Skip to content

Commit

Permalink
feat(translator): Support extension server hooks for TCP and UDP list…
Browse files Browse the repository at this point in the history 
…eners in addition to HTTP listeners. (#3522)

* Support extension server hooks for TCP and UDP listeners in addition to
HTTP listeners.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Extension policies should be gathered based on the xds listener name

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Cleanly separate the extension hook server listener hook logic from the
translation logic.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Update the test with the listener name.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Final touches after the rebase to align with the linter.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Removed an unused function.

Signed-off-by: Lior Okman <lior.okman@sap.com>
  • Loading branch information
@liorokman
liorokman authored Jun 14, 2024
1 parent 28e1a48 commit 4e5a2c6
Show file tree
Hide file tree
Showing 20 changed files with 1,109 additions and 137 deletions.
20 changes: 20 additions & 0 deletions internal/gatewayapi/extensionserverpolicy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,5 +201,25 @@ func (t *Translator) translateExtServerPolicyForGateway(
})
found = true
}
for _, currListener := range gwIR.TCP {
listenerName := currListener.Name[strings.LastIndex(currListener.Name, "/")+1:]
if target.SectionName != nil && string(*target.SectionName) != listenerName {
continue
}
currListener.ExtensionRefs = append(currListener.ExtensionRefs, &ir.UnstructuredRef{
Object: policy,
})
found = true
}
for _, currListener := range gwIR.UDP {
listenerName := currListener.Name[strings.LastIndex(currListener.Name, "/")+1:]
if target.SectionName != nil && string(*target.SectionName) != listenerName {
continue
}
currListener.ExtensionRefs = append(currListener.ExtensionRefs, &ir.UnstructuredRef{
Object: policy,
})
found = true
}
return found
}
26 changes: 16 additions & 10 deletions internal/gatewayapi/listener.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,10 +101,12 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap
switch listener.Protocol {
case gwapiv1.HTTPProtocolType, gwapiv1.HTTPSProtocolType:
irListener := &ir.HTTPListener{
Name: irListenerName(listener),
Address: "0.0.0.0",
Port: uint32(containerPort),
TLS: irTLSConfigs(listener.tlsSecrets...),
CoreListenerDetails: ir.CoreListenerDetails{
Name: irListenerName(listener),
Address: "0.0.0.0",
Port: uint32(containerPort),
},
TLS: irTLSConfigs(listener.tlsSecrets...),
Path: ir.PathSettings{
MergeSlashes: true,
EscapedSlashesAction: ir.UnescapeAndRedirect,
Expand All @@ -121,9 +123,11 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap
xdsIR[irKey].HTTP = append(xdsIR[irKey].HTTP, irListener)
case gwapiv1.TCPProtocolType, gwapiv1.TLSProtocolType:
irListener := &ir.TCPListener{
Name: irListenerName(listener),
Address: "0.0.0.0",
Port: uint32(containerPort),
CoreListenerDetails: ir.CoreListenerDetails{
Name: irListenerName(listener),
Address: "0.0.0.0",
Port: uint32(containerPort),
},

// Gateway is processed firstly, then ClientTrafficPolicy, then xRoute.
// TLS field should be added to TCPListener as ClientTrafficPolicy will affect
Expand All @@ -134,9 +138,11 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR XdsIRMap
xdsIR[irKey].TCP = append(xdsIR[irKey].TCP, irListener)
case gwapiv1.UDPProtocolType:
irListener := &ir.UDPListener{
Name: irListenerName(listener),
Address: "0.0.0.0",
Port: uint32(containerPort),
CoreListenerDetails: ir.CoreListenerDetails{
Name: irListenerName(listener),
Address: "0.0.0.0",
Port: uint32(containerPort),
},
}
xdsIR[irKey].UDP = append(xdsIR[irKey].UDP, irListener)
}
Expand Down
45 changes: 45 additions & 0 deletions internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.in.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
gateways:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
namespace: envoy-gateway
name: gateway-1
spec:
gatewayClassName: envoy-gateway-class
listeners:
- name: tcp1
protocol: TCP
port: 80
allowedRoutes:
namespaces:
from: All
- name: tcp2
protocol: TCP
port: 81
allowedRoutes:
namespaces:
from: All
extensionServerPolicies:
- apiVersion: foo.example.io/v1alpha1
kind: Bar
metadata:
name: test1
namespace: envoy-gateway
spec:
targetRef:
kind: Gateway
group: gateway.networking.k8s.io
name: gateway-1
data: "attached to all listeners"
- apiVersion: foo.example.io/v1alpha1
kind: Bar
metadata:
name: test2
namespace: envoy-gateway
spec:
targetRef:
kind: Gateway
group: gateway.networking.k8s.io
name: gateway-1
sectionName: tcp1
data: "attached only to listener on port 80"
236 changes: 236 additions & 0 deletions internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,236 @@
extensionServerPolicies:
- apiVersion: foo.example.io/v1alpha1
kind: Bar
metadata:
name: test1
namespace: envoy-gateway
spec:
data: attached to all listeners
targetRef:
group: gateway.networking.k8s.io
kind: Gateway
name: gateway-1
status:
ancestors:
- ancestorRef:
group: gateway.networking.k8s.io
kind: Gateway
name: gateway-1
namespace: envoy-gateway
conditions:
- lastTransitionTime: null
message: Policy has been accepted.
reason: Accepted
status: "True"
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
- apiVersion: foo.example.io/v1alpha1
kind: Bar
metadata:
name: test2
namespace: envoy-gateway
spec:
data: attached only to listener on port 80
targetRef:
group: gateway.networking.k8s.io
kind: Gateway
name: gateway-1
sectionName: tcp1
status:
ancestors:
- ancestorRef:
group: gateway.networking.k8s.io
kind: Gateway
name: gateway-1
namespace: envoy-gateway
sectionName: tcp1
conditions:
- lastTransitionTime: null
message: Policy has been accepted.
reason: Accepted
status: "True"
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
gateways:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
creationTimestamp: null
name: gateway-1
namespace: envoy-gateway
spec:
gatewayClassName: envoy-gateway-class
listeners:
- allowedRoutes:
namespaces:
from: All
name: tcp1
port: 80
protocol: TCP
- allowedRoutes:
namespaces:
from: All
name: tcp2
port: 81
protocol: TCP
status:
listeners:
- attachedRoutes: 0
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
reason: Programmed
status: "True"
type: Programmed
- lastTransitionTime: null
message: Listener has been successfully translated
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: null
message: Listener references have been resolved
reason: ResolvedRefs
status: "True"
type: ResolvedRefs
name: tcp1
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
- attachedRoutes: 0
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
reason: Programmed
status: "True"
type: Programmed
- lastTransitionTime: null
message: Listener has been successfully translated
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: null
message: Listener references have been resolved
reason: ResolvedRefs
status: "True"
type: ResolvedRefs
name: tcp2
supportedKinds:
- group: gateway.networking.k8s.io
kind: TCPRoute
infraIR:
envoy-gateway/gateway-1:
proxy:
listeners:
- address: null
name: envoy-gateway/gateway-1/tcp1
ports:
- containerPort: 10080
name: tcp-80
protocol: TCP
servicePort: 80
- address: null
name: envoy-gateway/gateway-1/tcp2
ports:
- containerPort: 10081
name: tcp-81
protocol: TCP
servicePort: 81
metadata:
labels:
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
name: envoy-gateway/gateway-1
xdsIR:
envoy-gateway/gateway-1:
accessLog:
text:
- path: /dev/stdout
tcp:
- address: 0.0.0.0
extensionRefs:
- object:
apiVersion: foo.example.io/v1alpha1
kind: Bar
metadata:
name: test1
namespace: envoy-gateway
spec:
data: attached to all listeners
targetRef:
group: gateway.networking.k8s.io
kind: Gateway
name: gateway-1
status:
ancestors:
- ancestorRef:
group: gateway.networking.k8s.io
kind: Gateway
name: gateway-1
namespace: envoy-gateway
conditions:
- lastTransitionTime: null
message: Policy has been accepted.
reason: Accepted
status: "True"
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
- object:
apiVersion: foo.example.io/v1alpha1
kind: Bar
metadata:
name: test2
namespace: envoy-gateway
spec:
data: attached only to listener on port 80
targetRef:
group: gateway.networking.k8s.io
kind: Gateway
name: gateway-1
sectionName: tcp1
status:
ancestors:
- ancestorRef:
group: gateway.networking.k8s.io
kind: Gateway
name: gateway-1
namespace: envoy-gateway
sectionName: tcp1
conditions:
- lastTransitionTime: null
message: Policy has been accepted.
reason: Accepted
status: "True"
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
name: envoy-gateway/gateway-1/tcp1
port: 10080
- address: 0.0.0.0
extensionRefs:
- object:
apiVersion: foo.example.io/v1alpha1
kind: Bar
metadata:
name: test1
namespace: envoy-gateway
spec:
data: attached to all listeners
targetRef:
group: gateway.networking.k8s.io
kind: Gateway
name: gateway-1
status:
ancestors:
- ancestorRef:
group: gateway.networking.k8s.io
kind: Gateway
name: gateway-1
namespace: envoy-gateway
conditions:
- lastTransitionTime: null
message: Policy has been accepted.
reason: Accepted
status: "True"
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
name: envoy-gateway/gateway-1/tcp2
port: 10081
Loading

0 comments on commit 4e5a2c6

Please sign in to comment.