From 642a4d48c1c39c7f9e46c1587a651ad0ea4476a8 Mon Sep 17 00:00:00 2001 From: zirain Date: Sat, 29 Apr 2023 09:59:41 +0800 Subject: [PATCH] kubernetes: support custom cluster dns domain (#1375) * kubernetes: support custom dns domain Signed-off-by: hejianpeng --- charts/gateway-helm/README.md | 59 +++++++++--------- charts/gateway-helm/templates/certgen.yaml | 2 + .../templates/envoy-gateway-deployment.yaml | 2 +- charts/gateway-helm/values.tmpl.yaml | 16 ++--- internal/cmd/egctl/translate.go | 12 ++-- internal/crypto/certgen.go | 5 +- internal/envoygateway/config/config.go | 5 ++ .../kubernetes/ratelimit/resource.go | 5 +- .../ratelimit/resource_provider_test.go | 4 +- internal/xds/translator/runner/runner.go | 2 +- .../in/xds-ir/ratelimit-custom-domain.yaml | 49 +++++++++++++++ .../ratelimit-custom-domain.clusters.yaml | 62 +++++++++++++++++++ .../ratelimit-custom-domain.endpoints.yaml | 30 +++++++++ .../ratelimit-custom-domain.listeners.yaml | 50 +++++++++++++++ .../ratelimit-custom-domain.routes.yaml | 41 ++++++++++++ internal/xds/translator/translator_test.go | 13 +++- 16 files changed, 303 insertions(+), 54 deletions(-) create mode 100644 internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.endpoints.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml create mode 100644 internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.routes.yaml diff --git a/charts/gateway-helm/README.md b/charts/gateway-helm/README.md index 2eedff6ab33..e12f2bba98d 100644 --- a/charts/gateway-helm/README.md +++ b/charts/gateway-helm/README.md @@ -8,10 +8,10 @@ The Helm chart for Envoy Gateway ## Maintainers -| Name | Email | Url | -| ---- | ------ | --- | -| envoy-gateway-steering-committee | | | -| envoy-gateway-maintainers | | | +| Name | Email | Url | +| -------------------------------- | ----- | --------------------------------------------------------------- | +| envoy-gateway-steering-committee | | | +| envoy-gateway-maintainers | | | ## Source Code @@ -56,28 +56,29 @@ To uninstall the chart: ## Values -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| config.envoyGateway.gateway.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` | | -| config.envoyGateway.provider.type | string | `"Kubernetes"` | | -| deployment.envoyGateway.image.repository | string | `"docker.io/envoyproxy/gateway-dev"` | | -| deployment.envoyGateway.image.tag | string | `"latest"` | | -| deployment.envoyGateway.imagePullPolicy | string | `"Always"` | | -| deployment.envoyGateway.resources.limits.cpu | string | `"500m"` | | -| deployment.envoyGateway.resources.limits.memory | string | `"128Mi"` | | -| deployment.envoyGateway.resources.requests.cpu | string | `"10m"` | | -| deployment.envoyGateway.resources.requests.memory | string | `"64Mi"` | | -| deployment.kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | | -| deployment.kubeRbacProxy.image.tag | string | `"v0.11.0"` | | -| deployment.kubeRbacProxy.resources.limits.cpu | string | `"500m"` | | -| deployment.kubeRbacProxy.resources.limits.memory | string | `"128Mi"` | | -| deployment.kubeRbacProxy.resources.requests.cpu | string | `"5m"` | | -| deployment.kubeRbacProxy.resources.requests.memory | string | `"64Mi"` | | -| deployment.ports[0].name | string | `"grpc"` | | -| deployment.ports[0].port | int | `18000` | | -| deployment.ports[0].targetPort | int | `18000` | | -| deployment.replicas | int | `1` | | -| envoyGatewayMetricsService.ports[0].name | string | `"https"` | | -| envoyGatewayMetricsService.ports[0].port | int | `8443` | | -| envoyGatewayMetricsService.ports[0].protocol | string | `"TCP"` | | -| envoyGatewayMetricsService.ports[0].targetPort | string | `"https"` | | +| Key | Type | Default | Description | +| -------------------------------------------------- | ------ | ------------------------------------------------- | ----------- | +| config.envoyGateway.gateway.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` | | +| config.envoyGateway.provider.type | string | `"Kubernetes"` | | +| deployment.envoyGateway.image.repository | string | `"docker.io/envoyproxy/gateway-dev"` | | +| deployment.envoyGateway.image.tag | string | `"latest"` | | +| deployment.envoyGateway.imagePullPolicy | string | `"Always"` | | +| deployment.envoyGateway.resources.limits.cpu | string | `"500m"` | | +| deployment.envoyGateway.resources.limits.memory | string | `"128Mi"` | | +| deployment.envoyGateway.resources.requests.cpu | string | `"10m"` | | +| deployment.envoyGateway.resources.requests.memory | string | `"64Mi"` | | +| deployment.kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | | +| deployment.kubeRbacProxy.image.tag | string | `"v0.11.0"` | | +| deployment.kubeRbacProxy.resources.limits.cpu | string | `"500m"` | | +| deployment.kubeRbacProxy.resources.limits.memory | string | `"128Mi"` | | +| deployment.kubeRbacProxy.resources.requests.cpu | string | `"5m"` | | +| deployment.kubeRbacProxy.resources.requests.memory | string | `"64Mi"` | | +| deployment.ports[0].name | string | `"grpc"` | | +| deployment.ports[0].port | int | `18000` | | +| deployment.ports[0].targetPort | int | `18000` | | +| deployment.replicas | int | `1` | | +| envoyGatewayMetricsService.ports[0].name | string | `"https"` | | +| envoyGatewayMetricsService.ports[0].port | int | `8443` | | +| envoyGatewayMetricsService.ports[0].protocol | string | `"TCP"` | | +| envoyGatewayMetricsService.ports[0].targetPort | string | `"https"` | | +| kubernetesClusterDomain | string | `"cluster.local"` | | diff --git a/charts/gateway-helm/templates/certgen.yaml b/charts/gateway-helm/templates/certgen.yaml index 25f65196da6..cfad73c055f 100644 --- a/charts/gateway-helm/templates/certgen.yaml +++ b/charts/gateway-helm/templates/certgen.yaml @@ -26,6 +26,8 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ .Values.kubernetesClusterDomain }} image: {{ .Values.deployment.envoyGateway.image.repository }}:{{ .Values.deployment.envoyGateway.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.deployment.envoyGateway.imagePullPolicy }} name: envoy-gateway-certgen diff --git a/charts/gateway-helm/templates/envoy-gateway-deployment.yaml b/charts/gateway-helm/templates/envoy-gateway-deployment.yaml index e2cc40b9a24..3cd8afe4dda 100644 --- a/charts/gateway-helm/templates/envoy-gateway-deployment.yaml +++ b/charts/gateway-helm/templates/envoy-gateway-deployment.yaml @@ -71,7 +71,7 @@ spec: - --v=0 env: - name: KUBERNETES_CLUSTER_DOMAIN - value: cluster.local + value: {{ .Values.kubernetesClusterDomain }} image: {{ .Values.deployment.kubeRbacProxy.image.repository }}:{{ .Values.deployment.kubeRbacProxy.image.tag | default .Chart.AppVersion }} name: kube-rbac-proxy ports: diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml index d1fdd1979d9..b88a7698d78 100644 --- a/charts/gateway-helm/values.tmpl.yaml +++ b/charts/gateway-helm/values.tmpl.yaml @@ -23,9 +23,9 @@ deployment: cpu: 5m memory: 64Mi ports: - - name: grpc - port: 18000 - targetPort: 18000 + - name: grpc + port: 18000 + targetPort: 18000 replicas: 1 config: @@ -37,9 +37,11 @@ config: envoyGatewayMetricsService: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https createNamespace: false + +kubernetesClusterDomain: cluster.local diff --git a/internal/cmd/egctl/translate.go b/internal/cmd/egctl/translate.go index 4704575b6fc..102cd18b936 100644 --- a/internal/cmd/egctl/translate.go +++ b/internal/cmd/egctl/translate.go @@ -56,6 +56,7 @@ func NewTranslateCommand() *cobra.Command { inFile, inType, output, resourceType string addMissingResources bool outTypes []string + dnsDomain string ) translateCommand := &cobra.Command{ @@ -93,7 +94,7 @@ func NewTranslateCommand() *cobra.Command { egctl experimental translate --from gateway-api --to gateway-api,xds --type all --output yaml --file `, RunE: func(cmd *cobra.Command, args []string) error { - return translate(cmd.OutOrStdout(), inFile, inType, outTypes, output, resourceType, addMissingResources) + return translate(cmd.OutOrStdout(), inFile, inType, outTypes, output, resourceType, addMissingResources, dnsDomain) }, } @@ -106,6 +107,7 @@ func NewTranslateCommand() *cobra.Command { translateCommand.PersistentFlags().StringVarP(&output, "output", "o", yamlOutput, "One of 'yaml' or 'json'") translateCommand.PersistentFlags().StringVarP(&resourceType, "type", "t", string(AllEnvoyConfigType), getValidResourceTypesStr()) translateCommand.PersistentFlags().BoolVarP(&addMissingResources, "add-missing-resources", "", false, "Provides dummy resources if missed") + translateCommand.PersistentFlags().StringVarP(&dnsDomain, "dns-domain", "", "cluster.local", "DNS domain used by k8s services, default is cluster.local") return translateCommand } @@ -207,7 +209,7 @@ func validate(inFile, inType string, outTypes []string, resourceType string) err return nil } -func translate(w io.Writer, inFile, inType string, outTypes []string, output, resourceType string, addMissingResources bool) error { +func translate(w io.Writer, inFile, inType string, outTypes []string, output, resourceType string, addMissingResources bool, dnsDomain string) error { if err := validate(inFile, inType, outTypes, resourceType); err != nil { return err } @@ -231,7 +233,7 @@ func translate(w io.Writer, inFile, inType string, outTypes []string, output, re result.Resources = translateGatewayAPIToGatewayAPI(resources) } if outType == xdsType { - res, err := translateGatewayAPIToXds(resourceType, resources) + res, err := translateGatewayAPIToXds(dnsDomain, resourceType, resources) if err != nil { return err } @@ -274,7 +276,7 @@ func translateGatewayAPIToGatewayAPI(resources *gatewayapi.Resources) gatewayapi return gRes.Resources } -func translateGatewayAPIToXds(resourceType string, resources *gatewayapi.Resources) (map[string]any, error) { +func translateGatewayAPIToXds(dnsDomain string, resourceType string, resources *gatewayapi.Resources) (map[string]any, error) { // Translate from Gateway API to Xds IR gTranslator := &gatewayapi.Translator{ GatewayControllerName: egv1alpha1.GatewayControllerName, @@ -297,7 +299,7 @@ func translateGatewayAPIToXds(resourceType string, resources *gatewayapi.Resourc xTranslator := &translator.Translator{ // Set some default settings for translation GlobalRateLimit: &translator.GlobalRateLimitSettings{ - ServiceURL: ratelimit.GetServiceURL("envoy-gateway"), + ServiceURL: ratelimit.GetServiceURL("envoy-gateway", dnsDomain), }, } xRes, err := xTranslator.Translate(val) diff --git a/internal/crypto/certgen.go b/internal/crypto/certgen.go index ec3b7437370..890b79eb836 100644 --- a/internal/crypto/certgen.go +++ b/internal/crypto/certgen.go @@ -31,9 +31,6 @@ const ( // DefaultCertificateLifetime holds the default certificate lifetime (in days). DefaultCertificateLifetime = 365 - // DefaultDNSSuffix is the default DNS suffix name. - DefaultDNSSuffix = "cluster.local" - // keySize sets the RSA key size to 2048 bits. This is minimum recommended size // for RSA keys. keySize = 2048 @@ -108,7 +105,7 @@ func GenerateCerts(cfg *config.Server) (*Certificates, error) { egProvider := cfg.EnvoyGateway.GetEnvoyGatewayProvider().Type switch egProvider { case v1alpha1.ProviderTypeKubernetes: - egDNSNames = kubeServiceNames(DefaultEnvoyGatewayDNSPrefix, cfg.Namespace, DefaultDNSSuffix) + egDNSNames = kubeServiceNames(DefaultEnvoyGatewayDNSPrefix, cfg.Namespace, cfg.DNSDomain) envoyDNSNames = append(envoyDNSNames, fmt.Sprintf("*.%s", cfg.Namespace)) default: // Kubernetes is the only supported Envoy Gateway provider. diff --git a/internal/envoygateway/config/config.go b/internal/envoygateway/config/config.go index a206d46f6f7..fca28b3ea2e 100644 --- a/internal/envoygateway/config/config.go +++ b/internal/envoygateway/config/config.go @@ -21,6 +21,8 @@ import ( const ( // DefaultNamespace is the default namespace of Envoy Gateway. DefaultNamespace = "envoy-gateway-system" + // DefaultDNSDomain is the default DNS domain used by k8s services. + DefaultDNSDomain = "cluster.local" // EnvoyGatewayServiceName is the name of the Envoy Gateway service. EnvoyGatewayServiceName = "envoy-gateway" // EnvoyPrefix is the prefix applied to the Envoy ConfigMap, Service, Deployment, and ServiceAccount. @@ -34,6 +36,8 @@ type Server struct { EnvoyGateway *v1alpha1.EnvoyGateway // Namespace is the namespace that Envoy Gateway runs in. Namespace string + // DNSDomain is the dns domain used by k8s services. Defaults to "cluster.local". + DNSDomain string // Logger is the logr implementation used by Envoy Gateway. Logger logr.Logger } @@ -47,6 +51,7 @@ func New() (*Server, error) { return &Server{ EnvoyGateway: v1alpha1.DefaultEnvoyGateway(), Namespace: env.Lookup("ENVOY_GATEWAY_NAMESPACE", DefaultNamespace), + DNSDomain: env.Lookup("KUBERNETES_CLUSTER_DOMAIN", DefaultDNSDomain), Logger: logger, }, nil } diff --git a/internal/infrastructure/kubernetes/ratelimit/resource.go b/internal/infrastructure/kubernetes/ratelimit/resource.go index d77e87e3e25..dacf0d526bb 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource.go @@ -37,9 +37,8 @@ const ( ) // GetServiceURL returns the URL for the rate limit service. -// TODO: support custom trust domain -func GetServiceURL(namespace string) string { - return fmt.Sprintf("grpc://%s.%s.svc.cluster.local:%d", InfraName, namespace, InfraGRPCPort) +func GetServiceURL(namespace string, dnsDomain string) string { + return fmt.Sprintf("grpc://%s.%s.svc.%s:%d", InfraName, namespace, dnsDomain, InfraGRPCPort) } // rateLimitLabels returns the labels used for all envoy rate limit resources. diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go index f40d5d70d2f..6ecbe4086bb 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go @@ -377,6 +377,6 @@ func loadDeployment(caseName string) (*appsv1.Deployment, error) { } func TestGetServiceURL(t *testing.T) { - got := GetServiceURL("envoy-gateway-system") - assert.Equal(t, "grpc://envoy-ratelimit.envoy-gateway-system.svc.cluster.local:8081", got) + got := GetServiceURL("envoy-gateway-system", "example-cluster.local") + assert.Equal(t, "grpc://envoy-ratelimit.envoy-gateway-system.svc.example-cluster.local:8081", got) } diff --git a/internal/xds/translator/runner/runner.go b/internal/xds/translator/runner/runner.go index c707e684e9f..7556eb3a94b 100644 --- a/internal/xds/translator/runner/runner.go +++ b/internal/xds/translator/runner/runner.go @@ -65,7 +65,7 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) { // Set the rate limit service URL if global rate limiting is enabled. if r.EnvoyGateway.RateLimit != nil { t.GlobalRateLimit = &translator.GlobalRateLimitSettings{ - ServiceURL: ratelimit.GetServiceURL(r.Namespace), + ServiceURL: ratelimit.GetServiceURL(r.Namespace, r.DNSDomain), } } diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml new file mode 100644 index 00000000000..4bdfb033cd0 --- /dev/null +++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml @@ -0,0 +1,49 @@ +http: +- name: "first-listener" + address: "0.0.0.0" + port: 10080 + hostnames: + - "*" + routes: + - name: "first-route" + rateLimit: + global: + rules: + - headerMatches: + - name: "x-user-id" + exact: "one" + limit: + requests: 5 + unit: second + pathMatch: + exact: "foo/bar" + destinations: + - host: "1.2.3.4" + port: 50000 + - name: "second-route" + rateLimit: + global: + rules: + - headerMatches: + - name: "x-user-id" + distinct: true + limit: + requests: 5 + unit: second + pathMatch: + exact: "example" + destinations: + - host: "1.2.3.4" + port: 50000 + - name: "third-route" + rateLimit: + global: + rules: + - limit: + requests: 5 + unit: second + pathMatch: + exact: "test" + destinations: + - host: "1.2.3.4" + port: 50000 diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml new file mode 100644 index 00000000000..bd68c9a9a96 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml @@ -0,0 +1,62 @@ +- commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + name: first-route + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS +- commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + name: second-route + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS +- commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + name: third-route + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS +- commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + dnsRefreshRate: 30s + loadAssignment: + clusterName: ratelimit_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: envoy-ratelimit.envoy-gateway-system.svc.example-cluster.local + portValue: 8081 + loadBalancingWeight: 1 + locality: {} + name: ratelimit_cluster + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + respectDnsTtl: true + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.endpoints.yaml new file mode 100644 index 00000000000..93b50200d69 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.endpoints.yaml @@ -0,0 +1,30 @@ +- clusterName: first-route + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + locality: {} +- clusterName: second-route + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + locality: {} +- clusterName: third-route + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + locality: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml new file mode 100644 index 00000000000..57a2d5a1a0e --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml @@ -0,0 +1,50 @@ +- accessLog: + - filter: + responseFlagFilter: + flags: + - NR + name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/stdout + address: + socketAddress: + address: 0.0.0.0 + portValue: 10080 + defaultFilterChain: + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/stdout + httpFilters: + - name: envoy.filters.http.ratelimit + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit + domain: first-listener + rateLimitService: + grpcService: + envoyGrpc: + clusterName: ratelimit_cluster + transportApiVersion: V3 + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + mergeSlashes: true + normalizePath: true + pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT + rds: + configSource: + ads: {} + resourceApiVersion: V3 + routeConfigName: first-listener + statPrefix: http + upgradeConfigs: + - upgradeType: websocket + useRemoteAddress: true + name: first-listener + perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.routes.yaml new file mode 100644 index 00000000000..1277fa7a63e --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.routes.yaml @@ -0,0 +1,41 @@ +- name: first-listener + virtualHosts: + - domains: + - '*' + name: first-listener + routes: + - match: + path: foo/bar + name: first-route + route: + cluster: first-route + rateLimits: + - actions: + - headerValueMatch: + descriptorKey: first-route-key-rule-0-match-0 + descriptorValue: first-route-value-rule-0-match-0 + expectMatch: true + headers: + - name: x-user-id + stringMatch: + exact: one + - match: + path: example + name: second-route + route: + cluster: second-route + rateLimits: + - actions: + - requestHeaders: + descriptorKey: second-route-key-rule-0-match-0 + headerName: x-user-id + - match: + path: test + name: third-route + route: + cluster: third-route + rateLimits: + - actions: + - genericKey: + descriptorKey: third-route-key-rule-0-match--1 + descriptorValue: third-route-value-rule-0-match--1 diff --git a/internal/xds/translator/translator_test.go b/internal/xds/translator/translator_test.go index 190f2a809d4..cba56c93883 100644 --- a/internal/xds/translator/translator_test.go +++ b/internal/xds/translator/translator_test.go @@ -33,6 +33,7 @@ var ( func TestTranslateXds(t *testing.T) { testCases := []struct { name string + dnsDomain string requireSecrets bool }{ { @@ -115,6 +116,10 @@ func TestTranslateXds(t *testing.T) { { name: "ratelimit", }, + { + name: "ratelimit-custom-domain", + dnsDomain: "example-cluster.local", + }, { name: "ratelimit-sourceip", }, @@ -135,10 +140,14 @@ func TestTranslateXds(t *testing.T) { for _, tc := range testCases { tc := tc t.Run(tc.name, func(t *testing.T) { + dnsDomain := tc.dnsDomain + if dnsDomain == "" { + dnsDomain = "cluster.local" + } ir := requireXdsIRFromInputTestData(t, "xds-ir", tc.name+".yaml") tr := &Translator{ GlobalRateLimit: &GlobalRateLimitSettings{ - ServiceURL: ratelimit.GetServiceURL("envoy-gateway-system"), + ServiceURL: ratelimit.GetServiceURL("envoy-gateway-system", dnsDomain), }, } @@ -244,7 +253,7 @@ func TestTranslateXdsWithExtension(t *testing.T) { ir := requireXdsIRFromInputTestData(t, "extension-xds-ir", tc.name+".yaml") tr := &Translator{ GlobalRateLimit: &GlobalRateLimitSettings{ - ServiceURL: ratelimit.GetServiceURL("envoy-gateway-system"), + ServiceURL: ratelimit.GetServiceURL("envoy-gateway-system", "cluster.local"), }, } ext := v1alpha1.Extension{