From 30d1b0068989fcb9b319dd2aad82b168f77903f6 Mon Sep 17 00:00:00 2001 From: zirain Date: Wed, 30 Oct 2024 15:32:22 +0800 Subject: [PATCH] fix: listener on IPv6 first cluster Signed-off-by: zirain --- .../templates/envoy-gateway-deployment.yaml | 4 + .../translate/out/default-resources.all.yaml | 2 +- internal/cmd/envoy/shutdown_manager.go | 5 +- internal/envoygateway/config/config.go | 4 + internal/gatewayapi/listener.go | 18 +- internal/gatewayapi/runner/runner.go | 1 + internal/gatewayapi/translator.go | 3 + internal/infrastructure/host/proxy_infra.go | 2 + internal/infrastructure/kubernetes/infra.go | 3 + .../kubernetes/proxy/resource.go | 6 +- .../kubernetes/proxy/resource_provider.go | 11 +- .../proxy/resource_provider_test.go | 14 +- .../proxy/testdata/daemonsets/custom.yaml | 2 +- .../testdata/daemonsets/default-env.yaml | 2 +- .../proxy/testdata/daemonsets/default.yaml | 2 +- .../daemonsets/disable-prometheus.yaml | 2 +- .../testdata/daemonsets/extension-env.yaml | 2 +- .../override-labels-and-annotations.yaml | 2 +- .../testdata/daemonsets/patch-daemonset.yaml | 2 +- .../testdata/daemonsets/shutdown-manager.yaml | 2 +- .../proxy/testdata/daemonsets/volumes.yaml | 2 +- .../testdata/daemonsets/with-annotations.yaml | 2 +- .../testdata/daemonsets/with-extra-args.yaml | 2 +- .../daemonsets/with-image-pull-secrets.yaml | 2 +- .../proxy/testdata/daemonsets/with-name.yaml | 2 +- .../daemonsets/with-node-selector.yaml | 2 +- .../with-topology-spread-constraints.yaml | 2 +- .../proxy/testdata/deployments/custom.yaml | 2 +- .../custom_with_initcontainers.yaml | 2 +- .../testdata/deployments/default-env.yaml | 2 +- .../proxy/testdata/deployments/default.yaml | 2 +- .../deployments/disable-prometheus.yaml | 2 +- .../testdata/deployments/extension-env.yaml | 2 +- .../override-labels-and-annotations.yaml | 2 +- .../deployments/patch-deployment.yaml | 2 +- .../deployments/shutdown-manager.yaml | 2 +- .../proxy/testdata/deployments/volumes.yaml | 2 +- .../deployments/with-annotations.yaml | 2 +- .../deployments/with-empty-memory-limits.yaml | 2 +- .../testdata/deployments/with-extra-args.yaml | 2 +- .../deployments/with-image-pull-secrets.yaml | 2 +- .../proxy/testdata/deployments/with-name.yaml | 2 +- .../deployments/with-node-selector.yaml | 2 +- .../with-topology-spread-constraints.yaml | 2 +- .../kubernetes/proxy_configmap_test.go | 4 +- .../kubernetes/proxy_daemonset_test.go | 4 +- .../kubernetes/proxy_deployment_test.go | 6 +- .../infrastructure/kubernetes/proxy_infra.go | 4 +- .../kubernetes/proxy_service_test.go | 2 +- .../kubernetes/proxy_serviceaccount_test.go | 4 +- internal/utils/net/ip.go | 45 +++++ internal/utils/net/ip_test.go | 86 ++++++++ internal/xds/bootstrap/bootstrap.go | 38 +++- internal/xds/bootstrap/bootstrap.yaml.tpl | 2 +- internal/xds/bootstrap/bootstrap_test.go | 43 ++-- .../testdata/ipv6/custom-server-port.yaml | 168 ++++++++++++++++ .../testdata/ipv6/custom-stats-matcher.yaml | 179 +++++++++++++++++ .../testdata/ipv6/disable-prometheus.yaml | 146 ++++++++++++++ .../enable-prometheus-gzip-compression.yaml | 175 +++++++++++++++++ .../testdata/ipv6/enable-prometheus.yaml | 168 ++++++++++++++++ .../ipv6/otel-metrics-backendref.yaml | 171 ++++++++++++++++ .../bootstrap/testdata/ipv6/otel-metrics.yaml | 171 ++++++++++++++++ .../ipv6/with-max-heap-size-bytes.yaml | 183 ++++++++++++++++++ .../testdata/render/custom-server-port.yaml | 2 +- .../testdata/render/custom-stats-matcher.yaml | 2 +- .../testdata/render/disable-prometheus.yaml | 2 +- .../enable-prometheus-gzip-compression.yaml | 2 +- .../testdata/render/enable-prometheus.yaml | 2 +- .../render/otel-metrics-backendref.yaml | 2 +- .../testdata/render/otel-metrics.yaml | 2 +- .../render/with-max-heap-size-bytes.yaml | 2 +- internal/xds/bootstrap/util_test.go | 2 +- internal/xds/translator/listener.go | 63 +++--- .../tcp-listener-ipfamily.listeners.yaml | 2 +- .../certjen-custom-scheduling.out.yaml | 4 + .../control-plane-with-pdb.out.yaml | 4 + .../helm/gateway-helm/default-config.out.yaml | 4 + .../deployment-custom-topology.out.yaml | 4 + .../deployment-images-config.out.yaml | 4 + .../deployment-priorityclass.out.yaml | 4 + .../deployment-securitycontext.out.yaml | 4 + .../envoy-gateway-config.out.yaml | 4 + .../global-images-config.out.yaml | 4 + .../gateway-helm/service-annotations.out.yaml | 4 + 84 files changed, 1733 insertions(+), 126 deletions(-) create mode 100644 internal/utils/net/ip.go create mode 100644 internal/utils/net/ip_test.go create mode 100644 internal/xds/bootstrap/testdata/ipv6/custom-server-port.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/custom-stats-matcher.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/disable-prometheus.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/enable-prometheus-gzip-compression.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/enable-prometheus.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/otel-metrics-backendref.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/otel-metrics.yaml create mode 100644 internal/xds/bootstrap/testdata/ipv6/with-max-heap-size-bytes.yaml diff --git a/charts/gateway-helm/templates/envoy-gateway-deployment.yaml b/charts/gateway-helm/templates/envoy-gateway-deployment.yaml index 7746dd2e4ac..638497a07c5 100644 --- a/charts/gateway-helm/templates/envoy-gateway-deployment.yaml +++ b/charts/gateway-helm/templates/envoy-gateway-deployment.yaml @@ -46,6 +46,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index b965d6d9818..c33708e47a4 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -43,7 +43,7 @@ envoyProxyForGatewayClass: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/cmd/envoy/shutdown_manager.go b/internal/cmd/envoy/shutdown_manager.go index 48f624bb67a..64fb15a7259 100644 --- a/internal/cmd/envoy/shutdown_manager.go +++ b/internal/cmd/envoy/shutdown_manager.go @@ -170,8 +170,9 @@ func Shutdown(drainTimeout time.Duration, minDrainDuration time.Duration, exitAt // postEnvoyAdminAPI sends a POST request to the Envoy admin API func postEnvoyAdminAPI(path string) error { + // TODO: change bootstrap.AdminAddress() to localhost because there're in the same pod? if resp, err := http.Post(fmt.Sprintf("http://%s:%d/%s", - bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil { + bootstrap.AdminAddress(egv1a1.IPv4), bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil { return err } else { defer resp.Body.Close() @@ -187,7 +188,7 @@ func postEnvoyAdminAPI(path string) error { func getTotalConnections() (*int, error) { // Send request to Envoy admin API to retrieve server.total_connections stat if resp, err := http.Get(fmt.Sprintf("http://%s:%d//stats?filter=^server\\.total_connections$&format=json", - bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort)); err != nil { + bootstrap.AdminAddress(egv1a1.IPv4), bootstrap.EnvoyAdminPort)); err != nil { return nil, err } else { defer resp.Body.Close() diff --git a/internal/envoygateway/config/config.go b/internal/envoygateway/config/config.go index c842c184e4c..d4b16cd019b 100644 --- a/internal/envoygateway/config/config.go +++ b/internal/envoygateway/config/config.go @@ -12,6 +12,7 @@ import ( "github.com/envoyproxy/gateway/api/v1alpha1/validation" "github.com/envoyproxy/gateway/internal/logging" "github.com/envoyproxy/gateway/internal/utils/env" + "github.com/envoyproxy/gateway/internal/utils/net" ) const ( @@ -38,6 +39,8 @@ type Server struct { Logger logging.Logger // Elected chan is used to signal what a leader is elected Elected chan struct{} + // IPv6First is a flag to indicate if the server should prefer IPv6 addresses. + IPv6First bool } // New returns a Server with default parameters. @@ -46,6 +49,7 @@ func New() (*Server, error) { EnvoyGateway: egv1a1.DefaultEnvoyGateway(), Namespace: env.Lookup("ENVOY_GATEWAY_NAMESPACE", DefaultNamespace), DNSDomain: env.Lookup("KUBERNETES_CLUSTER_DOMAIN", DefaultDNSDomain), + IPv6First: net.IsIPv6FirstPod(), // the default logger Logger: logging.DefaultLogger(egv1a1.LogLevelInfo), Elected: make(chan struct{}), diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index 30e75ad6197..90d817668f7 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -22,6 +22,12 @@ import ( "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/utils" "github.com/envoyproxy/gateway/internal/utils/naming" + "github.com/envoyproxy/gateway/internal/utils/net" +) + +const ( + ipv4ListenerAddress = "0.0.0.0" + ipv6ListenerAddress = "::1" ) var _ ListenersTranslator = (*Translator)(nil) @@ -99,6 +105,12 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource if !isReady { continue } + + address := ipv4ListenerAddress + if net.PreferIPFamily(t.IPv6First, gateway.envoyProxy) == egv1a1.IPv6 { + address = ipv6ListenerAddress + } + // Add the listener to the Xds IR servicePort := &protocolPort{protocol: listener.Protocol, port: int32(listener.Port)} containerPort := servicePortToContainerPort(int32(listener.Port), gateway.envoyProxy) @@ -107,7 +119,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource irListener := &ir.HTTPListener{ CoreListenerDetails: ir.CoreListenerDetails{ Name: irListenerName(listener), - Address: "0.0.0.0", + Address: address, Port: uint32(containerPort), Metadata: buildListenerMetadata(listener, gateway), IPFamily: getIPFamily(gateway.envoyProxy), @@ -134,7 +146,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource irListener := &ir.TCPListener{ CoreListenerDetails: ir.CoreListenerDetails{ Name: irListenerName(listener), - Address: "0.0.0.0", + Address: address, Port: uint32(containerPort), IPFamily: getIPFamily(gateway.envoyProxy), }, @@ -150,7 +162,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource irListener := &ir.UDPListener{ CoreListenerDetails: ir.CoreListenerDetails{ Name: irListenerName(listener), - Address: "0.0.0.0", + Address: address, Port: uint32(containerPort), }, } diff --git a/internal/gatewayapi/runner/runner.go b/internal/gatewayapi/runner/runner.go index 62975892918..d8f4940ef4f 100644 --- a/internal/gatewayapi/runner/runner.go +++ b/internal/gatewayapi/runner/runner.go @@ -152,6 +152,7 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) { Namespace: r.Namespace, MergeGateways: gatewayapi.IsMergeGatewaysEnabled(resources), WasmCache: r.wasmCache, + IPv6First: r.IPv6First, } // If an extension is loaded, pass its supported groups/kinds to the translator diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index 23e651b6c69..8769e51a200 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -91,6 +91,9 @@ type Translator struct { // WasmCache is the cache for Wasm modules. WasmCache wasm.Cache + + // IPv6First is true when IPv6 addresses should be preferred + IPv6First bool } type TranslateResult struct { diff --git a/internal/infrastructure/host/proxy_infra.go b/internal/infrastructure/host/proxy_infra.go index 371aedc2be9..72e11388ea3 100644 --- a/internal/infrastructure/host/proxy_infra.go +++ b/internal/infrastructure/host/proxy_infra.go @@ -17,6 +17,7 @@ import ( "github.com/envoyproxy/gateway/internal/infrastructure/common" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/utils" + "github.com/envoyproxy/gateway/internal/utils/net" "github.com/envoyproxy/gateway/internal/xds/bootstrap" ) @@ -59,6 +60,7 @@ func (i *Infra) CreateOrUpdateProxyInfra(ctx context.Context, infra *ir.Infra) e WasmServerPort: ptr.To(int32(0)), AdminServerPort: ptr.To(int32(0)), ReadyServerPort: ptr.To(int32(0)), + IPFamily: net.PreferIPFamily(false, proxyConfig), } args, err := common.BuildProxyArgs(proxyInfra, proxyConfig.Spec.Shutdown, bootstrapConfigOptions, proxyName) diff --git a/internal/infrastructure/kubernetes/infra.go b/internal/infrastructure/kubernetes/infra.go index 4285f395967..b99651443af 100644 --- a/internal/infrastructure/kubernetes/infra.go +++ b/internal/infrastructure/kubernetes/infra.go @@ -58,6 +58,8 @@ type Infra struct { // Client wrap k8s client. Client *InfraClient + + IPv6First bool } // NewInfra returns a new Infra. @@ -67,6 +69,7 @@ func NewInfra(cli client.Client, cfg *config.Server) *Infra { DNSDomain: cfg.DNSDomain, EnvoyGateway: cfg.EnvoyGateway, Client: New(cli), + IPv6First: cfg.IPv6First, } } diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go index aa5a4d64e70..315ed3ad866 100644 --- a/internal/infrastructure/kubernetes/proxy/resource.go +++ b/internal/infrastructure/kubernetes/proxy/resource.go @@ -20,6 +20,7 @@ import ( "github.com/envoyproxy/gateway/internal/infrastructure/kubernetes/resource" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/utils" + "github.com/envoyproxy/gateway/internal/utils/net" "github.com/envoyproxy/gateway/internal/xds/bootstrap" ) @@ -83,8 +84,8 @@ func expectedProxyContainers(infra *ir.ProxyInfra, containerSpec *egv1a1.KubernetesContainerSpec, shutdownConfig *egv1a1.ShutdownConfig, shutdownManager *egv1a1.ShutdownManager, - namespace string, - dnsDomain string, + namespace string, dnsDomain string, + ipv6First bool, ) ([]corev1.Container, error) { // Define slice to hold container ports var ports []corev1.ContainerPort @@ -135,6 +136,7 @@ func expectedProxyContainers(infra *ir.ProxyInfra, }, MaxHeapSizeBytes: maxHeapSizeBytes, XdsServerHost: ptr.To(fmt.Sprintf("%s.%s.svc.%s", config.EnvoyGatewayServiceName, namespace, dnsDomain)), + IPFamily: net.PreferIPFamily(ipv6First, infra.Config), } args, err := common.BuildProxyArgs(infra, shutdownConfig, bootstrapConfigOptions, fmt.Sprintf("$(%s)", envoyPodEnvVar)) diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index 9830bafad71..6784d6f90b9 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -49,14 +49,17 @@ type ResourceRender struct { DNSDomain string ShutdownManager *egv1a1.ShutdownManager + + IPv6First bool } -func NewResourceRender(ns string, dnsDomain string, infra *ir.ProxyInfra, gateway *egv1a1.EnvoyGateway) *ResourceRender { +func NewResourceRender(ipv6First bool, ns string, dnsDomain string, infra *ir.ProxyInfra, gateway *egv1a1.EnvoyGateway) *ResourceRender { return &ResourceRender{ Namespace: ns, DNSDomain: dnsDomain, infra: infra, ShutdownManager: gateway.GetEnvoyGatewayProvider().GetEnvoyGatewayKubeProvider().ShutdownManager, + IPv6First: ipv6First, } } @@ -262,7 +265,8 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { proxyConfig := r.infra.GetProxyConfig() // Get expected bootstrap configurations rendered ProxyContainers - containers, err := expectedProxyContainers(r.infra, deploymentConfig.Container, proxyConfig.Spec.Shutdown, r.ShutdownManager, r.Namespace, r.DNSDomain) + containers, err := expectedProxyContainers(r.infra, deploymentConfig.Container, proxyConfig.Spec.Shutdown, + r.ShutdownManager, r.Namespace, r.DNSDomain, r.IPv6First) if err != nil { return nil, err } @@ -364,7 +368,8 @@ func (r *ResourceRender) DaemonSet() (*appsv1.DaemonSet, error) { proxyConfig := r.infra.GetProxyConfig() // Get expected bootstrap configurations rendered ProxyContainers - containers, err := expectedProxyContainers(r.infra, daemonSetConfig.Container, proxyConfig.Spec.Shutdown, r.ShutdownManager, r.Namespace, r.DNSDomain) + containers, err := expectedProxyContainers(r.infra, daemonSetConfig.Container, proxyConfig.Spec.Shutdown, + r.ShutdownManager, r.Namespace, r.DNSDomain, r.IPv6First) if err != nil { return nil, err } diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go index 0cf54a40427..c37ca529498 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go @@ -564,7 +564,7 @@ func TestDeployment(t *testing.T) { tc.infra.Proxy.Config.Spec.ExtraArgs = tc.extraArgs } - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) dp, err := r.Deployment() require.NoError(t, err) @@ -993,7 +993,7 @@ func TestDaemonSet(t *testing.T) { tc.infra.Proxy.Config.Spec.ExtraArgs = tc.extraArgs } - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) ds, err := r.DaemonSet() require.NoError(t, err) @@ -1143,7 +1143,7 @@ func TestService(t *testing.T) { provider.EnvoyService = tc.service } - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) svc, err := r.Service() require.NoError(t, err) @@ -1186,7 +1186,7 @@ func TestConfigMap(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) cm, err := r.ConfigMap() require.NoError(t, err) @@ -1229,7 +1229,7 @@ func TestServiceAccount(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) sa, err := r.ServiceAccount() require.NoError(t, err) @@ -1285,7 +1285,7 @@ func TestPDB(t *testing.T) { provider.GetEnvoyProxyKubeProvider() - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) pdb, err := r.PodDisruptionBudget() require.NoError(t, err) @@ -1371,7 +1371,7 @@ func TestHorizontalPodAutoscaler(t *testing.T) { } provider.GetEnvoyProxyKubeProvider() - r := NewResourceRender(cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) + r := NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, tc.infra.GetProxyInfra(), cfg.EnvoyGateway) hpa, err := r.HorizontalPodAutoscaler() require.NoError(t, err) diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml index 5683159e6c5..00075259008 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml @@ -75,7 +75,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml index 75db2fc35a8..20e05117096 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml index e2d420a0407..3137974ae06 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml index a351838340a..89b2f224211 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml @@ -70,7 +70,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml index 1ed87f21c2c..518d17caa34 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml index 70534adc4cc..1452613c925 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml @@ -83,7 +83,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml index b3ed37d3241..b87579f41d1 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml index 97debe2f4e8..c57902c1f4e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml index 64d66281152..3f5cc4895c8 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml index b5fadea1445..d7bb148bf2a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml @@ -79,7 +79,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml index 6cc85628272..494cbd76b7d 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml index 3f6090692bb..6c5c217022f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml index 01a84c9e25f..acd1e6542d9 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml index c32b7625ae7..1e18a45b9d3 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml index 06e48c355a3..a689d870e33 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index 3a080205897..1f0b25e5255 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -80,7 +80,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml index c26ec592cd9..db104e9ee70 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml @@ -80,7 +80,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml index 4a7a1b1c1c0..2499a807621 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml @@ -79,7 +79,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml index 13d12e3fa40..342786c4dd6 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml index 29207aaa3f8..e1cad83208a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml @@ -74,7 +74,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml index 7c724bce6ce..310f3a7b083 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml @@ -79,7 +79,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml index aa87ba5b43c..0b01901e868 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml @@ -87,7 +87,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml index f4bf7a49f83..57c270335cc 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml index 4281e7c3697..f9b4cf2da5f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml index ff84e18cdf2..17c1a680e3b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml @@ -79,7 +79,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml index 2f44c8853d9..608db4fb719 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml @@ -83,7 +83,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml index 432b8f31188..b505be0306f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml index bd87ca6b3a6..6d8efca71e4 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml index 8033aa516af..795c35ec956 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml index 5c7da4fcdd3..d0adf2398ec 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml index 93c65430254..d30a1bf27b6 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml index 93f0cd1456a..bdea80e4c4a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml @@ -78,7 +78,7 @@ spec: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/infrastructure/kubernetes/proxy_configmap_test.go b/internal/infrastructure/kubernetes/proxy_configmap_test.go index ec4c0ec74e7..f045459dab8 100644 --- a/internal/infrastructure/kubernetes/proxy_configmap_test.go +++ b/internal/infrastructure/kubernetes/proxy_configmap_test.go @@ -111,7 +111,7 @@ func TestCreateOrUpdateProxyConfigMap(t *testing.T) { Build() } kube := NewInfra(cli, cfg) - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) err := kube.createOrUpdateConfigMap(context.Background(), r) require.NoError(t, err) actual := &corev1.ConfigMap{ @@ -169,7 +169,7 @@ func TestDeleteConfigProxyMap(t *testing.T) { infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = infra.Proxy.Name - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) cm := &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Namespace: kube.Namespace, diff --git a/internal/infrastructure/kubernetes/proxy_daemonset_test.go b/internal/infrastructure/kubernetes/proxy_daemonset_test.go index 2c126586247..dd4e3922896 100644 --- a/internal/infrastructure/kubernetes/proxy_daemonset_test.go +++ b/internal/infrastructure/kubernetes/proxy_daemonset_test.go @@ -66,7 +66,7 @@ func TestCreateOrUpdateProxyDaemonSet(t *testing.T) { }, } - r := proxy.NewResourceRender(cfg.Namespace, cfg.DNSDomain, infra.GetProxyInfra(), cfg.EnvoyGateway) + r := proxy.NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, infra.GetProxyInfra(), cfg.EnvoyGateway) ds, err := r.DaemonSet() require.NoError(t, err) @@ -245,7 +245,7 @@ func TestCreateOrUpdateProxyDaemonSet(t *testing.T) { } kube := NewInfra(cli, cfg) - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) err := kube.createOrUpdateDaemonSet(context.Background(), r) if tc.wantErr { require.Error(t, err) diff --git a/internal/infrastructure/kubernetes/proxy_deployment_test.go b/internal/infrastructure/kubernetes/proxy_deployment_test.go index 188c92961b3..5da24ced986 100644 --- a/internal/infrastructure/kubernetes/proxy_deployment_test.go +++ b/internal/infrastructure/kubernetes/proxy_deployment_test.go @@ -59,7 +59,7 @@ func TestCreateOrUpdateProxyDeployment(t *testing.T) { infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = infra.Proxy.Name - r := proxy.NewResourceRender(cfg.Namespace, cfg.DNSDomain, infra.GetProxyInfra(), cfg.EnvoyGateway) + r := proxy.NewResourceRender(false, cfg.Namespace, cfg.DNSDomain, infra.GetProxyInfra(), cfg.EnvoyGateway) deploy, err := r.Deployment() require.NoError(t, err) @@ -238,7 +238,7 @@ func TestCreateOrUpdateProxyDeployment(t *testing.T) { } kube := NewInfra(cli, cfg) - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) err := kube.createOrUpdateDeployment(context.Background(), r) if tc.wantErr { require.Error(t, err) @@ -284,7 +284,7 @@ func TestDeleteProxyDeployment(t *testing.T) { infra := ir.NewInfra() infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = infra.Proxy.Name - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) err := kube.createOrUpdateDeployment(context.Background(), r) require.NoError(t, err) diff --git a/internal/infrastructure/kubernetes/proxy_infra.go b/internal/infrastructure/kubernetes/proxy_infra.go index b7d96f3bb3c..c489aa89265 100644 --- a/internal/infrastructure/kubernetes/proxy_infra.go +++ b/internal/infrastructure/kubernetes/proxy_infra.go @@ -23,7 +23,7 @@ func (i *Infra) CreateOrUpdateProxyInfra(ctx context.Context, infra *ir.Infra) e return errors.New("infra proxy ir is nil") } - r := proxy.NewResourceRender(i.Namespace, i.DNSDomain, infra.GetProxyInfra(), i.EnvoyGateway) + r := proxy.NewResourceRender(i.IPv6First, i.Namespace, i.DNSDomain, infra.GetProxyInfra(), i.EnvoyGateway) return i.createOrUpdate(ctx, r) } @@ -33,6 +33,6 @@ func (i *Infra) DeleteProxyInfra(ctx context.Context, infra *ir.Infra) error { return errors.New("infra ir is nil") } - r := proxy.NewResourceRender(i.Namespace, i.DNSDomain, infra.GetProxyInfra(), i.EnvoyGateway) + r := proxy.NewResourceRender(i.IPv6First, i.Namespace, i.DNSDomain, infra.GetProxyInfra(), i.EnvoyGateway) return i.delete(ctx, r) } diff --git a/internal/infrastructure/kubernetes/proxy_service_test.go b/internal/infrastructure/kubernetes/proxy_service_test.go index dab16d5b981..3dfd36e9763 100644 --- a/internal/infrastructure/kubernetes/proxy_service_test.go +++ b/internal/infrastructure/kubernetes/proxy_service_test.go @@ -32,7 +32,7 @@ func TestDeleteProxyService(t *testing.T) { infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = infra.Proxy.Name - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) err := kube.createOrUpdateService(context.Background(), r) require.NoError(t, err) diff --git a/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go b/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go index 44732bf6b48..2013051bece 100644 --- a/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go +++ b/internal/infrastructure/kubernetes/proxy_serviceaccount_test.go @@ -187,7 +187,7 @@ func TestCreateOrUpdateProxyServiceAccount(t *testing.T) { kube := NewInfra(cli, cfg) - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, tc.in.GetProxyInfra(), cfg.EnvoyGateway) err = kube.createOrUpdateServiceAccount(context.Background(), r) require.NoError(t, err) @@ -220,7 +220,7 @@ func TestDeleteProxyServiceAccount(t *testing.T) { infra := ir.NewInfra() infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNamespaceLabel] = "default" infra.Proxy.GetProxyMetadata().Labels[gatewayapi.OwningGatewayNameLabel] = infra.Proxy.Name - r := proxy.NewResourceRender(kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) + r := proxy.NewResourceRender(false, kube.Namespace, kube.DNSDomain, infra.GetProxyInfra(), kube.EnvoyGateway) err := kube.createOrUpdateServiceAccount(context.Background(), r) require.NoError(t, err) diff --git a/internal/utils/net/ip.go b/internal/utils/net/ip.go new file mode 100644 index 00000000000..be130938c36 --- /dev/null +++ b/internal/utils/net/ip.go @@ -0,0 +1,45 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package net + +import ( + "net" + "os" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" +) + +func IsIPv6(s string) bool { + ip := net.ParseIP(s) + if ip == nil { + return false + } + return ip.To4() == nil +} + +// IsIPv6FirstPod returns true if the POD_IP environment variable is an IPv6 address. +// WARNING: This function is only intended to be used in the context of Kubernetes. +func IsIPv6FirstPod() bool { + return IsIPv6(os.Getenv("POD_IP")) +} + +func PreferIPFamily(ipv6First bool, envoyProxy *egv1a1.EnvoyProxy) egv1a1.IPFamily { + if ipv6First { + // return IPv4 if envoy proxy specifies IPv4 + if envoyProxy != nil && envoyProxy.Spec.IPFamily != nil && *envoyProxy.Spec.IPFamily == egv1a1.IPv4 { + return egv1a1.IPv4 + } + + return egv1a1.IPv6 + } + + // return IPv6 if envoy proxy specifies IPv6 + if envoyProxy != nil && envoyProxy.Spec.IPFamily != nil && *envoyProxy.Spec.IPFamily == egv1a1.IPv6 { + return egv1a1.IPv6 + } + + return egv1a1.IPv4 +} diff --git a/internal/utils/net/ip_test.go b/internal/utils/net/ip_test.go new file mode 100644 index 00000000000..77d46052569 --- /dev/null +++ b/internal/utils/net/ip_test.go @@ -0,0 +1,86 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package net + +import ( + "testing" + + "k8s.io/utils/ptr" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" +) + +func TestIsIPv6(t *testing.T) { + cases := []struct { + ip string + expected bool + }{ + { + ip: "", + expected: false, + }, + { + ip: "127.0.0.1", + expected: false, + }, + { + ip: "::1", + expected: true, + }, + } + + for _, tc := range cases { + t.Run(tc.ip, func(t *testing.T) { + actual := IsIPv6(tc.ip) + if actual != tc.expected { + t.Errorf("IsIPv6(%s) = %t; expected %t", tc.ip, actual, tc.expected) + } + }) + } +} + +func TestPreferIPFamily(t *testing.T) { + cases := []struct { + name string + ipv6First bool + envoyProxy *egv1a1.EnvoyProxy + expected egv1a1.IPFamily + }{ + { + name: "ipv6First=true,envoyProxy=nil", + ipv6First: true, + envoyProxy: nil, + expected: egv1a1.IPv6, + }, + { + name: "ipv6First=true,envoyProxy=ipv4", + ipv6First: true, + envoyProxy: &egv1a1.EnvoyProxy{Spec: egv1a1.EnvoyProxySpec{IPFamily: ptr.To(egv1a1.IPv4)}}, + expected: egv1a1.IPv4, + }, + { + name: "ipv6First=false,envoyProxy=nil", + ipv6First: false, + envoyProxy: nil, + expected: egv1a1.IPv4, + }, + { + name: "ipv6First=false,envoyProxy=IPv6", + ipv6First: true, + envoyProxy: &egv1a1.EnvoyProxy{Spec: egv1a1.EnvoyProxySpec{IPFamily: ptr.To(egv1a1.IPv6)}}, + expected: egv1a1.IPv6, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + actual := PreferIPFamily(tc.ipv6First, tc.envoyProxy) + if actual != tc.expected { + t.Errorf("PreferIPFamily(%t, %v) = %v; expected %v", tc.ipv6First, tc.envoyProxy, actual, tc.expected) + } + }) + } +} diff --git a/internal/xds/bootstrap/bootstrap.go b/internal/xds/bootstrap/bootstrap.go index 0efad8c314f..11f05ca1dfb 100644 --- a/internal/xds/bootstrap/bootstrap.go +++ b/internal/xds/bootstrap/bootstrap.go @@ -15,7 +15,7 @@ import ( "k8s.io/apimachinery/pkg/util/sets" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" - "github.com/envoyproxy/gateway/internal/utils/net" + netutils "github.com/envoyproxy/gateway/internal/utils/net" "github.com/envoyproxy/gateway/internal/utils/regex" ) @@ -26,7 +26,8 @@ const ( // It defaults to the Envoy Gateway Kubernetes service. envoyGatewayXdsServerHost = "envoy-gateway" // EnvoyAdminAddress is the listening address of the envoy admin interface. - EnvoyAdminAddress = "127.0.0.1" + envoyAdminAddress = "127.0.0.1" + envoyAdminAddressIPv6 = "::1" // EnvoyAdminPort is the port used to expose admin interface. EnvoyAdminPort = 19000 // envoyAdminAccessLogPath is the path used to expose admin access log. @@ -39,14 +40,29 @@ const ( // DefaultWasmServerPort is the default listening port of the wasm HTTP server. wasmServerPort = 18002 - envoyReadinessAddress = "0.0.0.0" - EnvoyReadinessPort = 19001 - EnvoyReadinessPath = "/ready" + envoyReadinessAddress = "0.0.0.0" + envoyReadinessAddressIPv6 = "::" + EnvoyReadinessPort = 19001 + EnvoyReadinessPath = "/ready" defaultSdsTrustedCAPath = "/sds/xds-trusted-ca.json" defaultSdsCertificatePath = "/sds/xds-certificate.json" ) +func AdminAddress(family egv1a1.IPFamily) string { + if family == egv1a1.IPv6 { + return envoyAdminAddressIPv6 + } + return envoyAdminAddress +} + +func readinessAddress(family egv1a1.IPFamily) string { + if family == egv1a1.IPv6 { + return envoyReadinessAddressIPv6 + } + return envoyReadinessAddress +} + //go:embed bootstrap.yaml.tpl var bootstrapTmplStr string @@ -146,6 +162,7 @@ type RenderBootstrapConfigOptions struct { AdminServerPort *int32 ReadyServerPort *int32 MaxHeapSizeBytes uint64 + IPFamily egv1a1.IPFamily } type SdsConfigPath struct { @@ -199,7 +216,7 @@ func GetRenderedBootstrapConfig(opts *RenderBootstrapConfigOptions) (string, err host, port = *sink.OpenTelemetry.Host, uint32(sink.OpenTelemetry.Port) } if len(sink.OpenTelemetry.BackendRefs) > 0 { - host, port = net.BackendHostAndPort(sink.OpenTelemetry.BackendRefs[0].BackendObjectReference, "") + host, port = netutils.BackendHostAndPort(sink.OpenTelemetry.BackendRefs[0].BackendObjectReference, "") } addr := fmt.Sprintf("%s:%d", host, port) if addresses.Has(addr) { @@ -238,6 +255,11 @@ func GetRenderedBootstrapConfig(opts *RenderBootstrapConfigOptions) (string, err } } + ipFamily := egv1a1.IPv4 + if opts != nil { + ipFamily = opts.IPFamily + } + cfg := &bootstrapConfig{ parameters: bootstrapParameters{ XdsServer: serverParameters{ @@ -249,12 +271,12 @@ func GetRenderedBootstrapConfig(opts *RenderBootstrapConfigOptions) (string, err Port: wasmServerPort, }, AdminServer: adminServerParameters{ - Address: EnvoyAdminAddress, + Address: AdminAddress(ipFamily), Port: EnvoyAdminPort, AccessLogPath: envoyAdminAccessLogPath, }, ReadyServer: readyServerParameters{ - Address: envoyReadinessAddress, + Address: readinessAddress(ipFamily), Port: EnvoyReadinessPort, ReadinessPath: EnvoyReadinessPath, }, diff --git a/internal/xds/bootstrap/bootstrap.yaml.tpl b/internal/xds/bootstrap/bootstrap.yaml.tpl index d243b7777ec..10eb76c75fe 100644 --- a/internal/xds/bootstrap/bootstrap.yaml.tpl +++ b/internal/xds/bootstrap/bootstrap.yaml.tpl @@ -65,7 +65,7 @@ static_resources: - name: envoy-gateway-proxy-ready-{{ .ReadyServer.Address }}-{{ .ReadyServer.Port }} address: socket_address: - address: {{ .ReadyServer.Address }} + address: '{{ .ReadyServer.Address }}' port_value: {{ .ReadyServer.Port }} protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/bootstrap_test.go b/internal/xds/bootstrap/bootstrap_test.go index 3c334eeaeb5..ace84a02888 100644 --- a/internal/xds/bootstrap/bootstrap_test.go +++ b/internal/xds/bootstrap/bootstrap_test.go @@ -165,26 +165,43 @@ func TestGetRenderedBootstrapConfig(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - got, err := GetRenderedBootstrapConfig(tc.opts) - require.NoError(t, err) - - if *overrideTestData { - // nolint:gosec - err = os.WriteFile(path.Join("testdata", "render", fmt.Sprintf("%s.yaml", tc.name)), []byte(got), 0o644) + // IPv4 + { + got, err := GetRenderedBootstrapConfig(tc.opts) require.NoError(t, err) - return + + if *overrideTestData { + // nolint:gosec + err = os.WriteFile(path.Join("testdata", "render", fmt.Sprintf("%s.yaml", tc.name)), []byte(got), 0o644) + require.NoError(t, err) + } else { + expected, err := readTestData(tc.name, "render") + require.NoError(t, err) + assert.Equal(t, expected, got) + } } + // IPv6 + { + tc.opts.IPFamily = egv1a1.IPv6 + gotIPv6, err := GetRenderedBootstrapConfig(tc.opts) + require.NoError(t, err) - expected, err := readTestData(tc.name) - require.NoError(t, err) - assert.Equal(t, expected, got) + if *overrideTestData { + // nolint:gosec + err = os.WriteFile(path.Join("testdata", "ipv6", fmt.Sprintf("%s.yaml", tc.name)), []byte(gotIPv6), 0o644) + require.NoError(t, err) + } else { + expected, err := readTestData(tc.name, "ipv6") + require.NoError(t, err) + assert.Equal(t, expected, gotIPv6) + } + } }) } } -func readTestData(caseName string) (string, error) { - filename := path.Join("testdata", "render", fmt.Sprintf("%s.yaml", caseName)) - +func readTestData(caseName string, sub string) (string, error) { + filename := path.Join("testdata", sub, fmt.Sprintf("%s.yaml", caseName)) b, err := os.ReadFile(filename) if err != nil { return "", err diff --git a/internal/xds/bootstrap/testdata/ipv6/custom-server-port.yaml b/internal/xds/bootstrap/testdata/ipv6/custom-server-port.yaml new file mode 100644 index 00000000000..f04a2bd49fc --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/custom-server-port.yaml @@ -0,0 +1,168 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 2222 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-3333 + address: + socket_address: + address: '::' + port_value: 3333 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + virtual_hosts: + - name: prometheus_stats + domains: + - "*" + routes: + - match: + prefix: /stats/prometheus + route: + cluster: prometheus_stats + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: prometheus_stats + connect_timeout: 0.250s + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: prometheus_stats + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ::1 + port_value: 2222 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: foo.bar + port_value: 12345 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 1111 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/custom-stats-matcher.yaml b/internal/xds/bootstrap/testdata/ipv6/custom-stats-matcher.yaml new file mode 100644 index 00000000000..021da2fa7ed --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/custom-stats-matcher.yaml @@ -0,0 +1,179 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +stats_config: + stats_matcher: + inclusion_list: + patterns: + - exact: http.foo.bar.cluster.upstream_rq + - prefix: http + - prefix: cluster + - suffix: upstream_rq + - safe_regex: + google_re2: {} + regex: virtual.* +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + virtual_hosts: + - name: prometheus_stats + domains: + - "*" + routes: + - match: + prefix: /stats/prometheus + route: + cluster: prometheus_stats + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: prometheus_stats + connect_timeout: 0.250s + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: prometheus_stats + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ::1 + port_value: 19000 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/disable-prometheus.yaml b/internal/xds/bootstrap/testdata/ipv6/disable-prometheus.yaml new file mode 100644 index 00000000000..27df4b0ad16 --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/disable-prometheus.yaml @@ -0,0 +1,146 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/enable-prometheus-gzip-compression.yaml b/internal/xds/bootstrap/testdata/ipv6/enable-prometheus-gzip-compression.yaml new file mode 100644 index 00000000000..48c3ef38a79 --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/enable-prometheus-gzip-compression.yaml @@ -0,0 +1,175 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + virtual_hosts: + - name: prometheus_stats + domains: + - "*" + routes: + - match: + prefix: /stats/prometheus + route: + cluster: prometheus_stats + typed_per_filter_config: + envoy.filters.http.compression: + "@type": type.googleapis.com/envoy.extensions.filters.http.compressor.v3.CompressorPerRoute + compressor_library: + name: text_optimized + typed_config: + "@type": type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: prometheus_stats + connect_timeout: 0.250s + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: prometheus_stats + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ::1 + port_value: 19000 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/enable-prometheus.yaml b/internal/xds/bootstrap/testdata/ipv6/enable-prometheus.yaml new file mode 100644 index 00000000000..63395e20f7a --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/enable-prometheus.yaml @@ -0,0 +1,168 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + virtual_hosts: + - name: prometheus_stats + domains: + - "*" + routes: + - match: + prefix: /stats/prometheus + route: + cluster: prometheus_stats + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: prometheus_stats + connect_timeout: 0.250s + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: prometheus_stats + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ::1 + port_value: 19000 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/otel-metrics-backendref.yaml b/internal/xds/bootstrap/testdata/ipv6/otel-metrics-backendref.yaml new file mode 100644 index 00000000000..6c0a9251f0f --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/otel-metrics-backendref.yaml @@ -0,0 +1,171 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +stats_sinks: +- name: "envoy.stat_sinks.open_telemetry" + typed_config: + "@type": type.googleapis.com/envoy.extensions.stat_sinks.open_telemetry.v3.SinkConfig + grpc_service: + envoy_grpc: + cluster_name: otel_metric_sink_0 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: otel_metric_sink_0 + connect_timeout: 0.250s + type: STRICT_DNS + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: otel_metric_sink_0 + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: otel-collector.monitoring.svc + port_value: 4317 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/otel-metrics.yaml b/internal/xds/bootstrap/testdata/ipv6/otel-metrics.yaml new file mode 100644 index 00000000000..6c0a9251f0f --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/otel-metrics.yaml @@ -0,0 +1,171 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +stats_sinks: +- name: "envoy.stat_sinks.open_telemetry" + typed_config: + "@type": type.googleapis.com/envoy.extensions.stat_sinks.open_telemetry.v3.SinkConfig + grpc_service: + envoy_grpc: + cluster_name: otel_metric_sink_0 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: otel_metric_sink_0 + connect_timeout: 0.250s + type: STRICT_DNS + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: otel_metric_sink_0 + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: otel-collector.monitoring.svc + port_value: 4317 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 diff --git a/internal/xds/bootstrap/testdata/ipv6/with-max-heap-size-bytes.yaml b/internal/xds/bootstrap/testdata/ipv6/with-max-heap-size-bytes.yaml new file mode 100644 index 00000000000..c85cecafc3b --- /dev/null +++ b/internal/xds/bootstrap/testdata/ipv6/with-max-heap-size-bytes.yaml @@ -0,0 +1,183 @@ +admin: + access_log: + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socket_address: + address: ::1 + port_value: 19000 +layered_runtime: + layers: + - name: global_config + static_layer: + envoy.restart_features.use_eds_cache_for_ads: true + re2.max_program_size.error_level: 4294967295 + re2.max_program_size.warn_level: 1000 +dynamic_resources: + ads_config: + api_type: DELTA_GRPC + transport_api_version: V3 + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + lds_config: + ads: {} + resource_api_version: V3 + cds_config: + ads: {} + resource_api_version: V3 +static_resources: + listeners: + - name: envoy-gateway-proxy-ready-::-19001 + address: + socket_address: + address: '::' + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + virtual_hosts: + - name: prometheus_stats + domains: + - "*" + routes: + - match: + prefix: /stats/prometheus + route: + cluster: prometheus_stats + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + clusters: + - name: prometheus_stats + connect_timeout: 0.250s + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: prometheus_stats + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ::1 + port_value: 19000 + - connect_timeout: 10s + load_assignment: + cluster_name: xds_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18000 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: + connection_keepalive: + interval: 30s + timeout: 5s + name: xds_cluster + type: STRICT_DNS + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: /sds/xds-certificate.json + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: /sds/xds-trusted-ca.json + resource_api_version: V3 +overload_manager: + refresh_interval: 0.25s + resource_monitors: + - name: "envoy.resource_monitors.global_downstream_max_connections" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig + max_active_downstream_connections: 50000 + - name: "envoy.resource_monitors.fixed_heap" + typed_config: + "@type": type.googleapis.com/envoy.extensions.resource_monitors.fixed_heap.v3.FixedHeapConfig + max_heap_size_bytes: 1073741824 + actions: + - name: "envoy.overload_actions.shrink_heap" + triggers: + - name: "envoy.resource_monitors.fixed_heap" + threshold: + value: 0.95 + - name: "envoy.overload_actions.stop_accepting_requests" + triggers: + - name: "envoy.resource_monitors.fixed_heap" + threshold: + value: 0.98 diff --git a/internal/xds/bootstrap/testdata/render/custom-server-port.yaml b/internal/xds/bootstrap/testdata/render/custom-server-port.yaml index 23cd059a2a6..cc3b56b399c 100644 --- a/internal/xds/bootstrap/testdata/render/custom-server-port.yaml +++ b/internal/xds/bootstrap/testdata/render/custom-server-port.yaml @@ -34,7 +34,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-3333 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 3333 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml b/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml index 370b66914e3..27258e741ea 100644 --- a/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml +++ b/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml @@ -45,7 +45,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml b/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml index 1b5be570ce3..1e3ba1994dd 100644 --- a/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml +++ b/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml @@ -34,7 +34,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml b/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml index 93829b713f1..20eedcb3be8 100644 --- a/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml +++ b/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml @@ -34,7 +34,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml b/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml index 5d17a89534f..162569bcaf9 100644 --- a/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml +++ b/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml @@ -34,7 +34,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml b/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml index 3f6c0259a7e..27521b3c3fa 100644 --- a/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml +++ b/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml @@ -41,7 +41,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/otel-metrics.yaml b/internal/xds/bootstrap/testdata/render/otel-metrics.yaml index 3f6c0259a7e..27521b3c3fa 100644 --- a/internal/xds/bootstrap/testdata/render/otel-metrics.yaml +++ b/internal/xds/bootstrap/testdata/render/otel-metrics.yaml @@ -41,7 +41,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml b/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml index 854b8a28988..a50a221b48f 100644 --- a/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml +++ b/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml @@ -34,7 +34,7 @@ static_resources: - name: envoy-gateway-proxy-ready-0.0.0.0-19001 address: socket_address: - address: 0.0.0.0 + address: '0.0.0.0' port_value: 19001 protocol: TCP filter_chains: diff --git a/internal/xds/bootstrap/util_test.go b/internal/xds/bootstrap/util_test.go index bfa5d191c46..87b0967dd35 100644 --- a/internal/xds/bootstrap/util_test.go +++ b/internal/xds/bootstrap/util_test.go @@ -22,7 +22,7 @@ import ( var overrideTestData = flag.Bool("override-testdata", false, "if override the test output data.") func TestApplyBootstrapConfig(t *testing.T) { - str, _ := readTestData("enable-prometheus") + str, _ := readTestData("enable-prometheus", "render") cases := []struct { name string boostrapConfig *egv1a1.ProxyBootstrap diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go index 9a68c5f3c1f..b938f52cefa 100644 --- a/internal/xds/translator/listener.go +++ b/internal/xds/translator/listener.go @@ -146,36 +146,6 @@ func originalIPDetectionExtensions(clientIPDetection *ir.ClientIPDetectionSettin return extensionConfig } -func setAddressByIPFamily(socketAddress *corev3.SocketAddress, ipFamily *ir.IPFamily, port uint32) []*listenerv3.AdditionalAddress { - if ipFamily == nil { - return nil - } - switch *ipFamily { - case ir.IPv4: - socketAddress.Address = "0.0.0.0" - case ir.IPv6: - socketAddress.Address = "::" - case ir.Dualstack: - socketAddress.Address = "0.0.0.0" - return []*listenerv3.AdditionalAddress{ - { - Address: &corev3.Address{ - Address: &corev3.Address_SocketAddress{ - SocketAddress: &corev3.SocketAddress{ - Protocol: socketAddress.Protocol, - Address: "::", - PortSpecifier: &corev3.SocketAddress_PortValue{ - PortValue: port, - }, - }, - }, - }, - }, - } - } - return nil -} - // buildXdsTCPListener creates a xds Listener resource // TODO: Improve function parameters func buildXdsTCPListener( @@ -210,11 +180,40 @@ func buildXdsTCPListener( }, } - socketAddress := listener.Address.GetSocketAddress() - listener.AdditionalAddresses = setAddressByIPFamily(socketAddress, ipFamily, port) + listener.AdditionalAddresses = additionalAddressByIPFamily(address, ipFamily, port) return listener, nil } +func additionalAddressByIPFamily(currentAddress string, ipFamily *ir.IPFamily, port uint32) []*listenerv3.AdditionalAddress { + if ipFamily == nil { + return nil + } + + if *ipFamily == ir.Dualstack { + additionalAddress := "::1" + // If the current address is already IPv6, use the IPv4 equivalent + if currentAddress == "::1" { + additionalAddress = "0.0.0.0" + } + return []*listenerv3.AdditionalAddress{ + { + Address: &corev3.Address{ + Address: &corev3.Address_SocketAddress{ + SocketAddress: &corev3.SocketAddress{ + Protocol: corev3.SocketAddress_TCP, + Address: additionalAddress, + PortSpecifier: &corev3.SocketAddress_PortValue{ + PortValue: port, + }, + }, + }, + }, + }, + } + } + return nil +} + func buildPerConnectionBufferLimitBytes(connection *ir.ClientConnection) *wrapperspb.UInt32Value { if connection != nil && connection.BufferLimitBytes != nil { return wrapperspb.UInt32(*connection.BufferLimitBytes) diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml index 0615ffcff8a..20373d4501b 100644 --- a/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml @@ -1,7 +1,7 @@ - additionalAddresses: - address: socketAddress: - address: '::' + address: ::1 portValue: 8082 address: socketAddress: diff --git a/test/helm/gateway-helm/certjen-custom-scheduling.out.yaml b/test/helm/gateway-helm/certjen-custom-scheduling.out.yaml index 37d0212f719..73dd3114451 100644 --- a/test/helm/gateway-helm/certjen-custom-scheduling.out.yaml +++ b/test/helm/gateway-helm/certjen-custom-scheduling.out.yaml @@ -389,6 +389,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/control-plane-with-pdb.out.yaml b/test/helm/gateway-helm/control-plane-with-pdb.out.yaml index 69f08e1dbb7..1af6260f38a 100644 --- a/test/helm/gateway-helm/control-plane-with-pdb.out.yaml +++ b/test/helm/gateway-helm/control-plane-with-pdb.out.yaml @@ -404,6 +404,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/default-config.out.yaml b/test/helm/gateway-helm/default-config.out.yaml index 6e1b1846bae..043cc87acaa 100644 --- a/test/helm/gateway-helm/default-config.out.yaml +++ b/test/helm/gateway-helm/default-config.out.yaml @@ -389,6 +389,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/deployment-custom-topology.out.yaml b/test/helm/gateway-helm/deployment-custom-topology.out.yaml index 0bc5809337c..3777ad9af29 100644 --- a/test/helm/gateway-helm/deployment-custom-topology.out.yaml +++ b/test/helm/gateway-helm/deployment-custom-topology.out.yaml @@ -417,6 +417,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/deployment-images-config.out.yaml b/test/helm/gateway-helm/deployment-images-config.out.yaml index f99a89039d8..5acd24f187a 100644 --- a/test/helm/gateway-helm/deployment-images-config.out.yaml +++ b/test/helm/gateway-helm/deployment-images-config.out.yaml @@ -389,6 +389,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/deployment-priorityclass.out.yaml b/test/helm/gateway-helm/deployment-priorityclass.out.yaml index 3757e360d95..23b6995e1e4 100644 --- a/test/helm/gateway-helm/deployment-priorityclass.out.yaml +++ b/test/helm/gateway-helm/deployment-priorityclass.out.yaml @@ -389,6 +389,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/deployment-securitycontext.out.yaml b/test/helm/gateway-helm/deployment-securitycontext.out.yaml index e98bd1e9730..ac464ddf7a7 100644 --- a/test/helm/gateway-helm/deployment-securitycontext.out.yaml +++ b/test/helm/gateway-helm/deployment-securitycontext.out.yaml @@ -389,6 +389,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/envoy-gateway-config.out.yaml b/test/helm/gateway-helm/envoy-gateway-config.out.yaml index fb1e51f2209..8458f976388 100644 --- a/test/helm/gateway-helm/envoy-gateway-config.out.yaml +++ b/test/helm/gateway-helm/envoy-gateway-config.out.yaml @@ -391,6 +391,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/global-images-config.out.yaml b/test/helm/gateway-helm/global-images-config.out.yaml index ebcda594b19..4ce46484753 100644 --- a/test/helm/gateway-helm/global-images-config.out.yaml +++ b/test/helm/gateway-helm/global-images-config.out.yaml @@ -393,6 +393,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: diff --git a/test/helm/gateway-helm/service-annotations.out.yaml b/test/helm/gateway-helm/service-annotations.out.yaml index 9d37bdffcde..72cc8f6afe4 100644 --- a/test/helm/gateway-helm/service-annotations.out.yaml +++ b/test/helm/gateway-helm/service-annotations.out.yaml @@ -391,6 +391,10 @@ spec: - server - --config-path=/config/envoy-gateway.yaml env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP - name: ENVOY_GATEWAY_NAMESPACE valueFrom: fieldRef: