fix(xds): use DnsCluster extension for DNS clusters by andreademurtas · Pull Request #9155 · envoyproxy/gateway

andreademurtas · 2026-06-03T21:56:32Z

What type of PR is this?

What this PR does / why we need it:

Cluster.dns_refresh_rate and Cluster.respect_dns_ttl are deprecated in Envoy. This PR migrates DNS-based clusters (the STRICT_DNS path in the xDS translator) to Envoy's envoy.cluster.dns cluster extension (envoy.extensions.clusters.dns.v3.DnsCluster), the supported replacement.

Behavior is preserved:

The existing 30s dns_refresh_rate default and respect_dns_ttl=true default are carried over.
dns_lookup_family is set inside the DnsCluster extension, because Envoy reads it from there (and ignores the top-level Cluster.dns_lookup_family) when cluster_type is set. The config.cluster.v3 and clusters.common.dns.v3 lookup-family enums differ by one value, so the mapping is done by name, not a raw cast.
all_addresses_in_single_endpoint is left false, equivalent to the legacy STRICT_DNS type.

The static bootstrap xds_cluster keeps type: STRICT_DNS: it does not use the deprecated fields and the STRICT_DNS type itself is not deprecated, so it is intentionally out of scope. TestBuildXdsCluster is updated accordingly, and unit tests cover the new lookup-family mapping and the refresh-rate validation path.

Note for EnvoyPatchPolicy/JSONPatch users: patches targeting type, dns_refresh_rate, or respect_dns_ttl on these clusters must be updated to patch the cluster_type (envoy.cluster.dns) typed config instead (captured in the release notes).

Which issue(s) this PR fixes:

Fixes #6192

Release Notes: Yes

Replace the deprecated Cluster.dns_refresh_rate and respect_dns_ttl fields with Envoy's envoy.cluster.dns extension for DNS-based clusters. Behavior is preserved (30s default, respect_dns_ttl, dns_lookup_family carried into the extension via a name-based enum mapping); STRICT_DNS semantics kept via all_addresses_in_single_endpoint=false. Fixes envoyproxy#6192 Signed-off-by: Andrea De Murtas <56048157+andreademurtas@users.noreply.github.com>

…lidation Signed-off-by: Andrea De Murtas <56048157+andreademurtas@users.noreply.github.com>

Signed-off-by: Andrea De Murtas <56048157+andreademurtas@users.noreply.github.com>

netlify · 2026-06-03T21:56:37Z

✅ Deploy Preview for cerulean-figolla-1f9435 ready!

Name	Link
🔨 Latest commit	`93c2ad4`
🔍 Latest deploy log	https://app.netlify.com/projects/cerulean-figolla-1f9435/deploys/6a29cc745d736c000873f7ac
😎 Deploy Preview	https://deploy-preview-9155--cerulean-figolla-1f9435.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d725b55237

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

codecov · 2026-06-03T22:09:09Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.92%. Comparing base (5266322) to head (93c2ad4).
⚠️ Report is 20 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9155      +/-   ##
==========================================
+ Coverage   74.81%   74.92%   +0.11%     
==========================================
  Files         252      252              
  Lines       40756    40818      +62     
==========================================
+ Hits        30490    30584      +94     
+ Misses       8184     8152      -32     
  Partials     2082     2082

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

zhaohuabing

LGTM. Thanks!

zhaohuabing · 2026-06-09T07:33:28Z

/retest

Signed-off-by: Andrea De Murtas <56048157+andreademurtas@users.noreply.github.com>

zhaohuabing · 2026-06-10T03:06:43Z

/retest

Copilot

Pull request overview

Migrates DNS-based xDS clusters generated by the translator from deprecated Cluster.dns_refresh_rate / Cluster.respect_dns_ttl fields to Envoy’s supported DNS cluster extension (envoy.cluster.dns / envoy.extensions.clusters.dns.v3.DnsCluster), keeping existing defaults and behavior while updating golden outputs and tests.

Changes:

Update internal/xds/translator/cluster.go to emit DNS clusters via cluster_type with DnsCluster typed config and a lookup-family enum mapping.
Update unit tests to validate the new typed config and refresh-rate validation behavior.
Refresh translator/egctl golden outputs and add release-note guidance for patch/extension-server consumers.

Findings

Required fixes

release-notes/current.yaml:7: Release note should also mention dns_lookup_family patches need to move to cluster_type typed config (Envoy ignores top-level Cluster.dns_lookup_family when cluster_type is set).

Optional follow-ups

None.

Reviewed changes

Copilot reviewed 3 out of 63 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
release-notes/current.yaml	Document breaking xDS shape change for DNS clusters / patchers
internal/xds/translator/cluster.go	Emit DNS clusters via `envoy.cluster.dns` typed config (DnsCluster extension)
internal/xds/translator/cluster_test.go	Assert typed config contents + add validation/mapping tests
internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/tracing-span-name.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/tracing-otel-sampler.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/tracing-otel-sampler-always-on.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/tracing-otel-headers.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/tracing-datadog.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/tls-route-termination.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip-invert.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ratelimit-per-rule-headers.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ratelimit-multi-global-shared.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ratelimit-global-shared.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ratelimit-both-type.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/oidc.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/oidc-provider-traffic-features.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/oidc-and-jwt-with-passthrough.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/jwt-with-backend-tls-retry.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/jwt-optional.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/jwt-from-multiple-listeners.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/http2-mixed.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/health-check-host-hierarchy.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/global-ratelimit-query-parameters.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ext-auth-body.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/dynamicmodule.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/dns-lookup-family.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/accesslog-with-format.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/accesslog-otel-headers.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml	Update golden DNS cluster output to `clusterType`/DnsCluster
internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.cluster.yaml	Update egctl golden cluster output to `clusterType`/DnsCluster
internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml	Update egctl golden “all” output to `clusterType`/DnsCluster
internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json	Update egctl golden JSON output to `clusterType`/DnsCluster

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Signed-off-by: Andrea De Murtas <56048157+andreademurtas@users.noreply.github.com>

andreademurtas added 3 commits June 3, 2026 23:23

test(xds): cover DnsCluster lookup-family mapping and refresh-rate va…

8d6d9db

…lidation Signed-off-by: Andrea De Murtas <56048157+andreademurtas@users.noreply.github.com>

docs: add release note for DnsCluster migration

d725b55

Signed-off-by: Andrea De Murtas <56048157+andreademurtas@users.noreply.github.com>

andreademurtas requested a review from a team as a code owner June 3, 2026 21:56

chatgpt-codex-connector Bot reviewed Jun 3, 2026

View reviewed changes

Comment thread internal/xds/translator/cluster.go

arkodg added this to the v1.9.0-rc.1 Release milestone Jun 8, 2026

arkodg requested review from zhaohuabing and zirain June 8, 2026 03:30

zhaohuabing reviewed Jun 9, 2026

View reviewed changes

Comment thread release-notes/current.yaml Outdated

zhaohuabing reviewed Jun 9, 2026

View reviewed changes

zhaohuabing mentioned this pull request Jun 9, 2026

fix(translator): use DnsCluster for DNS settings #9194

Closed

docs: move DnsCluster release note to breaking changes

8a132dd

Signed-off-by: Andrea De Murtas <56048157+andreademurtas@users.noreply.github.com>

zhaohuabing previously approved these changes Jun 10, 2026

View reviewed changes

zirain previously approved these changes Jun 10, 2026

View reviewed changes

zhaohuabing requested a review from Copilot June 10, 2026 03:06

Copilot started reviewing on behalf of zhaohuabing June 10, 2026 03:07 View session

Copilot AI reviewed Jun 10, 2026

View reviewed changes

Comment thread release-notes/current.yaml Outdated

docs: include dns_lookup_family in DnsCluster breaking-change note

93c2ad4

Signed-off-by: Andrea De Murtas <56048157+andreademurtas@users.noreply.github.com>

andreademurtas dismissed stale reviews from zirain and zhaohuabing via 93c2ad4 June 10, 2026 20:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(xds): use DnsCluster extension for DNS clusters#9155

fix(xds): use DnsCluster extension for DNS clusters#9155
andreademurtas wants to merge 5 commits into
envoyproxy:mainfrom
andreademurtas:refactor/6192-dns-cluster-extension

andreademurtas commented Jun 3, 2026

Uh oh!

netlify Bot commented Jun 3, 2026 •

edited

Loading

Uh oh!

chatgpt-codex-connector Bot left a comment

Uh oh!

Uh oh!

codecov Bot commented Jun 3, 2026 •

edited

Loading

Uh oh!

Uh oh!

zhaohuabing left a comment

Uh oh!

zhaohuabing commented Jun 9, 2026

Uh oh!

zhaohuabing commented Jun 10, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

andreademurtas commented Jun 3, 2026

Uh oh!

netlify Bot commented Jun 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for cerulean-figolla-1f9435 ready!

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

codecov Bot commented Jun 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

zhaohuabing left a comment

Choose a reason for hiding this comment

Uh oh!

zhaohuabing commented Jun 9, 2026

Uh oh!

zhaohuabing commented Jun 10, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Findings

Reviewed changes

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

netlify Bot commented Jun 3, 2026 •

edited

Loading

codecov Bot commented Jun 3, 2026 •

edited

Loading