Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added config for socket options for listeners #5352

Merged
merged 2 commits into from
Aug 15, 2023
Merged

Added config for socket options for listeners #5352

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f239572
Added config for socket options for listeners
tsaarni Aug 4, 2023
f616af2
Added featuretest for non-default socket opts
tsaarni Aug 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions apis/projectcontour/v1alpha1/contourconfig.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -386,6 +386,30 @@ type EnvoyListenerConfig struct {
// TLS holds various configurable Envoy TLS listener values.
// +optional
TLS *EnvoyTLS `json:"tls,omitempty"`

// SocketOptions defines configurable socket options for the listeners.
// Single set of options are applied to all listeners.
// +optional
SocketOptions *SocketOptions `json:"socketOptions,omitempty"`
}

// SocketOptions defines configurable socket options for Envoy listeners.
type SocketOptions struct {
// Defines the value for IPv4 TOS field (including 6 bit DSCP field) for IP packets originating from Envoy listeners.
// Single value is applied to all listeners.
// If listeners are bound to IPv6-only addresses, setting this option will cause an error.
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=255
// +optional
TOS int32 `json:"tos,omitempty"`

// Defines the value for IPv6 Traffic Class field (including 6 bit DSCP field) for IP packets originating from the Envoy listeners.
// Single value is applied to all listeners.
// If listeners are bound to IPv4-only addresses, setting this option will cause an error.
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=255
// +optional
TrafficClass int32 `json:"trafficClass,omitempty"`
}

// EnvoyTLS describes tls parameters for Envoy listneners.
Expand Down
20 changes: 20 additions & 0 deletions apis/projectcontour/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions changelogs/unreleased/5352-tsaarni-small.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add configuration for socket options to support DSCP marking for outbound IP packets, for both IPv4 (TOS field) and IPv6 (Traffic Class field).
1 change: 1 addition & 0 deletions cmd/contour/serve.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -423,6 +423,7 @@
ConnectionBalancer: contourConfiguration.Envoy.Listener.ConnectionBalancer,
MaxRequestsPerConnection: contourConfiguration.Envoy.Listener.MaxRequestsPerConnection,
PerConnectionBufferLimitBytes: contourConfiguration.Envoy.Listener.PerConnectionBufferLimitBytes,
SocketOptions: contourConfiguration.Envoy.Listener.SocketOptions,

Check warning on line 426 in cmd/contour/serve.go

View check run for this annotation

Codecov / codecov/patch

cmd/contour/serve.go#L426 

Added line #L426 was not covered by tests
}

if listenerConfig.TracingConfig, err = s.setupTracingService(contourConfiguration.Tracing); err != nil {
Expand Down
4 changes: 4 additions & 0 deletions cmd/contour/servecontext.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -533,6 +533,10 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha
MaximumProtocolVersion: ctx.Config.TLS.MaximumProtocolVersion,
CipherSuites: cipherSuites,
},
SocketOptions: &contour_api_v1alpha1.SocketOptions{
TOS: ctx.Config.Listener.SocketOptions.TOS,
TrafficClass: ctx.Config.Listener.SocketOptions.TrafficClass,
},
},
Service: &contour_api_v1alpha1.NamespacedName{
Name: ctx.Config.EnvoyServiceName,
Expand Down
4 changes: 4 additions & 0 deletions cmd/contour/servecontext_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -413,6 +413,10 @@ func TestConvertServeContext(t *testing.T) {
MinimumProtocolVersion: "",
MaximumProtocolVersion: "",
},
SocketOptions: &contour_api_v1alpha1.SocketOptions{
TOS: 0,
TrafficClass: 0,
},
},
HTTPListener: &contour_api_v1alpha1.EnvoyListener{
Address: "0.0.0.0",
Expand Down
6 changes: 6 additions & 0 deletions examples/contour/01-contour-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,3 +177,9 @@ data:
# server-certificate-path: /path/to/server-cert.pem
# server-key-path: /path/to/server-private-key.pem
# ca-certificate-path: /path/to/root-ca-for-client-validation.pem
#
# listener:
# connection-balancer: exact
# socket-options:
# tos: 64
# traffic-class: 64
53 changes: 53 additions & 0 deletions examples/contour/01-crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,32 @@ spec:
\n Other values will produce an error. Contour's default
is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket options
for the listeners. Single set of options are applied to
all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field (including
6 bit DSCP field) for IP packets originating from Envoy
listeners. Single value is applied to all listeners.
If listeners are bound to IPv6-only addresses, setting
this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets originating
from the Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv4-only addresses,
setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS listener
values.
Expand Down Expand Up @@ -3621,6 +3647,33 @@ spec:
`pass_through` \n Other values will produce an error.
Contour's default is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket
options for the listeners. Single set of options are
applied to all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field
(including 6 bit DSCP field) for IP packets originating
from Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv6-only
addresses, setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets
originating from the Envoy listeners. Single value
is applied to all listeners. If listeners are bound
to IPv4-only addresses, setting this option will
cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS
listener values.
Expand Down
59 changes: 59 additions & 0 deletions examples/render/contour-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,12 @@ data:
# server-certificate-path: /path/to/server-cert.pem
# server-key-path: /path/to/server-private-key.pem
# ca-certificate-path: /path/to/root-ca-for-client-validation.pem
#
# listener:
# connection-balancer: exact
# socket-options:
# tos: 64
# traffic-class: 64

---
apiVersion: apiextensions.k8s.io/v1
Expand Down Expand Up @@ -437,6 +443,32 @@ spec:
\n Other values will produce an error. Contour's default
is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket options
for the listeners. Single set of options are applied to
all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field (including
6 bit DSCP field) for IP packets originating from Envoy
listeners. Single value is applied to all listeners.
If listeners are bound to IPv6-only addresses, setting
this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets originating
from the Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv4-only addresses,
setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS listener
values.
Expand Down Expand Up @@ -3834,6 +3866,33 @@ spec:
`pass_through` \n Other values will produce an error.
Contour's default is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket
options for the listeners. Single set of options are
applied to all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field
(including 6 bit DSCP field) for IP packets originating
from Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv6-only
addresses, setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets
originating from the Envoy listeners. Single value
is applied to all listeners. If listeners are bound
to IPv4-only addresses, setting this option will
cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS
listener values.
Expand Down
53 changes: 53 additions & 0 deletions examples/render/contour-gateway-provisioner.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,32 @@ spec:
\n Other values will produce an error. Contour's default
is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket options
for the listeners. Single set of options are applied to
all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field (including
6 bit DSCP field) for IP packets originating from Envoy
listeners. Single value is applied to all listeners.
If listeners are bound to IPv6-only addresses, setting
this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets originating
from the Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv4-only addresses,
setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS listener
values.
Expand Down Expand Up @@ -3635,6 +3661,33 @@ spec:
`pass_through` \n Other values will produce an error.
Contour's default is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket
options for the listeners. Single set of options are
applied to all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field
(including 6 bit DSCP field) for IP packets originating
from Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv6-only
addresses, setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets
originating from the Envoy listeners. Single value
is applied to all listeners. If listeners are bound
to IPv4-only addresses, setting this option will
cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS
listener values.
Expand Down
Loading