From 7bd8979c76bb1ca091402e70ad342a5338c0c0f2 Mon Sep 17 00:00:00 2001 From: "gang.liu" Date: Wed, 9 Oct 2024 18:12:58 +0800 Subject: [PATCH] customize contour bootstrap's cmdline argument: dns-lookup-family Signed-off-by: gang.liu --- .../v1alpha1/contourdeployment.go | 7 +++ examples/contour/01-crds.yaml | 6 +++ examples/render/contour-deployment.yaml | 6 +++ .../render/contour-gateway-provisioner.yaml | 6 +++ examples/render/contour-gateway.yaml | 6 +++ examples/render/contour.yaml | 6 +++ internal/provisioner/controller/gateway.go | 3 ++ .../provisioner/controller/gateway_test.go | 49 +++++++++++++++++++ .../provisioner/controller/gatewayclass.go | 9 ++++ internal/provisioner/model/model.go | 6 +++ .../objects/dataplane/dataplane.go | 1 + .../objects/dataplane/dataplane_test.go | 3 ++ .../docs/main/config/api-reference.html | 15 ++++++ 13 files changed, 123 insertions(+) diff --git a/apis/projectcontour/v1alpha1/contourdeployment.go b/apis/projectcontour/v1alpha1/contourdeployment.go index b430c2c1ff1..f6a3cb49013 100644 --- a/apis/projectcontour/v1alpha1/contourdeployment.go +++ b/apis/projectcontour/v1alpha1/contourdeployment.go @@ -245,6 +245,13 @@ type EnvoySettings struct { // // +optional OverloadMaxHeapSize uint64 `json:"overloadMaxHeapSize,omitempty"` + + // DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup. + // Allowed values are "v4", "v6", "all" or "auto". + // defaults to "auto". + // + // +optional + DNSLookupFamily string `json:"dnsLookupFamily,omitempty"` } // WorkloadType is the type of Kubernetes workload to use for a component. diff --git a/examples/contour/01-crds.yaml b/examples/contour/01-crds.yaml index 0beece5bc51..9a602a2b949 100644 --- a/examples/contour/01-crds.yaml +++ b/examples/contour/01-crds.yaml @@ -1804,6 +1804,12 @@ spec: type: string type: object type: object + dnsLookupFamily: + description: |- + DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup. + Allowed values are "v4", "v6", "all" or "auto". + defaults to "auto". + type: string extraVolumeMounts: description: ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes). diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml index 1e085adae27..afb8f3480f5 100644 --- a/examples/render/contour-deployment.yaml +++ b/examples/render/contour-deployment.yaml @@ -2024,6 +2024,12 @@ spec: type: string type: object type: object + dnsLookupFamily: + description: |- + DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup. + Allowed values are "v4", "v6", "all" or "auto". + defaults to "auto". + type: string extraVolumeMounts: description: ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes). diff --git a/examples/render/contour-gateway-provisioner.yaml b/examples/render/contour-gateway-provisioner.yaml index b3633a2e0cd..6cb49ca179f 100644 --- a/examples/render/contour-gateway-provisioner.yaml +++ b/examples/render/contour-gateway-provisioner.yaml @@ -1815,6 +1815,12 @@ spec: type: string type: object type: object + dnsLookupFamily: + description: |- + DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup. + Allowed values are "v4", "v6", "all" or "auto". + defaults to "auto". + type: string extraVolumeMounts: description: ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes). diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index 0db31e989d5..61fd69258ac 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -1840,6 +1840,12 @@ spec: type: string type: object type: object + dnsLookupFamily: + description: |- + DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup. + Allowed values are "v4", "v6", "all" or "auto". + defaults to "auto". + type: string extraVolumeMounts: description: ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes). diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml index d78bac68c7b..024542c1bf1 100644 --- a/examples/render/contour.yaml +++ b/examples/render/contour.yaml @@ -2024,6 +2024,12 @@ spec: type: string type: object type: object + dnsLookupFamily: + description: |- + DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup. + Allowed values are "v4", "v6", "all" or "auto". + defaults to "auto". + type: string extraVolumeMounts: description: ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes). diff --git a/internal/provisioner/controller/gateway.go b/internal/provisioner/controller/gateway.go index b1daaf114d1..654e17d7c42 100644 --- a/internal/provisioner/controller/gateway.go +++ b/internal/provisioner/controller/gateway.go @@ -359,6 +359,9 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct if envoyParams.OverloadMaxHeapSize > 0 { contourModel.Spec.EnvoyMaxHeapSizeBytes = envoyParams.OverloadMaxHeapSize } + if envoyParams.DNSLookupFamily != "" { + contourModel.Spec.EnvoyDNSLookupFamily = envoyParams.DNSLookupFamily + } } } diff --git a/internal/provisioner/controller/gateway_test.go b/internal/provisioner/controller/gateway_test.go index 908ab1094c8..01bf35ef89e 100644 --- a/internal/provisioner/controller/gateway_test.go +++ b/internal/provisioner/controller/gateway_test.go @@ -1396,6 +1396,55 @@ func TestGatewayReconcile(t *testing.T) { } }, }, + "If ContourDeployment.Spec.Envoy.DNSLookupFamily is specified, the envoy-initconfig container's arguments contain --dns-lookup-family": { + gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ + Namespace: "projectcontour", + Name: "gatewayclass-1-params", + }, + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ + DNSLookupFamily: "v4", + }, + }, + }, + gateway: makeGateway(), + assertions: func(t *testing.T, r *gatewayReconciler, _ *gatewayapi_v1.Gateway, _ error) { + ds := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ + Namespace: "gateway-1", + Name: "envoy-gateway-1", + }, + } + require.NoError(t, r.client.Get(context.Background(), keyFor(ds), ds)) + assert.Contains(t, ds.Spec.Template.Spec.InitContainers[0].Args, "--dns-lookup-family=v4") + }, + }, + + "If ContourDeployment.Spec.Envoy.DNSLookupFamily is not specified, the envoy-initconfig container's arguments contain --dns-lookup-family=auto": { + gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ + Namespace: "projectcontour", + Name: "gatewayclass-1-params", + }, + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{}, + }, + }, + gateway: makeGateway(), + assertions: func(t *testing.T, r *gatewayReconciler, _ *gatewayapi_v1.Gateway, _ error) { + ds := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ + Namespace: "gateway-1", + Name: "envoy-gateway-1", + }, + } + require.NoError(t, r.client.Get(context.Background(), keyFor(ds), ds)) + assert.Contains(t, ds.Spec.Template.Spec.InitContainers[0].Args, "--dns-lookup-family=auto") + }, + }, } for name, tc := range tests { diff --git a/internal/provisioner/controller/gatewayclass.go b/internal/provisioner/controller/gatewayclass.go index e6462071d68..0bd6210bec3 100644 --- a/internal/provisioner/controller/gatewayclass.go +++ b/internal/provisioner/controller/gatewayclass.go @@ -230,6 +230,15 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request params.Spec.Envoy.LogLevel) invalidParamsMessages = append(invalidParamsMessages, msg) } + + switch params.Spec.Envoy.DNSLookupFamily { + // valid values, nothing to do + case "", "auto", "v4", "v6", "all": + default: + msg := fmt.Sprintf("invalid ContourDeployment spec.envoy.dnsLookupFamily %q, must be auto, v4, v6 or all", params.Spec.Envoy.DNSLookupFamily) + invalidParamsMessages = append(invalidParamsMessages, msg) + } + } if len(invalidParamsMessages) > 0 { diff --git a/internal/provisioner/model/model.go b/internal/provisioner/model/model.go index ea713299bff..d495163caa4 100644 --- a/internal/provisioner/model/model.go +++ b/internal/provisioner/model/model.go @@ -44,6 +44,7 @@ func Default(namespace, name string) *Contour { }, Spec: ContourSpec{ ContourReplicas: 2, + EnvoyDNSLookupFamily: "auto", EnvoyWorkloadType: WorkloadTypeDaemonSet, EnvoyReplicas: 2, // ignored if not provisioning Envoy as a deployment. EnvoyLogLevel: contour_v1alpha1.InfoLog, @@ -257,6 +258,11 @@ type ContourSpec struct { // DisabledFeatures defines an array of resources that will be ignored by // contour reconciler. DisabledFeatures []contour_v1.Feature + + // EnvoyDNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup. + // Either v4, v6, all or auto. + // defaults to "auto". + EnvoyDNSLookupFamily string } func NamespacesToStrings(ns []contour_v1.Namespace) []string { diff --git a/internal/provisioner/objects/dataplane/dataplane.go b/internal/provisioner/objects/dataplane/dataplane.go index aca4a3f8430..4c333a81519 100644 --- a/internal/provisioner/objects/dataplane/dataplane.go +++ b/internal/provisioner/objects/dataplane/dataplane.go @@ -294,6 +294,7 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string) fmt.Sprintf("--envoy-cert-file=%s", filepath.Join("/", envoyCertsVolMntDir, "tls.crt")), fmt.Sprintf("--envoy-key-file=%s", filepath.Join("/", envoyCertsVolMntDir, "tls.key")), fmt.Sprintf("--overload-max-heap=%d", contour.Spec.EnvoyMaxHeapSizeBytes), + fmt.Sprintf("--dns-lookup-family=%s", contour.Spec.EnvoyDNSLookupFamily), }, VolumeMounts: []core_v1.VolumeMount{ { diff --git a/internal/provisioner/objects/dataplane/dataplane_test.go b/internal/provisioner/objects/dataplane/dataplane_test.go index 68de6d936be..a8065ea17fd 100644 --- a/internal/provisioner/objects/dataplane/dataplane_test.go +++ b/internal/provisioner/objects/dataplane/dataplane_test.go @@ -314,6 +314,7 @@ func TestDesiredDaemonSet(t *testing.T) { testLogLevelArg := "--log-level debug" testBaseIDArg := "--base-id 1" testEnvoyMaxHeapSize := "--overload-max-heap=8000000000" + testEnvoyDNSLookupFamily := "--dns-lookup-family=v6" resQutoa := core_v1.ResourceRequirements{ Limits: core_v1.ResourceList{ @@ -340,6 +341,7 @@ func TestDesiredDaemonSet(t *testing.T) { cntr.Spec.EnvoyBaseID = 1 cntr.Spec.EnvoyMaxHeapSizeBytes = 8000000000 + cntr.Spec.EnvoyDNSLookupFamily = "v6" ds := DesiredDaemonSet(cntr, testContourImage, testEnvoyImage) container := checkDaemonSetHasContainer(t, ds, EnvoyContainerName, true) @@ -357,6 +359,7 @@ func TestDesiredDaemonSet(t *testing.T) { checkContainerHasImage(t, container, testContourImage) checkContainerHasArg(t, container, testEnvoyMaxHeapSize) + checkContainerHasArg(t, container, testEnvoyDNSLookupFamily) checkDaemonSetHasEnvVar(t, ds, EnvoyContainerName, envoyNsEnvVar) checkDaemonSetHasEnvVar(t, ds, EnvoyContainerName, envoyPodEnvVar) diff --git a/site/content/docs/main/config/api-reference.html b/site/content/docs/main/config/api-reference.html index 57bc87795fd..5e0b691da49 100644 --- a/site/content/docs/main/config/api-reference.html +++ b/site/content/docs/main/config/api-reference.html @@ -7389,6 +7389,21 @@

EnvoySettings More info: https://projectcontour.io/docs/main/config/overload-manager/

+ + +dnsLookupFamily +
+ +string + + + +(Optional) +

DNSLookupFamily specifies DNS Resolution Policy to use for Envoy -> Contour cluster name lookup. +Allowed values are “v4”, “v6”, “all” or “auto”. +defaults to “auto”.

+ +

EnvoyTLS