Sprintf("%s.yaml", tc.name)), []byte(got), 0o644) + // IPv4 + { + got, err := GetRenderedBootstrapConfig(tc.opts) require.NoError(t, err) - return + + if *overrideTestData { + // nolint:gosec + err = os.WriteFile(path.Join("testdata", "render", fmt.Sprintf("%s.yaml", tc.name)), []byte(got), 0o644) + require.NoError(t, err) + } else { + expected, err := readTestData(tc.name, "render") + require.NoError(t, err) + assert.Equal(t, expected, got) + } } + // IPv6 + { + tc.opts.IPFamily = egv1a1.IPv6 + gotIPv6, err := GetRenderedBootstrapConfig(tc.opts) + require.NoError(t, err) - expected, err := readTestData(tc.name) - require.NoError(t, err) - assert.Equal(t, expected, got) + if *overrideTestData { + // nolint:gosec + err = os.WriteFile(path.Join("testdata", "ipv6", fmt.Sprintf("%s.yaml", tc.name)), []byte(gotIPv6), 0o644) + require.NoError(t, err) + } else { + expected, err := readTestData(tc.name, "ipv6") + require.NoError(t, err) + assert.Equal(t, expected, gotIPv6) + } + } }) } } -func readTestData(caseName string) (string, error) { - filename := path.Join("testdata", "render", fmt.Sprintf("%s.yaml", caseName)) - +func readTestData(caseName string, sub string) (string, error) { + filename := path.Join("testdata", sub, fmt.Sprintf("%s.yaml", caseName)) b, err := os.ReadFile(filename) if err != nil { return "", err diff --git a/internal/xds/bootstrap/testdata/ipv6/custom-server-port.yaml b/internal/xds/bootstrap/testdata/ipv6/custom-server-port.yaml new file mode 100644 index 0000000000..f04a2bd49f --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/custom-server-port.yaml @@ -0,0 +1,168 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 2222 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-3333 + address: + socket_address: + address: '::' + port_value: 3333 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + virtual_hosts: + - name: prometheus_stats + domains: + - "*" + routes: + - match: + prefix: /stats/prometheus + route: + cluster: prometheus_stats + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: prometheus_stats + connect_timeout: 0.250s + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: prometheus_stats + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ::1 + port_value: 2222 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: foo.bar + port_value: 12345 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 1111 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/custom-stats-matcher.yaml b/internal/xds/bootstrap/testdata/ipv6/custom-stats-matcher.yaml new file mode 100644 index 0000000000..021da2fa7e --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/custom-stats-matcher.yaml @@ -0,0 +1,179 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +stats_config: + stats_matcher: + inclusion_list: + patterns: + - exact: http.foo.bar.cluster.upstream_rq + - prefix: http + - prefix: cluster + - suffix: upstream_rq + - safe_regex: + google_re2: {} + regex: virtual.* +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + virtual_hosts: + - name: prometheus_stats + domains: + - "*" + routes: + - match: + prefix: /stats/prometheus + route: + cluster: prometheus_stats + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: prometheus_stats + connect_timeout: 0.250s + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: prometheus_stats + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ::1 + port_value: 19000 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/disable-prometheus.yaml b/internal/xds/bootstrap/testdata/ipv6/disable-prometheus.yaml new file mode 100644 index 0000000000..27df4b0ad1 --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/disable-prometheus.yaml @@ -0,0 +1,146 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/enable-prometheus-gzip-compression.yaml b/internal/xds/bootstrap/testdata/ipv6/enable-prometheus-gzip-compression.yaml new file mode 100644 index 0000000000..48c3ef38a7 --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/enable-prometheus-gzip-compression.yaml @@ -0,0 +1,175 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + virtual_hosts: + - name: prometheus_stats + domains: + - "*" + routes: + - match: + prefix: /stats/prometheus + route: + cluster: prometheus_stats + typed_per_filter_config: + envoy.filters.http.compression: + "@type": type.googleapis.com/envoy.extensions.filters.http.compressor.v3.CompressorPerRoute + compressor_library: + name: text_optimized + typed_config: + "@type": type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: prometheus_stats + connect_timeout: 0.250s + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: prometheus_stats + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ::1 + port_value: 19000 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/enable-prometheus.yaml b/internal/xds/bootstrap/testdata/ipv6/enable-prometheus.yaml new file mode 100644 index 0000000000..63395e20f7 --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/enable-prometheus.yaml @@ -0,0 +1,168 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + virtual_hosts: + - name: prometheus_stats + domains: + - "*" + routes: + - match: + prefix: /stats/prometheus + route: + cluster: prometheus_stats + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: prometheus_stats + connect_timeout: 0.250s + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: prometheus_stats + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ::1 + port_value: 19000 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/otel-metrics-backendref.yaml b/internal/xds/bootstrap/testdata/ipv6/otel-metrics-backendref.yaml new file mode 100644 index 0000000000..6c0a9251f0 --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/otel-metrics-backendref.yaml @@ -0,0 +1,171 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +stats_sinks: +- name: "envoy.stat_sinks.open_telemetry" + typed_config: + "@type": type.googleapis.com/envoy.extensions.stat_sinks.open_telemetry.v3.SinkConfig + grpc_service: + envoy_grpc: + cluster_name: otel_metric_sink_0 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: otel_metric_sink_0 + connect_timeout: 0.250s + type: STRICT_DNS + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: otel_metric_sink_0 + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: otel-collector.monitoring.svc + port_value: 4317 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/otel-metrics.yaml b/internal/xds/bootstrap/testdata/ipv6/otel-metrics.yaml new file mode 100644 index 0000000000..6c0a9251f0 --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/otel-metrics.yaml @@ -0,0 +1,171 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +stats_sinks: +- name: "envoy.stat_sinks.open_telemetry" + typed_config: + "@type": type.googleapis.com/envoy.extensions.stat_sinks.open_telemetry.v3.SinkConfig + grpc_service: + envoy_grpc: + cluster_name: otel_metric_sink_0 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: otel_metric_sink_0 + connect_timeout: 0.250s + type: STRICT_DNS + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: otel_metric_sink_0 + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: otel-collector.monitoring.svc + port_value: 4317 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/with-max-heap-size-bytes.yaml b/internal/xds/bootstrap/testdata/ipv6/with-max-heap-size-bytes.yaml new file mode 100644 index 0000000000..c85cecafc3 --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/with-max-heap-size-bytes.yaml @@ -0,0 +1,183 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + virtual_hosts: + - name: prometheus_stats + domains: + - "*" + routes: + - match: + prefix: /stats/prometheus + route: + cluster: prometheus_stats + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: prometheus_stats + connect_timeout: 0.250s + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: prometheus_stats + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ::1 + port_value: 19000 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 + - name: "envoy.resource_monitors.fixed_heap" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.fixed_heap.v3.FixedHeapConfig + max_heap_size_bytes: 1073741824 + actions: + - name: "envoy.overload_actions.shrink_heap" + triggers: + - name: "envoy.resource_monitors.fixed_heap" + threshold: + value: 0.95 + - name: "envoy.overload_actions.stop_accepting_requests" + triggers: + - name: "envoy.resource_monitors.fixed_heap" + threshold: + value: 0.98 diff --git a/internal/xds/bootstrap/testdata/render/custom-server-port.yaml b/internal/xds/bootstrap/testdata/render/custom-server-port.yaml index 23cd059a2a..cc3b56b399 100644 --- a/internal/xds/bootstrap/testdata/render/custom-server-port.yaml +++ b/internal/xds/bootstrap/testdata/render/custom-server-port.yaml @@ -34,7 +34,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-3333 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 3333 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml b/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml index 370b66914e..27258e741e 100644 --- a/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml +++ b/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml @@ -45,7 +45,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml b/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml index 1b5be570ce..1e3ba1994d 100644 --- a/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml +++ b/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml @@ -34,7 +34,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml b/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml index 93829b713f..20eedcb3be 100644 --- a/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml +++ b/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml @@ -34,7 +34,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml b/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml index 5d17a89534..162569bcaf 100644 --- a/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml +++ b/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml @@ -34,7 +34,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml b/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml index 3f6c0259a7..27521b3c3f 100644 --- a/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml +++ b/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml @@ -41,7 +41,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/otel-metrics.yaml b/internal/xds/bootstrap/testdata/render/otel-metrics.yaml index 3f6c0259a7..27521b3c3f 100644 --- a/internal/xds/bootstrap/testdata/render/otel-metrics.yaml +++ b/internal/xds/bootstrap/testdata/render/otel-metrics.yaml @@ -41,7 +41,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml b/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml index 854b8a2898..a50a221b48 100644 --- a/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml +++ b/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml @@ -34,7 +34,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/util_test.go b/internal/xds/bootstrap/util_test.go index bfa5d191c4..87b0967dd3 100644 --- a/internal/xds/bootstrap/util_test.go +++ b/internal/xds/bootstrap/util_test.go @@ -22,7 +22,7 @@ import ( var overrideTestData = flag.Bool("override-testdata", false, "if override the test output data.") func TestApplyBootstrapConfig(t *testing.T) { - str, _ := readTestData("enable-prometheus") + str, _ := readTestData("enable-prometheus", "render") cases := []struct { name string boostrapConfig *egv1a1.ProxyBootstrap diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go index 9a68c5f3c1..c4722c7e6d 100644 --- a/internal/xds/translator/listener.go +++ b/internal/xds/translator/listener.go @@ -35,6 +35,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" + "github.com/envoyproxy/gateway/internal/utils/net" "github.com/envoyproxy/gateway/internal/utils/protocov" xdsfilters "github.com/envoyproxy/gateway/internal/xds/filters" ) @@ -146,36 +147,6 @@ func originalIPDetectionExtensions(clientIPDetection *ir.ClientIPDetectionSettin return extensionConfig } -func setAddressByIPFamily(socketAddress *corev3.SocketAddress, ipFamily *ir.IPFamily, port uint32) []*listenerv3.AdditionalAddress { - if ipFamily == nil { - return nil - } - switch *ipFamily { - case ir.IPv4: - socketAddress.Address = "0.0.0.0" - case ir.IPv6: - socketAddress.Address = "::" - case ir.Dualstack: - socketAddress.Address = "0.0.0.0" - return []*listenerv3.AdditionalAddress{ - { - Address: &corev3.Address{ - Address: &corev3.Address_SocketAddress{ - SocketAddress: &corev3.SocketAddress{ - Protocol: socketAddress.Protocol, - Address: "::", - PortSpecifier: &corev3.SocketAddress_PortValue{ - PortValue: port, - }, - }, - }, - }, - }, - } - } - return nil -} - // buildXdsTCPListener creates a xds Listener resource // TODO: Improve function parameters func buildXdsTCPListener( @@ -210,11 +181,40 @@ func buildXdsTCPListener( }, } - socketAddress := listener.Address.GetSocketAddress() - listener.AdditionalAddresses = setAddressByIPFamily(socketAddress, ipFamily, port) + listener.AdditionalAddresses = additionalAddressByIPFamily(address, ipFamily, port) return listener, nil } +func additionalAddressByIPFamily(currentAddress string, ipFamily *ir.IPFamily, port uint32) []*listenerv3.AdditionalAddress { + if ipFamily == nil { + return nil + } + + if *ipFamily == ir.Dualstack { + additionalAddress := net.IPv6ListenerAddress + // If the current address is already IPv6, use the IPv4 equivalent + if currentAddress == net.IPv6ListenerAddress { + additionalAddress = net.IPv4ListenerAddress + } + return []*listenerv3.AdditionalAddress{ + { + Address: &corev3.Address{ + Address: &corev3.Address_SocketAddress{ + SocketAddress: &corev3.SocketAddress{ + Protocol: corev3.SocketAddress_TCP, + Address: additionalAddress, + PortSpecifier: &corev3.SocketAddress_PortValue{ + PortValue: port, + }, + }, + }, + }, + }, + } + } + return nil +} + func buildPerConnectionBufferLimitBytes(connection *ir.ClientConnection) *wrapperspb.UInt32Value { if connection != nil && connection.BufferLimitBytes != nil { return wrapperspb.UInt32(*connection.BufferLimitBytes) diff --git a/test/helm/gateway-helm/certjen-custom-scheduling.out.yaml b/test/helm/gateway-helm/certjen-custom-scheduling.out.yaml index 37d0212f71..73dd311445 100644 --- a/test/helm/gateway-helm/certjen-custom-scheduling.out.yaml +++ b/test/helm/gateway-helm/certjen-custom-scheduling.out.yaml @@ -389,6 +389,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/control-plane-with-pdb.out.yaml b/test/helm/gateway-helm/control-plane-with-pdb.out.yaml index 69f08e1dbb..1af6260f38 100644 --- a/test/helm/gateway-helm/control-plane-with-pdb.out.yaml +++ b/test/helm/gateway-helm/control-plane-with-pdb.out.yaml @@ -404,6 +404,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/default-config.out.yaml b/test/helm/gateway-helm/default-config.out.yaml index 6e1b1846ba..043cc87aca 100644 --- a/test/helm/gateway-helm/default-config.out.yaml +++ b/test/helm/gateway-helm/default-config.out.yaml @@ -389,6 +389,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/deployment-custom-topology.out.yaml b/test/helm/gateway-helm/deployment-custom-topology.out.yaml index 0bc5809337..3777ad9af2 100644 --- a/test/helm/gateway-helm/deployment-custom-topology.out.yaml +++ b/test/helm/gateway-helm/deployment-custom-topology.out.yaml @@ -417,6 +417,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/deployment-images-config.out.yaml b/test/helm/gateway-helm/deployment-images-config.out.yaml index f99a89039d..5acd24f187 100644 --- a/test/helm/gateway-helm/deployment-images-config.out.yaml +++ b/test/helm/gateway-helm/deployment-images-config.out.yaml @@ -389,6 +389,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/deployment-priorityclass.out.yaml b/test/helm/gateway-helm/deployment-priorityclass.out.yaml index 3757e360d9..23b6995e1e 100644 --- a/test/helm/gateway-helm/deployment-priorityclass.out.yaml +++ b/test/helm/gateway-helm/deployment-priorityclass.out.yaml @@ -389,6 +389,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/deployment-securitycontext.out.yaml b/test/helm/gateway-helm/deployment-securitycontext.out.yaml index e98bd1e973..ac464ddf7a 100644 --- a/test/helm/gateway-helm/deployment-securitycontext.out.yaml +++ b/test/helm/gateway-helm/deployment-securitycontext.out.yaml @@ -389,6 +389,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/envoy-gateway-config.out.yaml b/test/helm/gateway-helm/envoy-gateway-config.out.yaml index fb1e51f220..8458f97638 100644 --- a/test/helm/gateway-helm/envoy-gateway-config.out.yaml +++ b/test/helm/gateway-helm/envoy-gateway-config.out.yaml @@ -391,6 +391,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/global-images-config.out.yaml b/test/helm/gateway-helm/global-images-config.out.yaml index ebcda594b1..4ce4648475 100644 --- a/test/helm/gateway-helm/global-images-config.out.yaml +++ b/test/helm/gateway-helm/global-images-config.out.yaml @@ -393,6 +393,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/service-annotations.out.yaml b/test/helm/gateway-helm/service-annotations.out.yaml index 9d37bdffcd..72cc8f6afe 100644 --- a/test/helm/gateway-helm/service-annotations.out.yaml +++ b/test/helm/gateway-helm/service-annotations.out.yaml @@ -391,6 +391,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: From 1c4d283bb18a4788cdc2926e1d174efb90305a16 Mon Sep 17 00:00:00 2001 From: zirain Date: Wed, 6 Nov 2024 08:16:36 +0800 Subject: [PATCH 2/2] update api Signed-off-by: zirain --- api/v1alpha1/envoyproxy_types.go | 7 ++++--- .../crds/generated/gateway.envoyproxy.io_envoyproxies.yaml | 6 +++--- site/content/en/latest/api/extension_types.md | 2 +- site/content/zh/latest/api/extension_types.md | 2 +- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/api/v1alpha1/envoyproxy_types.go b/api/v1alpha1/envoyproxy_types.go index cbf2c9226d..2dfa28afc9 100644 --- a/api/v1alpha1/envoyproxy_types.go +++ b/api/v1alpha1/envoyproxy_types.go @@ -140,10 +140,11 @@ type EnvoyProxySpec struct { // IPFamily specifies the IP family for the EnvoyProxy fleet. // This setting only affects the Gateway listener port and does not impact // other aspects of the Envoy proxy configuration. + // // If not specified, the system will operate as follows: - // - It defaults to IPv4 only. - // - IPv6 and dual-stack environments are not supported in this default configuration. - // Note: To enable IPv6 or dual-stack functionality, explicit configuration is required. + // - Default to the IP family of the pod IP of the Envoy Gateway Controller. + // - To enable DualStack functionality, explicit configuration is required. + // // +kubebuilder:validation:Enum=IPv4;IPv6;DualStack // +optional IPFamily *IPFamily `json:"ipFamily,omitempty"` diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml index 4277092874..ed2b3e476e 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml @@ -387,10 +387,10 @@ spec: IPFamily specifies the IP family for the EnvoyProxy fleet. This setting only affects the Gateway listener port and does not impact other aspects of the Envoy proxy configuration. + If not specified, the system will operate as follows: - - It defaults to IPv4 only. - - IPv6 and dual-stack environments are not supported in this default configuration. - Note: To enable IPv6 or dual-stack functionality, explicit configuration is required. + - Default to the IP family of the pod IP of the Envoy Gateway Controller. + - To enable DualStack functionality, explicit configuration is required. enum: - IPv4 - IPv6 diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 23f69fd832..e8823d3d71 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -1391,7 +1391,7 @@ _Appears in:_ | `shutdown` | _[ShutdownConfig](#shutdownconfig)_ | false | Shutdown defines configuration for graceful envoy shutdown process. | | `filterOrder` | _[FilterPosition](#filterposition) array_ | false | FilterOrder defines the order of filters in the Envoy proxy's HTTP filter chain.
The FilterPosition in the list will be applied in the order they are defined.
If unspecified, the default filter order is applied.
Default filter order is:

- envoy.filters.http.health_check

- envoy.filters.http.fault

- envoy.filters.http.cors

- envoy.filters.http.ext_authz

- envoy.filters.http.basic_auth

- envoy.filters.http.oauth2

- envoy.filters.http.jwt_authn

- envoy.filters.http.stateful_session

- envoy.filters.http.ext_proc

- envoy.filters.http.wasm

- envoy.filters.http.rbac

- envoy.filters.http.local_ratelimit

- envoy.filters.http.ratelimit

- envoy.filters.http.custom_response

- envoy.filters.http.router

Note: "envoy.filters.http.router" cannot be reordered, it's always the last filter in the chain. | | `backendTLS` | _[BackendTLSConfig](#backendtlsconfig)_ | false | BackendTLS is the TLS configuration for the Envoy proxy to use when connecting to backends.
These settings are applied on backends for which TLS policies are specified. | -| `ipFamily` | _[IPFamily](#ipfamily)_ | false | IPFamily specifies the IP family for the EnvoyProxy fleet.
This setting only affects the Gateway listener port and does not impact
other aspects of the Envoy proxy configuration.
If not specified, the system will operate as follows:
- It defaults to IPv4 only.
- IPv6 and dual-stack environments are not supported in this default configuration.
Note: To enable IPv6 or dual-stack functionality, explicit configuration is required. | +| `ipFamily` | _[IPFamily](#ipfamily)_ | false | IPFamily specifies the IP family for the EnvoyProxy fleet.
This setting only affects the Gateway listener port and does not impact
other aspects of the Envoy proxy configuration.

If not specified, the system will operate as follows:
- Default to the IP family of the pod IP of the Envoy Gateway Controller.
- To enable DualStack functionality, explicit configuration is required. | #### EnvoyProxyStatus diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md index 23f69fd832..e8823d3d71 100644 --- a/site/content/zh/latest/api/extension_types.md +++ b/site/content/zh/latest/api/extension_types.md @@ -1391,7 +1391,7 @@ _Appears in:_ | `shutdown` | _[ShutdownConfig](#shutdownconfig)_ | false | Shutdown defines configuration for graceful envoy shutdown process. | | `filterOrder` | _[FilterPosition](#filterposition) array_ | false | FilterOrder defines the order of filters in the Envoy proxy's HTTP filter chain.
The FilterPosition in the list will be applied in the order they are defined.
If unspecified, the default filter order is applied.
Default filter order is:

- envoy.filters.http.health_check

- envoy.filters.http.fault

- envoy.filters.http.cors

- envoy.filters.http.ext_authz

- envoy.filters.http.basic_auth

- envoy.filters.http.oauth2

- envoy.filters.http.jwt_authn

- envoy.filters.http.stateful_session

- envoy.filters.http.ext_proc

- envoy.filters.http.wasm

- envoy.filters.http.rbac

- envoy.filters.http.local_ratelimit

- envoy.filters.http.ratelimit

- envoy.filters.http.custom_response

- envoy.filters.http.router

Note: "envoy.filters.http.router" cannot be reordered, it's always the last filter in the chain. | | `backendTLS` | _[BackendTLSConfig](#backendtlsconfig)_ | false | BackendTLS is the TLS configuration for the Envoy proxy to use when connecting to backends.
These settings are applied on backends for which TLS policies are specified. | -| `ipFamily` | _[IPFamily](#ipfamily)_ | false | IPFamily specifies the IP family for the EnvoyProxy fleet.
This setting only affects the Gateway listener port and does not impact
other aspects of the Envoy proxy configuration.
If not specified, the system will operate as follows:
- It defaults to IPv4 only.
- IPv6 and dual-stack environments are not supported in this default configuration.
Note: To enable IPv6 or dual-stack functionality, explicit configuration is required. | +| `ipFamily` | _[IPFamily](#ipfamily)_ | false | IPFamily specifies the IP family for the EnvoyProxy fleet.
This setting only affects the Gateway listener port and does not impact
other aspects of the Envoy proxy configuration.

If not specified, the system will operate as follows:
- Default to the IP family of the pod IP of the Envoy Gateway Controller.
- To enable DualStack functionality, explicit configuration is required. | #### EnvoyProxyStatus