projectcontour · sunjayBhatia · Jun 23, 2023 · Jun 23, 2023 · Jul 11, 2023
@@ -104,7 +104,8 @@ func main() {
 		if err := envoy.ValidAdminAddress(bootstrapCtx.AdminAddress); err != nil {
 			log.WithField("flag", "--admin-address").WithError(err).Fatal("failed to parse bootstrap args")
 		}
-		if err := envoy_v3.WriteBootstrap(bootstrapCtx); err != nil {
+		cg := envoy_v3.NewConfigGenerator()
+		if err := cg.WriteBootstrap(bootstrapCtx); err != nil {
 			log.WithError(err).Fatal("failed to write bootstrap configuration")
 		}
 	case certgenApp.FullCommand():

@@ -441,11 +441,12 @@ func (s *Server) doServe() error {
 	// due to their high update rate and their orthogonal nature.
 	endpointHandler := xdscache_v3.NewEndpointsTranslator(s.log.WithField("context", "endpointstranslator"))
 
+	configGen := envoy_v3.NewConfigGenerator()
 	resources := []xdscache.ResourceCache{
-		xdscache_v3.NewListenerCache(listenerConfig, *contourConfiguration.Envoy.Metrics, *contourConfiguration.Envoy.Health, *contourConfiguration.Envoy.Network.EnvoyAdminPort),
+		xdscache_v3.NewListenerCache(listenerConfig, *contourConfiguration.Envoy.Metrics, *contourConfiguration.Envoy.Health, *contourConfiguration.Envoy.Network.EnvoyAdminPort, configGen),
 		xdscache_v3.NewSecretsCache(envoy_v3.StatsSecrets(contourConfiguration.Envoy.Metrics.TLS)),
 		&xdscache_v3.RouteCache{},
-		&xdscache_v3.ClusterCache{},
+		xdscache_v3.NewClusterCache(configGen),
 		endpointHandler,
 		&xdscache_v3.RuntimeCache{},
 	}

@@ -25,13 +25,12 @@ import (
 // UpstreamTLSContext creates an envoy_v3_tls.UpstreamTlsContext. By default
 // UpstreamTLSContext returns a HTTP/1.1 TLS enabled context. A list of
 // additional ALPN protocols can be provided.
-func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, clientSecret *dag.Secret, alpnProtocols ...string) *envoy_v3_tls.UpstreamTlsContext {
+func (g *ConfigGenerator) UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, clientSecret *dag.Secret, alpnProtocols ...string) *envoy_v3_tls.UpstreamTlsContext {
 	var clientSecretConfigs []*envoy_v3_tls.SdsSecretConfig
 	if clientSecret != nil {
-		clientSecretConfigs = []*envoy_v3_tls.SdsSecretConfig{{
-			Name:      envoy.Secretname(clientSecret),
-			SdsConfig: ConfigSource("contour"),
-		}}
+		clientSecretConfigs = []*envoy_v3_tls.SdsSecretConfig{
+			g.sdsSecretConfig(envoy.Secretname(clientSecret)),
+		}
 	}
 
 	context := &envoy_v3_tls.UpstreamTlsContext{
@@ -105,18 +104,17 @@ func validationContext(ca []byte, subjectName string, skipVerifyPeerCert bool, c
 }
 
 // DownstreamTLSContext creates a new DownstreamTlsContext.
-func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion envoy_v3_tls.TlsParameters_TlsProtocol, cipherSuites []string, peerValidationContext *dag.PeerValidationContext, alpnProtos ...string) *envoy_v3_tls.DownstreamTlsContext {
+func (g *ConfigGenerator) DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion envoy_v3_tls.TlsParameters_TlsProtocol, cipherSuites []string, peerValidationContext *dag.PeerValidationContext, alpnProtos ...string) *envoy_v3_tls.DownstreamTlsContext {
 	context := &envoy_v3_tls.DownstreamTlsContext{
 		CommonTlsContext: &envoy_v3_tls.CommonTlsContext{
 			TlsParams: &envoy_v3_tls.TlsParameters{
 				TlsMinimumProtocolVersion: tlsMinProtoVersion,
 				TlsMaximumProtocolVersion: envoy_v3_tls.TlsParameters_TLSv1_3,
 				CipherSuites:              cipherSuites,
 			},
-			TlsCertificateSdsSecretConfigs: []*envoy_v3_tls.SdsSecretConfig{{
-				Name:      envoy.Secretname(serverSecret),
-				SdsConfig: ConfigSource("contour"),
-			}},
+			TlsCertificateSdsSecretConfigs: []*envoy_v3_tls.SdsSecretConfig{
+				g.sdsSecretConfig(envoy.Secretname(serverSecret)),
+			},
 			AlpnProtocols: alpnProtos,
 		},
 	}

@@ -112,7 +112,8 @@ func TestUpstreamTLSContext(t *testing.T) {
 
 	for name, tc := range tests {
 		t.Run(name, func(t *testing.T) {
-			got := UpstreamTLSContext(tc.validation, tc.externalName, nil, tc.alpnProtocols...)
+			cg := NewConfigGenerator()
+			got := cg.UpstreamTLSContext(tc.validation, tc.externalName, nil, tc.alpnProtocols...)
 			protobuf.ExpectEqual(t, tc.want, got)
 		})
 	}

@@ -46,9 +46,9 @@ import (
 )
 
 // WriteBootstrap writes bootstrap configuration to files.
-func WriteBootstrap(c *envoy.BootstrapConfig) error {
+func (g *ConfigGenerator) WriteBootstrap(c *envoy.BootstrapConfig) error {
 	// Create Envoy bootstrap config and associated resource files.
-	steps, err := bootstrap(c)
+	steps, err := g.bootstrap(c)
 	if err != nil {
 		return err
 	}
@@ -76,13 +76,13 @@ func WriteBootstrap(c *envoy.BootstrapConfig) error {
 type bootstrapf func(*envoy.BootstrapConfig) (string, proto.Message)
 
 // bootstrap creates a new v3 bootstrap configuration and associated resource files.
-func bootstrap(c *envoy.BootstrapConfig) ([]bootstrapf, error) {
+func (g *ConfigGenerator) bootstrap(c *envoy.BootstrapConfig) ([]bootstrapf, error) {
 	var steps []bootstrapf
 
 	if c.GrpcClientCert == "" && c.GrpcClientKey == "" && c.GrpcCABundle == "" {
 		steps = append(steps,
 			func(*envoy.BootstrapConfig) (string, proto.Message) {
-				return c.Path, bootstrapConfig(c)
+				return c.Path, g.bootstrapConfig(c)
 			})
 
 		return steps, nil
@@ -121,7 +121,7 @@ func bootstrap(c *envoy.BootstrapConfig) ([]bootstrapf, error) {
 
 		steps = append(steps,
 			func(*envoy.BootstrapConfig) (string, proto.Message) {
-				b := bootstrapConfig(c)
+				b := g.bootstrapConfig(c)
 				b.StaticResources.Clusters[0].TransportSocket = UpstreamTLSTransportSocket(
 					upstreamFileTLSContext(c))
 				return c.Path, b
@@ -149,7 +149,7 @@ func bootstrap(c *envoy.BootstrapConfig) ([]bootstrapf, error) {
 			return sdsValidationContextPath, validationContextSdsSecretConfig(c)
 		},
 		func(*envoy.BootstrapConfig) (string, proto.Message) {
-			b := bootstrapConfig(c)
+			b := g.bootstrapConfig(c)
 			b.StaticResources.Clusters[0].TransportSocket = UpstreamTLSTransportSocket(
 				upstreamSdsTLSContext(sdsTLSCertificatePath, sdsValidationContextPath))
 			return c.Path, b
@@ -159,7 +159,7 @@ func bootstrap(c *envoy.BootstrapConfig) ([]bootstrapf, error) {
 	return steps, nil
 }
 
-func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_bootstrap_v3.Bootstrap {
+func (g *ConfigGenerator) bootstrapConfig(c *envoy.BootstrapConfig) *envoy_bootstrap_v3.Bootstrap {
 	bootstrap := &envoy_bootstrap_v3.Bootstrap{
 		LayeredRuntime: &envoy_bootstrap_v3.LayeredRuntime{
 			Layers: []*envoy_bootstrap_v3.RuntimeLayer{
@@ -174,7 +174,7 @@ func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_bootstrap_v3.Bootstrap {
 					LayerSpecifier: &envoy_bootstrap_v3.RuntimeLayer_RtdsLayer_{
 						RtdsLayer: &envoy_bootstrap_v3.RuntimeLayer_RtdsLayer{
 							Name:       DynamicRuntimeLayerName,
-							RtdsConfig: ConfigSource("contour"),
+							RtdsConfig: g.ConfigSource(),
 						},
 					},
 				},
@@ -192,8 +192,8 @@ func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_bootstrap_v3.Bootstrap {
 			},
 		},
 		DynamicResources: &envoy_bootstrap_v3.Bootstrap_DynamicResources{
-			LdsConfig: ConfigSource("contour"),
-			CdsConfig: ConfigSource("contour"),
+			LdsConfig: g.ConfigSource(),
+			CdsConfig: g.ConfigSource(),
 		},
 		StaticResources: &envoy_bootstrap_v3.Bootstrap_StaticResources{
 			Clusters: []*envoy_cluster_v3.Cluster{{

@@ -2056,7 +2056,8 @@ func TestBootstrap(t *testing.T) {
 
 	for name, tc := range tests {
 		t.Run(name, func(t *testing.T) {
-			steps, gotError := bootstrap(&tc.config)
+			cg := NewConfigGenerator()
+			steps, gotError := cg.bootstrap(&tc.config)
 			assert.Equal(t, gotError != nil, tc.wantedError)
 
 			gotConfigs := map[string]proto.Message{}

@@ -36,13 +36,13 @@ import (
 func clusterDefaults() *envoy_cluster_v3.Cluster {
 	return &envoy_cluster_v3.Cluster{
 		ConnectTimeout: durationpb.New(2 * time.Second),
-		CommonLbConfig: ClusterCommonLBConfig(),
+		CommonLbConfig: clusterCommonLBConfig(),
 		LbPolicy:       lbPolicy(dag.LoadBalancerPolicyRoundRobin),
 	}
 }
 
 // Cluster creates new envoy_cluster_v3.Cluster from dag.Cluster.
-func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster {
+func (g *ConfigGenerator) Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster {
 	service := c.Upstream
 	cluster := clusterDefaults()
 
@@ -60,7 +60,7 @@ func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster {
 	case 0:
 		// external name not set, cluster will be discovered via EDS
 		cluster.ClusterDiscoveryType = ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS)
-		cluster.EdsClusterConfig = edsconfig("contour", service)
+		cluster.EdsClusterConfig = g.edsconfig(service)
 	default:
 		// external name set, use hard coded DNS name
 		// external name set to LOGICAL_DNS when user selects the ALL loookup family
@@ -93,7 +93,7 @@ func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster {
 	switch c.Protocol {
 	case "tls":
 		cluster.TransportSocket = UpstreamTLSTransportSocket(
-			UpstreamTLSContext(
+			g.UpstreamTLSContext(
 				c.UpstreamValidation,
 				c.SNI,
 				c.ClientCertificate,
@@ -102,7 +102,7 @@ func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster {
 	case "h2":
 		httpVersion = HTTPVersion2
 		cluster.TransportSocket = UpstreamTLSTransportSocket(
-			UpstreamTLSContext(
+			g.UpstreamTLSContext(
 				c.UpstreamValidation,
 				c.SNI,
 				c.ClientCertificate,
@@ -142,7 +142,7 @@ func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster {
 }
 
 // ExtensionCluster builds a envoy_cluster_v3.Cluster struct for the given extension service.
-func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_cluster_v3.Cluster {
+func (g *ConfigGenerator) ExtensionCluster(ext *dag.ExtensionCluster) *envoy_cluster_v3.Cluster {
 	cluster := clusterDefaults()
 
 	// The Envoy cluster name has already been set.
@@ -162,7 +162,7 @@ func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_cluster_v3.Cluster {
 	// Cluster will be discovered via EDS.
 	cluster.ClusterDiscoveryType = ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS)
 	cluster.EdsClusterConfig = &envoy_cluster_v3.Cluster_EdsClusterConfig{
-		EdsConfig:   ConfigSource("contour"),
+		EdsConfig:   g.ConfigSource(),
 		ServiceName: ext.Upstream.ClusterName,
 	}
 
@@ -173,7 +173,7 @@ func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_cluster_v3.Cluster {
 	case "h2":
 		http2Version = HTTPVersion2
 		cluster.TransportSocket = UpstreamTLSTransportSocket(
-			UpstreamTLSContext(
+			g.UpstreamTLSContext(
 				ext.UpstreamValidation,
 				ext.SNI,
 				ext.ClientCertificate,
@@ -193,7 +193,7 @@ func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_cluster_v3.Cluster {
 }
 
 // DNSNameCluster builds a envoy_cluster_v3.Cluster for the given *dag.DNSNameCluster.
-func DNSNameCluster(c *dag.DNSNameCluster) *envoy_cluster_v3.Cluster {
+func (g *ConfigGenerator) DNSNameCluster(c *dag.DNSNameCluster) *envoy_cluster_v3.Cluster {
 	cluster := clusterDefaults()
 
 	cluster.Name = envoy.DNSNameClusterName(c)
@@ -207,7 +207,7 @@ func DNSNameCluster(c *dag.DNSNameCluster) *envoy_cluster_v3.Cluster {
 
 	var transportSocket *envoy_core_v3.TransportSocket
 	if c.Scheme == "https" {
-		transportSocket = UpstreamTLSTransportSocket(UpstreamTLSContext(c.UpstreamValidation, c.Address, nil))
+		transportSocket = UpstreamTLSTransportSocket(g.UpstreamTLSContext(c.UpstreamValidation, c.Address, nil))
 	}
 
 	cluster.LoadAssignment = ClusterLoadAssignment(envoy.DNSNameClusterName(c), SocketAddress(c.Address, c.Port))
@@ -216,9 +216,9 @@ func DNSNameCluster(c *dag.DNSNameCluster) *envoy_cluster_v3.Cluster {
 	return cluster
 }
 
-func edsconfig(cluster string, service *dag.Service) *envoy_cluster_v3.Cluster_EdsClusterConfig {
+func (g *ConfigGenerator) edsconfig(service *dag.Service) *envoy_cluster_v3.Cluster_EdsClusterConfig {
 	return &envoy_cluster_v3.Cluster_EdsClusterConfig{
-		EdsConfig: ConfigSource(cluster),
+		EdsConfig: g.ConfigSource(),
 		ServiceName: xds.ClusterLoadAssignmentName(
 			types.NamespacedName{Name: service.Weighted.ServiceName, Namespace: service.Weighted.ServiceNamespace},
 			service.Weighted.ServicePort.Name,
@@ -255,31 +255,15 @@ func edshealthcheck(c *dag.Cluster) []*envoy_core_v3.HealthCheck {
 	}
 }
 
-// ClusterCommonLBConfig creates a *envoy_cluster_v3.Cluster_CommonLbConfig with HealthyPanicThreshold disabled.
-func ClusterCommonLBConfig() *envoy_cluster_v3.Cluster_CommonLbConfig {
+// clusterCommonLBConfig creates a *envoy_cluster_v3.Cluster_CommonLbConfig with HealthyPanicThreshold disabled.
+func clusterCommonLBConfig() *envoy_cluster_v3.Cluster_CommonLbConfig {
 	return &envoy_cluster_v3.Cluster_CommonLbConfig{
 		HealthyPanicThreshold: &envoy_type.Percent{ // Disable HealthyPanicThreshold
 			Value: 0,
 		},
 	}
 }
 
-// ConfigSource returns a *envoy_core_v3.ConfigSource for cluster.
-func ConfigSource(cluster string) *envoy_core_v3.ConfigSource {
-	return &envoy_core_v3.ConfigSource{
-		ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
-		ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{
-			ApiConfigSource: &envoy_core_v3.ApiConfigSource{
-				ApiType:             envoy_core_v3.ApiConfigSource_GRPC,
-				TransportApiVersion: envoy_core_v3.ApiVersion_V3,
-				GrpcServices: []*envoy_core_v3.GrpcService{
-					GrpcService(cluster, "", timeout.DefaultSetting()),
-				},
-			},
-		},
-	}
-}
-
 // ClusterDiscoveryType returns the type of a ClusterDiscovery as a Cluster_type.
 func ClusterDiscoveryType(t envoy_cluster_v3.Cluster_DiscoveryType) *envoy_cluster_v3.Cluster_Type {
 	return &envoy_cluster_v3.Cluster_Type{Type: t}
@@ -293,7 +277,7 @@ func ClusterDiscoveryTypeForAddress(address string, t envoy_cluster_v3.Cluster_D
 	if net.ParseIP(address) != nil {
 		clusterType = envoy_cluster_v3.Cluster_STATIC
 	}
-	return &envoy_cluster_v3.Cluster_Type{Type: clusterType}
+	return ClusterDiscoveryType(clusterType)
 }
 
 // parseDNSLookupFamily parses the dnsLookupFamily string into a envoy_cluster_v3.Cluster_DnsLookupFamily