Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support patching on EnvoyProxy.spec.provider.kubernetes.envoyHpa and envoyPDB #4894

Closed
davem-git opened this issue Dec 11, 2024 · 2 comments · Fixed by #4910
Closed

support patching on EnvoyProxy.spec.provider.kubernetes.envoyHpa and envoyPDB #4894

davem-git opened this issue Dec 11, 2024 · 2 comments · Fixed by #4910
Assignees
Labels
area/api API-related issues area/infra-mgr Issues related to the provisioner used for provisioning the managed Envoy Proxy fleet. kind/enhancement New feature or request
Milestone

Comments

@davem-git
Copy link

davem-git commented Dec 11, 2024

Description:
I want to be able to use patching on envoyHPA and envoyPDB. I use it on envoyService, envoyDeployment. I use it to rename the service and deployment to a friendly name. However, there's no way to get the HPA or PDB to work after renaming.

[optional Relevant Links:]

Any extra documentation required to understand the issue.
example of my setup

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
  name: custom-proxy-config-manual
  namespace: envoy-gateway-system
spec:
  logging:
    level:
      default: warn
  provider:
    type: Kubernetes
    kubernetes:
      envoyDeployment:
        container:
          image: acme-docker.jfrog.io/acme/envoy-proxy:1.32.1-1
          resources:
            requests:
              cpu: 20m
              memory: 256Mi
            limits:
              cpu: 3000m
              memory: 3000Mi
        patch:
          type: StrategicMerge
          value:
            metadata:
              name: manual-gateway
              labels:
                app: manual-gateway
                kubernetes.acme.com/role: server
                kubernetes.acme.com/service: envoy-gateway
            spec:
              template:
                spec:
                  containers:
                    - name: shutdown-manager
                      resources:
                        limits:
                          cpu: 200m
                          memory: 1024Mi
                  imagePullSecrets:
                  - name: jfrog-pull-secret
                  terminationGracePeriodSeconds: 500
        replicas: 3
        pod:      
          affinity:
            podAntiAffinity:
              preferredDuringSchedulingIgnoredDuringExecution:
                - podAffinityTerm:
                    labelSelector:
                      matchExpressions:
                        - key: app.kubernetes.io/name
                          operator: In
                          values:
                            - envoy
                    topologyKey: kubernetes.io/hostname
                  weight: 100
                - podAffinityTerm:
                    labelSelector:
                      matchExpressions:
                        - key: app.kubernetes.io/name
                          operator: In
                          values:
                            - envoy
                    topologyKey: topology.kubernetes.io/zone
                  weight: 90
          labels:
            kubernetes.acme.com/role: server
            kubernetes.acme.com/service: envoy-gateway
        strategy:
          type: RollingUpdate
          rollingUpdate:
            maxSurge: 100%
            maxUnavailable: 0
      envoyHpa:
        behavior:
          scaleDown:
            stabilizationWindowSeconds: 300  # Delay scale down by 5 minutes
            policies:
              - type: Percent
                value: 10
                periodSeconds: 60
          scaleUp:
            policies:
              - type: Percent
                value: 100
                periodSeconds: 15
        minReplicas: 3
        maxReplicas: 6 
        metrics:
          - type: Resource
            resource:
              name: memory
              target:
                type: AverageValue
                averageValue: 512Mi
          - type: Resource
            resource:
              name: cpu
              target:
                type: AverageValue
                averageValue: 600m
      envoyService: 
        patch:
          type: StrategicMerge
          value:
            metadata:
              name: manual-gateway
  shutdown:
    drainTimeout: 600s
    minDrainDuration: 60s
  telemetry:
    accessLog:
      settings:
        - format:
            type: JSON
            json:
              bytes_received: "%BYTES_RECEIVED%"
              bytes_sent: "%BYTES_SENT%"
              duration: "%DURATION%"
              upstream_ssl_cipher: "%UPSTREAM_TLS_CIPHER%"
              method: "%REQ(:method)%"
              response_code: "%RESPONSE_CODE%"
              response_flags: "%RESPONSE_FLAGS_LONG%"
              route_name: "%ROUTE_NAME%"
              start_time: "%START_TIME%"
              upstream_host: "%UPSTREAM_HOST%"
              user_agent: "%REQ(USER-AGENT)%"
              vhost: "%REQ(:authority)%"
              x-envoy-original-path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"
              x-forwarded-for: "%REQ(X-FORWARDED-FOR)%"
              x-request-id: "%REQ(X-REQUEST-ID)%"
          sinks:
            - type: File
              file:
                path: /dev/stdout
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: manual-gateway
  namespace: envoy-gateway-system 
spec:
  gatewayClassName: acme-envoy
  infrastructure:
    parametersRef:
      group: gateway.envoyproxy.io
      kind: EnvoyProxy
      name: custom-proxy-config-manual
  listeners:
    - name: https
      protocol: HTTPS
      port: 443
      tls:
        mode: Terminate
        certificateRefs:
          - group: ""
            kind: Secret
            name: acme-tls-secret
      allowedRoutes:
        namespaces:
          from: All
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: ClientTrafficPolicy
metadata:
  name: health-check-manual
  namespace: envoy-gateway-system
spec:
  targetRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
      name: manual-gateway
  healthCheck:
    path: /healthz
@arkodg arkodg added kind/enhancement New feature or request help wanted Extra attention is needed area/api API-related issues area/infra-mgr Issues related to the provisioner used for provisioning the managed Envoy Proxy fleet. and removed triage labels Dec 11, 2024
@arkodg arkodg added this to the v1.3.0-rc.1 milestone Dec 11, 2024
@keithfz
Copy link
Contributor

keithfz commented Dec 12, 2024

I can take a look at adding this if no one is working on it, seems straightforward to map what exists today for patching envoyService, etc.

@arkodg arkodg removed the help wanted Extra attention is needed label Dec 12, 2024
@arkodg
Copy link
Contributor

arkodg commented Dec 12, 2024

thanks @keithfz, go for it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/api API-related issues area/infra-mgr Issues related to the provisioner used for provisioning the managed Envoy Proxy fleet. kind/enhancement New feature or request
Projects
None yet
3 participants