Add --enable-dns-proxy startup parameter for DNS proxy

[vinayakjeet]

This adds a startup parameter --enable-dns-proxy to control DNS proxy instead of using environment variables, making it consistent with other features like --enable-bypass and --enable-mda.

Changes:

• Create daemon/options/dns.go with DNS config struct

• Add DNSConfig to BootstrapConfigs

• Update controller to use enableDNSProxy from config

• Pass enableDNSProxy through client to workload controller

• Update PrepareDNSProxy to accept enableDNSProxy parameter

Fixes #1574

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

[kmesh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign bitcoffeeiux for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kmesh-bot]

Welcome @vinayakjeet! It looks like this is your first PR to kmesh-net/kmesh 🎉

[gemini-code-assist]

Summary of Changes

Hello @vinayakjeet, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the DNS proxy enablement mechanism within the Kmesh daemon. It transitions from using environment variables or global flags to a dedicated --enable-dns-proxy startup parameter. This change standardizes the configuration approach across various Kmesh features, improving consistency and simplifying the management of the DNS proxy functionality.

Highlights

• New Startup Parameter: Introduced a new --enable-dns-proxy startup parameter to explicitly control the DNS proxy feature, moving away from environment variables for consistency.
• Centralized Configuration: A new dnsConfig struct was created in daemon/options/dns.go to encapsulate DNS proxy configuration, and it has been integrated into the main BootstrapConfigs.
• Configuration Propagation: The enableDNSProxy setting is now properly propagated through the Controller, XdsClient, workload.Controller, and workload.Processor components.
• Refactored DNS Proxy Preparation: The PrepareDNSProxy function in workload_processor.go has been updated to accept the enableDNSProxy parameter, ensuring its behavior is directly controlled by the new startup flag.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

A new flag takes its stand, No more env vars, a clear command. Consistency's the key, For features, wild and free.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a --enable-dns-proxy startup parameter to control the DNS proxy feature, replacing the previous environment variable-based configuration. This change improves consistency with other features. The implementation correctly adds the new flag and plumbs the configuration value down to the component that uses it. The changes are well-executed. I've added a couple of suggestions to improve maintainability by refactoring functions with long parameter lists into using options structs. This will make the code more robust and prevent potential bugs from incorrect parameter ordering.

[gemini-code-assist]

The function NewXdsClient has a growing number of parameters, including several booleans in a row. This can make the function calls hard to read and error-prone, as it's easy to mix up the boolean flags. To improve maintainability and reduce the risk of future bugs, consider refactoring this to use an options struct for the configuration parameters.

For example:

type XdsClientOptions struct {
    Mode             string
    BpfAds           *bpfads.BpfAds
    BpfWorkload      *bpfwl.BpfWorkload
    EnableMonitoring bool
    EnableProfiling  bool
    EnableDNSProxy   bool
}

func NewXdsClient(opts *XdsClientOptions) (*XdsClient, error) { /* ... */ }

This makes callsites clearer, e.g., NewXdsClient(&XdsClientOptions{Mode: c.mode, ...}).

[gemini-code-assist]

Similar to NewXdsClient, the function NewController also has a growing list of boolean parameters. This pattern is fragile and can lead to bugs if parameters are accidentally swapped. For instance, the caller passes a variable named enableProfiling for the enablePerfMonitor parameter, which can be confusing. Refactoring to use an options struct with clearly named fields would make the code more robust, readable, and easier to maintain.

For example:

type ControllerOptions struct {
    BpfWorkload         *bpfwl.BpfWorkload
    EnableMonitoring    bool
    EnablePerfMonitor   bool
    EnableDNSProxy      bool
}

func NewController(opts *ControllerOptions) (*Controller, error) { /* ... */ }

[Copilot]

Pull request overview

Adds a new --enable-dns-proxy startup flag and threads this configuration through the daemon/controller stack so DNS proxy behavior is controlled via startup configuration instead of a workload env var.

Changes:

• Introduces daemon/options/dns.go and wires DNSConfig into BootstrapConfigs.
• Passes enableDNSProxy from daemon options → controller → XDS client → workload controller/processor.
• Updates DNS proxy preparation/setup paths to use the new config value.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
pkg/controller/workload/workload_processor.go	Makes DNS proxy preparation depend on an explicit enableDNSProxy parameter.
pkg/controller/workload/workload_controller.go	Stores and forwards enableDNSProxy into PrepareDNSProxy.
pkg/controller/controller.go	Reads enableDNSProxy from bootstrap config and uses it to decide DNS proxy startup.
pkg/controller/client.go	Extends NewXdsClient to accept and forward enableDNSProxy.
daemon/options/options.go	Adds DNSConfig to bootstrap configs and attaches its flags.
daemon/options/dns.go	Adds the --enable-dns-proxy flag definition.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

NewXdsClient now takes an additional enableDNSProxy parameter, but there are still call sites using the old 5-arg signature (e.g., pkg/controller/client_test.go). This will cause compilation/test failures; update those call sites to pass the new argument (likely false for existing tests).

[Copilot]

Controller.enableDNSProxy is now sourced only from the new --enable-dns-proxy flag (opts.DNSConfig.EnableDNSProxy). Existing deployment manifests in this repo (e.g., deploy/charts/kmesh-helm/templates/daemonset.yaml and deploy/yaml/kmesh.yaml) currently enable DNS proxy via the KMESH_ENABLE_DNS_PROXY environment variable, which will be ignored with this change—resulting in DNS proxy silently not starting after upgrade. Either update those manifests to pass --enable-dns-proxy when dnsProxy is enabled, or keep a backward-compatible fallback to the env var.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

NewXdsClient now takes three boolean feature flags (enableMonitoring, enableProfiling, enableDNSProxy). This API shape is hard to read at call sites and makes it easy to accidentally swap arguments as more feature flags get added. Consider replacing the boolean parameter list with an options struct (e.g., XdsClientOptions) or passing a config object so future feature flags are self-documenting and backward-compatible.

[Copilot]

The third parameter name enablePerfMonitor is confusing given it is passed from BpfConfig.EnableProfiling (and NewXdsClient names it enableProfiling). Consider renaming this parameter (and/or the related config flag) so the meaning is consistent across layers (e.g., enableProfiling or enableBpfMetrics).

[Copilot]

After switching to opts.DNSConfig.EnableDNSProxy as the source of truth, pkg/controller/workload/features.go's EnableDNSProxy env var registration appears to be unused (no remaining references). To avoid stale documentation and multiple configuration entry points, consider removing it or wiring the flag parsing to reuse the same variable/registration.

[codecov]

Codecov Report

❌ Patch coverage is 20.00000% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 39.53%. Comparing base (3018401) to head (b70e828).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/controller/controller.go	0.00%	3 Missing ⚠️
pkg/controller/workload/workload_controller.go	0.00%	3 Missing ⚠️
pkg/controller/workload/workload_processor.go	0.00%	2 Missing ⚠️

Files with missing lines	Coverage Δ
pkg/controller/client.go	64.63% <100.00%> (ø)
pkg/controller/workload/workload_processor.go	57.76% <0.00%> (ø)
pkg/controller/controller.go	0.00% <0.00%> (ø)
pkg/controller/workload/workload_controller.go	30.47% <0.00%> (-0.30%)	⬇️

... and 1 file with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7c77714...b70e828. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[vinayakjeet]

@nlgwcy @YaoZengzeng @lec-bit
This PR adds a startup flag (--enable-dns-proxy) to fix the issue in #1574.
If this approach looks correct, we can proceed next with adding DNS proxy control via kmeshctl.
Please review. Thanks!

[LiZhenCheng9527]

Thank you for your help.

But your current implementation still relying on setting environment variables. Perhaps the issue description was unclear. We wish to use kmeshctl to start and stop the DNS proxy at any time during the operation of the kmesh.

You can refer to: #935