Skip to content

Commit

Permalink
Merge branch 'main' into socket-buffer-api
Browse files Browse the repository at this point in the history
  • Loading branch information
aoledk authored Aug 2, 2024
2 parents 4c55bd3 + f4c53f4 commit 7b2e8ff
Show file tree
Hide file tree
Showing 88 changed files with 1,988 additions and 121 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/build_and_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,9 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: ./tools/github-actions/setup-deps

- name: Setup Graphviz
uses: ts-graphviz/setup-graphviz@v2

# Benchmark
- name: Run Benchmark tests
env:
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/experimental_conformance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,11 @@ on:
push:
paths:
- 'charts/gateway-helm/crds/gatewayapi-crds.yaml'
- 'test/conformance/experimental_conformance_test.go'
pull_request:
paths:
- 'charts/gateway-helm/crds/gatewayapi-crds.yaml'
- 'test/conformance/*.go'
- 'test/conformance/experimental_conformance_test.go'
# Add workflow_dispatch to trigger this workflow manually by maintainers.
workflow_dispatch:

Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/latest_release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: ./tools/github-actions/setup-deps

- name: Setup Graphviz
uses: ts-graphviz/setup-graphviz@v2

# Benchmark
- name: Run Benchmark tests
env:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: ./tools/github-actions/setup-deps

- name: Setup Graphviz
uses: ts-graphviz/setup-graphviz@v2

# Benchmark
- name: Run Benchmark tests
env:
Expand Down
4 changes: 4 additions & 0 deletions api/v1alpha1/backendtrafficpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ type BackendTrafficPolicySpec struct {
//
// +optional
Connection *BackendConnection `json:"connection,omitempty"`
// DNS includes dns resolution settings.
//
// +optional
DNS *DNS `json:"dns,omitempty"`
}

// +kubebuilder:object:root=true
Expand Down
18 changes: 18 additions & 0 deletions api/v1alpha1/dns_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
// Copyright Envoy Gateway Authors
// SPDX-License-Identifier: Apache-2.0
// The full text of the Apache license is available in the LICENSE file at
// the root of the repo.

package v1alpha1

import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

type DNS struct {
// DNSRefreshRate specifies the rate at which DNS records should be refreshed.
// Defaults to 30 seconds.
DNSRefreshRate *metav1.Duration `json:"dnsRefreshRate,omitempty"`
// RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
// If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
// Defaults to true.
RespectDNSTTL *bool `json:"respectDnsTtl,omitempty"`
}
30 changes: 30 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,21 @@ spec:
rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
: type(self) == int'
type: object
dns:
description: DNS includes dns resolution settings.
properties:
dnsRefreshRate:
description: |-
DNSRefreshRate specifies the rate at which DNS records should be refreshed.
Defaults to 30 seconds.
type: string
respectDnsTtl:
description: |-
RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
Defaults to true.
type: boolean
type: object
faultInjection:
description: |-
FaultInjection defines the fault injection policy to be applied. This configuration can be used to
Expand Down
16 changes: 12 additions & 4 deletions charts/gateway-helm/templates/certgen.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,20 @@ spec:
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsGroup: 65534
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
{{- include "eg.image.pullSecrets" . | nindent 6 }}
restartPolicy: Never
securityContext:
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: {{ include "eg.fullname" . }}-certgen
{{- if not ( kindIs "invalid" .Values.certgen.job.ttlSecondsAfterFinished) }}
ttlSecondsAfterFinished: {{ .Values.certgen.job.ttlSecondsAfterFinished }}
Expand Down
9 changes: 7 additions & 2 deletions charts/gateway-helm/templates/envoy-gateway-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,13 @@ spec:
}}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /config
name: envoy-gateway-config
Expand All @@ -103,8 +110,6 @@ spec:
name: certs
readOnly: true
{{- include "eg.image.pullSecrets" . | nindent 6 }}
securityContext:
runAsNonRoot: true
serviceAccountName: envoy-gateway
terminationGracePeriodSeconds: 10
volumes:
Expand Down
36 changes: 36 additions & 0 deletions internal/gatewayapi/backendtrafficpolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -295,6 +295,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
ka *ir.TCPKeepalive
rt *ir.Retry
bc *ir.BackendConnection
ds *ir.DNS
err, errs error
)

Expand Down Expand Up @@ -349,6 +350,10 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
}
}

if policy.Spec.DNS != nil {
ds = t.translateDNS(policy)
}

// Early return if got any errors
if errs != nil {
return errs
Expand All @@ -368,6 +373,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
r.TCPKeepalive = ka
r.Timeout = to
r.BackendConnection = bc
r.DNS = ds
}
}
}
Expand All @@ -380,6 +386,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
r.LoadBalancer = lb
r.Timeout = to
r.BackendConnection = bc
r.DNS = ds
}
}
}
Expand All @@ -400,6 +407,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
BackendConnection: bc,
}

r.DNS = ds
// Update the Host field in HealthCheck, now that we have access to the Route Hostname.
r.Traffic.HealthCheck.SetHTTPHostIfAbsent(r.Hostname)

Expand Down Expand Up @@ -432,6 +440,7 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
ct *ir.Timeout
ka *ir.TCPKeepalive
rt *ir.Retry
ds *ir.DNS
err, errs error
)

Expand Down Expand Up @@ -479,6 +488,10 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
}
}

if policy.Spec.DNS != nil {
ds = t.translateDNS(policy)
}

// Early return if got any errors
if errs != nil {
return errs
Expand Down Expand Up @@ -516,6 +529,10 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
if r.Timeout == nil {
r.Timeout = ct
}

if r.DNS == nil {
r.DNS = ds
}
}
}

Expand All @@ -540,6 +557,10 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
if route.Timeout == nil {
route.Timeout = ct
}

if route.DNS == nil {
route.DNS = ds
}
}

for _, http := range x.HTTP {
Expand Down Expand Up @@ -568,6 +589,10 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
Retry: rt,
}

if r.DNS == nil {
r.DNS = ds
}

// Update the Host field in HealthCheck, now that we have access to the Route Hostname.
r.Traffic.HealthCheck.SetHTTPHostIfAbsent(r.Hostname)

Expand Down Expand Up @@ -847,6 +872,17 @@ func (t *Translator) buildConsistentHashLoadBalancer(policy *egv1a1.BackendTraff
return consistentHash, nil
}

func (t *Translator) translateDNS(policy *egv1a1.BackendTrafficPolicy) *ir.DNS {
ds := &ir.DNS{}
if policy.Spec.DNS.RespectDNSTTL != nil {
ds.RespectDNSTTL = policy.Spec.DNS.RespectDNSTTL
}
if policy.Spec.DNS.DNSRefreshRate != nil {
ds.DNSRefreshRate = policy.Spec.DNS.DNSRefreshRate
}
return ds
}

func (t *Translator) buildProxyProtocol(policy *egv1a1.BackendTrafficPolicy) *ir.ProxyProtocol {
var pp *ir.ProxyProtocol
switch policy.Spec.ProxyProtocol.Version {
Expand Down
Loading

0 comments on commit 7b2e8ff

Please sign in to comment.