Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't switch container port #3226

Closed
zvlb opened this issue Apr 20, 2024 · 6 comments
Closed

Don't switch container port #3226

zvlb opened this issue Apr 20, 2024 · 6 comments
Labels
triage

Comments

@zvlb
Copy link
Contributor

zvlb commented Apr 20, 2024

I continue to work on the possibility of using Envoy Gateway on bare metal installations of Kubernetes. In my case, services with the LoadBalancer type are not available in the cluster, so I need to launch containers on the required ports (which are specified in the CR Gateway) without executing logic in the servicePortToContainerPort function.

At the moment, I see two solutions:

  1. Add a flag to Envoy that disables the need to execute servicePortToContainerPort. I'm not very fond of this option because if I need multiple Gateways, not all of which should have CAP_NET_BIND_SERVICE, there will be problems.
  2. Add a field to EnvoyProxy that will control this behavior.

Do you have any other suggestions? I can implement the agreed functionality.
@zvlb zvlb added the triage label Apr 20, 2024
@arkodg
Copy link
Contributor

arkodg commented Apr 23, 2024

relates to #2405
@Xunzhuo is a knob to opt out of this translation the only option ?

@Xunzhuo
Copy link
Member

Xunzhuo commented Apr 23, 2024

In some scenarios, we actually do need to use the listener port as the container port, we can add a field to control this behavior.

@zvlb
Copy link
Contributor Author

zvlb commented Apr 29, 2024

@arkodg I'm not sure aboute this PR.

My not-so-authoritative opinion:

  1. It seems to me it would be better to move the UseListenerPortAsContainerPort field from KubernetesServiceSpec to EnvoyProxyKubernetesProvider, as changing this parameter affects both how the pod and service are configured, not just the service alone.
    (In the future, I want to add a disable flag in KubernetesServiceSpec to avoid deploying the service. However, ports for pods should be specified without mutation. So, the working configuration would look like this:
...
  envoyService:
    disable: true
    useListenerPortAsContainerPort: true

Which looks strange to me)

  1. This PR blocks the ability to use ports lower than 1024. However, in my case, I need to use ports 80 and 443. Perhaps someone else may need to use different ports.

@zvlb
Copy link
Contributor Author

zvlb commented Apr 29, 2024

If someone can create name for this options in field EnvoyProxyKubernetesProvider I can start to implement it)

@arkodg
Copy link
Contributor

arkodg commented May 1, 2024

@zvlb would be great if you can take #2405 forward (as a new PR)
some open questions are

@arkodg arkodg mentioned this issue May 3, 2024
Closed
@zvlb zvlb mentioned this issue May 6, 2024
Merged
@arkodg
Copy link
Contributor

arkodg commented May 20, 2024

fixed with #3333

@arkodg arkodg closed this as completed May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arkodg @zvlb @Xunzhuo