Skip to content

Commit

Permalink
fix: btlsp section name doesn't support port name (envoyproxy#4784)
Browse files Browse the repository at this point in the history
* fix btlsp section name

Signed-off-by: Huabing Zhao <[email protected]>

* add release note

Signed-off-by: Huabing Zhao <[email protected]>

* optmize service search

Signed-off-by: Huabing Zhao <[email protected]>

* address comment

Signed-off-by: Huabing Zhao <[email protected]>

* fix test

Signed-off-by: Huabing Zhao <[email protected]>

* fix test

Signed-off-by: Huabing Zhao <[email protected]>

* address comment

Signed-off-by: Huabing Zhao <[email protected]>

* fix e2e

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>
Co-authored-by: zirain <[email protected]>
  • Loading branch information
zhaohuabing and zirain authored Dec 6, 2024
1 parent 14fb56e commit b9f9a9f
Show file tree
Hide file tree
Showing 41 changed files with 122 additions and 61 deletions.
9 changes: 7 additions & 2 deletions internal/cmd/egctl/translate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/yaml"

"github.com/envoyproxy/gateway/internal/gatewayapi/resource"
"github.com/envoyproxy/gateway/internal/utils/field"
"github.com/envoyproxy/gateway/internal/utils/file"
)
Expand Down Expand Up @@ -368,8 +369,12 @@ func TestTranslate(t *testing.T) {
// want.GatewayClass.Status.SupportedFeatures = status.GatewaySupportedFeatures
// }

opts := cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime")
require.Empty(t, cmp.Diff(want, got, opts))
opts := []cmp.Option{
cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime"),
cmpopts.IgnoreFields(resource.Resources{}, "serviceMap"),
}

require.Empty(t, cmp.Diff(want, got, opts...))
})
}
}
Expand Down
12 changes: 9 additions & 3 deletions internal/gatewayapi/backendtlspolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ func (t *Translator) processBackendTLSPolicy(
resources *resource.Resources,
envoyProxy *egv1a1.EnvoyProxy,
) (*ir.TLSUpstreamConfig, *gwapiv1a3.BackendTLSPolicy) {
policy := getBackendTLSPolicy(resources.BackendTLSPolicies, backendRef, backendNamespace)
policy := getBackendTLSPolicy(resources.BackendTLSPolicies, backendRef, backendNamespace, resources)
if policy == nil {
return nil, nil
}
Expand Down Expand Up @@ -157,8 +157,14 @@ func backendTLSTargetMatched(policy gwapiv1a3.BackendTLSPolicy, target gwapiv1a2
return false
}

func getBackendTLSPolicy(policies []*gwapiv1a3.BackendTLSPolicy, backendRef gwapiv1a2.BackendObjectReference, backendNamespace string) *gwapiv1a3.BackendTLSPolicy {
target := getTargetBackendReference(backendRef)
func getBackendTLSPolicy(
policies []*gwapiv1a3.BackendTLSPolicy,
backendRef gwapiv1a2.BackendObjectReference,
backendNamespace string,
resources *resource.Resources,
) *gwapiv1a3.BackendTLSPolicy {
// SectionName is port number for EG Backend object
target := getTargetBackendReference(backendRef, backendNamespace, resources)
for _, policy := range policies {
if backendTLSTargetMatched(*policy, target, backendNamespace) {
return policy
Expand Down
19 changes: 14 additions & 5 deletions internal/gatewayapi/resource/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
corev1 "k8s.io/api/core/v1"
discoveryv1 "k8s.io/api/discovery/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/types"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
Expand Down Expand Up @@ -64,6 +65,8 @@ type Resources struct {
ExtensionServerPolicies []unstructured.Unstructured `json:"extensionServerPolicies,omitempty" yaml:"extensionServerPolicies,omitempty"`
Backends []*egv1a1.Backend `json:"backends,omitempty" yaml:"backends,omitempty"`
HTTPRouteFilters []*egv1a1.HTTPRouteFilter `json:"httpFilters,omitempty" yaml:"httpFilters,omitempty"`

serviceMap map[types.NamespacedName]*corev1.Service
}

func NewResources() *Resources {
Expand Down Expand Up @@ -111,14 +114,20 @@ func (r *Resources) GetEnvoyProxy(namespace, name string) *egv1a1.EnvoyProxy {
return nil
}

// GetService returns the Service with the given namespace and name.
// This function creates a HashMap of Services for faster lookup when it's called for the first time.
// Subsequent calls will use the HashMap for lookup.
// Note:
// - This function is not thread-safe.
// - This function should be called after all the Services are added to the Resources.
func (r *Resources) GetService(namespace, name string) *corev1.Service {
for _, svc := range r.Services {
if svc.Namespace == namespace && svc.Name == name {
return svc
if r.serviceMap == nil {
r.serviceMap = make(map[types.NamespacedName]*corev1.Service)
for _, svc := range r.Services {
r.serviceMap[types.NamespacedName{Namespace: svc.Namespace, Name: svc.Name}] = svc
}
}

return nil
return r.serviceMap[types.NamespacedName{Namespace: namespace, Name: name}]
}

func (r *Resources) GetServiceImport(namespace, name string) *mcsapiv1a1.ServiceImport {
Expand Down
17 changes: 17 additions & 0 deletions internal/gatewayapi/resource/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

31 changes: 23 additions & 8 deletions internal/gatewayapi/route.go
Original file line number Diff line number Diff line change
Expand Up @@ -1598,30 +1598,45 @@ func getIREndpointsFromEndpointSlice(endpointSlice *discoveryv1.EndpointSlice, p
return endpoints
}

func getTargetBackendReference(backendRef gwapiv1a2.BackendObjectReference) gwapiv1a2.LocalPolicyTargetReferenceWithSectionName {
func getTargetBackendReference(backendRef gwapiv1a2.BackendObjectReference, backendNamespace string, resources *resource.Resources) gwapiv1a2.LocalPolicyTargetReferenceWithSectionName {
ref := gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{
LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{
Group: func() gwapiv1a2.Group {
if backendRef.Group == nil {
if backendRef.Group == nil || *backendRef.Group == "" {
return ""
}
return *backendRef.Group
}(),
Kind: func() gwapiv1.Kind {
if backendRef.Kind == nil {
if backendRef.Kind == nil || *backendRef.Kind == resource.KindService {
return "Service"
}
return *backendRef.Kind
}(),
Name: backendRef.Name,
},
SectionName: func() *gwapiv1.SectionName {
if backendRef.Port != nil {
return SectionNamePtr(strconv.Itoa(int(*backendRef.Port)))
}
if backendRef.Port == nil {
return ref
}

// Set the section name to the port name if the backend is a Kubernetes Service
if backendRef.Kind == nil || *backendRef.Kind == resource.KindService {
if service := resources.GetService(backendNamespace, string(backendRef.Name)); service != nil {
for _, port := range service.Spec.Ports {
if port.Port == int32(*backendRef.Port) {
if port.Name != "" {
ref.SectionName = SectionNamePtr(port.Name)
break
}
}
}
return nil
}(),
}
} else {
// Set the section name to the port number if the backend is a EG Backend
ref.SectionName = SectionNamePtr(strconv.Itoa(int(*backendRef.Port)))
}

return ref
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- group: ""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- name: ca-secret
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- group: ""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- group: ""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
- group: gateway.envoyproxy.io
kind: Backend
name: backend-ip-tls
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
- group: gateway.envoyproxy.io
kind: Backend
name: backend-ip-tls
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- group: ""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- name: no-ca-cmap
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- group: ""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,11 +64,11 @@ services:
clusterIP: 10.11.12.13
ports:
- port: 8080
name: http
name: http1
protocol: TCP
targetPort: 8080
- port: 8081
name: http
name: http2
protocol: TCP
targetPort: 8081

Expand Down Expand Up @@ -110,11 +110,11 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http1
- group: ""
kind: Service
name: http-backend
sectionName: "8081"
sectionName: http2
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http1
- group: ""
kind: Service
name: http-backend
sectionName: "8081"
sectionName: http2
validation:
caCertificateRefs:
- group: ""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
wellKnownCACertificates: System
hostname: example.com
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
hostname: example.com
wellKnownCACertificates: System
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ backendTLSPolicies:
- group: ''
kind: Service
name: grpc-backend
sectionName: "8000"
sectionName: grpc
validation:
caCertificateRefs:
- name: ca-cmap
Expand All @@ -177,7 +177,7 @@ backendTLSPolicies:
- group: ''
kind: Service
name: grpc-backend-2
sectionName: "9000"
sectionName: grpc
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: grpc-backend
sectionName: "8000"
sectionName: grpc
validation:
caCertificateRefs:
- group: ""
Expand Down Expand Up @@ -42,7 +42,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: grpc-backend-2
sectionName: "9000"
sectionName: grpc
validation:
caCertificateRefs:
- group: ""
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ backendTLSPolicies:
- group: ''
kind: Service
name: grpc-backend
sectionName: "8000"
sectionName: grpc
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: grpc-backend
sectionName: "8000"
sectionName: grpc
validation:
caCertificateRefs:
- group: ""
Expand Down
Loading

0 comments on commit b9f9a9f

Please sign in to comment.