Skip to content

Commit

Permalink
Added config for socket options for listeners
Browse files Browse the repository at this point in the history
New config field was added to support DSCP marking for outbound traffic,
for both IPv4 (TOS field) and IPv6 (Traffic Class field).

Signed-off-by: Tero Saarni <[email protected]>
  • Loading branch information
tsaarni committed May 10, 2023
1 parent 2c6015d commit 5774ac6
Show file tree
Hide file tree
Showing 38 changed files with 811 additions and 174 deletions.
24 changes: 24 additions & 0 deletions apis/projectcontour/v1alpha1/contourconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,30 @@ type EnvoyListenerConfig struct {
// TLS holds various configurable Envoy TLS listener values.
// +optional
TLS *EnvoyTLS `json:"tls,omitempty"`

// SocketOptions defines configurable socket options for the listeners.
// Single set of options are applied to all listeners.
// +optional
SocketOptions *SocketOptions `json:"socketOptions,omitempty"`
}

// SocketOptions defines configurable socket options for Envoy listeners.
type SocketOptions struct {
// Defines the value for IPv4 TOS field (including 6 bit DSCP field) for IP packets originating from Envoy listeners.
// Single value is applied to all listeners.
// If listeners are bound to IPv6-only addresses, setting this option will cause an error.
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=255
// +optional
TOS int32 `json:"tos,omitempty"`

// Defines the value for IPv6 Traffic Class field (including 6 bit DSCP field) for IP packets originating from the Envoy listeners.
// Single value is applied to all listeners.
// If listeners are bound to IPv4-only addresses, setting this option will cause an error.
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=255
// +optional
TrafficClass int32 `json:"trafficClass,omitempty"`
}

// EnvoyTLS describes tls parameters for Envoy listneners.
Expand Down
20 changes: 20 additions & 0 deletions apis/projectcontour/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions cmd/contour/serve.go
Original file line number Diff line number Diff line change
Expand Up @@ -392,6 +392,7 @@ func (s *Server) doServe() error {
ServerHeaderTransformation: contourConfiguration.Envoy.Listener.ServerHeaderTransformation,
XffNumTrustedHops: *contourConfiguration.Envoy.Network.XffNumTrustedHops,
ConnectionBalancer: contourConfiguration.Envoy.Listener.ConnectionBalancer,
SocketOptions: contourConfiguration.Envoy.Listener.SocketOptions,
}

if listenerConfig.TracingConfig, err = s.setupTracingService(contourConfiguration.Tracing); err != nil {
Expand Down
4 changes: 4 additions & 0 deletions cmd/contour/servecontext.go
Original file line number Diff line number Diff line change
Expand Up @@ -513,6 +513,10 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha
MinimumProtocolVersion: ctx.Config.TLS.MinimumProtocolVersion,
CipherSuites: cipherSuites,
},
SocketOptions: &contour_api_v1alpha1.SocketOptions{
TOS: ctx.Config.Listener.SocketOptions.TOS,
TrafficClass: ctx.Config.Listener.SocketOptions.TrafficClass,
},
},
Service: &contour_api_v1alpha1.NamespacedName{
Name: ctx.Config.EnvoyServiceName,
Expand Down
4 changes: 4 additions & 0 deletions cmd/contour/servecontext_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,10 @@ func TestConvertServeContext(t *testing.T) {
TLS: &contour_api_v1alpha1.EnvoyTLS{
MinimumProtocolVersion: "",
},
SocketOptions: &contour_api_v1alpha1.SocketOptions{
TOS: 0,
TrafficClass: 0,
},
},
HTTPListener: &contour_api_v1alpha1.EnvoyListener{
Address: "0.0.0.0",
Expand Down
6 changes: 6 additions & 0 deletions examples/contour/01-contour-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -177,3 +177,9 @@ data:
# server-certificate-path: /path/to/server-cert.pem
# server-key-path: /path/to/server-private-key.pem
# ca-certificate-path: /path/to/root-ca-for-client-validation.pem
#
# listener:
# connection-balancer: exact
# socket-options:
# tos: 64
# traffic-class: 64
53 changes: 53 additions & 0 deletions examples/contour/01-crds.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,32 @@ spec:
\n Other values will produce an error. Contour's default
is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket options
for the listeners. Single set of options are applied to
all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field (including
6 bit DSCP field) for IP packets originating from Envoy
listeners. Single value is applied to all listeners.
If listeners are bound to IPv6-only addresses, setting
this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets originating
from the Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv4-only addresses,
setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS listener
values.
Expand Down Expand Up @@ -3353,6 +3379,33 @@ spec:
`pass_through` \n Other values will produce an error.
Contour's default is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket
options for the listeners. Single set of options are
applied to all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field
(including 6 bit DSCP field) for IP packets originating
from Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv6-only
addresses, setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets
originating from the Envoy listeners. Single value
is applied to all listeners. If listeners are bound
to IPv4-only addresses, setting this option will
cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS
listener values.
Expand Down
59 changes: 59 additions & 0 deletions examples/render/contour-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,12 @@ data:
# server-certificate-path: /path/to/server-cert.pem
# server-key-path: /path/to/server-private-key.pem
# ca-certificate-path: /path/to/root-ca-for-client-validation.pem
#
# listener:
# connection-balancer: exact
# socket-options:
# tos: 64
# traffic-class: 64
---
apiVersion: apiextensions.k8s.io/v1
Expand Down Expand Up @@ -405,6 +411,32 @@ spec:
\n Other values will produce an error. Contour's default
is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket options
for the listeners. Single set of options are applied to
all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field (including
6 bit DSCP field) for IP packets originating from Envoy
listeners. Single value is applied to all listeners.
If listeners are bound to IPv6-only addresses, setting
this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets originating
from the Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv4-only addresses,
setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS listener
values.
Expand Down Expand Up @@ -3566,6 +3598,33 @@ spec:
`pass_through` \n Other values will produce an error.
Contour's default is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket
options for the listeners. Single set of options are
applied to all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field
(including 6 bit DSCP field) for IP packets originating
from Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv6-only
addresses, setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets
originating from the Envoy listeners. Single value
is applied to all listeners. If listeners are bound
to IPv4-only addresses, setting this option will
cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS
listener values.
Expand Down
53 changes: 53 additions & 0 deletions examples/render/contour-gateway-provisioner.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,32 @@ spec:
\n Other values will produce an error. Contour's default
is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket options
for the listeners. Single set of options are applied to
all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field (including
6 bit DSCP field) for IP packets originating from Envoy
listeners. Single value is applied to all listeners.
If listeners are bound to IPv6-only addresses, setting
this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets originating
from the Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv4-only addresses,
setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS listener
values.
Expand Down Expand Up @@ -3367,6 +3393,33 @@ spec:
`pass_through` \n Other values will produce an error.
Contour's default is overwrite."
type: string
socketOptions:
description: SocketOptions defines configurable socket
options for the listeners. Single set of options are
applied to all listeners.
properties:
tos:
description: Defines the value for IPv4 TOS field
(including 6 bit DSCP field) for IP packets originating
from Envoy listeners. Single value is applied to
all listeners. If listeners are bound to IPv6-only
addresses, setting this option will cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
trafficClass:
description: Defines the value for IPv6 Traffic Class
field (including 6 bit DSCP field) for IP packets
originating from the Envoy listeners. Single value
is applied to all listeners. If listeners are bound
to IPv4-only addresses, setting this option will
cause an error.
format: int32
maximum: 255
minimum: 0
type: integer
type: object
tls:
description: TLS holds various configurable Envoy TLS
listener values.
Expand Down
Loading

0 comments on commit 5774ac6

Please sign in to comment.