hotfix: detect enable ipv6 for envoy (#387)

* hotfix: detect enable ipv6 for envoy * hotfix: detect pod enable ipv6 for envoy * hotfix: optimize code
2025-12-24 11:51:13 +08:00 · 2024-12-06 22:03:37 +08:00
parent 81f62eab31
commit 1dc3c057a7
4 changed files with 93 additions and 3 deletions
--- a/pkg/inject/controller.go
+++ b/pkg/inject/controller.go
@@ -17,6 +17,9 @@ import (
 //go:embed envoy.yaml
 var envoyConfig []byte

+//go:embed envoy_ipv4.yaml
+var envoyConfigIPv4 []byte
+
 func RemoveContainers(spec *v1.PodTemplateSpec) {
 	for i := 0; i < len(spec.Spec.Containers); i++ {
 		if sets.New[string](config.ContainerSidecarEnvoyProxy, config.ContainerSidecarVPN).Has(spec.Spec.Containers[i].Name) {
@@ -27,7 +30,7 @@ func RemoveContainers(spec *v1.PodTemplateSpec) {
 }

 // AddMeshContainer todo envoy support ipv6
-func AddMeshContainer(spec *v1.PodTemplateSpec, nodeId string, c util.PodRouteConfig) {
+func AddMeshContainer(spec *v1.PodTemplateSpec, nodeId string, c util.PodRouteConfig, ipv6 bool) {
 	// remove envoy proxy containers if already exist
 	RemoveContainers(spec)

@@ -140,7 +143,12 @@ kubevpn serve -L "tun:/localhost:8422?net=${TunIPv4}&route=${CIDR4}" -F "tcp://$
 			"--config-yaml",
 		},
 		Args: []string{
-			string(envoyConfig),
+			func() string {
+				if ipv6 {
+					return string(envoyConfig)
+				}
+				return string(envoyConfigIPv4)
+			}(),
 		},
 		Resources: v1.ResourceRequirements{
 			Requests: map[v1.ResourceName]resource.Quantity{
--- a/pkg/inject/envoy_ipv4.yaml
+++ b/pkg/inject/envoy_ipv4.yaml
@@ -0,0 +1,51 @@
+admin:
+  access_log_path: /dev/null
+  address:
+    socket_address:
+      address: "0.0.0.0"
+      port_value: 9003
+dynamic_resources:
+  ads_config:
+    api_type: GRPC
+    transport_api_version: V3
+    grpc_services:
+      - envoy_grpc:
+          cluster_name: xds_cluster
+    set_node_on_first_message_only: true
+  cds_config:
+    resource_api_version: V3
+    ads: { }
+  lds_config:
+    resource_api_version: V3
+    ads: { }
+static_resources:
+  listeners:
+    - name: default_listener
+      address:
+        socket_address:
+          address: "0.0.0.0"
+          port_value: 15006
+      use_original_dst: true
+      filter_chains:
+        - filters:
+            - name: envoy.filters.network.tcp_proxy
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+                stat_prefix: tcp
+                cluster: origin_cluster
+  clusters:
+    - name: xds_cluster
+      connect_timeout: 2s
+      type: STRICT_DNS
+      lb_policy: ROUND_ROBIN
+      load_assignment:
+        cluster_name: xds_cluster
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: kubevpn-traffic-manager
+                      port_value: 9002
+                      ipv4_compat: true
+      http2_protocol_options: { }
--- a/pkg/inject/mesh.go
+++ b/pkg/inject/mesh.go
@@ -102,6 +102,8 @@ func InjectVPNAndEnvoySidecar(ctx1 context.Context, factory cmdutil.Factory, cli
 		log.Infof("Workload %s/%s has already been injected with sidecar", namespace, workload)
 		return nil
 	}
+
+	enableIPv6, _ := util.DetectPodSupportIPv6(ctx1, factory, namespace)
 	// (1) add mesh container
 	removePatch, restorePatch := patch(*origin, path)
 	var b []byte
@@ -111,7 +113,7 @@ func InjectVPNAndEnvoySidecar(ctx1 context.Context, factory cmdutil.Factory, cli
 		return err
 	}

-	AddMeshContainer(templateSpec, nodeID, c)
+	AddMeshContainer(templateSpec, nodeID, c, enableIPv6)
 	helper := pkgresource.NewHelper(object.Client, object.Mapping)
 	ps := []P{
 		{