envoyproxy · zirain · Oct 28, 2024 · Oct 28, 2024 · Oct 28, 2024 · Oct 29, 2024
@@ -114,7 +114,19 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        version: [ v1.28.13, v1.29.8, v1.30.4, v1.31.0 ]
+        target:
+        - version: v1.28.13
+          ipFamily: ipv4
+        - version: v1.29.8
+          ipFamily: ipv4
+        - version: v1.30.4
+          ipFamily: ipv4
+        - version: v1.31.0
+          ipFamily: ipv4
+        - version: v1.31.0
+          ipFamily: ipv6   # only run ipv6 test on latest version to save time
+        - version: v1.31.0
+          ipFamily: dual  # only run dual test on latest version to save time
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
     - uses: ./tools/github-actions/setup-deps
@@ -133,8 +145,9 @@ jobs:
     # E2E
     - name: Run E2E Tests
       env:
-        KIND_NODE_TAG: ${{ matrix.version }}
+        KIND_NODE_TAG: ${{ matrix.target.version }}
         IMAGE_PULL_POLICY: IfNotPresent
+        IP_FAMILY: ${{ matrix.target.ipFamily }}
       run: make e2e
 
   benchmark-test:

@@ -8,6 +8,9 @@ dependencies:
 - name: fluent-bit
   repository: https://fluent.github.io/helm-charts
   version: 0.30.4
+- name: alloy
+  repository: https://grafana.github.io/helm-charts
+  version: 0.9.2
 - name: loki
   repository: https://grafana.github.io/helm-charts
   version: 4.8.0
@@ -17,5 +20,5 @@ dependencies:
 - name: opentelemetry-collector
   repository: https://open-telemetry.github.io/opentelemetry-helm-charts
   version: 0.108.0
-digest: sha256:ea6663bb1358123b96b69d2c5b0b8c20650a43dc39b24c482f0560201fd2cc3a
-generated: "2024-10-19T12:59:47.251089661+02:00"
+digest: sha256:bc634c59972bfd4a01e0f4310a4949095752e659a9b5cb1d9c0fbe9a86f37011
+generated: "2024-10-25T10:55:26.755739+08:00"
@@ -37,6 +37,10 @@ dependencies:
     repository: https://fluent.github.io/helm-charts
     version: 0.30.4
     condition: fluent-bit.enabled
+  - name: alloy
+    repository: https://grafana.github.io/helm-charts
+    version: 0.9.2
+    condition: alloy.enabled
   - name: loki
     version: 4.8.0
     repository: https://grafana.github.io/helm-charts

@@ -22,6 +22,7 @@ An Add-ons Helm chart for Envoy Gateway
 | Repository | Name | Version |
 |------------|------|---------|
 | https://fluent.github.io/helm-charts | fluent-bit | 0.30.4 |
+| https://grafana.github.io/helm-charts | alloy | 0.9.2 |
 | https://grafana.github.io/helm-charts | grafana | 8.0.0 |
 | https://grafana.github.io/helm-charts | loki | 4.8.0 |
 | https://grafana.github.io/helm-charts | tempo | 1.3.1 |
@@ -55,6 +56,9 @@ To uninstall the chart:
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| alloy.alloy.configMap.content | string | `"// Write your Alloy config here:\nlogging {\n  level = \"info\"\n  format = \"logfmt\"\n}\nloki.write \"alloy\" {\n  endpoint {\n    url = \"http://loki.monitoring.svc:3100/loki/api/v1/push\"\n  }\n}\n// discovery.kubernetes allows you to find scrape targets from Kubernetes resources.\n// It watches cluster state and ensures targets are continually synced with what is currently running in your cluster.\ndiscovery.kubernetes \"pod\" {\n  role = \"pod\"\n}\n\n// discovery.relabel rewrites the label set of the input targets by applying one or more relabeling rules.\n// If no rules are defined, then the input targets are exported as-is.\ndiscovery.relabel \"pod_logs\" {\n  targets = discovery.kubernetes.pod.targets\n\n  // Label creation - \"namespace\" field from \"__meta_kubernetes_namespace\"\n  rule {\n    source_labels = [\"__meta_kubernetes_namespace\"]\n    action = \"replace\"\n    target_label = \"namespace\"\n  }\n\n  // Label creation - \"pod\" field from \"__meta_kubernetes_pod_name\"\n  rule {\n    source_labels = [\"__meta_kubernetes_pod_name\"]\n    action = \"replace\"\n    target_label = \"pod\"\n  }\n\n  // Label creation - \"container\" field from \"__meta_kubernetes_pod_container_name\"\n  rule {\n    source_labels = [\"__meta_kubernetes_pod_container_name\"]\n    action = \"replace\"\n    target_label = \"container\"\n  }\n\n  // Label creation -  \"app\" field from \"__meta_kubernetes_pod_label_app_kubernetes_io_name\"\n  rule {\n    source_labels = [\"__meta_kubernetes_pod_label_app_kubernetes_io_name\"]\n    action = \"replace\"\n    target_label = \"app\"\n  }\n\n  // Label creation -  \"job\" field from \"__meta_kubernetes_namespace\" and \"__meta_kubernetes_pod_container_name\"\n  // Concatenate values __meta_kubernetes_namespace/__meta_kubernetes_pod_container_name\n  rule {\n    source_labels = [\"__meta_kubernetes_namespace\", \"__meta_kubernetes_pod_container_name\"]\n    action = \"replace\"\n    target_label = \"job\"\n    separator = \"/\"\n    replacement = \"$1\"\n  }\n\n  // Label creation - \"container\" field from \"__meta_kubernetes_pod_uid\" and \"__meta_kubernetes_pod_container_name\"\n  // Concatenate values __meta_kubernetes_pod_uid/__meta_kubernetes_pod_container_name.log\n  rule {\n    source_labels = [\"__meta_kubernetes_pod_uid\", \"__meta_kubernetes_pod_container_name\"]\n    action = \"replace\"\n    target_label = \"__path__\"\n    separator = \"/\"\n    replacement = \"/var/log/pods/*$1/*.log\"\n  }\n\n  // Label creation -  \"container_runtime\" field from \"__meta_kubernetes_pod_container_id\"\n  rule {\n    source_labels = [\"__meta_kubernetes_pod_container_id\"]\n    action = \"replace\"\n    target_label = \"container_runtime\"\n    regex = \"^(\\\\S+):\\\\/\\\\/.+$\"\n    replacement = \"$1\"\n  }\n}\n\n// loki.source.kubernetes tails logs from Kubernetes containers using the Kubernetes API.\nloki.source.kubernetes \"pod_logs\" {\n  targets    = discovery.relabel.pod_logs.output\n  forward_to = [loki.process.pod_logs.receiver]\n}\n// loki.process receives log entries from other Loki components, applies one or more processing stages,\n// and forwards the results to the list of receivers in the component’s arguments.\nloki.process \"pod_logs\" {\n  stage.static_labels {\n      values = {\n        cluster = \"envoy-gateway\",\n      }\n  }\n\n  forward_to = [loki.write.alloy.receiver]\n}"` |  |
+| alloy.enabled | bool | `true` |  |
+| alloy.fullnameOverride | string | `"alloy"` |  |
 | fluent-bit.config.filters | string | `"[FILTER]\n    Name kubernetes\n    Match kube.*\n    Merge_Log On\n    Keep_Log Off\n    K8S-Logging.Parser On\n    K8S-Logging.Exclude On\n\n[FILTER]\n    Name grep\n    Match kube.*\n    Regex $kubernetes['container_name'] ^envoy$\n\n[FILTER]\n    Name parser\n    Match kube.*\n    Key_Name log\n    Parser envoy\n    Reserve_Data True\n"` |  |
 | fluent-bit.config.inputs | string | `"[INPUT]\n    Name tail\n    Path /var/log/containers/*.log\n    multiline.parser docker, cri\n    Tag kube.*\n    Mem_Buf_Limit 5MB\n    Skip_Long_Lines On\n"` |  |
 | fluent-bit.config.outputs | string | `"[OUTPUT]\n    Name                   loki\n    Match                  kube.*\n    Host                   loki.monitoring.svc.cluster.local\n    Port                   3100\n    Labels                 job=fluentbit, app=$kubernetes['labels']['app'], k8s_namespace_name=$kubernetes['namespace_name'], k8s_pod_name=$kubernetes['pod_name'], k8s_container_name=$kubernetes['container_name']\n"` |  |

@@ -60,6 +60,7 @@ prometheus:
 
 
 # Values for Fluent-bit dependency
+# TODO: remove fluent-bit dependency
 fluent-bit:
   enabled: true
   image:
@@ -167,6 +168,109 @@ loki:
   gateway:
     enabled: false
 
+# Values for Alloy dependency
+alloy:
+  enabled: true
+  fullnameOverride: alloy
+  alloy:
+    configMap:
+      content: |-
+        // Write your Alloy config here:
+        logging {
+          level = "info"
+          format = "logfmt"
+        }
+        loki.write "alloy" {
+          endpoint {
+            url = "http://loki.monitoring.svc:3100/loki/api/v1/push"
+          }
+        }
+        // discovery.kubernetes allows you to find scrape targets from Kubernetes resources.
+        // It watches cluster state and ensures targets are continually synced with what is currently running in your cluster.
+        discovery.kubernetes "pod" {
+          role = "pod"
+        }
+
+        // discovery.relabel rewrites the label set of the input targets by applying one or more relabeling rules.
+        // If no rules are defined, then the input targets are exported as-is.
+        discovery.relabel "pod_logs" {
+          targets = discovery.kubernetes.pod.targets
+
+          // Label creation - "namespace" field from "__meta_kubernetes_namespace"
+          rule {
+            source_labels = ["__meta_kubernetes_namespace"]
+            action = "replace"
+            target_label = "namespace"
+          }
+
+          // Label creation - "pod" field from "__meta_kubernetes_pod_name"
+          rule {
+            source_labels = ["__meta_kubernetes_pod_name"]
+            action = "replace"
+            target_label = "pod"
+          }
+
+          // Label creation - "container" field from "__meta_kubernetes_pod_container_name"
+          rule {
+            source_labels = ["__meta_kubernetes_pod_container_name"]
+            action = "replace"
+            target_label = "container"
+          }
+
+          // Label creation -  "app" field from "__meta_kubernetes_pod_label_app_kubernetes_io_name"
+          rule {
+            source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"]
+            action = "replace"
+            target_label = "app"
+          }
+
+          // Label creation -  "job" field from "__meta_kubernetes_namespace" and "__meta_kubernetes_pod_container_name"
+          // Concatenate values __meta_kubernetes_namespace/__meta_kubernetes_pod_container_name
+          rule {
+            source_labels = ["__meta_kubernetes_namespace", "__meta_kubernetes_pod_container_name"]
+            action = "replace"
+            target_label = "job"
+            separator = "/"
+            replacement = "$1"
+          }
+
+          // Label creation - "container" field from "__meta_kubernetes_pod_uid" and "__meta_kubernetes_pod_container_name"
+          // Concatenate values __meta_kubernetes_pod_uid/__meta_kubernetes_pod_container_name.log
+          rule {
+            source_labels = ["__meta_kubernetes_pod_uid", "__meta_kubernetes_pod_container_name"]
+            action = "replace"
+            target_label = "__path__"
+            separator = "/"
+            replacement = "/var/log/pods/*$1/*.log"
+          }
+
+          // Label creation -  "container_runtime" field from "__meta_kubernetes_pod_container_id"
+          rule {
+            source_labels = ["__meta_kubernetes_pod_container_id"]
+            action = "replace"
+            target_label = "container_runtime"
+            regex = "^(\\S+):\\/\\/.+$"
+            replacement = "$1"
+          }
+        }
+
+        // loki.source.kubernetes tails logs from Kubernetes containers using the Kubernetes API.
+        loki.source.kubernetes "pod_logs" {
+          targets    = discovery.relabel.pod_logs.output
+          forward_to = [loki.process.pod_logs.receiver]
+        }
+        // loki.process receives log entries from other Loki components, applies one or more processing stages,
+        // and forwards the results to the list of receivers in the component’s arguments.
+        loki.process "pod_logs" {
+          stage.static_labels {
+              values = {
+                cluster = "envoy-gateway",
+              }
+          }
+
+          forward_to = [loki.write.alloy.receiver]
+        }
+
 
 # Values for Tempo dependency
 tempo:

@@ -46,6 +46,10 @@ spec:
         - server
         - --config-path=/config/envoy-gateway.yaml
         env:
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
         - name: ENVOY_GATEWAY_NAMESPACE
           valueFrom:
             fieldRef:

@@ -60,6 +60,10 @@ data:
     kind: EnvoyGateway
     provider:
       type: Kubernetes
+      kubernetes:
+        rateLimitDeployment:
+          container:
+            image: ghcr.io/zirain-dev/ratelimit:latest  # remove this line when upstream PR merged
     gateway:
       controllerName: gateway.envoyproxy.io/gatewayclass-controller
     extensionApis:

@@ -43,7 +43,7 @@ envoyProxyForGatewayClass:
           - name: envoy-gateway-proxy-ready-0.0.0.0-19001
             address:
               socket_address:
-                address: 0.0.0.0
+                address: '0.0.0.0'
                 port_value: 19001
                 protocol: TCP
             filter_chains:

@@ -170,8 +170,9 @@
 
 // postEnvoyAdminAPI sends a POST request to the Envoy admin API
 func postEnvoyAdminAPI(path string) error {
+	// TODO: change bootstrap.AdminAddress() to localhost because there're in the same pod?
 	if resp, err := http.Post(fmt.Sprintf("http://%s:%d/%s",
-		bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil {
+		bootstrap.AdminAddress(), bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil {
 		return err
 	} else {
 		defer resp.Body.Close()
@@ -187,7 +188,7 @@
 func getTotalConnections() (*int, error) {
 	// Send request to Envoy admin API to retrieve server.total_connections stat
 	if resp, err := http.Get(fmt.Sprintf("http://%s:%d//stats?filter=^server\\.total_connections$&format=json",
-		bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort)); err != nil {
+		bootstrap.AdminAddress(), bootstrap.EnvoyAdminPort)); err != nil {
 		return nil, err
 	} else {
 		defer resp.Body.Close()

@@ -22,6 +22,7 @@
 	"github.com/envoyproxy/gateway/internal/ir"
 	"github.com/envoyproxy/gateway/internal/utils"
 	"github.com/envoyproxy/gateway/internal/utils/naming"
+	"github.com/envoyproxy/gateway/internal/utils/net"
 )
 
 var _ ListenersTranslator = (*Translator)(nil)
@@ -99,6 +100,12 @@
 			if !isReady {
 				continue
 			}
+
+			// TODO: find a better way to this
+			address := "0.0.0.0"
+			if net.IsIPv6Pod() {
+				address = "::"
+			}
 			// Add the listener to the Xds IR
 			servicePort := &protocolPort{protocol: listener.Protocol, port: int32(listener.Port)}
 			containerPort := servicePortToContainerPort(int32(listener.Port), gateway.envoyProxy)
@@ -107,7 +114,7 @@
 				irListener := &ir.HTTPListener{
 					CoreListenerDetails: ir.CoreListenerDetails{
 						Name:     irListenerName(listener),
-						Address:  "0.0.0.0",
+						Address:  address,
 						Port:     uint32(containerPort),
 						Metadata: buildListenerMetadata(listener, gateway),
 						IPFamily: getIPFamily(gateway.envoyProxy),
@@ -134,7 +141,7 @@
 				irListener := &ir.TCPListener{
 					CoreListenerDetails: ir.CoreListenerDetails{
 						Name:     irListenerName(listener),
-						Address:  "0.0.0.0",
+						Address:  address,
 						Port:     uint32(containerPort),
 						IPFamily: getIPFamily(gateway.envoyProxy),
 					},
@@ -150,7 +157,7 @@
 				irListener := &ir.UDPListener{
 					CoreListenerDetails: ir.CoreListenerDetails{
 						Name:    irListenerName(listener),
-						Address: "0.0.0.0",
+						Address: address,
 						Port:    uint32(containerPort),
 					},
 				}

@@ -50,9 +50,6 @@ type Infra struct {
 	// Namespace is the Namespace used for managed infra.
 	Namespace string
 
-	// DNSDomain is the dns domain used by k8s services. Defaults to "cluster.local".
-	DNSDomain string
-
 	// EnvoyGateway is the configuration used to startup Envoy Gateway.
 	EnvoyGateway *egv1a1.EnvoyGateway
 
@@ -64,7 +61,6 @@ type Infra struct {
 func NewInfra(cli client.Client, cfg *config.Server) *Infra {
 	return &Infra{
 		Namespace:    cfg.Namespace,
-		DNSDomain:    cfg.DNSDomain,
 		EnvoyGateway: cfg.EnvoyGateway,
 		Client:       New(cli),
 	}

@@ -83,8 +83,6 @@ func expectedProxyContainers(infra *ir.ProxyInfra,
 	containerSpec *egv1a1.KubernetesContainerSpec,
 	shutdownConfig *egv1a1.ShutdownConfig,
 	shutdownManager *egv1a1.ShutdownManager,
-	namespace string,
-	dnsDomain string,
 ) ([]corev1.Container, error) {
 	// Define slice to hold container ports
 	var ports []corev1.ContainerPort
@@ -134,7 +132,6 @@ func expectedProxyContainers(infra *ir.ProxyInfra,
 			TrustedCA:   filepath.Join("/sds", common.SdsCAFilename),
 		},
 		MaxHeapSizeBytes: maxHeapSizeBytes,
-		XdsServerHost:    ptr.To(fmt.Sprintf("%s.%s.svc.%s", config.EnvoyGatewayServiceName, namespace, dnsDomain)),
 	}
 
 	args, err := common.BuildProxyArgs(infra, shutdownConfig, bootstrapConfigOptions, fmt.Sprintf("$(%s)", envoyPodEnvVar))
@@ -347,6 +344,14 @@ func expectedVolumes(name string, pod *egv1a1.KubernetesPodSpec) []corev1.Volume
 // expectedContainerEnv returns expected proxy container envs.
 func expectedContainerEnv(containerSpec *egv1a1.KubernetesContainerSpec) []corev1.EnvVar {
 	env := []corev1.EnvVar{
+		{
+			Name: "POD_IP",
+			ValueFrom: &corev1.EnvVarSource{
+				FieldRef: &corev1.ObjectFieldSelector{
+					FieldPath: "status.podIP",
+				},
+			},
+		},
 		{
 			Name: envoyNsEnvVar,
 			ValueFrom: &corev1.EnvVarSource{

@@ -45,16 +45,12 @@ type ResourceRender struct {
 	// Namespace is the Namespace used for managed infra.
 	Namespace string
 
-	// DNSDomain is the dns domain used by k8s services. Defaults to "cluster.local".
-	DNSDomain string
-
 	ShutdownManager *egv1a1.ShutdownManager
 }
 
-func NewResourceRender(ns string, dnsDomain string, infra *ir.ProxyInfra, gateway *egv1a1.EnvoyGateway) *ResourceRender {
+func NewResourceRender(ns string, infra *ir.ProxyInfra, gateway *egv1a1.EnvoyGateway) *ResourceRender {
 	return &ResourceRender{
 		Namespace:       ns,
-		DNSDomain:       dnsDomain,
 		infra:           infra,
 		ShutdownManager: gateway.GetEnvoyGatewayProvider().GetEnvoyGatewayKubeProvider().ShutdownManager,
 	}
@@ -262,7 +258,7 @@ func (r *ResourceRender) Deployment() (*appsv1.Deployment, error) {
 
 	proxyConfig := r.infra.GetProxyConfig()
 	// Get expected bootstrap configurations rendered ProxyContainers
-	containers, err := expectedProxyContainers(r.infra, deploymentConfig.Container, proxyConfig.Spec.Shutdown, r.ShutdownManager, r.Namespace, r.DNSDomain)
+	containers, err := expectedProxyContainers(r.infra, deploymentConfig.Container, proxyConfig.Spec.Shutdown, r.ShutdownManager)
 	if err != nil {
 		return nil, err
 	}
@@ -364,7 +360,7 @@ func (r *ResourceRender) DaemonSet() (*appsv1.DaemonSet, error) {
 	proxyConfig := r.infra.GetProxyConfig()
 
 	// Get expected bootstrap configurations rendered ProxyContainers
-	containers, err := expectedProxyContainers(r.infra, daemonSetConfig.Container, proxyConfig.Spec.Shutdown, r.ShutdownManager, r.Namespace, r.DNSDomain)
+	containers, err := expectedProxyContainers(r.infra, daemonSetConfig.Container, proxyConfig.Spec.Shutdown, r.ShutdownManager)
 	if err != nil {
 		return nil, err
 	}