From 1dcb8c639427836e885b3508b9f889856f8144f9 Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Wed, 25 Sep 2024 15:33:27 +0200 Subject: [PATCH 1/5] test(MeshLoadBalancingStrategy): add case Signed-off-by: Mike Beaumont --- .../plugin/v1alpha1/plugin_test.go | 184 +++++++++++++++++- ...l-MeshService.gateway.clusters.golden.yaml | 17 ++ ...-MeshService.gateway.endpoints.golden.yaml | 5 + ...-MeshService.gateway.listeners.golden.yaml | 60 ++++++ ...eal-MeshService.gateway.routes.golden.yaml | 28 +++ 5 files changed, 285 insertions(+), 9 deletions(-) create mode 100644 pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.clusters.golden.yaml create mode 100644 pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.endpoints.golden.yaml create mode 100644 pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.listeners.golden.yaml create mode 100644 pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.routes.golden.yaml diff --git a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin_test.go b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin_test.go index bef3e1930f6a..0ac333249672 100644 --- a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin_test.go +++ b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin_test.go @@ -11,19 +11,24 @@ import ( . "github.com/onsi/gomega" "k8s.io/apimachinery/pkg/util/intstr" + common_api "github.com/kumahq/kuma/api/common/v1alpha1" mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" core_plugins "github.com/kumahq/kuma/pkg/core/plugins" core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" meshexternalservice_api "github.com/kumahq/kuma/pkg/core/resources/apis/meshexternalservice/api/v1alpha1" + meshservice_api "github.com/kumahq/kuma/pkg/core/resources/apis/meshservice/api/v1alpha1" core_model "github.com/kumahq/kuma/pkg/core/resources/model" core_xds "github.com/kumahq/kuma/pkg/core/xds" xds_types "github.com/kumahq/kuma/pkg/core/xds/types" core_rules "github.com/kumahq/kuma/pkg/plugins/policies/core/rules" + meshhttproute_api "github.com/kumahq/kuma/pkg/plugins/policies/meshhttproute/api/v1alpha1" + meshhttproute_plugin "github.com/kumahq/kuma/pkg/plugins/policies/meshhttproute/plugin/v1alpha1" "github.com/kumahq/kuma/pkg/plugins/policies/meshloadbalancingstrategy/api/v1alpha1" plugin "github.com/kumahq/kuma/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1" gateway_plugin "github.com/kumahq/kuma/pkg/plugins/runtime/gateway" "github.com/kumahq/kuma/pkg/test/matchers" "github.com/kumahq/kuma/pkg/test/resources/builders" + test_model "github.com/kumahq/kuma/pkg/test/resources/model" "github.com/kumahq/kuma/pkg/test/resources/samples" xds_builders "github.com/kumahq/kuma/pkg/test/xds/builders" xds_samples "github.com/kumahq/kuma/pkg/test/xds/samples" @@ -49,6 +54,14 @@ func getResource(resourceSet *core_xds.ResourceSet, typ envoy_resource.Type) []b } var _ = Describe("MeshLoadBalancingStrategy", func() { + backendMeshServiceIdentifier := core_model.TypedResourceIdentifier{ + ResourceIdentifier: core_model.ResourceIdentifier{ + Name: "backend", + Mesh: "default", + }, + ResourceType: "MeshService", + SectionName: "", + } externalMeshExternalServiceIdentifier := &core_model.TypedResourceIdentifier{ ResourceIdentifier: core_model.ResourceIdentifier{ Name: "external", @@ -1410,9 +1423,12 @@ var _ = Describe("MeshLoadBalancingStrategy", func() { }), ) type gatewayTestCase struct { - name string - endpointMap *xds_builders.EndpointMapBuilder - rules core_rules.GatewayRules + name string + endpointMap *xds_builders.EndpointMapBuilder + gatewayRoutes bool + rules core_rules.GatewayRules + meshhttproutes core_rules.GatewayRules + meshservices []*meshservice_api.MeshServiceResource } DescribeTable("should generate proper Envoy config for MeshGateways", func(given gatewayTestCase) { @@ -1421,8 +1437,15 @@ var _ = Describe("MeshLoadBalancingStrategy", func() { resources.MeshLocalResources[core_mesh.MeshGatewayType] = &core_mesh.MeshGatewayResourceList{ Items: []*core_mesh.MeshGatewayResource{samples.GatewayResource()}, } - resources.MeshLocalResources[core_mesh.MeshGatewayRouteType] = &core_mesh.MeshGatewayRouteResourceList{ - Items: []*core_mesh.MeshGatewayRouteResource{samples.BackendGatewayRoute(), samples.BackendGatewaySecondRoute()}, + if given.gatewayRoutes { + resources.MeshLocalResources[core_mesh.MeshGatewayRouteType] = &core_mesh.MeshGatewayRouteResourceList{ + Items: []*core_mesh.MeshGatewayRouteResource{samples.BackendGatewayRoute(), samples.BackendGatewaySecondRoute()}, + } + } + if len(given.meshservices) > 0 { + resources.MeshLocalResources[meshservice_api.MeshServiceType] = &meshservice_api.MeshServiceResourceList{ + Items: given.meshservices, + } } xdsCtx := *xds_builders.Context(). @@ -1442,7 +1465,9 @@ var _ = Describe("MeshLoadBalancingStrategy", func() { "k8s.io/region": "test", })). WithPolicies( - xds_builders.MatchedPolicies().WithGatewayPolicy(v1alpha1.MeshLoadBalancingStrategyType, given.rules), + xds_builders.MatchedPolicies(). + WithGatewayPolicy(v1alpha1.MeshLoadBalancingStrategyType, given.rules). + WithGatewayPolicy(meshhttproute_api.MeshHTTPRouteType, given.meshhttproutes), ). Build() for n, p := range core_plugins.Plugins().ProxyPlugins() { @@ -1452,6 +1477,9 @@ var _ = Describe("MeshLoadBalancingStrategy", func() { generatedResources, err := gatewayGenerator.Generate(context.Background(), nil, xdsCtx, proxy) Expect(err).NotTo(HaveOccurred()) + httpRoutePlugin := meshhttproute_plugin.NewPlugin().(core_plugins.PolicyPlugin) + Expect(httpRoutePlugin.Apply(generatedResources, xdsCtx, proxy)).To(Succeed()) + // when plugin := plugin.NewPlugin().(core_plugins.PolicyPlugin) Expect(plugin.Apply(generatedResources, xdsCtx, proxy)).To(Succeed()) @@ -1467,7 +1495,8 @@ var _ = Describe("MeshLoadBalancingStrategy", func() { To(matchers.MatchGoldenYAML(filepath.Join("testdata", fmt.Sprintf("%s.gateway.routes.golden.yaml", given.name)))) }, Entry("basic outbound cluster", gatewayTestCase{ - name: "basic", + name: "basic", + gatewayRoutes: true, endpointMap: xds_builders.EndpointMap(). AddEndpoints("backend", createEndpointBuilderWith("test-zone", "192.168.1.1", map[string]string{}), @@ -1512,7 +1541,8 @@ var _ = Describe("MeshLoadBalancingStrategy", func() { }, }), Entry("locality aware gateway", gatewayTestCase{ - name: "locality_aware", + name: "locality_aware", + gatewayRoutes: true, endpointMap: xds_builders.EndpointMap(). AddEndpoints("backend", createEndpointBuilderWith("test-zone", "192.168.1.1", map[string]string{"k8s.io/node": "node1"}), @@ -1582,7 +1612,8 @@ var _ = Describe("MeshLoadBalancingStrategy", func() { }, }), Entry("no cross zone", gatewayTestCase{ - name: "no-cross-zone", + name: "no-cross-zone", + gatewayRoutes: true, endpointMap: xds_builders.EndpointMap(). AddEndpoints("backend", createEndpointBuilderWith("test-zone", "192.168.1.1", map[string]string{"k8s.io/node": "node1"}), @@ -1619,6 +1650,141 @@ var _ = Describe("MeshLoadBalancingStrategy", func() { }, }, }), + Entry("real MeshService targeted to real MeshService", gatewayTestCase{ + name: "real-MeshService-targeted-to-real-MeshService", + endpointMap: xds_builders.EndpointMap(). + AddEndpoints("backend", + createEndpointBuilderWith("test-zone", "192.168.1.1", map[string]string{"k8s.io/node": "node1"}), + createEndpointBuilderWith("test-zone", "192.168.1.2", map[string]string{"k8s.io/node": "node2"}), + createEndpointBuilderWith("test-zone", "192.168.1.3", map[string]string{"k8s.io/az": "test"}), + createEndpointBuilderWith("test-zone", "192.168.1.4", map[string]string{"k8s.io/region": "test"}), + createEndpointBuilderWith("zone-2", "192.168.1.5", map[string]string{}), + createEndpointBuilderWith("zone-3", "192.168.1.6", map[string]string{}), + createEndpointBuilderWith("zone-4", "192.168.1.7", map[string]string{}), + createEndpointBuilderWith("zone-5", "192.168.1.8", map[string]string{}), + ), + meshservices: []*meshservice_api.MeshServiceResource{ + { + Meta: &test_model.ResourceMeta{Name: "backend", Mesh: "default"}, + Spec: &meshservice_api.MeshService{ + Selector: meshservice_api.Selector{}, + Ports: []meshservice_api.Port{{ + Port: 80, + TargetPort: intstr.FromInt(8084), + AppProtocol: core_mesh.ProtocolHTTP, + }}, + Identities: []meshservice_api.MeshServiceIdentity{ + { + Type: meshservice_api.MeshServiceIdentityServiceTagType, + Value: "backend", + }, + { + Type: meshservice_api.MeshServiceIdentityServiceTagType, + Value: "other-backend", + }, + }, + }, + Status: &meshservice_api.MeshServiceStatus{ + VIPs: []meshservice_api.VIP{{ + IP: "10.0.0.1", + }}, + }, + }, + }, + meshhttproutes: core_rules.GatewayRules{ + ToRules: core_rules.GatewayToRules{ + ByListenerAndHostname: map[core_rules.InboundListenerHostname]core_rules.ToRules{ + core_rules.NewInboundListenerHostname("192.168.0.1", 8080, "*"): { + Rules: core_rules.Rules{{ + Subset: core_rules.MeshSubset(), + Conf: meshhttproute_api.PolicyDefault{ + Rules: []meshhttproute_api.Rule{{ + Matches: []meshhttproute_api.Match{{ + Path: &meshhttproute_api.PathMatch{ + Type: meshhttproute_api.Exact, + Value: "/", + }, + }}, + Default: meshhttproute_api.RuleConf{ + BackendRefs: &[]common_api.BackendRef{{ + TargetRef: builders.TargetRefService("backend"), + Port: pointer.To(uint32(80)), + Weight: pointer.To(uint(100)), + }}, + }, + }}, + }, + Origin: []core_model.ResourceMeta{ + &test_model.ResourceMeta{Mesh: "default", Name: "http-route"}, + }, + BackendRefOriginIndex: core_rules.BackendRefOriginIndex{ + meshhttproute_api.HashMatches([]meshhttproute_api.Match{{Path: &meshhttproute_api.PathMatch{Type: meshhttproute_api.Exact, Value: "/"}}}): 0, + }, + }}, + }, + }, + }, + }, + rules: core_rules.GatewayRules{ + ToRules: core_rules.GatewayToRules{ + ByListener: map[core_rules.InboundListener]core_rules.ToRules{ + {Address: "192.168.0.1", Port: 8080}: { + ResourceRules: map[core_model.TypedResourceIdentifier]core_rules.ResourceRule{ + backendMeshServiceIdentifier: { + Conf: []interface{}{ + v1alpha1.Conf{ + LocalityAwareness: &v1alpha1.LocalityAwareness{ + LocalZone: &v1alpha1.LocalZone{ + AffinityTags: &[]v1alpha1.AffinityTag{ + { + Key: "k8s.io/node", + Weight: pointer.To[uint32](9000), + }, + { + Key: "k8s.io/az", + Weight: pointer.To[uint32](900), + }, + { + Key: "k8s.io/region", + Weight: pointer.To[uint32](90), + }, + }, + }, + CrossZone: &v1alpha1.CrossZone{ + Failover: []v1alpha1.Failover{ + { + To: v1alpha1.ToZone{ + Type: v1alpha1.AnyExcept, + Zones: &[]string{"zone-3", "zone-4", "zone-5"}, + }, + }, + { + From: &v1alpha1.FromZone{ + Zones: []string{"zone-1"}, + }, + To: v1alpha1.ToZone{ + Type: v1alpha1.Only, + Zones: &[]string{"zone-3"}, + }, + }, + { + To: v1alpha1.ToZone{ + Type: v1alpha1.Only, + Zones: &[]string{"zone-4"}, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }), ) }) diff --git a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.clusters.golden.yaml b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.clusters.golden.yaml new file mode 100644 index 000000000000..7d4c4868ed13 --- /dev/null +++ b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.clusters.golden.yaml @@ -0,0 +1,17 @@ +resources: +- name: default_backend___msvc_80-65ee15ea276ba345 + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + edsClusterConfig: + edsConfig: + ads: {} + initialFetchTimeout: 0s + resourceApiVersion: V3 + name: default_backend___msvc_80-65ee15ea276ba345 + perConnectionBufferLimitBytes: 32768 + type: EDS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + httpProtocolOptions: {} diff --git a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.endpoints.golden.yaml b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.endpoints.golden.yaml new file mode 100644 index 000000000000..632231048624 --- /dev/null +++ b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.endpoints.golden.yaml @@ -0,0 +1,5 @@ +resources: +- name: default_backend___msvc_80-65ee15ea276ba345 + resource: + '@type': type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment + clusterName: default_backend___msvc_80-65ee15ea276ba345 diff --git a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.listeners.golden.yaml b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.listeners.golden.yaml new file mode 100644 index 000000000000..d9e3529e6bb7 --- /dev/null +++ b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.listeners.golden.yaml @@ -0,0 +1,60 @@ +resources: +- name: sample-gateway:HTTP:8080 + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: 192.168.0.1 + portValue: 8080 + enableReusePort: true + filterChains: + - filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + commonHttpProtocolOptions: + headersWithUnderscoresAction: REJECT_REQUEST + idleTimeout: 300s + http2ProtocolOptions: + allowConnect: true + initialConnectionWindowSize: 1048576 + initialStreamWindowSize: 65536 + maxConcurrentStreams: 100 + httpFilters: + - name: envoy.filters.http.local_ratelimit + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit + statPrefix: rate_limit + - name: gzip-compress + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.compressor.v3.Compressor + compressorLibrary: + name: gzip + typedConfig: + '@type': type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip + responseDirectionConfig: + disableOnEtagHeader: true + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + mergeSlashes: true + normalizePath: true + pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT + rds: + configSource: + ads: {} + initialFetchTimeout: 0s + resourceApiVersion: V3 + routeConfigName: sample-gateway:HTTP:8080:* + requestHeadersTimeout: 0.500s + serverName: Kuma Gateway + statPrefix: sample-gateway + streamIdleTimeout: 5s + useRemoteAddress: true + listenerFilters: + - name: envoy.filters.listener.tls_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector + name: sample-gateway:HTTP:8080 + perConnectionBufferLimitBytes: 32768 + trafficDirection: INBOUND diff --git a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.routes.golden.yaml b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.routes.golden.yaml new file mode 100644 index 000000000000..7058f89f343d --- /dev/null +++ b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.routes.golden.yaml @@ -0,0 +1,28 @@ +resources: +- name: sample-gateway:HTTP:8080:* + resource: + '@type': type.googleapis.com/envoy.config.route.v3.RouteConfiguration + ignorePortInHostMatching: true + name: sample-gateway:HTTP:8080:* + requestHeadersToRemove: + - x-kuma-tags + validateClusters: false + virtualHosts: + - domains: + - '*' + name: '*' + routes: + - match: + path: / + name: JNNc6//C3P17nUsOJm5f4kqG+U3v8pXhS0od9C3+oss= + route: + clusterNotFoundResponseCode: INTERNAL_SERVER_ERROR + idleTimeout: 5s + weightedClusters: + clusters: + - name: default_backend___msvc_80-65ee15ea276ba345 + requestHeadersToAdd: + - header: + key: x-kuma-tags + value: '&k8s.io/az=test&&k8s.io/node=node1&&k8s.io/region=test&&kuma.io/service=sample-gateway&' + weight: 100 From d485b087d2502398d41f71ac81de8310b7843f43 Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Wed, 25 Sep 2024 15:33:40 +0200 Subject: [PATCH 2/5] fix(MeshLoadBalancingStrategy): apply to real resource targeted policies with MeshGateway Signed-off-by: Mike Beaumont --- .../plugin/v1alpha1/plugin.go | 114 ++++++++++++------ 1 file changed, 74 insertions(+), 40 deletions(-) diff --git a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go index 98918c404826..341c3293c758 100644 --- a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go +++ b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go @@ -14,6 +14,7 @@ import ( core_plugins "github.com/kumahq/kuma/pkg/core/plugins" core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" meshexternalservice_api "github.com/kumahq/kuma/pkg/core/resources/apis/meshexternalservice/api/v1alpha1" + core_model "github.com/kumahq/kuma/pkg/core/resources/model" core_xds "github.com/kumahq/kuma/pkg/core/xds" xds_types "github.com/kumahq/kuma/pkg/core/xds/types" "github.com/kumahq/kuma/pkg/plugins/policies/core/matchers" @@ -62,7 +63,7 @@ func (p plugin) Apply(rs *core_xds.ResourceSet, ctx xds_context.Context, proxy * endpoints := policies_xds.GatherOutboundEndpoints(rs) routes := policies_xds.GatherRoutes(rs) - if err := p.configureGateway(proxy, policies.GatewayRules, listeners.Gateway, clusters.Gateway, routes.Gateway, rs, ctx.Mesh.Resource.ZoneEgressEnabled()); err != nil { + if err := p.configureGateway(ctx.Mesh, proxy, policies.GatewayRules, listeners.Gateway, clusters.Gateway, routes.Gateway, rs, ctx.Mesh.Resource.ZoneEgressEnabled()); err != nil { return err } @@ -129,7 +130,7 @@ func (p plugin) configureDPP( } } - if err := p.applyToRealResources(proxy, endpoints, rs, toRules.ResourceRules, meshCtx); err != nil { + if err := p.applyToRealResources(meshCtx, rs, proxy, toRules.ResourceRules, endpoints); err != nil { return err } @@ -137,42 +138,57 @@ func (p plugin) configureDPP( } func (p plugin) applyToRealResources( - proxy *core_xds.Proxy, - endpoints policies_xds.EndpointMap, + meshCtx xds_context.MeshContext, rs *core_xds.ResourceSet, + proxy *core_xds.Proxy, rules core_rules.ResourceRules, - meshCtx xds_context.MeshContext, + endpoints policies_xds.EndpointMap, ) error { for uri, resType := range rs.IndexByOrigin(core_xds.NonMeshExternalService) { - conf := rules.Compute(uri, meshCtx.Resources) - if conf == nil { - continue + if err := p.applyToRealResource(meshCtx, proxy, rules, uri, rs, resType, endpoints); err != nil { + return err } - apiConf := conf.Conf[0].(api.Conf) + } + return nil +} - for typ, resources := range resType { - switch typ { - case envoy_resource.ListenerType: - for _, resource := range resources { - if resource.Origin != generator.OriginOutbound { - continue - } - if err := p.configureListener(resource.Resource.(*envoy_listener.Listener), nil, &apiConf); err != nil { - return err - } +func (p plugin) applyToRealResource( + meshCtx xds_context.MeshContext, + proxy *core_xds.Proxy, + rules core_rules.ResourceRules, + uri core_model.TypedResourceIdentifier, + rs *core_xds.ResourceSet, + resourcesByType core_xds.ResourcesByType, + endpoints policies_xds.EndpointMap, +) error { + conf := rules.Compute(uri, meshCtx.Resources) + if conf == nil { + return nil + } + apiConf := conf.Conf[0].(api.Conf) + + for typ, resources := range resourcesByType { + switch typ { + case envoy_resource.ListenerType: + for _, resource := range resources { + if resource.Origin != generator.OriginOutbound { + continue } - case envoy_resource.ClusterType: - for _, resource := range resources { - if resource.Origin != generator.OriginOutbound { - continue - } - cluster := resource.Resource.(*envoy_cluster.Cluster) - if err := p.configureCluster(cluster, apiConf); err != nil { - return err - } - if err := configureEndpoints(proxy.Dataplane.Spec.TagSet(), cluster, endpoints[cluster.Name], cluster.Name, apiConf, rs, proxy.Zone, proxy.APIVersion, false, generator.OriginOutbound); err != nil { - return errors.Wrapf(err, "failed to configure ClusterLoadAssignment for %s", cluster.Name) - } + if err := p.configureListener(resource.Resource.(*envoy_listener.Listener), nil, &apiConf); err != nil { + return err + } + } + case envoy_resource.ClusterType: + for _, resource := range resources { + if resource.Origin != generator.OriginOutbound { + continue + } + cluster := resource.Resource.(*envoy_cluster.Cluster) + if err := p.configureCluster(cluster, apiConf); err != nil { + return err + } + if err := configureEndpoints(proxy.Dataplane.Spec.TagSet(), cluster, endpoints[cluster.Name], cluster.Name, apiConf, rs, proxy.Zone, proxy.APIVersion, false, generator.OriginOutbound); err != nil { + return errors.Wrapf(err, "failed to configure ClusterLoadAssignment for %s", cluster.Name) } } } @@ -218,6 +234,7 @@ func configureEndpoints( } func (p plugin) configureGateway( + meshCtx xds_context.MeshContext, proxy *core_xds.Proxy, rules core_rules.GatewayRules, gatewayListeners map[core_rules.InboundListener]*envoy_listener.Listener, @@ -230,6 +247,7 @@ func (p plugin) configureGateway( if len(gatewayListenerInfos) == 0 { return nil } + resourcesByOrigin := rs.IndexByOrigin(core_xds.NonMeshExternalService) endpoints := policies_xds.GatherGatewayEndpoints(rs) @@ -264,18 +282,34 @@ func (p plugin) configureGateway( } serviceName := dest.Destination[mesh_proto.ServiceTag] - localityConf := core_rules.ComputeConf[api.Conf](rules.Rules, core_rules.MeshService(serviceName)) - if localityConf == nil { - continue - } - perServiceConfiguration[serviceName] = localityConf + if localityConf := core_rules.ComputeConf[api.Conf](rules.Rules, core_rules.MeshService(serviceName)); localityConf != nil { + perServiceConfiguration[serviceName] = localityConf - if err := p.configureCluster(cluster, *localityConf); err != nil { - return err + if err := p.configureCluster(cluster, *localityConf); err != nil { + return err + } + + if err := configureEndpoints(proxy.Dataplane.Spec.TagSet(), cluster, endpoints[serviceName], clusterName, *localityConf, rs, proxy.Zone, proxy.APIVersion, egressEnabled, metadata.OriginGateway); err != nil { + return err + } } - if err := configureEndpoints(proxy.Dataplane.Spec.TagSet(), cluster, endpoints[serviceName], clusterName, *localityConf, rs, proxy.Zone, proxy.APIVersion, egressEnabled, metadata.OriginGateway); err != nil { - return err + if dest.BackendRef == nil { + continue + } + if realRef := dest.BackendRef.ResourceOrNil(); realRef != nil { + resources := resourcesByOrigin[*realRef] + if err := p.applyToRealResource( + meshCtx, + proxy, + rules.ResourceRules, + *realRef, + rs, + resources, + endpoints, + ); err != nil { + return err + } } } } From 9cdbd510f4c93bc58ae2d546377aeb4c8aa7cc40 Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Wed, 25 Sep 2024 15:58:04 +0200 Subject: [PATCH 3/5] fix(MeshLoadBalancingStrategy): don't call configureDPP if builtin gateway Signed-off-by: Mike Beaumont --- .../meshloadbalancingstrategy/plugin/v1alpha1/plugin.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go index 341c3293c758..08973c2e5a4f 100644 --- a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go +++ b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go @@ -87,6 +87,9 @@ func (p plugin) configureDPP( rs *core_xds.ResourceSet, meshCtx xds_context.MeshContext, ) error { + if proxy.Dataplane.Spec.IsBuiltinGateway() { + return nil + } serviceConfs := map[string]api.Conf{} for _, outbound := range proxy.Outbounds.Filter(xds_types.NonBackendRefFilter) { From 2c56cf5614041bdf6efddebac08315d041765ce5 Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Thu, 26 Sep 2024 21:25:57 +0200 Subject: [PATCH 4/5] refactor(MeshLoadBalancingStrategy): apply to real resources if origin is Gateway Signed-off-by: Mike Beaumont --- .../meshloadbalancingstrategy/plugin/v1alpha1/plugin.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go index 08973c2e5a4f..55288733f415 100644 --- a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go +++ b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin.go @@ -183,7 +183,7 @@ func (p plugin) applyToRealResource( } case envoy_resource.ClusterType: for _, resource := range resources { - if resource.Origin != generator.OriginOutbound { + if resource.Origin != generator.OriginOutbound && resource.Origin != metadata.OriginGateway { continue } cluster := resource.Resource.(*envoy_cluster.Cluster) From 0414c4489b52346e39c128bcc0e6d5f15fb60d31 Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Thu, 26 Sep 2024 21:26:10 +0200 Subject: [PATCH 5/5] test(MeshLoadBalancingStrategy): update golden files Signed-off-by: Mike Beaumont --- ...ce-targeted-to-real-MeshService.gateway.clusters.golden.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.clusters.golden.yaml b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.clusters.golden.yaml index 7d4c4868ed13..355f5de83c7d 100644 --- a/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.clusters.golden.yaml +++ b/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/testdata/real-MeshService-targeted-to-real-MeshService.gateway.clusters.golden.yaml @@ -2,6 +2,8 @@ resources: - name: default_backend___msvc_80-65ee15ea276ba345 resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + commonLbConfig: + localityWeightedLbConfig: {} edsClusterConfig: edsConfig: ads: {}