feat: Support DNS resolution settings (envoyproxy#3974)

* Support DNS resolution settings Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * updating Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * updating Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * regenerate Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * add a nil cluster settings check Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * updating Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * updating as per code review feedback Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * adding tcp / udp route translations Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * use processXdsCluster with udp,tcp and http route types Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * fixing lint Signed-off-by: Alexander Volchok <alex.volchok@sap.com> * fix respect dnsTTL setting Signed-off-by: Alexander Volchok <alex.volchok@sap.com> --------- Signed-off-by: Alexander Volchok <alex.volchok@sap.com>
guydc · Aug 1, 2024 · f4c53f4 · f4c53f4
1 parent 5d9f587
commit f4c53f4
Show file tree

Hide file tree

Showing 13 changed files with 846 additions and 53 deletions.
diff --git a/api/v1alpha1/backendtrafficpolicy_types.go b/api/v1alpha1/backendtrafficpolicy_types.go
@@ -110,6 +110,10 @@ type BackendTrafficPolicySpec struct {
 	//
 	// +optional
 	Connection *BackendConnection `json:"connection,omitempty"`
+	// DNS includes dns resolution settings.
+	//
+	// +optional
+	DNS *DNS `json:"dns,omitempty"`
 }
 
 // +kubebuilder:object:root=true

diff --git a/api/v1alpha1/dns_types.go b/api/v1alpha1/dns_types.go
@@ -0,0 +1,18 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package v1alpha1
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+type DNS struct {
+	// DNSRefreshRate specifies the rate at which DNS records should be refreshed.
+	// Defaults to 30 seconds.
+	DNSRefreshRate *metav1.Duration `json:"dnsRefreshRate,omitempty"`
+	// RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
+	// If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
+	// Defaults to true.
+	RespectDNSTTL *bool `json:"respectDnsTtl,omitempty"`
+}
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
@@ -138,6 +138,21 @@ spec:
                       rule: 'type(self) == string ? self.matches(r"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$")
                         : type(self) == int'
                 type: object
+              dns:
+                description: DNS includes dns resolution settings.
+                properties:
+                  dnsRefreshRate:
+                    description: |-
+                      DNSRefreshRate specifies the rate at which DNS records should be refreshed.
+                      Defaults to 30 seconds.
+                    type: string
+                  respectDnsTtl:
+                    description: |-
+                      RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
+                      If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
+                      Defaults to true.
+                    type: boolean
+                type: object
               faultInjection:
                 description: |-
                   FaultInjection defines the fault injection policy to be applied. This configuration can be used to

diff --git a/internal/gatewayapi/backendtrafficpolicy.go b/internal/gatewayapi/backendtrafficpolicy.go
@@ -295,6 +295,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
 		ka        *ir.TCPKeepalive
 		rt        *ir.Retry
 		bc        *ir.BackendConnection
+		ds        *ir.DNS
 		err, errs error
 	)
 
@@ -349,6 +350,10 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
 		}
 	}
 
+	if policy.Spec.DNS != nil {
+		ds = t.translateDNS(policy)
+	}
+
 	// Early return if got any errors
 	if errs != nil {
 		return errs
@@ -368,6 +373,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
 					r.TCPKeepalive = ka
 					r.Timeout = to
 					r.BackendConnection = bc
+					r.DNS = ds
 				}
 			}
 		}
@@ -380,6 +386,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
 					r.LoadBalancer = lb
 					r.Timeout = to
 					r.BackendConnection = bc
+					r.DNS = ds
 				}
 			}
 		}
@@ -400,6 +407,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
 						BackendConnection: bc,
 					}
 
+					r.DNS = ds
 					// Update the Host field in HealthCheck, now that we have access to the Route Hostname.
 					r.Traffic.HealthCheck.SetHTTPHostIfAbsent(r.Hostname)
 
@@ -432,6 +440,7 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
 		ct        *ir.Timeout
 		ka        *ir.TCPKeepalive
 		rt        *ir.Retry
+		ds        *ir.DNS
 		err, errs error
 	)
 
@@ -479,6 +488,10 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
 		}
 	}
 
+	if policy.Spec.DNS != nil {
+		ds = t.translateDNS(policy)
+	}
+
 	// Early return if got any errors
 	if errs != nil {
 		return errs
@@ -516,6 +529,10 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
 			if r.Timeout == nil {
 				r.Timeout = ct
 			}
+
+			if r.DNS == nil {
+				r.DNS = ds
+			}
 		}
 	}
 
@@ -540,6 +557,10 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
 		if route.Timeout == nil {
 			route.Timeout = ct
 		}
+
+		if route.DNS == nil {
+			route.DNS = ds
+		}
 	}
 
 	for _, http := range x.HTTP {
@@ -568,6 +589,10 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
 				Retry:          rt,
 			}
 
+			if r.DNS == nil {
+				r.DNS = ds
+			}
+
 			// Update the Host field in HealthCheck, now that we have access to the Route Hostname.
 			r.Traffic.HealthCheck.SetHTTPHostIfAbsent(r.Hostname)
 
@@ -847,6 +872,17 @@ func (t *Translator) buildConsistentHashLoadBalancer(policy *egv1a1.BackendTraff
 	return consistentHash, nil
 }
 
+func (t *Translator) translateDNS(policy *egv1a1.BackendTrafficPolicy) *ir.DNS {
+	ds := &ir.DNS{}
+	if policy.Spec.DNS.RespectDNSTTL != nil {
+		ds.RespectDNSTTL = policy.Spec.DNS.RespectDNSTTL
+	}
+	if policy.Spec.DNS.DNSRefreshRate != nil {
+		ds.DNSRefreshRate = policy.Spec.DNS.DNSRefreshRate
+	}
+	return ds
+}
+
 func (t *Translator) buildProxyProtocol(policy *egv1a1.BackendTrafficPolicy) *ir.ProxyProtocol {
 	var pp *ir.ProxyProtocol
 	switch policy.Spec.ProxyProtocol.Version {

diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.in.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.in.yaml
@@ -0,0 +1,127 @@
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+  kind: Gateway
+  metadata:
+    namespace: envoy-gateway
+    name: gateway-1
+  spec:
+    gatewayClassName: envoy-gateway-class
+    listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: All
+- apiVersion: gateway.networking.k8s.io/v1
+  kind: Gateway
+  metadata:
+    namespace: envoy-gateway
+    name: gateway-2
+  spec:
+    gatewayClassName: envoy-gateway-class
+    listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: All
+httpRoutes:
+- apiVersion: gateway.networking.k8s.io/v1
+  kind: HTTPRoute
+  metadata:
+    namespace: default
+    name: httproute-1
+  spec:
+    hostnames:
+    - gateway.envoyproxy.io
+    parentRefs:
+    - namespace: envoy-gateway
+      name: gateway-2
+      sectionName: http
+    rules:
+    - matches:
+      - path:
+          value: "/"
+      backendRefs:
+      - name: service-1
+        port: 8080
+- apiVersion: gateway.networking.k8s.io/v1
+  kind: HTTPRoute
+  metadata:
+    namespace: default
+    name: httproute-2
+  spec:
+    hostnames:
+    - gateway.envoyproxy.io
+    parentRefs:
+    - namespace: envoy-gateway
+      name: gateway-2
+      sectionName: http
+    rules:
+    - matches:
+      - path:
+          value: "/v2"
+      backendRefs:
+      - name: service-2
+        port: 8080
+- apiVersion: gateway.networking.k8s.io/v1
+  kind: HTTPRoute
+  metadata:
+    namespace: default
+    name: httproute-3
+  spec:
+    hostnames:
+    - gateway.envoyproxy.io
+    parentRefs:
+    - namespace: envoy-gateway
+      name: gateway-1
+      sectionName: http
+    rules:
+    - matches:
+      - path:
+          value: "/v3"
+      backendRefs:
+      - name: service-3
+        port: 8080
+backendTrafficPolicies:
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+  kind: BackendTrafficPolicy
+  metadata:
+    namespace: default
+    name: policy-for-route-1
+  spec:
+    targetRef:
+      group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      name: httproute-1
+    dns:
+      dnsRefreshRate: "1s"
+      respectDnsTtl: true
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+  kind: BackendTrafficPolicy
+  metadata:
+    namespace: default
+    name: policy-for-route-2
+  spec:
+    targetRef:
+      group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      name: httproute-2
+    dns:
+      dnsRefreshRate: "5s"
+      respectDnsTtl: false
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+  kind: BackendTrafficPolicy
+  metadata:
+    namespace: envoy-gateway
+    name: policy-for-all-routes-in-gateway-1
+  spec:
+    targetRef:
+      group: gateway.networking.k8s.io
+      kind: Gateway
+      name: gateway-1
+    dns:
+      dnsRefreshRate: "10s"
+      respectDnsTtl: true