Skip to content

Commit

Permalink
Add IPv6 listener config option
Browse files Browse the repository at this point in the history
  • Loading branch information
covert8 committed Oct 18, 2024
1 parent c7434e4 commit c3e7de2
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 18 deletions.
7 changes: 7 additions & 0 deletions pkg/config/configmap.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@ const (
// enableCryptoMB is the config map for enabling CryptoMB private key provider.
enableCryptoMB = "enable-cryptomb"

// enableIPv6Listeners is the config map for enabling listeners on IPv6.
enableIPv6Listeners = "enable-ipv6-listeners"

// TracingCollectorFullEndpoint is the config map key to configure tracing at kourier gateway level
TracingCollectorFullEndpoint = "tracing-collector-full-endpoint"
)
Expand All @@ -63,6 +66,7 @@ func DefaultConfig() *Kourier {
TrustedHopsCount: 0,
CipherSuites: nil,
EnableCryptoMB: false,
EnableIPv6Listeners: false,
UseRemoteAddress: false,
}
}
Expand All @@ -80,6 +84,7 @@ func NewConfigFromMap(configMap map[string]string) (*Kourier, error) {
cm.AsBool(useRemoteAddress, &nc.UseRemoteAddress),
cm.AsStringSet(cipherSuites, &nc.CipherSuites),
cm.AsBool(enableCryptoMB, &nc.EnableCryptoMB),
cm.AsBool(enableIPv6Listeners, &nc.EnableIPv6Listeners),
asTracing(TracingCollectorFullEndpoint, &nc.Tracing),
); err != nil {
return nil, err
Expand Down Expand Up @@ -157,6 +162,8 @@ type Kourier struct {
// EnableCryptoMB specifies whether Kourier enable CryptoMB private provider to accelerate
// TLS handshake. The default value is "false".
EnableCryptoMB bool
// Create Listeners on ipv6.
EnableIPv6Listeners bool
// CipherSuites specifies the cipher suites for TLS external listener.
CipherSuites sets.Set[string]
// Tracing specifies the configuration for gateway tracing
Expand Down
20 changes: 13 additions & 7 deletions pkg/envoy/api/listener.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ type SNIMatch struct {
}

// NewHTTPListener creates a new Listener at the given port, backed by the given manager.
func NewHTTPListener(manager *hcm.HttpConnectionManager, port uint32, enableProxyProtocol bool) (*listener.Listener, error) {
func NewHTTPListener(manager *hcm.HttpConnectionManager, port uint32, enableProxyProtocol bool, enableIPv6Listeners bool) (*listener.Listener, error) {
filters, err := createFilters(manager)
if err != nil {
return nil, err
Expand All @@ -65,7 +65,7 @@ func NewHTTPListener(manager *hcm.HttpConnectionManager, port uint32, enableProx

return &listener.Listener{
Name: CreateListenerName(port),
Address: createAddress(port),
Address: createAddress(port, enableIPv6Listeners),
ListenerFilters: listenerFilter,
FilterChains: []*listener.FilterChain{{
Filters: filters,
Expand All @@ -74,7 +74,7 @@ func NewHTTPListener(manager *hcm.HttpConnectionManager, port uint32, enableProx
}

// NewHTTPSListener creates a new Listener at the given port with a given filter chain
func NewHTTPSListener(port uint32, filterChain []*listener.FilterChain, enableProxyProtocol bool) (*listener.Listener, error) {
func NewHTTPSListener(port uint32, filterChain []*listener.FilterChain, enableProxyProtocol bool, enableIPv6Listeners bool) (*listener.Listener, error) {
var listenerFilter []*listener.ListenerFilter
if enableProxyProtocol {
proxyProtocolListenerFilter, err := createProxyProtocolListenerFilter()
Expand All @@ -86,7 +86,7 @@ func NewHTTPSListener(port uint32, filterChain []*listener.FilterChain, enablePr

return &listener.Listener{
Name: CreateListenerName(port),
Address: createAddress(port),
Address: createAddress(port, enableIPv6Listeners),
ListenerFilters: listenerFilter,
FilterChains: filterChain,
}, nil
Expand Down Expand Up @@ -159,7 +159,7 @@ func NewHTTPSListenerWithSNI(manager *hcm.HttpConnectionManager, port uint32, sn

return &listener.Listener{
Name: CreateListenerName(port),
Address: createAddress(port),
Address: createAddress(port, kourierConfig.EnableIPv6Listeners),
FilterChains: filterChains,
ListenerFilters: listenerFilter,
}, nil
Expand All @@ -170,12 +170,18 @@ func CreateListenerName(port uint32) string {
return fmt.Sprintf("listener_%d", port)
}

func createAddress(port uint32) *core.Address {
func createAddress(port uint32, ipv6 bool) *core.Address {
var address string
if ipv6 {
address = "::"
} else {
address = "0.0.0.0"
}
return &core.Address{
Address: &core.Address_SocketAddress{
SocketAddress: &core.SocketAddress{
Protocol: core.SocketAddress_TCP,
Address: "0.0.0.0",
Address: address,
PortSpecifier: &core.SocketAddress_PortValue{
PortValue: port,
},
Expand Down
28 changes: 23 additions & 5 deletions pkg/envoy/api/listener_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func TestNewHTTPListener(t *testing.T) {
}
manager := NewHTTPConnectionManager("test", &kourierConfig)

l, err := NewHTTPListener(manager, 8080, false)
l, err := NewHTTPListener(manager, 8080, false, false)
assert.NilError(t, err)

assert.Equal(t, core.SocketAddress_TCP, l.Address.GetSocketAddress().Protocol)
Expand All @@ -66,7 +66,7 @@ func TestNewHTTPListenerWithProxyProtocol(t *testing.T) {
}
manager := NewHTTPConnectionManager("test", &kourierConfig)

l, err := NewHTTPListener(manager, 8080, true)
l, err := NewHTTPListener(manager, 8080, true, false)
assert.NilError(t, err)

assert.Equal(t, core.SocketAddress_TCP, l.Address.GetSocketAddress().Protocol)
Expand All @@ -78,6 +78,24 @@ func TestNewHTTPListenerWithProxyProtocol(t *testing.T) {
assertListenerHasProxyProtocolConfigured(t, l.ListenerFilters[0])
}

func TestNewHTTPListenerWithIPv6(t *testing.T) {
kourierConfig := config.Kourier{
EnableIPv6Listeners: true,
IdleTimeout: 0 * time.Second,
}
manager := NewHTTPConnectionManager("test", &kourierConfig)

l, err := NewHTTPListener(manager, 8080, false, true)
assert.NilError(t, err)

assert.Equal(t, core.SocketAddress_TCP, l.Address.GetSocketAddress().Protocol)
assert.Equal(t, uint32(8080), l.Address.GetSocketAddress().GetPortValue())
assert.Assert(t, is.Nil(l.FilterChains[0].TransportSocket)) // TLS not configured

// Check if listening on ipv6
assert.Equal(t, "::", l.Address.GetSocketAddress().Address)
}

var c = Certificate{
Certificate: []byte("some_certificate_chain"),
PrivateKey: []byte("some_private_key"),
Expand All @@ -101,7 +119,7 @@ func TestNewHTTPSListener(t *testing.T) {
filterChain, err := CreateFilterChainFromCertificateAndPrivateKey(manager, &c)
assert.NilError(t, err)

l, err := NewHTTPSListener(8081, []*envoy_api_v3.FilterChain{filterChain}, false)
l, err := NewHTTPSListener(8081, []*envoy_api_v3.FilterChain{filterChain}, false, false)
assert.NilError(t, err)

assert.Equal(t, core.SocketAddress_TCP, l.Address.GetSocketAddress().Protocol)
Expand Down Expand Up @@ -141,7 +159,7 @@ func TestNewHTTPSListenerWithPrivatekeyProvider(t *testing.T) {
filterChain, err := CreateFilterChainFromCertificateAndPrivateKey(manager, &crypto)
assert.NilError(t, err)

l, err := NewHTTPSListener(8081, []*envoy_api_v3.FilterChain{filterChain}, false)
l, err := NewHTTPSListener(8081, []*envoy_api_v3.FilterChain{filterChain}, false, false)
assert.NilError(t, err)

assert.Equal(t, core.SocketAddress_TCP, l.Address.GetSocketAddress().Protocol)
Expand Down Expand Up @@ -205,7 +223,7 @@ func TestNewHTTPSListenerWithProxyProtocol(t *testing.T) {
filterChain, err := CreateFilterChainFromCertificateAndPrivateKey(manager, &c)
assert.NilError(t, err)

l, err := NewHTTPSListener(8081, []*envoy_api_v3.FilterChain{filterChain}, true)
l, err := NewHTTPSListener(8081, []*envoy_api_v3.FilterChain{filterChain}, true, false)
assert.NilError(t, err)

assert.Equal(t, core.SocketAddress_TCP, l.Address.GetSocketAddress().Protocol)
Expand Down
12 changes: 6 additions & 6 deletions pkg/generator/caches.go
Original file line number Diff line number Diff line change
Expand Up @@ -240,11 +240,11 @@ func generateListenersAndRouteConfigsAndClusters(
externalTLSManager := envoy.NewHTTPConnectionManager(externalTLSRouteConfig.Name, cfg.Kourier)
localManager := envoy.NewHTTPConnectionManager(localRouteConfig.Name, cfg.Kourier)

externalHTTPEnvoyListener, err := envoy.NewHTTPListener(externalManager, config.HTTPPortExternal, cfg.Kourier.EnableProxyProtocol)
externalHTTPEnvoyListener, err := envoy.NewHTTPListener(externalManager, config.HTTPPortExternal, cfg.Kourier.EnableProxyProtocol, cfg.Kourier.EnableIPv6Listeners)
if err != nil {
return nil, nil, nil, err
}
localEnvoyListener, err := envoy.NewHTTPListener(localManager, config.HTTPPortLocal, false)
localEnvoyListener, err := envoy.NewHTTPListener(localManager, config.HTTPPortLocal, false, cfg.Kourier.EnableIPv6Listeners)
if err != nil {
return nil, nil, nil, err
}
Expand All @@ -254,7 +254,7 @@ func generateListenersAndRouteConfigsAndClusters(
clusters := make([]cachetypes.Resource, 0, 1)

// create probe listeners
probHTTPListener, err := envoy.NewHTTPListener(externalManager, config.HTTPPortProb, false)
probHTTPListener, err := envoy.NewHTTPListener(externalManager, config.HTTPPortProb, false, cfg.Kourier.EnableIPv6Listeners)
if err != nil {
return nil, nil, nil, err
}
Expand Down Expand Up @@ -372,7 +372,7 @@ func generateListenersAndRouteConfigsAndClusters(
}

// create https prob listener
probHTTPSListener, err := envoy.NewHTTPSListener(config.HTTPSPortProb, externalHTTPSEnvoyListener.FilterChains, false)
probHTTPSListener, err := envoy.NewHTTPSListener(config.HTTPSPortProb, externalHTTPSEnvoyListener.FilterChains, false, cfg.Kourier.EnableIPv6Listeners)
if err != nil {
return nil, nil, nil, err
}
Expand Down Expand Up @@ -454,7 +454,7 @@ func newExternalEnvoyListenerWithOneCert(ctx context.Context, manager *httpconnm
return nil, err
}

return envoy.NewHTTPSListener(config.HTTPSPortExternal, []*v3.FilterChain{filterChain}, cfg.EnableProxyProtocol)
return envoy.NewHTTPSListener(config.HTTPSPortExternal, []*v3.FilterChain{filterChain}, cfg.EnableProxyProtocol, cfg.EnableIPv6Listeners)
}

func newLocalEnvoyListenerWithOneCertFilterChain(ctx context.Context, manager *httpconnmanagerv3.HttpConnectionManager, kubeClient kubeclient.Interface, cfg *config.Kourier) (*v3.FilterChain, error) {
Expand All @@ -475,7 +475,7 @@ func newLocalEnvoyListenerWithOneCert(ctx context.Context, manager *httpconnmana
if err != nil {
return nil, err
}
return envoy.NewHTTPSListener(config.HTTPSPortLocal, []*v3.FilterChain{filterChain}, cfg.EnableProxyProtocol)
return envoy.NewHTTPSListener(config.HTTPSPortLocal, []*v3.FilterChain{filterChain}, cfg.EnableProxyProtocol, cfg.EnableIPv6Listeners)
}

func privateKeyProvider(mbEnabled bool) string {
Expand Down

0 comments on commit c3e7de2

Please sign in to comment.