feat: proxyProtocol in BackendTrafficPolicy (#2192)

* feat: proxyProtocol in BackendTrafficPolicy relates to #1328 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * xds Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io>
envoyproxy · Nov 23, 2023 · 571f8bf · 571f8bf
1 parent 87bc96f
commit 571f8bf
Show file tree

Hide file tree

Showing 13 changed files with 612 additions and 12 deletions.
diff --git a/internal/gatewayapi/backendtrafficpolicy.go b/internal/gatewayapi/backendtrafficpolicy.go
@@ -241,6 +241,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
 	var (
 		rl *ir.RateLimit
 		lb *ir.LoadBalancer
+		pp *ir.ProxyProtocol
 	)
 
 	// Build IR
@@ -250,7 +251,9 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
 	if policy.Spec.LoadBalancer != nil {
 		lb = t.buildLoadBalancer(policy)
 	}
-
+	if policy.Spec.ProxyProtocol != nil {
+		pp = t.buildProxyProtocol(policy)
+	}
 	// Apply IR to all relevant routes
 	prefix := irRoutePrefix(route)
 	for _, ir := range xdsIR {
@@ -260,6 +263,7 @@ func (t *Translator) translateBackendTrafficPolicyForRoute(policy *egv1a1.Backen
 				if strings.HasPrefix(r.Name, prefix) {
 					r.RateLimit = rl
 					r.LoadBalancer = lb
+					r.ProxyProtocol = pp
 				}
 			}
 		}
@@ -271,6 +275,7 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
 	var (
 		rl *ir.RateLimit
 		lb *ir.LoadBalancer
+		pp *ir.ProxyProtocol
 	)
 
 	// Build IR
@@ -280,6 +285,9 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
 	if policy.Spec.LoadBalancer != nil {
 		lb = t.buildLoadBalancer(policy)
 	}
+	if policy.Spec.ProxyProtocol != nil {
+		pp = t.buildProxyProtocol(policy)
+	}
 	// Apply IR to all the routes within the specific Gateway
 	// If the feature is already set, then skip it, since it must be have
 	// set by a policy attaching to the route
@@ -296,6 +304,9 @@ func (t *Translator) translateBackendTrafficPolicyForGateway(policy *egv1a1.Back
 			if r.LoadBalancer == nil {
 				r.LoadBalancer = lb
 			}
+			if r.ProxyProtocol == nil {
+				r.ProxyProtocol = pp
+			}
 		}
 	}
 
@@ -437,3 +448,19 @@ func (t *Translator) buildLoadBalancer(policy *egv1a1.BackendTrafficPolicy) *ir.
 
 	return lb
 }
+
+func (t *Translator) buildProxyProtocol(policy *egv1a1.BackendTrafficPolicy) *ir.ProxyProtocol {
+	var pp *ir.ProxyProtocol
+	switch policy.Spec.ProxyProtocol.Version {
+	case egv1a1.ProxyProtocolVersionV1:
+		pp = &ir.ProxyProtocol{
+			Version: ir.ProxyProtocolVersionV1,
+		}
+	case egv1a1.ProxyProtocolVersionV2:
+		pp = &ir.ProxyProtocol{
+			Version: ir.ProxyProtocolVersionV2,
+		}
+	}
+
+	return pp
+}
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.in.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.in.yaml
@@ -0,0 +1,91 @@
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+  kind: Gateway
+  metadata:
+    namespace: envoy-gateway
+    name: gateway-1
+  spec:
+    gatewayClassName: envoy-gateway-class
+    listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: All
+- apiVersion: gateway.networking.k8s.io/v1
+  kind: Gateway
+  metadata:
+    namespace: envoy-gateway
+    name: gateway-2
+  spec:
+    gatewayClassName: envoy-gateway-class
+    listeners:
+    - name: http
+      protocol: HTTP
+      port: 80
+      allowedRoutes:
+        namespaces:
+          from: All
+grpcRoutes:
+- apiVersion: gateway.networking.k8s.io/v1alpha2
+  kind: GRPCRoute
+  metadata:
+    namespace: default
+    name: grpcroute-1
+  spec:
+    parentRefs:
+    - namespace: envoy-gateway
+      name: gateway-1
+      sectionName: http
+    rules:
+    - backendRefs:
+      - name: service-1
+        port: 8080
+httpRoutes:
+- apiVersion: gateway.networking.k8s.io/v1
+  kind: HTTPRoute
+  metadata:
+    namespace: default
+    name: httproute-1
+  spec:
+    hostnames:
+    - gateway.envoyproxy.io
+    parentRefs:
+    - namespace: envoy-gateway
+      name: gateway-2
+      sectionName: http
+    rules:
+    - matches:
+      - path:
+          value: "/"
+      backendRefs:
+      - name: service-1
+        port: 8080
+backendTrafficPolicies:
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+  kind: BackendTrafficPolicy
+  metadata:
+    namespace: envoy-gateway
+    name: policy-for-gateway
+  spec:
+    targetRef:
+      group: gateway.networking.k8s.io
+      kind: Gateway
+      name: gateway-1
+      namespace: envoy-gateway
+    proxyProtocol:
+      version: V1
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+  kind: BackendTrafficPolicy
+  metadata:
+    namespace: default
+    name: policy-for-route
+  spec:
+    targetRef:
+      group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      name: httproute-1
+      namespace: default
+    proxyProtocol:
+      version: V2