Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(xds): add internal address config onto HttpConnectionManager #12986

Merged
merged 16 commits into from
Mar 12, 2025
Merged

feat(xds): add internal address config onto HttpConnectionManager #12986

merged 16 commits into from
Mar 12, 2025
+5,275 −137

Conversation

jijiechen
Copy link
Member

Motivation

add internal address config onto HttpConnectionManager, more details are available in issue #12190

Implementation information

introducing a new configuration item ipam.knownInternalCIDRs on zonal CP to allow users specify their known internal address pool and we assign these values when generating Envoy config for HttpConnectionManager

Supporting documentation

fixes #12190

@jijiechen jijiechen requested a review from a team as a code owner March 3, 2025 07:10
@jijiechen jijiechen requested review from slonka and Automaat March 3, 2025 07:10
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 3, 2025

Reviewer Checklist

🔍 Each of these sections need to be checked by the reviewer of the PR 🔍:
If something doesn't apply please check the box and add a justification if the reason is non obvious.

  • Is the PR title satisfactory? Is this part of a larger feature and should be grouped using > Changelog?
  • PR description is clear and complete. It Links to relevant issue as well as docs and UI issues
  • This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as an image registry)
  • IPv6 is taken into account (.e.g: no string concatenation of host port)
  • Tests (Unit test, E2E tests, manual test on universal and k8s)
    • Don't forget ci/ labels to run additional/fewer tests
  • Does this contain a change that needs to be notified to users? In this case, UPGRADE.md should be updated.
  • Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label)

@jijiechen
fix format issues
5900c2f 
Signed-off-by: Jay Chen <[email protected]>
@jijiechen jijiechen force-pushed the internal-address-config branch from 7ad0bf0 to 5900c2f Compare March 3, 2025 08:11
jijiechen added 2 commits March 4, 2025 10:11
@jijiechen
fix format
b4d99d6 
Signed-off-by: Jay Chen <[email protected]>
@jijiechen
sync kuma-cp configuration to docs
0ac544f 
Signed-off-by: Jay Chen <[email protected]>
lukidzi
lukidzi reviewed Mar 4, 2025
View reviewed changes
Copy link
Contributor

@lukidzi lukidzi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add more test cases? I would like to see Gateway/ZoneEgress/ZoneIngress configuration change either by outbound_proxy generator, Mesh*Route. Also, what about admin_proxy_generator, prometheus_endpoint_generator?

@jijiechen
Copy link
Member Author

jijiechen commented Mar 5, 2025
edited
Loading

This makes me think if we should always set this config, I'm trying to do so in the updated commits.

This introduces a lot of changes touching a wide range of files in which I only asserted the internal addresses are passed in via the Mesh*Route plugins. I'm leaving the value as blank/default in tests of other plugins since the feature is already tested from the all the levels:

  • the HCM configurer itself (pkg/xds/envoy/listeners/v3/http_connection_manager_configurer_test.go)
  • the FilterChainBuilder builder (pkg/xds/envoy/listeners/http_connection_manager_configurer_test.go)
  • the Mesh*Route plugins (pkg/plugins/policies/meshhttproute/plugin/v1alpha1/plugin_test.go)
  • the generators (pkg/xds/generator/proxy_template_profile_source_test.go)

@jijiechen jijiechen requested a review from lukidzi March 5, 2025 07:59
@jijiechen
fix format issues
e4c1a37 
Signed-off-by: Jay Chen <[email protected]>
@Icarus9913 Icarus9913 added this to the 2.10.x milestone Mar 5, 2025
@jijiechen jijiechen added the ci/run-full-matrix PR: Runs all possible e2e test combination (expensive use carefully) label Mar 5, 2025
@jijiechen
Copy link
Member Author

We are using Envoy 1.32 in 2.10, and Envoy 1.32 removed the default builtin internal addresses. So this PR is better to be merged in this 2.10 release.
Source: https://github.com/envoyproxy/envoy/blob/main/source/extensions/filters/network/http_connection_manager/config.cc#L83-L86

@lukidzi lukidzi changed the base branch from master to release-2.10 March 5, 2025 13:55
@jijiechen jijiechen requested a review from lukidzi March 11, 2025 07:20
lukidzi
lukidzi approved these changes Mar 11, 2025
View reviewed changes
Copy link
Contributor

@lukidzi lukidzi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jijiechen jijiechen merged commit 8b33058 into kumahq:release-2.10 Mar 12, 2025
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukidzi lukidzi lukidzi approved these changes

@slonka slonka Awaiting requested review from slonka slonka is a code owner automatically assigned from kumahq/kuma-maintainers

@Automaat Automaat Awaiting requested review from Automaat Automaat is a code owner automatically assigned from kumahq/kuma-maintainers

Assignees
No one assigned
Labels
ci/run-full-matrix PR: Runs all possible e2e test combination (expensive use carefully) release-2.10
Projects
None yet
Milestone
2.10.x
Development

Successfully merging this pull request may close these issues.

Set internal_address_config on HttpConnectionManager explicitly
3 participants
@jijiechen @lukidzi @Icarus9913