Skip to content

Commit

Permalink
Add disableListenerContainerPort field for the EnvoyProxy
Browse files Browse the repository at this point in the history
Signed-off-by: Kebe <[email protected]>
  • Loading branch information
kebe7jun committed Nov 14, 2024
1 parent 639a441 commit 996a503
Show file tree
Hide file tree
Showing 7 changed files with 45 additions and 18 deletions.
9 changes: 9 additions & 0 deletions api/v1alpha1/envoyproxy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,15 @@ type EnvoyProxySpec struct {
// +kubebuilder:validation:Enum=IPv4;IPv6;DualStack
// +optional
IPFamily *IPFamily `json:"ipFamily,omitempty"`

// DisableListenerContainerPort specifies whether it is necessary to synchronize the
// Gateway's listener configuration to the container's ports.
// When this parameter is set to true, the listener configuration will not be
// synchronized to the container's ports.
// This prevents the Pod from being recreated when the Gateway's listeners
// configuration is modified.
// +optional
DisableListenerContainerPort *bool `json:"disableListenerContainerPort,omitempty"`
}

// RoutingType defines the type of routing of this Envoy proxy.
Expand Down
5 changes: 5 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,15 @@ spec:
the number of cpuset threads on the platform.
format: int32
type: integer
disableListenerContainerPort:
description: |-
DisableListenerContainerPort specifies whether it is necessary to synchronize the
Gateway's listener configuration to the container's ports.
When this parameter is set to true, the listener configuration will not be
synchronized to the container's ports.
This prevents the Pod from being recreated when the Gateway's listeners
configuration is modified.
type: boolean
extraArgs:
description: |-
ExtraArgs defines additional command line options that are provided to Envoy.
Expand Down
37 changes: 19 additions & 18 deletions internal/infrastructure/kubernetes/proxy/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,25 +88,26 @@ func expectedProxyContainers(infra *ir.ProxyInfra,
) ([]corev1.Container, error) {
// Define slice to hold container ports
var ports []corev1.ContainerPort

// Iterate over listeners and ports to get container ports
for _, listener := range infra.Listeners {
for _, p := range listener.Ports {
var protocol corev1.Protocol
switch p.Protocol {
case ir.HTTPProtocolType, ir.HTTPSProtocolType, ir.TLSProtocolType, ir.TCPProtocolType:
protocol = corev1.ProtocolTCP
case ir.UDPProtocolType:
protocol = corev1.ProtocolUDP
default:
return nil, fmt.Errorf("invalid protocol %q", p.Protocol)
}
port := corev1.ContainerPort{
Name: p.Name,
ContainerPort: p.ContainerPort,
Protocol: protocol,
if infra.Config == nil || infra.Config.Spec.DisableListenerContainerPort == nil || !*infra.Config.Spec.DisableListenerContainerPort {
// Iterate over listeners and ports to get container ports
for _, listener := range infra.Listeners {
for _, p := range listener.Ports {
var protocol corev1.Protocol
switch p.Protocol {
case ir.HTTPProtocolType, ir.HTTPSProtocolType, ir.TLSProtocolType, ir.TCPProtocolType:
protocol = corev1.ProtocolTCP
case ir.UDPProtocolType:
protocol = corev1.ProtocolUDP
default:
return nil, fmt.Errorf("invalid protocol %q", p.Protocol)
}
port := corev1.ContainerPort{
Name: p.Name,
ContainerPort: p.ContainerPort,
Protocol: protocol,
}
ports = append(ports, port)
}
ports = append(ports, port)
}
}

Expand Down
1 change: 1 addition & 0 deletions release-notes/current.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ security updates: |
# New features or capabilities added in this release.
new features: |
- Added support for trusted CIDRs in the ClientIPDetectionSettings API
- Add disableListenerContainerPort field for the EnvoyProxy
# Fixes for bugs identified in previous versions.
bug fixes: |
Expand Down
1 change: 1 addition & 0 deletions site/content/en/latest/api/extension_types.md
Original file line number Diff line number Diff line change
Expand Up @@ -1437,6 +1437,7 @@ _Appears in:_
| `filterOrder` | _[FilterPosition](#filterposition) array_ | false | FilterOrder defines the order of filters in the Envoy proxy's HTTP filter chain.<br />The FilterPosition in the list will be applied in the order they are defined.<br />If unspecified, the default filter order is applied.<br />Default filter order is:<br /><br />- envoy.filters.http.health_check<br /><br />- envoy.filters.http.fault<br /><br />- envoy.filters.http.cors<br /><br />- envoy.filters.http.ext_authz<br /><br />- envoy.filters.http.basic_auth<br /><br />- envoy.filters.http.oauth2<br /><br />- envoy.filters.http.jwt_authn<br /><br />- envoy.filters.http.stateful_session<br /><br />- envoy.filters.http.ext_proc<br /><br />- envoy.filters.http.wasm<br /><br />- envoy.filters.http.rbac<br /><br />- envoy.filters.http.local_ratelimit<br /><br />- envoy.filters.http.ratelimit<br /><br />- envoy.filters.http.custom_response<br /><br />- envoy.filters.http.router<br /><br />Note: "envoy.filters.http.router" cannot be reordered, it's always the last filter in the chain. |
| `backendTLS` | _[BackendTLSConfig](#backendtlsconfig)_ | false | BackendTLS is the TLS configuration for the Envoy proxy to use when connecting to backends.<br />These settings are applied on backends for which TLS policies are specified. |
| `ipFamily` | _[IPFamily](#ipfamily)_ | false | IPFamily specifies the IP family for the EnvoyProxy fleet.<br />This setting only affects the Gateway listener port and does not impact<br />other aspects of the Envoy proxy configuration.<br />If not specified, the system will operate as follows:<br />- It defaults to IPv4 only.<br />- IPv6 and dual-stack environments are not supported in this default configuration.<br />Note: To enable IPv6 or dual-stack functionality, explicit configuration is required. |
| `disableListenerContainerPort` | _boolean_ | false | DisableListenerContainerPort specifies whether it is necessary to synchronize the<br />Gateway's listener configuration to the container's ports.<br />When this parameter is set to true, the listener configuration will not be<br />synchronized to the container's ports.<br />This prevents the Pod from being recreated when the Gateway's listeners<br />configuration is modified. |


#### EnvoyProxyStatus
Expand Down
1 change: 1 addition & 0 deletions site/content/zh/latest/api/extension_types.md
Original file line number Diff line number Diff line change
Expand Up @@ -1437,6 +1437,7 @@ _Appears in:_
| `filterOrder` | _[FilterPosition](#filterposition) array_ | false | FilterOrder defines the order of filters in the Envoy proxy's HTTP filter chain.<br />The FilterPosition in the list will be applied in the order they are defined.<br />If unspecified, the default filter order is applied.<br />Default filter order is:<br /><br />- envoy.filters.http.health_check<br /><br />- envoy.filters.http.fault<br /><br />- envoy.filters.http.cors<br /><br />- envoy.filters.http.ext_authz<br /><br />- envoy.filters.http.basic_auth<br /><br />- envoy.filters.http.oauth2<br /><br />- envoy.filters.http.jwt_authn<br /><br />- envoy.filters.http.stateful_session<br /><br />- envoy.filters.http.ext_proc<br /><br />- envoy.filters.http.wasm<br /><br />- envoy.filters.http.rbac<br /><br />- envoy.filters.http.local_ratelimit<br /><br />- envoy.filters.http.ratelimit<br /><br />- envoy.filters.http.custom_response<br /><br />- envoy.filters.http.router<br /><br />Note: "envoy.filters.http.router" cannot be reordered, it's always the last filter in the chain. |
| `backendTLS` | _[BackendTLSConfig](#backendtlsconfig)_ | false | BackendTLS is the TLS configuration for the Envoy proxy to use when connecting to backends.<br />These settings are applied on backends for which TLS policies are specified. |
| `ipFamily` | _[IPFamily](#ipfamily)_ | false | IPFamily specifies the IP family for the EnvoyProxy fleet.<br />This setting only affects the Gateway listener port and does not impact<br />other aspects of the Envoy proxy configuration.<br />If not specified, the system will operate as follows:<br />- It defaults to IPv4 only.<br />- IPv6 and dual-stack environments are not supported in this default configuration.<br />Note: To enable IPv6 or dual-stack functionality, explicit configuration is required. |
| `disableListenerContainerPort` | _boolean_ | false | DisableListenerContainerPort specifies whether it is necessary to synchronize the<br />Gateway's listener configuration to the container's ports.<br />When this parameter is set to true, the listener configuration will not be<br />synchronized to the container's ports.<br />This prevents the Pod from being recreated when the Gateway's listeners<br />configuration is modified. |


#### EnvoyProxyStatus
Expand Down

0 comments on commit 996a503

Please sign in to comment.