Merge branch 'main' into fix-rate-limit

.github/workflows/docs.yaml

@@ -36,7 +36,7 @@ jobs:
         config_file: ".github/markdown_lint_config.json"
 
     - name: Install linkinator
-      run: npm install -g linkinator
+      run: npm install -g linkinator@6.0.4
 
     - name: Check links
       run: make docs docs-check-links

OWNERS

@@ -21,7 +21,6 @@ reviewers:
 
 - chauhanshubham
 - kflynn
-- LanceEa
 - tmsnan
 - tanujd11
 - cnvergence

api/v1alpha1/envoygateway_helpers.go

@@ -9,6 +9,8 @@ import (
 	"fmt"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
+	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 // DefaultEnvoyGateway returns a new EnvoyGateway with default configuration parameters.
@@ -39,6 +41,14 @@ func (e *EnvoyGateway) SetEnvoyGatewayDefaults() {
 	if e.Provider == nil {
 		e.Provider = DefaultEnvoyGatewayProvider()
 	}
+	if e.Provider.Kubernetes == nil {
+		e.Provider.Kubernetes = &EnvoyGatewayKubernetesProvider{
+			LeaderElection: DefaultLeaderElection(),
+		}
+	}
+	if e.Provider.Kubernetes.LeaderElection == nil {
+		e.Provider.Kubernetes.LeaderElection = DefaultLeaderElection()
+	}
 	if e.Gateway == nil {
 		e.Gateway = DefaultGateway()
 	}
@@ -85,6 +95,16 @@ func (e *EnvoyGateway) NamespaceMode() bool {
 		len(e.Provider.Kubernetes.Watch.Namespaces) > 0
 }
 
+// DefaultLeaderElection returns a new LeaderElection with default configuration parameters.
+func DefaultLeaderElection() *LeaderElection {
+	return &LeaderElection{
+		RenewDeadline: ptr.To(gwapiv1.Duration("10s")),
+		RetryPeriod:   ptr.To(gwapiv1.Duration("2s")),
+		LeaseDuration: ptr.To(gwapiv1.Duration("15s")),
+		Disable:       ptr.To(false),
+	}
+}
+
 // DefaultGateway returns a new Gateway with default configuration parameters.
 func DefaultGateway() *Gateway {
 	return &Gateway{
@@ -148,6 +168,9 @@ func DefaultEnvoyGatewayPrometheus() *EnvoyGatewayPrometheusProvider {
 func DefaultEnvoyGatewayProvider() *EnvoyGatewayProvider {
 	return &EnvoyGatewayProvider{
 		Type: ProviderTypeKubernetes,
+		Kubernetes: &EnvoyGatewayKubernetesProvider{
+			LeaderElection: DefaultLeaderElection(),
+		},
 	}
 }
 
@@ -195,9 +218,16 @@ func (r *EnvoyGatewayProvider) GetEnvoyGatewayKubeProvider() *EnvoyGatewayKubern
 
 	if r.Kubernetes == nil {
 		r.Kubernetes = DefaultEnvoyGatewayKubeProvider()
+		if r.Kubernetes.LeaderElection == nil {
+			r.Kubernetes.LeaderElection = DefaultLeaderElection()
+		}
 		return r.Kubernetes
 	}
 
+	if r.Kubernetes.LeaderElection == nil {
+		r.Kubernetes.LeaderElection = DefaultLeaderElection()
+	}
+
 	if r.Kubernetes.RateLimitDeployment == nil {
 		r.Kubernetes.RateLimitDeployment = DefaultKubernetesDeployment(DefaultRateLimitImage)
 	}

api/v1alpha1/envoygateway_types.go

@@ -90,6 +90,21 @@ type EnvoyGatewaySpec struct {
 	ExtensionAPIs *ExtensionAPISettings `json:"extensionApis,omitempty"`
 }
 
+// LeaderElection defines the desired leader election settings.
+type LeaderElection struct {
+	// LeaseDuration defines the time non-leader contenders will wait before attempting to claim leadership.
+	// It's based on the timestamp of the last acknowledged signal. The default setting is 15 seconds.
+	LeaseDuration *gwapiv1.Duration `json:"leaseDuration,omitempty"`
+	// RenewDeadline represents the time frame within which the current leader will attempt to renew its leadership
+	// status before relinquishing its position. The default setting is 10 seconds.
+	RenewDeadline *gwapiv1.Duration `json:"renewDeadline,omitempty"`
+	// RetryPeriod denotes the interval at which LeaderElector clients should perform action retries.
+	// The default setting is 2 seconds.
+	RetryPeriod *gwapiv1.Duration `json:"retryPeriod,omitempty"`
+	// Disable provides the option to turn off leader election, which is enabled by default.
+	Disable *bool `json:"disable,omitempty"`
+}
+
 // EnvoyGatewayTelemetry defines telemetry configurations for envoy gateway control plane.
 // Control plane will focus on metrics observability telemetry and tracing telemetry later.
 type EnvoyGatewayTelemetry struct {
@@ -194,6 +209,10 @@ type EnvoyGatewayKubernetesProvider struct {
 	// OverwriteControlPlaneCerts updates the secrets containing the control plane certs, when set.
 	// +optional
 	OverwriteControlPlaneCerts *bool `json:"overwriteControlPlaneCerts,omitempty"`
+	// LeaderElection specifies the configuration for leader election.
+	// If it's not set up, leader election will be active by default, using Kubernetes' standard settings.
+	// +optional
+	LeaderElection *LeaderElection `json:"leaderElection,omitempty"`
 }
 
 const (

api/v1alpha1/validation/envoygateway_validate_test.go

@@ -646,7 +646,7 @@ func TestEnvoyGatewayProvider(t *testing.T) {
 	assert.NotNil(t, envoyGateway.Provider)
 
 	envoyGatewayProvider := envoyGateway.GetEnvoyGatewayProvider()
-	assert.Nil(t, envoyGatewayProvider.Kubernetes)
+	assert.NotNil(t, envoyGatewayProvider.Kubernetes)
 	assert.Equal(t, envoyGateway.Provider, envoyGatewayProvider)
 
 	envoyGatewayProvider.Kubernetes = v1alpha1.DefaultEnvoyGatewayKubeProvider()

internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml

@@ -130,6 +130,13 @@ envoyProxy:
                       path_config_source:
                         path: "/sds/xds-trusted-ca.json"
                       resource_api_version: V3
+        overload_manager:
+          refresh_interval: 0.25s
+          resource_monitors:
+          - name: "envoy.resource_monitors.global_downstream_max_connections"
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig
+              max_active_downstream_connections: 50000
     logging: {}
   status: {}
 gatewayClass:
@@ -508,6 +515,13 @@ xds:
               envoy.restart_features.use_eds_cache_for_ads: true
               re2.max_program_size.error_level: 4294967295
               re2.max_program_size.warn_level: 1000
+        overloadManager:
+          refreshInterval: 0.250s
+          resourceMonitors:
+          - name: envoy.resource_monitors.global_downstream_max_connections
+            typedConfig:
+              '@type': type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig
+              maxActiveDownstreamConnections: "50000"
         staticResources:
           clusters:
           - connectTimeout: 0.250s

internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json

@@ -56,6 +56,18 @@
                 }
               ]
             },
+            "overloadManager": {
+              "refreshInterval": "0.250s",
+              "resourceMonitors": [
+                {
+                  "name": "envoy.resource_monitors.global_downstream_max_connections",
+                  "typedConfig": {
+                    "@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig",
+                    "maxActiveDownstreamConnections": "50000"
+                  }
+                }
+              ]
+            },
             "staticResources": {
               "clusters": [
                 {

internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml

@@ -34,6 +34,13 @@ xds:
               envoy.restart_features.use_eds_cache_for_ads: true
               re2.max_program_size.error_level: 4294967295
               re2.max_program_size.warn_level: 1000
+        overloadManager:
+          refreshInterval: 0.250s
+          resourceMonitors:
+          - name: envoy.resource_monitors.global_downstream_max_connections
+            typedConfig:
+              '@type': type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig
+              maxActiveDownstreamConnections: "50000"
         staticResources:
           clusters:
           - connectTimeout: 0.250s

internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.bootstrap.yaml

@@ -33,6 +33,13 @@ xds:
             envoy.restart_features.use_eds_cache_for_ads: true
             re2.max_program_size.error_level: 4294967295
             re2.max_program_size.warn_level: 1000
+      overloadManager:
+        refreshInterval: 0.250s
+        resourceMonitors:
+        - name: envoy.resource_monitors.global_downstream_max_connections
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig
+            maxActiveDownstreamConnections: "50000"
       staticResources:
         clusters:
         - connectTimeout: 0.250s

internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json

@@ -56,6 +56,18 @@
                 }
               ]
             },
+            "overloadManager": {
+              "refreshInterval": "0.250s",
+              "resourceMonitors": [
+                {
+                  "name": "envoy.resource_monitors.global_downstream_max_connections",
+                  "typedConfig": {
+                    "@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig",
+                    "maxActiveDownstreamConnections": "50000"
+                  }
+                }
+              ]
+            },
             "staticResources": {
               "clusters": [
                 {

internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml

@@ -34,6 +34,13 @@ xds:
               envoy.restart_features.use_eds_cache_for_ads: true
               re2.max_program_size.error_level: 4294967295
               re2.max_program_size.warn_level: 1000
+        overloadManager:
+          refreshInterval: 0.250s
+          resourceMonitors:
+          - name: envoy.resource_monitors.global_downstream_max_connections
+            typedConfig:
+              '@type': type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig
+              maxActiveDownstreamConnections: "50000"
         staticResources:
           clusters:
           - connectTimeout: 0.250s

internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.bootstrap.yaml

@@ -33,6 +33,13 @@ xds:
             envoy.restart_features.use_eds_cache_for_ads: true
             re2.max_program_size.error_level: 4294967295
             re2.max_program_size.warn_level: 1000
+      overloadManager:
+        refreshInterval: 0.250s
+        resourceMonitors:
+        - name: envoy.resource_monitors.global_downstream_max_connections
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig
+            maxActiveDownstreamConnections: "50000"
       staticResources:
         clusters:
         - connectTimeout: 0.250s

internal/envoygateway/config/config.go

@@ -36,6 +36,8 @@ type Server struct {
 	DNSDomain string
 	// Logger is the logr implementation used by Envoy Gateway.
 	Logger logging.Logger
+	// Elected chan is used to signal what a leader is elected
+	Elected chan struct{}
 }
 
 // New returns a Server with default parameters.
@@ -45,7 +47,8 @@ func New() (*Server, error) {
 		Namespace:    env.Lookup("ENVOY_GATEWAY_NAMESPACE", DefaultNamespace),
 		DNSDomain:    env.Lookup("KUBERNETES_CLUSTER_DOMAIN", DefaultDNSDomain),
 		// the default logger
-		Logger: logging.DefaultLogger(v1alpha1.LogLevelInfo),
+		Logger:  logging.DefaultLogger(v1alpha1.LogLevelInfo),
+		Elected: make(chan struct{}),
 	}, nil
 }
 

internal/envoygateway/config/decoder_test.go

@@ -322,6 +322,30 @@ func TestDecode(t *testing.T) {
 			in:     inPath + "invalid-gateway-version.yaml",
 			expect: false,
 		},
+		{
+			in: inPath + "gateway-leaderelection.yaml",
+			out: &v1alpha1.EnvoyGateway{
+				TypeMeta: metav1.TypeMeta{
+					Kind:       v1alpha1.KindEnvoyGateway,
+					APIVersion: v1alpha1.GroupVersion.String(),
+				},
+				EnvoyGatewaySpec: v1alpha1.EnvoyGatewaySpec{
+					Gateway: v1alpha1.DefaultGateway(),
+					Provider: &v1alpha1.EnvoyGatewayProvider{
+						Type: v1alpha1.ProviderTypeKubernetes,
+						Kubernetes: &v1alpha1.EnvoyGatewayKubernetesProvider{
+							LeaderElection: &v1alpha1.LeaderElection{
+								Disable:       ptr.To(true),
+								LeaseDuration: ptr.To(gwapiv1.Duration("1s")),
+								RenewDeadline: ptr.To(gwapiv1.Duration("2s")),
+								RetryPeriod:   ptr.To(gwapiv1.Duration("3s")),
+							},
+						},
+					},
+				},
+			},
+			expect: true,
+		},
 	}
 
 	for _, tc := range testCases {

internal/envoygateway/config/testdata/decoder/in/gateway-global-ratelimit.yaml

@@ -4,6 +4,12 @@ gateway:
   controllerName: gateway.envoyproxy.io/gatewayclass-controller
 provider:
   type: Kubernetes
+  kubernetes:
+    leaderElection:
+      leaseDuration: 15s
+      renewDeadline: 10s
+      retryPeriod: 2s
+      disable: false
 rateLimit:
   timeout: 10ms
   failClosed: true

internal/envoygateway/config/testdata/decoder/in/gateway-leaderelection.yaml

@@ -0,0 +1,13 @@
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyGateway
+gateway:
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+provider:
+  type: Kubernetes
+  kubernetes:
+    leaderElection:
+      disable: true
+      leaseDuration: "1s"
+      renewDeadline: "2s"
+      retryPeriod: "3s"
+      disabled: false

internal/envoygateway/config/testdata/decoder/in/kube-provider.yaml

@@ -2,3 +2,9 @@ apiVersion: gateway.envoyproxy.io/v1alpha1
 kind: EnvoyGateway
 provider:
   type: Kubernetes
+  kubernetes:
+    leaderElection:
+      leaseDuration: 15s
+      renewDeadline: 10s
+      retryPeriod: 2s
+      disable: false