customize contour bootstrap's cmdline argument: dns-lookup-family

Signed-off-by: gang.liu <[email protected]>
izturn · Oct 9, 2024 · 7bd8979 · 7bd8979
1 parent 7b9d711
commit 7bd8979
Show file tree

Hide file tree

Showing 13 changed files with 123 additions and 0 deletions.
diff --git a/apis/projectcontour/v1alpha1/contourdeployment.go b/apis/projectcontour/v1alpha1/contourdeployment.go
@@ -245,6 +245,13 @@ type EnvoySettings struct {
 	//
 	// +optional
 	OverloadMaxHeapSize uint64 `json:"overloadMaxHeapSize,omitempty"`
+
+	// DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup.
+	// Allowed values are "v4", "v6", "all" or "auto".
+	// defaults to "auto".
+	//
+	// +optional
+	DNSLookupFamily string `json:"dnsLookupFamily,omitempty"`
 }
 
 // WorkloadType is the type of Kubernetes workload to use for a component.

diff --git a/examples/contour/01-crds.yaml b/examples/contour/01-crds.yaml
@@ -1804,6 +1804,12 @@ spec:
                             type: string
                         type: object
                     type: object
+                  dnsLookupFamily:
+                    description: |-
+                      DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup.
+                      Allowed values are "v4", "v6", "all" or "auto".
+                      defaults to "auto".
+                    type: string
                   extraVolumeMounts:
                     description: ExtraVolumeMounts holds the extra volume mounts to
                       add (normally used with extraVolumes).

diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml
@@ -2024,6 +2024,12 @@ spec:
                             type: string
                         type: object
                     type: object
+                  dnsLookupFamily:
+                    description: |-
+                      DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup.
+                      Allowed values are "v4", "v6", "all" or "auto".
+                      defaults to "auto".
+                    type: string
                   extraVolumeMounts:
                     description: ExtraVolumeMounts holds the extra volume mounts to
                       add (normally used with extraVolumes).

diff --git a/examples/render/contour-gateway-provisioner.yaml b/examples/render/contour-gateway-provisioner.yaml
@@ -1815,6 +1815,12 @@ spec:
                             type: string
                         type: object
                     type: object
+                  dnsLookupFamily:
+                    description: |-
+                      DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup.
+                      Allowed values are "v4", "v6", "all" or "auto".
+                      defaults to "auto".
+                    type: string
                   extraVolumeMounts:
                     description: ExtraVolumeMounts holds the extra volume mounts to
                       add (normally used with extraVolumes).

diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml
@@ -1840,6 +1840,12 @@ spec:
                             type: string
                         type: object
                     type: object
+                  dnsLookupFamily:
+                    description: |-
+                      DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup.
+                      Allowed values are "v4", "v6", "all" or "auto".
+                      defaults to "auto".
+                    type: string
                   extraVolumeMounts:
                     description: ExtraVolumeMounts holds the extra volume mounts to
                       add (normally used with extraVolumes).

diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml
@@ -2024,6 +2024,12 @@ spec:
                             type: string
                         type: object
                     type: object
+                  dnsLookupFamily:
+                    description: |-
+                      DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup.
+                      Allowed values are "v4", "v6", "all" or "auto".
+                      defaults to "auto".
+                    type: string
                   extraVolumeMounts:
                     description: ExtraVolumeMounts holds the extra volume mounts to
                       add (normally used with extraVolumes).

diff --git a/internal/provisioner/controller/gateway.go b/internal/provisioner/controller/gateway.go
@@ -359,6 +359,9 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 			if envoyParams.OverloadMaxHeapSize > 0 {
 				contourModel.Spec.EnvoyMaxHeapSizeBytes = envoyParams.OverloadMaxHeapSize
 			}
+			if envoyParams.DNSLookupFamily != "" {
+				contourModel.Spec.EnvoyDNSLookupFamily = envoyParams.DNSLookupFamily
+			}
 
 		}
 	}

diff --git a/internal/provisioner/controller/gateway_test.go b/internal/provisioner/controller/gateway_test.go
@@ -1396,6 +1396,55 @@ func TestGatewayReconcile(t *testing.T) {
 				}
 			},
 		},
+		"If ContourDeployment.Spec.Envoy.DNSLookupFamily is specified, the envoy-initconfig container's arguments contain --dns-lookup-family": {
+			gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller),
+			gatewayClassParams: &contour_v1alpha1.ContourDeployment{
+				ObjectMeta: meta_v1.ObjectMeta{
+					Namespace: "projectcontour",
+					Name:      "gatewayclass-1-params",
+				},
+				Spec: contour_v1alpha1.ContourDeploymentSpec{
+					Envoy: &contour_v1alpha1.EnvoySettings{
+						DNSLookupFamily: "v4",
+					},
+				},
+			},
+			gateway: makeGateway(),
+			assertions: func(t *testing.T, r *gatewayReconciler, _ *gatewayapi_v1.Gateway, _ error) {
+				ds := &apps_v1.DaemonSet{
+					ObjectMeta: meta_v1.ObjectMeta{
+						Namespace: "gateway-1",
+						Name:      "envoy-gateway-1",
+					},
+				}
+				require.NoError(t, r.client.Get(context.Background(), keyFor(ds), ds))
+				assert.Contains(t, ds.Spec.Template.Spec.InitContainers[0].Args, "--dns-lookup-family=v4")
+			},
+		},
+
+		"If ContourDeployment.Spec.Envoy.DNSLookupFamily is not specified, the envoy-initconfig container's arguments contain --dns-lookup-family=auto": {
+			gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller),
+			gatewayClassParams: &contour_v1alpha1.ContourDeployment{
+				ObjectMeta: meta_v1.ObjectMeta{
+					Namespace: "projectcontour",
+					Name:      "gatewayclass-1-params",
+				},
+				Spec: contour_v1alpha1.ContourDeploymentSpec{
+					Envoy: &contour_v1alpha1.EnvoySettings{},
+				},
+			},
+			gateway: makeGateway(),
+			assertions: func(t *testing.T, r *gatewayReconciler, _ *gatewayapi_v1.Gateway, _ error) {
+				ds := &apps_v1.DaemonSet{
+					ObjectMeta: meta_v1.ObjectMeta{
+						Namespace: "gateway-1",
+						Name:      "envoy-gateway-1",
+					},
+				}
+				require.NoError(t, r.client.Get(context.Background(), keyFor(ds), ds))
+				assert.Contains(t, ds.Spec.Template.Spec.InitContainers[0].Args, "--dns-lookup-family=auto")
+			},
+		},
 	}
 
 	for name, tc := range tests {

diff --git a/internal/provisioner/controller/gatewayclass.go b/internal/provisioner/controller/gatewayclass.go
@@ -230,6 +230,15 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request
 					params.Spec.Envoy.LogLevel)
 				invalidParamsMessages = append(invalidParamsMessages, msg)
 			}
+
+			switch params.Spec.Envoy.DNSLookupFamily {
+			// valid values, nothing to do
+			case "", "auto", "v4", "v6", "all":
+			default:
+				msg := fmt.Sprintf("invalid ContourDeployment spec.envoy.dnsLookupFamily %q, must be auto, v4, v6 or all", params.Spec.Envoy.DNSLookupFamily)
+				invalidParamsMessages = append(invalidParamsMessages, msg)
+			}
+
 		}
 
 		if len(invalidParamsMessages) > 0 {

diff --git a/internal/provisioner/model/model.go b/internal/provisioner/model/model.go
@@ -44,6 +44,7 @@ func Default(namespace, name string) *Contour {
 		},
 		Spec: ContourSpec{
 			ContourReplicas:       2,
+			EnvoyDNSLookupFamily:  "auto",
 			EnvoyWorkloadType:     WorkloadTypeDaemonSet,
 			EnvoyReplicas:         2, // ignored if not provisioning Envoy as a deployment.
 			EnvoyLogLevel:         contour_v1alpha1.InfoLog,
@@ -257,6 +258,11 @@ type ContourSpec struct {
 	// DisabledFeatures defines an array of resources that will be ignored by
 	// contour reconciler.
 	DisabledFeatures []contour_v1.Feature
+
+	// EnvoyDNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup.
+	// Either v4, v6, all or auto.
+	// defaults to "auto".
+	EnvoyDNSLookupFamily string
 }
 
 func NamespacesToStrings(ns []contour_v1.Namespace) []string {

diff --git a/internal/provisioner/objects/dataplane/dataplane.go b/internal/provisioner/objects/dataplane/dataplane.go
@@ -294,6 +294,7 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string)
 				fmt.Sprintf("--envoy-cert-file=%s", filepath.Join("/", envoyCertsVolMntDir, "tls.crt")),
 				fmt.Sprintf("--envoy-key-file=%s", filepath.Join("/", envoyCertsVolMntDir, "tls.key")),
 				fmt.Sprintf("--overload-max-heap=%d", contour.Spec.EnvoyMaxHeapSizeBytes),
+				fmt.Sprintf("--dns-lookup-family=%s", contour.Spec.EnvoyDNSLookupFamily),
 			},
 			VolumeMounts: []core_v1.VolumeMount{
 				{

diff --git a/internal/provisioner/objects/dataplane/dataplane_test.go b/internal/provisioner/objects/dataplane/dataplane_test.go
@@ -314,6 +314,7 @@ func TestDesiredDaemonSet(t *testing.T) {
 	testLogLevelArg := "--log-level debug"
 	testBaseIDArg := "--base-id 1"
 	testEnvoyMaxHeapSize := "--overload-max-heap=8000000000"
+	testEnvoyDNSLookupFamily := "--dns-lookup-family=v6"
 
 	resQutoa := core_v1.ResourceRequirements{
 		Limits: core_v1.ResourceList{
@@ -340,6 +341,7 @@ func TestDesiredDaemonSet(t *testing.T) {
 	cntr.Spec.EnvoyBaseID = 1
 
 	cntr.Spec.EnvoyMaxHeapSizeBytes = 8000000000
+	cntr.Spec.EnvoyDNSLookupFamily = "v6"
 
 	ds := DesiredDaemonSet(cntr, testContourImage, testEnvoyImage)
 	container := checkDaemonSetHasContainer(t, ds, EnvoyContainerName, true)
@@ -357,6 +359,7 @@ func TestDesiredDaemonSet(t *testing.T) {
 
 	checkContainerHasImage(t, container, testContourImage)
 	checkContainerHasArg(t, container, testEnvoyMaxHeapSize)
+	checkContainerHasArg(t, container, testEnvoyDNSLookupFamily)
 
 	checkDaemonSetHasEnvVar(t, ds, EnvoyContainerName, envoyNsEnvVar)
 	checkDaemonSetHasEnvVar(t, ds, EnvoyContainerName, envoyPodEnvVar)

diff --git a/site/content/docs/main/config/api-reference.html b/site/content/docs/main/config/api-reference.html
@@ -7389,6 +7389,21 @@ <h3 id="projectcontour.io/v1alpha1.EnvoySettings">EnvoySettings
 More info: <a href="https://projectcontour.io/docs/main/config/overload-manager/">https://projectcontour.io/docs/main/config/overload-manager/</a></p>
 </td>
 </tr>
+<tr>
+<td style="white-space:nowrap">
+<code>dnsLookupFamily</code>
+<br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -&gt; Contour cluster name lookup.
+Allowed values are &ldquo;v4&rdquo;, &ldquo;v6&rdquo;, &ldquo;all&rdquo; or &ldquo;auto&rdquo;.
+defaults to &ldquo;auto&rdquo;.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="projectcontour.io/v1alpha1.EnvoyTLS">EnvoyTLS