diff --git a/api/v1alpha1/shared_types.go b/api/v1alpha1/shared_types.go index b3126c42f27..7fa593ef186 100644 --- a/api/v1alpha1/shared_types.go +++ b/api/v1alpha1/shared_types.go @@ -113,6 +113,10 @@ type KubernetesPodSpec struct { // // +optional Volumes []corev1.Volume `json:"volumes,omitempty"` + + // HostNetwork, If this is set to true, the pod will use host's network namespace. + // +optional + HostNetwork bool `json:"hostNetwork,omitempty"` } // KubernetesContainerSpec defines the desired state of the Kubernetes container resource. diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml index 7bff9e4149a..3228d86ccf9 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml @@ -3024,6 +3024,10 @@ spec: should be appended to the pods. By default, no pod annotations are appended. type: object + hostNetwork: + description: HostNetwork, If this is set to true, + the pod will use host's network namespace. + type: boolean labels: additionalProperties: type: string diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider.go b/internal/infrastructure/kubernetes/proxy/resource_provider.go index 6ab47c0b334..20ce9d4bf5e 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider.go @@ -216,6 +216,7 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { RestartPolicy: corev1.RestartPolicyAlways, SchedulerName: "default-scheduler", SecurityContext: deploymentConfig.Pod.SecurityContext, + HostNetwork: deploymentConfig.Pod.HostNetwork, Affinity: deploymentConfig.Pod.Affinity, Tolerations: deploymentConfig.Pod.Tolerations, Volumes: expectedDeploymentVolumes(r.infra.Name, deploymentConfig), diff --git a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go index f4603fc370c..6d2d6a6102d 100644 --- a/internal/infrastructure/kubernetes/proxy/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/proxy/resource_provider_test.go @@ -93,6 +93,7 @@ func TestDeployment(t *testing.T) { SecurityContext: &corev1.PodSecurityContext{ RunAsUser: pointer.Int64(1000), }, + HostNetwork: true, }, Container: &egv1a1.KubernetesContainerSpec{ Image: pointer.String("envoyproxy/envoy:v1.2.3"), diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index 03c4ec7b993..2a1fe754986 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -34,6 +34,7 @@ spec: prometheus.io/scrape: "true" spec: automountServiceAccountToken: false + hostNetwork: true containers: - args: - --service-cluster default diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go index bb7f2ee598d..f1309d32262 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource_provider.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider.go @@ -178,6 +178,7 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) { RestartPolicy: corev1.RestartPolicyAlways, SchedulerName: "default-scheduler", SecurityContext: r.rateLimitDeployment.Pod.SecurityContext, + HostNetwork: r.rateLimitDeployment.Pod.HostNetwork, Volumes: expectedDeploymentVolumes(r.rateLimit, r.rateLimitDeployment), Affinity: r.rateLimitDeployment.Pod.Affinity, Tolerations: r.rateLimitDeployment.Pod.Tolerations, diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go index 02d8df7254c..ab4d6b65ae8 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go @@ -158,6 +158,7 @@ func TestDeployment(t *testing.T) { SecurityContext: &corev1.PodSecurityContext{ RunAsUser: pointer.Int64(1000), }, + HostNetwork: true, }, Container: &egv1a1.KubernetesContainerSpec{ Image: pointer.String("custom-image"), diff --git a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml index b34ab0fe254..c922b53f519 100644 --- a/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/ratelimit/testdata/deployments/custom.yaml @@ -31,6 +31,7 @@ spec: prometheus.io/scrape: "true" spec: automountServiceAccountToken: false + hostNetwork: true containers: - command: - /bin/ratelimit diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 650863ef0f5..62789bcf949 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -1011,6 +1011,7 @@ _Appears in:_ | `affinity` _[Affinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#affinity-v1-core)_ | If specified, the pod's scheduling constraints. | | `tolerations` _[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#toleration-v1-core) array_ | If specified, the pod's tolerations. | | `volumes` _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#volume-v1-core) array_ | Volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes | +| `hostNetwork` _boolean_ | HostNetwork, If this is set to true, the pod will use host's network namespace. | #### KubernetesServiceSpec