envoyproxy · zirain · Oct 30, 2024 · Nov 6, 2024
@@ -140,10 +140,11 @@ type EnvoyProxySpec struct {
 	// IPFamily specifies the IP family for the EnvoyProxy fleet.
 	// This setting only affects the Gateway listener port and does not impact
 	// other aspects of the Envoy proxy configuration.
+	//
 	// If not specified, the system will operate as follows:
-	// - It defaults to IPv4 only.
-	// - IPv6 and dual-stack environments are not supported in this default configuration.
-	// Note: To enable IPv6 or dual-stack functionality, explicit configuration is required.
+	// - Default to the IP family of the pod IP of the Envoy Gateway Controller.
+	// - To enable DualStack functionality, explicit configuration is required.
+	//
 	// +kubebuilder:validation:Enum=IPv4;IPv6;DualStack
 	// +optional
 	IPFamily *IPFamily `json:"ipFamily,omitempty"`

@@ -387,10 +387,10 @@ spec:
                   IPFamily specifies the IP family for the EnvoyProxy fleet.
                   This setting only affects the Gateway listener port and does not impact
                   other aspects of the Envoy proxy configuration.
+
                   If not specified, the system will operate as follows:
-                  - It defaults to IPv4 only.
-                  - IPv6 and dual-stack environments are not supported in this default configuration.
-                  Note: To enable IPv6 or dual-stack functionality, explicit configuration is required.
+                  - Default to the IP family of the pod IP of the Envoy Gateway Controller.
+                  - To enable DualStack functionality, explicit configuration is required.
                 enum:
                 - IPv4
                 - IPv6

@@ -46,6 +46,10 @@ spec:
         - server
         - --config-path=/config/envoy-gateway.yaml
         env:
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
         - name: ENVOY_GATEWAY_NAMESPACE
           valueFrom:
             fieldRef:

@@ -43,7 +43,7 @@ envoyProxyForGatewayClass:
           - name: envoy-gateway-proxy-ready-0.0.0.0-19001
             address:
               socket_address:
-                address: 0.0.0.0
+                address: '0.0.0.0'
                 port_value: 19001
                 protocol: TCP
             filter_chains:

@@ -171,7 +171,7 @@ func Shutdown(drainTimeout time.Duration, minDrainDuration time.Duration, exitAt
 // postEnvoyAdminAPI sends a POST request to the Envoy admin API
 func postEnvoyAdminAPI(path string) error {
 	if resp, err := http.Post(fmt.Sprintf("http://%s:%d/%s",
-		bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil {
+		"localhost", bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil {
 		return err
 	} else {
 		defer resp.Body.Close()
@@ -187,7 +187,7 @@ func postEnvoyAdminAPI(path string) error {
 func getTotalConnections() (*int, error) {
 	// Send request to Envoy admin API to retrieve server.total_connections stat
 	if resp, err := http.Get(fmt.Sprintf("http://%s:%d//stats?filter=^server\\.total_connections$&format=json",
-		bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort)); err != nil {
+		"localhost", bootstrap.EnvoyAdminPort)); err != nil {
 		return nil, err
 	} else {
 		defer resp.Body.Close()

@@ -12,6 +12,7 @@ import (
 	"github.com/envoyproxy/gateway/api/v1alpha1/validation"
 	"github.com/envoyproxy/gateway/internal/logging"
 	"github.com/envoyproxy/gateway/internal/utils/env"
+	"github.com/envoyproxy/gateway/internal/utils/net"
 )
 
 const (
@@ -38,6 +39,8 @@ type Server struct {
 	Logger logging.Logger
 	// Elected chan is used to signal what a leader is elected
 	Elected chan struct{}
+	// IPv6First is a flag to indicate if the server should prefer IPv6 addresses.
+	IPv6First bool
 }
 
 // New returns a Server with default parameters.
@@ -46,6 +49,7 @@ func New() (*Server, error) {
 		EnvoyGateway: egv1a1.DefaultEnvoyGateway(),
 		Namespace:    env.Lookup("ENVOY_GATEWAY_NAMESPACE", DefaultNamespace),
 		DNSDomain:    env.Lookup("KUBERNETES_CLUSTER_DOMAIN", DefaultDNSDomain),
+		IPv6First:    net.IsIPv6FirstPod(),
 		// the default logger
 		Logger:  logging.DefaultLogger(egv1a1.LogLevelInfo),
 		Elected: make(chan struct{}),

@@ -22,6 +22,7 @@ import (
 	"github.com/envoyproxy/gateway/internal/ir"
 	"github.com/envoyproxy/gateway/internal/utils"
 	"github.com/envoyproxy/gateway/internal/utils/naming"
+	"github.com/envoyproxy/gateway/internal/utils/net"
 )
 
 var _ ListenersTranslator = (*Translator)(nil)
@@ -99,6 +100,12 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource
 			if !isReady {
 				continue
 			}
+
+			address := net.IPv4ListenerAddress
+			if net.PreferIPFamily(t.IPv6First, gateway.envoyProxy) == egv1a1.IPv6 {
+				address = net.IPv6ListenerAddress
+			}
+
 			// Add the listener to the Xds IR
 			servicePort := &protocolPort{protocol: listener.Protocol, port: int32(listener.Port)}
 			containerPort := servicePortToContainerPort(int32(listener.Port), gateway.envoyProxy)
@@ -107,7 +114,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource
 				irListener := &ir.HTTPListener{
 					CoreListenerDetails: ir.CoreListenerDetails{
 						Name:     irListenerName(listener),
-						Address:  "0.0.0.0",
+						Address:  address,
 						Port:     uint32(containerPort),
 						Metadata: buildListenerMetadata(listener, gateway),
 						IPFamily: getIPFamily(gateway.envoyProxy),
@@ -134,7 +141,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource
 				irListener := &ir.TCPListener{
 					CoreListenerDetails: ir.CoreListenerDetails{
 						Name:     irListenerName(listener),
-						Address:  "0.0.0.0",
+						Address:  address,
 						Port:     uint32(containerPort),
 						IPFamily: getIPFamily(gateway.envoyProxy),
 					},
@@ -150,7 +157,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource
 				irListener := &ir.UDPListener{
 					CoreListenerDetails: ir.CoreListenerDetails{
 						Name:    irListenerName(listener),
-						Address: "0.0.0.0",
+						Address: address,
 						Port:    uint32(containerPort),
 					},
 				}

@@ -152,6 +152,7 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) {
 					Namespace:               r.Namespace,
 					MergeGateways:           gatewayapi.IsMergeGatewaysEnabled(resources),
 					WasmCache:               r.wasmCache,
+					IPv6First:               r.IPv6First,
 				}
 
 				// If an extension is loaded, pass its supported groups/kinds to the translator

@@ -91,6 +91,9 @@ type Translator struct {
 
 	// WasmCache is the cache for Wasm modules.
 	WasmCache wasm.Cache
+
+	// IPv6First is true when IPv6 addresses should be preferred
+	IPv6First bool
 }
 
 type TranslateResult struct {

@@ -17,6 +17,7 @@ import (
 	"github.com/envoyproxy/gateway/internal/infrastructure/common"
 	"github.com/envoyproxy/gateway/internal/ir"
 	"github.com/envoyproxy/gateway/internal/utils"
+	"github.com/envoyproxy/gateway/internal/utils/net"
 	"github.com/envoyproxy/gateway/internal/xds/bootstrap"
 )
 
@@ -59,6 +60,7 @@ func (i *Infra) CreateOrUpdateProxyInfra(ctx context.Context, infra *ir.Infra) e
 		WasmServerPort:  ptr.To(int32(0)),
 		AdminServerPort: ptr.To(int32(0)),
 		ReadyServerPort: ptr.To(int32(0)),
+		IPFamily:        net.PreferIPFamily(false, proxyConfig),
 	}
 
 	args, err := common.BuildProxyArgs(proxyInfra, proxyConfig.Spec.Shutdown, bootstrapConfigOptions, proxyName)

@@ -58,6 +58,8 @@ type Infra struct {
 
 	// Client wrap k8s client.
 	Client *InfraClient
+
+	IPv6First bool
 }
 
 // NewInfra returns a new Infra.
@@ -67,6 +69,7 @@ func NewInfra(cli client.Client, cfg *config.Server) *Infra {
 		DNSDomain:    cfg.DNSDomain,
 		EnvoyGateway: cfg.EnvoyGateway,
 		Client:       New(cli),
+		IPv6First:    cfg.IPv6First,
 	}
 }
 

@@ -20,6 +20,7 @@ import (
 	"github.com/envoyproxy/gateway/internal/infrastructure/kubernetes/resource"
 	"github.com/envoyproxy/gateway/internal/ir"
 	"github.com/envoyproxy/gateway/internal/utils"
+	"github.com/envoyproxy/gateway/internal/utils/net"
 	"github.com/envoyproxy/gateway/internal/xds/bootstrap"
 )
 
@@ -83,8 +84,8 @@ func expectedProxyContainers(infra *ir.ProxyInfra,
 	containerSpec *egv1a1.KubernetesContainerSpec,
 	shutdownConfig *egv1a1.ShutdownConfig,
 	shutdownManager *egv1a1.ShutdownManager,
-	namespace string,
-	dnsDomain string,
+	namespace string, dnsDomain string,
+	ipv6First bool,
 ) ([]corev1.Container, error) {
 	// Define slice to hold container ports
 	var ports []corev1.ContainerPort
@@ -135,6 +136,7 @@ func expectedProxyContainers(infra *ir.ProxyInfra,
 		},
 		MaxHeapSizeBytes: maxHeapSizeBytes,
 		XdsServerHost:    ptr.To(fmt.Sprintf("%s.%s.svc.%s", config.EnvoyGatewayServiceName, namespace, dnsDomain)),
+		IPFamily:         net.PreferIPFamily(ipv6First, infra.Config),
 	}
 
 	args, err := common.BuildProxyArgs(infra, shutdownConfig, bootstrapConfigOptions, fmt.Sprintf("$(%s)", envoyPodEnvVar))

@@ -49,14 +49,17 @@ type ResourceRender struct {
 	DNSDomain string
 
 	ShutdownManager *egv1a1.ShutdownManager
+
+	IPv6First bool
 }
 
-func NewResourceRender(ns string, dnsDomain string, infra *ir.ProxyInfra, gateway *egv1a1.EnvoyGateway) *ResourceRender {
+func NewResourceRender(ipv6First bool, ns string, dnsDomain string, infra *ir.ProxyInfra, gateway *egv1a1.EnvoyGateway) *ResourceRender {
 	return &ResourceRender{
 		Namespace:       ns,
 		DNSDomain:       dnsDomain,
 		infra:           infra,
 		ShutdownManager: gateway.GetEnvoyGatewayProvider().GetEnvoyGatewayKubeProvider().ShutdownManager,
+		IPv6First:       ipv6First,
 	}
 }
 
@@ -262,7 +265,8 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) {
 
 	proxyConfig := r.infra.GetProxyConfig()
 	// Get expected bootstrap configurations rendered ProxyContainers
-	containers, err := expectedProxyContainers(r.infra, deploymentConfig.Container, proxyConfig.Spec.Shutdown, r.ShutdownManager, r.Namespace, r.DNSDomain)
+	containers, err := expectedProxyContainers(r.infra, deploymentConfig.Container, proxyConfig.Spec.Shutdown,
+		r.ShutdownManager, r.Namespace, r.DNSDomain, r.IPv6First)
 	if err != nil {
 		return nil, err
 	}
@@ -364,7 +368,8 @@ func (r *ResourceRender) DaemonSet() (*appsv1.DaemonSet, error) {
 	proxyConfig := r.infra.GetProxyConfig()
 
 	// Get expected bootstrap configurations rendered ProxyContainers
-	containers, err := expectedProxyContainers(r.infra, daemonSetConfig.Container, proxyConfig.Spec.Shutdown, r.ShutdownManager, r.Namespace, r.DNSDomain)
+	containers, err := expectedProxyContainers(r.infra, daemonSetConfig.Container, proxyConfig.Spec.Shutdown,
+		r.ShutdownManager, r.Namespace, r.DNSDomain, r.IPv6First)
 	if err != nil {
 		return nil, err
 	}

@@ -564,7 +564,7 @@ func TestDeployment(t *testing.T) {
 				tc.infra.Proxy.Config.Spec.ExtraArgs = tc.extraArgs
 			}
 
-			r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
+			r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
 			dp, err := r.Deployment()
 			require.NoError(t, err)
 
@@ -993,7 +993,7 @@ func TestDaemonSet(t *testing.T) {
 				tc.infra.Proxy.Config.Spec.ExtraArgs = tc.extraArgs
 			}
 
-			r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
+			r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
 			ds, err := r.DaemonSet()
 			require.NoError(t, err)
 
@@ -1143,7 +1143,7 @@ func TestService(t *testing.T) {
 				provider.EnvoyService = tc.service
 			}
 
-			r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
+			r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
 			svc, err := r.Service()
 			require.NoError(t, err)
 
@@ -1186,7 +1186,7 @@ func TestConfigMap(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
-			r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
+			r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
 			cm, err := r.ConfigMap()
 			require.NoError(t, err)
 
@@ -1229,7 +1229,7 @@ func TestServiceAccount(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
-			r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
+			r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
 			sa, err := r.ServiceAccount()
 			require.NoError(t, err)
 
@@ -1285,7 +1285,7 @@ func TestPDB(t *testing.T) {
 
 			provider.GetEnvoyProxyKubeProvider()
 
-			r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
+			r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
 
 			pdb, err := r.PodDisruptionBudget()
 			require.NoError(t, err)
@@ -1371,7 +1371,7 @@ func TestHorizontalPodAutoscaler(t *testing.T) {
 			}
 			provider.GetEnvoyProxyKubeProvider()
 
-			r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
+			r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway)
 			hpa, err := r.HorizontalPodAutoscaler()
 			require.NoError(t, err)
 

@@ -75,7 +75,7 @@ spec:
             - name: envoy-gateway-proxy-ready-0.0.0.0-19001
               address:
                 socket_address:
-                  address: 0.0.0.0
+                  address: '0.0.0.0'
                   port_value: 19001
                   protocol: TCP
               filter_chains:

@@ -74,7 +74,7 @@ spec:
             - name: envoy-gateway-proxy-ready-0.0.0.0-19001
               address:
                 socket_address:
-                  address: 0.0.0.0
+                  address: '0.0.0.0'
                   port_value: 19001
                   protocol: TCP
               filter_chains:

@@ -74,7 +74,7 @@ spec:
             - name: envoy-gateway-proxy-ready-0.0.0.0-19001
               address:
                 socket_address:
-                  address: 0.0.0.0
+                  address: '0.0.0.0'
                   port_value: 19001
                   protocol: TCP
               filter_chains:

@@ -70,7 +70,7 @@ spec:
             - name: envoy-gateway-proxy-ready-0.0.0.0-19001
               address:
                 socket_address:
-                  address: 0.0.0.0
+                  address: '0.0.0.0'
                   port_value: 19001
                   protocol: TCP
               filter_chains:

@@ -74,7 +74,7 @@ spec:
             - name: envoy-gateway-proxy-ready-0.0.0.0-19001
               address:
                 socket_address:
-                  address: 0.0.0.0
+                  address: '0.0.0.0'
                   port_value: 19001
                   protocol: TCP
               filter_chains:

@@ -83,7 +83,7 @@ spec:
             - name: envoy-gateway-proxy-ready-0.0.0.0-19001
               address:
                 socket_address:
-                  address: 0.0.0.0
+                  address: '0.0.0.0'
                   port_value: 19001
                   protocol: TCP
               filter_chains:

@@ -74,7 +74,7 @@ spec:
             - name: envoy-gateway-proxy-ready-0.0.0.0-19001
               address:
                 socket_address:
-                  address: 0.0.0.0
+                  address: '0.0.0.0'
                   port_value: 19001
                   protocol: TCP
               filter_chains:

@@ -74,7 +74,7 @@ spec:
             - name: envoy-gateway-proxy-ready-0.0.0.0-19001
               address:
                 socket_address:
-                  address: 0.0.0.0
+                  address: '0.0.0.0'
                   port_value: 19001
                   protocol: TCP
               filter_chains: