diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index 9faa39854a8..72267a69a2c 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -30,6 +30,33 @@ envoyProxy: ads: {} resource_api_version: V3 static_resources: + listeners: + - name: envoy-gateway-proxy-ready-0.0.0.0-19001 + address: + socket_address: + address: 0.0.0.0 + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - connect_timeout: 10s load_assignment: @@ -431,6 +458,32 @@ xds: ads: {} resourceApiVersion: V3 staticResources: + listeners: + - name: envoy-gateway-proxy-ready-0.0.0.0-19001 + address: + socketAddress: + address: 0.0.0.0 + portValue: 19001 + filterChains: + - filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + statPrefix: eg-ready-http + routeConfig: + name: local_route + httpFilters: + - name: envoy.filters.http.health_check + typedConfig: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + passThroughMode: false + headers: + - name: ":path" + stringMatch: + exact: /ready + - name: envoy.filters.http.router + typedConfig: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - connectTimeout: 10s loadAssignment: diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json index 5ca7d75850f..726ecdd8a6e 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json @@ -59,6 +59,56 @@ ] }, "staticResources": { + "listeners": [ + { + "name": "envoy-gateway-proxy-ready-0.0.0.0-19001", + "address": { + "socketAddress": { + "address": "0.0.0.0", + "portValue": 19001, + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "statPrefix": "eg-ready-http", + "routeConfig": { + "name": "local_route" + }, + "httpFilters": [ + { + "name": "envoy.filters.http.health_check", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck", + "passThroughMode": false, + "headers": [ + { + "name": ":path", + "stringMatch": { + "exact": "/ready" + } + } + ] + } + }, + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ] + } + } + ] + } + ] + } + ], "clusters": [ { "connectTimeout": "10s", diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml index 398c0242dc0..efa43263d87 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml @@ -36,6 +36,32 @@ xds: ads: {} resourceApiVersion: V3 staticResources: + listeners: + - name: envoy-gateway-proxy-ready-0.0.0.0-19001 + address: + socketAddress: + address: 0.0.0.0 + portValue: 19001 + filterChains: + - filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + statPrefix: eg-ready-http + routeConfig: + name: local_route + httpFilters: + - name: envoy.filters.http.health_check + typedConfig: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + passThroughMode: false + headers: + - name: ":path" + stringMatch: + exact: /ready + - name: envoy.filters.http.router + typedConfig: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - connectTimeout: 10s loadAssignment: diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.bootstrap.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.bootstrap.yaml index 07aac9314c3..c96fca5787e 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.bootstrap.yaml +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.bootstrap.yaml @@ -35,6 +35,32 @@ xds: ads: {} resourceApiVersion: V3 staticResources: + listeners: + - name: envoy-gateway-proxy-ready-0.0.0.0-19001 + address: + socketAddress: + address: 0.0.0.0 + portValue: 19001 + filterChains: + - filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + statPrefix: eg-ready-http + routeConfig: + name: local_route + httpFilters: + - name: envoy.filters.http.health_check + typedConfig: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + passThroughMode: false + headers: + - name: ":path" + stringMatch: + exact: /ready + - name: envoy.filters.http.router + typedConfig: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - connectTimeout: 10s loadAssignment: diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go index 686f891981b..7e6574eb75a 100644 --- a/internal/infrastructure/kubernetes/proxy/resource.go +++ b/internal/infrastructure/kubernetes/proxy/resource.go @@ -11,6 +11,7 @@ import ( "strings" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/pointer" egcfgv1a1 "github.com/envoyproxy/gateway/api/config/v1alpha1" @@ -154,6 +155,14 @@ func expectedProxyContainers(infra *ir.ProxyInfra, deploymentConfig *egcfgv1a1.K VolumeMounts: expectedContainerVolumeMounts(deploymentConfig), TerminationMessagePolicy: corev1.TerminationMessageReadFile, TerminationMessagePath: "/dev/termination-log", + ReadinessProbe: &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: bootstrap.EnvoyReadinessPath, + Port: intstr.IntOrString{Type: intstr.Int, IntVal: bootstrap.EnvoyReadinessPort}, + }, + }, + }, }, } diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml index c7c66041ea0..73e86a058ab 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml @@ -63,6 +63,10 @@ spec: requests: cpu: 100m memory: 512Mi + readinessProbe: + httpGet: + path: /ready + port: 19001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml index c08f96fd560..b5a5d5cd482 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml @@ -64,6 +64,10 @@ spec: requests: cpu: 100m memory: 512Mi + readinessProbe: + httpGet: + path: /ready + port: 19001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index be59fee9f35..f9fa2b7fb7d 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -62,6 +62,33 @@ spec: ads: {} resource_api_version: V3 static_resources: + listeners: + - name: envoy-gateway-proxy-ready-0.0.0.0-19001 + address: + socket_address: + address: 0.0.0.0 + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - connect_timeout: 10s load_assignment: @@ -138,6 +165,10 @@ spec: requests: cpu: 200m memory: 1Gi + readinessProbe: + httpGet: + path: /ready + port: 19001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File securityContext: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml index be59fee9f35..f9fa2b7fb7d 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml @@ -62,6 +62,33 @@ spec: ads: {} resource_api_version: V3 static_resources: + listeners: + - name: envoy-gateway-proxy-ready-0.0.0.0-19001 + address: + socket_address: + address: 0.0.0.0 + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - connect_timeout: 10s load_assignment: @@ -138,6 +165,10 @@ spec: requests: cpu: 200m memory: 1Gi + readinessProbe: + httpGet: + path: /ready + port: 19001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File securityContext: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml index ac943e9d3a8..f9ece0c355e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml @@ -60,6 +60,33 @@ spec: ads: {} resource_api_version: V3 static_resources: + listeners: + - name: envoy-gateway-proxy-ready-0.0.0.0-19001 + address: + socket_address: + address: 0.0.0.0 + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - connect_timeout: 10s load_assignment: @@ -133,6 +160,10 @@ spec: requests: cpu: 100m memory: 512Mi + readinessProbe: + httpGet: + path: /ready + port: 19001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml index e5f6c3a5165..c74059582b9 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml @@ -62,6 +62,33 @@ spec: ads: {} resource_api_version: V3 static_resources: + listeners: + - name: envoy-gateway-proxy-ready-0.0.0.0-19001 + address: + socket_address: + address: 0.0.0.0 + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - connect_timeout: 10s load_assignment: @@ -142,6 +169,10 @@ spec: requests: cpu: 200m memory: 1Gi + readinessProbe: + httpGet: + path: /ready + port: 19001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File securityContext: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml index a8d7a68922d..56ec3c19b0f 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml @@ -62,6 +62,33 @@ spec: ads: {} resource_api_version: V3 static_resources: + listeners: + - name: envoy-gateway-proxy-ready-0.0.0.0-19001 + address: + socket_address: + address: 0.0.0.0 + port_value: 19001 + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: /ready + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - connect_timeout: 10s load_assignment: @@ -142,6 +169,10 @@ spec: requests: cpu: 200m memory: 1Gi + readinessProbe: + httpGet: + path: /ready + port: 19001 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File securityContext: diff --git a/internal/xds/bootstrap/bootstrap.go b/internal/xds/bootstrap/bootstrap.go index 4823d3fec2b..6a7da391c35 100644 --- a/internal/xds/bootstrap/bootstrap.go +++ b/internal/xds/bootstrap/bootstrap.go @@ -28,6 +28,10 @@ const ( // DefaultXdsServerPort is the default listening port of the xds-server. DefaultXdsServerPort = 18000 + + envoyReadinessAddress = "0.0.0.0" + EnvoyReadinessPort = 19001 + EnvoyReadinessPath = "/ready" ) //go:embed bootstrap.yaml.tpl @@ -49,6 +53,8 @@ type bootstrapParameters struct { XdsServer xdsServerParameters // AdminServer defines the configuration of the Envoy admin interface. AdminServer adminServerParameters + // ReadyServer defines the configuration for health check ready listener + ReadyServer readyServerParameters } type xdsServerParameters struct { @@ -67,6 +73,15 @@ type adminServerParameters struct { AccessLogPath string } +type readyServerParameters struct { + // Address is the address of the Envoy readiness probe + Address string + // Port is the port of envoy readiness probe + Port int32 + // ReadinessPath is the path for the envoy readiness probe + ReadinessPath string +} + // render the stringified bootstrap config in yaml format. func (b *bootstrapConfig) render() error { buf := new(strings.Builder) @@ -92,6 +107,11 @@ func GetRenderedBootstrapConfig() (string, error) { Port: envoyAdminPort, AccessLogPath: envoyAdminAccessLogPath, }, + ReadyServer: readyServerParameters{ + Address: envoyReadinessAddress, + Port: EnvoyReadinessPort, + ReadinessPath: EnvoyReadinessPath, + }, }, } diff --git a/internal/xds/bootstrap/bootstrap.yaml.tpl b/internal/xds/bootstrap/bootstrap.yaml.tpl index 4366e3f9fcc..d89f156eb6a 100644 --- a/internal/xds/bootstrap/bootstrap.yaml.tpl +++ b/internal/xds/bootstrap/bootstrap.yaml.tpl @@ -23,6 +23,33 @@ dynamic_resources: ads: {} resource_api_version: V3 static_resources: + listeners: + - name: envoy-gateway-proxy-ready-{{ .ReadyServer.Address }}-{{ .ReadyServer.Port }} + address: + socket_address: + address: {{ .ReadyServer.Address }} + port_value: {{ .ReadyServer.Port }} + protocol: TCP + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: eg-ready-http + route_config: + name: local_route + http_filters: + - name: envoy.filters.http.health_check + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.health_check.v3.HealthCheck + pass_through_mode: false + headers: + - name: ":path" + string_match: + exact: {{ .ReadyServer.ReadinessPath }} + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - connect_timeout: 10s load_assignment: