Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support envoy & ratelimit pod affinity and tolerations. #1398

Merged
merged 11 commits into from May 10, 2023
Merged

feat: support envoy & ratelimit pod affinity and tolerations. #1398

merged 11 commits into from May 10, 2023

Conversation

qicz
Copy link
Member

@qicz qicz commented May 4, 2023
edited

Fixes #1396

support envoy & ratelimit pod affinity and tolerations.

apiVersion: config.gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
  namespace: envoy-gateway-system
  name: test
spec:
  provider:
    type: Kubernetes
    kubernetes:
      envoyService:
        type: LoadBalancer
      envoyDeployment:
        replicas: 2
        container:
          env:
          - name: env_a
            value: env_a_value
          - name: env_b
            value: env_b_name
          image: "envoyproxy/envoy-dev:latest"
          resources:
            requests:
              cpu: 100m
              memory: 512Mi
          securityContext:
            runAsUser: 2000
            allowPrivilegeEscalation: false
        pod:
          annotations:
            key1: val1
            key2: val2
          affinity:
            nodeAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                nodeSelectorTerms:
                - matchExpressions:
                  - key: cloud.google.com/gke-nodepool
                    operator: In
                    values:
                    - router-node
          tolerations:
          - effect: NoSchedule
            key: node-type
            operator: Exists
            value: "router"
          securityContext:
            runAsUser: 1000
            runAsGroup: 3000
            fsGroup: 2000
            fsGroupChangePolicy: "OnRootMismatch"

qicz added 2 commits May 4, 2023 16:03
@qicz
feat: support envoy & ratelimit pod nodeselector,affinity and tolerat…
e3abe05 
…ions.

Signed-off-by: qicz <qiczzhu@gmail.com>
@qicz
fix envoyproxy test image
770999d 
Signed-off-by: qicz <qiczzhu@gmail.com>
@qicz qicz requested a review from a team as a code owner May 4, 2023 08:07
@qicz
Copy link
Member Author

qicz commented May 4, 2023

when #1294 merged, will append more unit tests.

@codecov
Copy link

codecov bot commented May 4, 2023
edited

Codecov Report

Merging #1398 (da4d1c8) into main (b90946c) will increase coverage by 0.04%.
The diff coverage is 26.66%.

@@            Coverage Diff             @@
##             main    #1398      +/-   ##
==========================================
+ Coverage   62.63%   62.67%   +0.04%     
==========================================
  Files          79       79              
  Lines       11116    11131      +15     
==========================================
+ Hits         6962     6976      +14     
- Misses       3699     3701       +2     
+ Partials      455      454       -1
Impacted Files Coverage Δ
api/config/v1alpha1/zz_generated.deepcopy.go 0.00% <0.00%> (ø)
...frastructure/kubernetes/proxy/resource_provider.go 87.36% <100.00%> (+0.14%) ⬆️
...tructure/kubernetes/ratelimit/resource_provider.go 98.42% <100.00%> (+0.02%) ⬆️

... and 2 files with indirect coverage changes

@qicz qicz added kind/enhancement New feature or request area/api API-related issues area/config Issues related to config management, e.g. Config Manager, Config Sources, etc. labels May 4, 2023
@qicz qicz added this to the 0.5.0-rc1 milestone May 4, 2023
@qicz
yaml lint
83b2e04 
Signed-off-by: qicz <qiczzhu@gmail.com>
@qicz
Copy link
Member Author

qicz commented May 4, 2023
edited

another choice about #1379 is that we can provide the API corev1.PodSpec for Deploymentwith some default settings, such as certs, and volumes. the user can override the default settings.

cc @arkodg

@qicz qicz requested review from a team, kflynn, zhaohuabing and chauhanshubham and removed request for a team May 4, 2023 12:47
qicz added 2 commits May 5, 2023 10:17
@qicz
typo
46d0bec 
Signed-off-by: qicz <qiczzhu@gmail.com>
@qicz
Merge branch 'main' of github.com:envoyproxy/gateway into support-dep…
b502f2a 
…loyment-affinity-tolerations
@qicz qicz requested a review from arkodg May 5, 2023 02:58
zhaohuabing
zhaohuabing reviewed May 5, 2023
View reviewed changes
Copy link
Member

@zhaohuabing zhaohuabing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To ensure we're prepared to support additional features in K8s resource spec - such as HPA, VPA, volumes, volumeMounts and more - I suggest we establish a clear design beforehand.

In my research, I came across how Istio handles Ingress Gateway customization. Its configuration is quite complex but could be an excellent reference for our EG implementation. You can find more information on KubernetesResourcesSpec at the following link:

https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec

@arkodg
Copy link
Contributor

arkodg commented May 5, 2023
edited

To ensure we're prepared to support additional features in K8s resource spec - such as HPA, VPA, volumes, volumeMounts and more - I suggest we establish a clear design beforehand.

In my research, I came across how Istio handles Ingress Gateway customization. Its configuration is quite complex but could be an excellent reference for our EG implementation. You can find more information on KubernetesResourcesSpec at the following link:

https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec

hey @zhaohuabing if you are referring to overlays in Istio, im a -1 on it because as a end user, I found it extremely hard to generate the right config
regarding additional features/fields we can raise them as individual issues and debate about the pros/cons of adding it. Since we dont have a clear owner for the entire feature, we haven't enforced a design doc, just accepting/enabling k8s fields based on use cases

@zhaohuabing
Copy link
Member

zhaohuabing commented May 6, 2023
edited

arding additional features/fields we can raise them as individual issues and de

@arkodg I mean the overall structure of the K8s resource: https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec

But I agree that we can add new fields when users ask for them. The current structure of envoyDeployment looks good to me.

zhaohuabing
zhaohuabing previously approved these changes May 6, 2023
View reviewed changes
Copy link
Member

@zhaohuabing zhaohuabing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@qicz qicz mentioned this pull request May 8, 2023
Closed
@qicz qicz changed the title feat: support envoy & ratelimit pod nodeselector,affinity and tolerations. feat: support envoy & ratelimit pod affinity and tolerations. May 10, 2023
qicz added 3 commits May 10, 2023 11:29
@qicz
Merge branch 'main' of github.com:envoyproxy/gateway into support-dep…
eb51bc3 
…loyment-affinity-tolerations
@qicz
rm nodeselector
22aa2e8 
Signed-off-by: qicz <qiczzhu@gmail.com>
@qicz
Merge branch 'support-deployment-affinity-tolerations' of github.com:…
bc49b2d 
…qicz/gateway into support-deployment-affinity-tolerations
@qicz qicz requested a review from zhaohuabing May 10, 2023 03:33
@qicz
Copy link
Member Author

qicz commented May 10, 2023

ptal @arkodg

@qicz
delete nodeselector.yaml
da4d1c8 
Signed-off-by: qicz <qiczzhu@gmail.com>
arkodg
arkodg approved these changes May 10, 2023
View reviewed changes
Copy link
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for adding this feature !

@arkodg arkodg merged commit ffb3976 into envoyproxy:main May 10, 2023
17 of 18 checks passed
tanujd11 pushed a commit to tanujd11/gateway that referenced this pull request May 20, 2023
@qicz @Xunzhuo @tanujd11
feat: support envoy & ratelimit pod affinity and tolerations. (envoyp…
65de358 
…roxy#1398)

* feat: support envoy & ratelimit pod affinity and tolerations.

Signed-off-by: qicz <qiczzhu@gmail.com>
Co-authored-by: Xunzhuo <bitliu@tencent.com>
@dboslee dboslee mentioned this pull request Jul 10, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zhaohuabing zhaohuabing zhaohuabing approved these changes

@arkodg arkodg arkodg approved these changes

@kflynn kflynn Awaiting requested review from kflynn kflynn was automatically assigned from envoyproxy/gateway-reviewers

@chauhanshubham chauhanshubham Awaiting requested review from chauhanshubham chauhanshubham was automatically assigned from envoyproxy/gateway-reviewers

Assignees
No one assigned
Labels
area/api API-related issues area/config Issues related to config management, e.g. Config Manager, Config Sources, etc. kind/enhancement New feature or request
Projects
None yet
Milestone
0.5.0-rc1
Development

Successfully merging this pull request may close these issues.

Support Node Affinity and Tolerations for EnvoyProxy Pods
4 participants
@qicz @arkodg @zhaohuabing @Xunzhuo