Skip to content

Commit

Permalink
feat: adding support for DNSLookupFamily api (#5324)
Browse files Browse the repository at this point in the history 
* adding dns translations

Signed-off-by: Alexander Volchok <[email protected]>

* updating

Signed-off-by: Alexander Volchok <[email protected]>

* updating

Signed-off-by: Alexander Volchok <[email protected]>

* fix typo

Signed-off-by: Alexander Volchok <[email protected]>

* updating

Signed-off-by: Alexander Volchok <[email protected]>

* updating

Signed-off-by: Alexander Volchok <[email protected]>

* updating

Signed-off-by: Alexander Volchok <[email protected]>

* updating

Signed-off-by: Alexander Volchok <[email protected]>

* updating

Signed-off-by: Alexander Volchok <[email protected]>

* updating

Signed-off-by: Alexander Volchok <[email protected]>

* updating

Signed-off-by: Alexander Volchok <[email protected]>

* updaed

Signed-off-by: Alexander Volchok <[email protected]>

* updating

Signed-off-by: Alexander Volchok <[email protected]>

* updating

Signed-off-by: Alexander Volchok <[email protected]>

---------

Signed-off-by: Alexander Volchok <[email protected]>
  • Loading branch information
@alexwo
alexwo authored Feb 27, 2025
1 parent 476e914 commit c4bc5b2
Show file tree
Hide file tree
Showing 17 changed files with 1,282 additions and 24 deletions.
5 changes: 2 additions & 3 deletions api/v1alpha1/dns_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,8 @@ type DNS struct {
// If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
// Defaults to true.
RespectDNSTTL *bool `json:"respectDnsTtl,omitempty"`
// LookupFamily determines how Envoy would resolve DNS for. If set, this configuration overrides other default
// value that Envoy Gateway configures based on attributes of the backends, such Service resource IPFamilies.
// LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
// If set, this configuration overrides other defaults.
// +optional
// +notImplementedHide
LookupFamily *DNSLookupFamily `json:"lookupFamily,omitempty"`
}
4 changes: 2 additions & 2 deletions charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,8 +165,8 @@ spec:
type: string
lookupFamily:
description: |-
LookupFamily determines how Envoy would resolve DNS for. If set, this configuration overrides other default
value that Envoy Gateway configures based on attributes of the backends, such Service resource IPFamilies.
LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
If set, this configuration overrides other defaults.
enum:
- IPv4
- IPv6
Expand Down
4 changes: 2 additions & 2 deletions charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,8 +311,8 @@ spec:
type: string
lookupFamily:
description: |-
LookupFamily determines how Envoy would resolve DNS for. If set, this configuration overrides other default
value that Envoy Gateway configures based on attributes of the backends, such Service resource IPFamilies.
LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
If set, this configuration overrides other defaults.
enum:
- IPv4
- IPv6
Expand Down
16 changes: 8 additions & 8 deletions charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10769,8 +10769,8 @@ spec:
type: string
lookupFamily:
description: |-
LookupFamily determines how Envoy would resolve DNS for. If set, this configuration overrides other default
value that Envoy Gateway configures based on attributes of the backends, such Service resource IPFamilies.
LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
If set, this configuration overrides other defaults.
enum:
- IPv4
- IPv6
Expand Down Expand Up @@ -11767,8 +11767,8 @@ spec:
type: string
lookupFamily:
description: |-
LookupFamily determines how Envoy would resolve DNS for. If set, this configuration overrides other default
value that Envoy Gateway configures based on attributes of the backends, such Service resource IPFamilies.
LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
If set, this configuration overrides other defaults.
enum:
- IPv4
- IPv6
Expand Down Expand Up @@ -12858,8 +12858,8 @@ spec:
type: string
lookupFamily:
description: |-
LookupFamily determines how Envoy would resolve DNS for. If set, this configuration overrides other default
value that Envoy Gateway configures based on attributes of the backends, such Service resource IPFamilies.
LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
If set, this configuration overrides other defaults.
enum:
- IPv4
- IPv6
Expand Down Expand Up @@ -13864,8 +13864,8 @@ spec:
type: string
lookupFamily:
description: |-
LookupFamily determines how Envoy would resolve DNS for. If set, this configuration overrides other default
value that Envoy Gateway configures based on attributes of the backends, such Service resource IPFamilies.
LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
If set, this configuration overrides other defaults.
enum:
- IPv4
- IPv6
Expand Down
16 changes: 8 additions & 8 deletions charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -796,8 +796,8 @@ spec:
type: string
lookupFamily:
description: |-
LookupFamily determines how Envoy would resolve DNS for. If set, this configuration overrides other default
value that Envoy Gateway configures based on attributes of the backends, such Service resource IPFamilies.
LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
If set, this configuration overrides other defaults.
enum:
- IPv4
- IPv6
Expand Down Expand Up @@ -1698,8 +1698,8 @@ spec:
type: string
lookupFamily:
description: |-
LookupFamily determines how Envoy would resolve DNS for. If set, this configuration overrides other default
value that Envoy Gateway configures based on attributes of the backends, such Service resource IPFamilies.
LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
If set, this configuration overrides other defaults.
enum:
- IPv4
- IPv6
Expand Down Expand Up @@ -2729,8 +2729,8 @@ spec:
type: string
lookupFamily:
description: |-
LookupFamily determines how Envoy would resolve DNS for. If set, this configuration overrides other default
value that Envoy Gateway configures based on attributes of the backends, such Service resource IPFamilies.
LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
If set, this configuration overrides other defaults.
enum:
- IPv4
- IPv6
Expand Down Expand Up @@ -3771,8 +3771,8 @@ spec:
type: string
lookupFamily:
description: |-
LookupFamily determines how Envoy would resolve DNS for. If set, this configuration overrides other default
value that Envoy Gateway configures based on attributes of the backends, such Service resource IPFamilies.
LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN).
If set, this configuration overrides other defaults.
enum:
- IPv4
- IPv6
Expand Down
1 change: 1 addition & 0 deletions internal/gatewayapi/clustersettings.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -475,6 +475,7 @@ func translateDNS(policy egv1a1.ClusterSettings) *ir.DNS {
return nil
}
return &ir.DNS{
LookupFamily: policy.DNS.LookupFamily,
RespectDNSTTL: policy.DNS.RespectDNSTTL,
DNSRefreshRate: policy.DNS.DNSRefreshRate,
}
Expand Down
226 changes: 226 additions & 0 deletions internal/gatewayapi/testdata/backendtrafficpolicy-dns-lookup-family.in.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,226 @@
envoyProxyForGatewayClass:
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
namespace: envoy-gateway
name: config-for-gateway-class
spec:
telemetry:
accessLog:
settings:
- format:
type: Text
text: |
[%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n
sinks:
- type: File
file:
path: /dev/stdout
- type: OpenTelemetry
openTelemetry:
backendSettings:
dns:
dnsRefreshRate: 30s
lookupFamily: IPv4AndIPv6
backendRefs:
- name: logs
namespace: default
kind: Service
port: 8080
resources:
k8s.cluster.name: "cluster-1"
gateways:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
namespace: envoy-gateway
name: gateway-1
spec:
gatewayClassName: envoy-gateway-class
listeners:
- name: http
protocol: HTTP
port: 80
allowedRoutes:
namespaces:
from: All
grpcRoutes:
- apiVersion: gateway.networking.k8s.io/v1alpha2
kind: GRPCRoute
metadata:
namespace: default
name: grpcroute-1
spec:
parentRefs:
- namespace: envoy-gateway
name: gateway-1
sectionName: http
rules:
- backendRefs:
- name: backend-fqdn
port: 8080
kind: Backend
httpRoutes:
- apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
namespace: default
name: httproute-1
spec:
hostnames:
- gateway.envoyproxy.io
parentRefs:
- namespace: envoy-gateway
name: gateway-1
sectionName: http
rules:
- matches:
- path:
value: "/"
backendRefs:
- name: backend-fqdn
kind: Backend
port: 8080
services:
- apiVersion: v1
kind: Service
metadata:
name: logs
namespace: default
spec:
clusterIP: 10.11.12.13
ports:
- port: 8080
name: http1
protocol: TCP
targetPort: 8080
backends:
- apiVersion: gateway.envoyproxy.io/v1alpha1
kind: Backend
metadata:
name: backend-fqdn2
namespace: default
spec:
endpoints:
- fqdn:
hostname: backend-v2.gateway-conformance-infra.svc.cluster.local
port: 9090
- apiVersion: gateway.envoyproxy.io/v1alpha1
kind: Backend
metadata:
name: backend-fqdn
namespace: default
spec:
endpoints:
- fqdn:
hostname: grpc-infra-backend.gateway-conformance-infra.svc.cluster.local
port: 8080
- apiVersion: gateway.envoyproxy.io/v1alpha1
kind: Backend
metadata:
name: backend-fqdn3
namespace: default
spec:
endpoints:
- fqdn:
hostname: backend-v3.gateway-conformance-infra.svc.cluster.local
port: 8080
- apiVersion: gateway.envoyproxy.io/v1alpha1
kind: Backend
metadata:
name: backend-fqdn
namespace: default
spec:
endpoints:
- fqdn:
hostname: grpc-infra-backend-v1.gateway-conformance-infra.svc.cluster.local
port: 8080
backendTrafficPolicies:
- apiVersion: gateway.envoyproxy.io/v1alpha1
kind: BackendTrafficPolicy
metadata:
namespace: default
name: backend-traffic-policy
spec:
targetRef:
group: gateway.networking.k8s.io
kind: GRPCRoute
name: grpcroute-1
dns:
lookupFamily: IPv6
dnsRefreshRate: "5s"
respectDnsTtl: false
- apiVersion: gateway.envoyproxy.io/v1alpha1
kind: BackendTrafficPolicy
metadata:
namespace: default
name: backend-traffic-policy
spec:
targetRef:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: httproute-1
dns:
lookupFamily: IPv4Only
dnsRefreshRate: "5s"
respectDnsTtl: false
envoyExtensionPolicies:
- apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyExtensionPolicy
metadata:
namespace: default
name: policy-for-httproute
spec:
targetRef:
group: gateway.networking.k8s.io
kind: HTTPRoute
name: httproute-1
extProc:
- backendRefs:
- name: backend-fqdn2
kind: Backend
port: 9090
backendSettings:
dns:
dnsRefreshRate: "5s"
lookupFamily: IPv4AndIPv6
securityPolicies:
- apiVersion: gateway.envoyproxy.io/v1alpha1
kind: SecurityPolicy
metadata:
namespace: envoy-gateway
name: policy-for-gateway-1
spec:
targetRef:
group: gateway.networking.k8s.io
kind: Gateway
name: gateway-1
extAuth:
http:
backendRefs:
- name: backend-fqdn3
namespace: default
Kind: Backend
port: 8080
backendSettings:
dns:
dnsRefreshRate: 30s
lookupFamily: IPv4Preferred
failOpen: false
bodyToExtAuth:
maxRequestBytes: 8192
referenceGrants:
- apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
name: allow-backends
namespace: default
spec:
from:
- group: gateway.envoyproxy.io
kind: SecurityPolicy
namespace: envoy-gateway
to:
- group: ""
kind: Backend
name: backend-fqdn3
Loading

0 comments on commit c4bc5b2

Please sign in to comment.