[NET-6787] HostNetwork support for meshgw deployments (#3379)

Add configuration for host network for mesh gateway deployments
hashicorp · Dec 14, 2023 · c8e5d9e · c8e5d9e
1 parent 6c71611
commit c8e5d9e
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 9 deletions.
diff --git a/charts/consul/templates/crd-gatewayclassconfigs.yaml b/charts/consul/templates/crd-gatewayclassconfigs.yaml
@@ -164,6 +164,10 @@ spec:
                             type: object
                         type: object
                     type: object
+                  hostNetwork:
+                    description: HostNetwork specifies whether the gateway pods should
+                      run on the host network
+                    type: boolean
                   initContainer:
                     description: InitContainer contains config specific to the created
                       Deployment's init container

diff --git a/charts/consul/templates/gateway-resources-configmap.yaml b/charts/consul/templates/gateway-resources-configmap.yaml
@@ -60,6 +60,9 @@ data:
             {{- with .Values.meshGateway.nodeSelector }}
             nodeSelector: {{ fromYaml . | toJson }}
             {{- end }}
+            {{- with .Values.meshGateway.hostNetwork }}
+            hostNetwork: {{ . }}
+            {{- end }}
             priorityClassName: {{ toJson .Values.meshGateway.priorityClassName }}
             replicas:
               default: {{ .Values.meshGateway.replicas }}

diff --git a/control-plane/api/mesh/v2beta1/gateway_class_config_types.go b/control-plane/api/mesh/v2beta1/gateway_class_config_types.go
@@ -67,6 +67,8 @@ type GatewayClassDeploymentConfig struct {
 	SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
 	// Tolerations specifies the tolerations to use on the created Deployment
 	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
+	// HostNetwork specifies whether the gateway pods should run on the host network
+	HostNetwork bool `json:"hostNetwork,omitempty"`
 }
 
 type GatewayClassReplicasConfig struct {

diff --git a/control-plane/config/crd/bases/mesh.consul.hashicorp.com_gatewayclassconfigs.yaml b/control-plane/config/crd/bases/mesh.consul.hashicorp.com_gatewayclassconfigs.yaml
@@ -160,6 +160,10 @@ spec:
                             type: object
                         type: object
                     type: object
+                  hostNetwork:
+                    description: HostNetwork specifies whether the gateway pods should
+                      run on the host network
+                    type: boolean
                   initContainer:
                     description: InitContainer contains config specific to the created
                       Deployment's init container

diff --git a/control-plane/gateways/deployment.go b/control-plane/gateways/deployment.go
@@ -38,18 +38,12 @@ func (b *meshGatewayBuilder) deploymentSpec() (*appsv1.DeploymentSpec, error) {
 
 	var (
 		containerConfig  *meshv2beta1.GatewayClassContainerConfig
-		nodeSelector     map[string]string
-		tolerations      []corev1.Toleration
 		deploymentConfig meshv2beta1.GatewayClassDeploymentConfig
-		replicas         *meshv2beta1.GatewayClassReplicasConfig
 	)
 
 	if b.gcc != nil {
 		containerConfig = b.gcc.Spec.Deployment.Container
 		deploymentConfig = b.gcc.Spec.Deployment
-		nodeSelector = b.gcc.Spec.Deployment.NodeSelector
-		tolerations = b.gcc.Spec.Deployment.Tolerations
-		replicas = b.gcc.Spec.Deployment.Replicas
 	}
 
 	container, err := consulDataplaneContainer(b.config, containerConfig, b.gateway.Name, b.gateway.Namespace)
@@ -59,7 +53,7 @@ func (b *meshGatewayBuilder) deploymentSpec() (*appsv1.DeploymentSpec, error) {
 
 	return &appsv1.DeploymentSpec{
 		// TODO NET-6721
-		Replicas: deploymentReplicaCount(replicas, nil),
+		Replicas: deploymentReplicaCount(deploymentConfig.Replicas, nil),
 		Selector: &metav1.LabelSelector{
 			MatchLabels: b.Labels(),
 		},
@@ -101,9 +95,10 @@ func (b *meshGatewayBuilder) deploymentSpec() (*appsv1.DeploymentSpec, error) {
 						},
 					},
 				},
-				NodeSelector:       nodeSelector,
+				NodeSelector:       deploymentConfig.NodeSelector,
 				PriorityClassName:  deploymentConfig.PriorityClassName,
-				Tolerations:        tolerations,
+				HostNetwork:        deploymentConfig.HostNetwork,
+				Tolerations:        deploymentConfig.Tolerations,
 				ServiceAccountName: b.serviceAccountName(),
 			},
 		},

diff --git a/control-plane/subcommand/gateway-resources/command_test.go b/control-plane/subcommand/gateway-resources/command_test.go
@@ -372,6 +372,7 @@ var validGWConfigurationKitchenSink = `gatewayClassConfigs:
     name: consul-mesh-gateway
   spec:
     deployment:
+      hostNetwork: true
       replicas:
         min: 3
         default: 3
@@ -449,6 +450,7 @@ func TestRun_loadGatewayConfigs(t *testing.T) {
 			config:   validGWConfigurationKitchenSink,
 			filename: "kitchenSinkConfig.yaml",
 			expectedDeployment: v2beta1.GatewayClassDeploymentConfig{
+				HostNetwork: true,
 				NodeSelector: map[string]string{
 					"beta.kubernetes.io/arch": "amd64",
 					"beta.kubernetes.io/os":   "linux",