istio · istio-testing · Jun 6, 2025 · Aug 27, 2024 · Sep 17, 2024 · Sep 19, 2024
@@ -0,0 +1 @@
+out
@@ -86,7 +86,7 @@ rustls-pemfile = "2.2"
 serde = { version = "1.0", features = ["derive", "rc"] }
 serde_json = "1.0"
 serde_yaml = "0.9"
-socket2 = { version = "0.5", features = ["all"] }
+socket2 = { git = "https://github.com/keithmattix/socket2.git", branch="add-tcp-retries-to-windows", features = ["all"] }
 textnonce = { version = "1.0" }
 thiserror = "2.0"
 tls-listener = { version = "0.11" }
@@ -117,11 +117,16 @@ educe = "0.6"
 netns-rs = "0.1"
 pprof = { version = "0.14", features = ["protobuf", "protobuf-codec", "criterion"] }
 
+[target.'cfg(target_os = "windows")'.dependencies]
+windows = { version = "0.58.0", features = ["Win32_System_HostCompute", "Win32_System_HostComputeNetwork", "Win32_System_HostComputeSystem", "Win32_NetworkManagement_IpHelper"] }
+hcn = { git = "https://github.com/keithmattix/hcn-rs.git" }
+
 [build-dependencies]
 tonic-build = { version = "0.13", default-features = false, features = ["prost"] }
 prost-build = "0.13"
 anyhow = "1.0"
 rustc_version = "0.4"
+cfg-if = "1.0"
 
 [profile.release]
 opt-level = 3

@@ -0,0 +1,10 @@
+ARG WINBASE=mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
+FROM --platform=$BUILDPLATFORM rust AS build
+WORKDIR /src
+RUN apt-get update && apt-get install -y mingw-w64 protobuf-compiler cmake nasm && rustup target add x86_64-pc-windows-gnu
+COPY . .
+RUN cargo build --target x86_64-pc-windows-gnu --release
+
+FROM ${WINBASE}
+COPY --from=build /src/out/rust/x86_64-pc-windows-gnu/release/ztunnel.exe ztunnel.exe
+ENTRYPOINT [ "ztunnel.exe" ]
@@ -0,0 +1,46 @@
+# WIP: Windows Support
+
+Easiest way is probably to cross-compile? On Debian-based distros, install mingw:
+
+```bash
+sudo apt-get install mingw-w64
+```
+
+Then, add Rust cross-compile support with rustup:
+
+```bash
+rustup target add x86_64-pc-windows-gnu
+```
+
+Test a build with:
+
+```bash
+cargo build --target x86_64-pc-windows-gnu
+```
+
+Docker does support cross-building for Windows, but it is a bit of a pain. You can use the `docker buildx` command to build images for Windows. First, you need to create a new builder instance:
+
+```bash
+docker buildx create --name windows-builder --platform=windows/amd64 # change to windows/arm64 if you want to build for arm64
+```
+
+Then, build a docker image with:
+
+```bash
+docker buildx build . -f Dockerfile.ztunnel-windows --platform=windows/amd64 --output type=registry -t localhost:5000/ztunnel-windows --builder windows-builder
+```
+
+## DNS
+
+HostProcess pods in Windows can't resolve cluster local DNS names. This is a known issue. In the meantime, you can use ALT_XDS_HOSTNAME and ALT_CA_HOSTNAME environment variables to set the expected certificate dns names for both XDS and CA clients.
+
+UPDATE: looks like there are some powershell commands we can run (perhaps as an init container?) to set the nameserver for a certain DNS namespace:
+
+```powershell
+Add-DnsClientNrptRule -Namespace ".cluster.local" -NameServers "$env:KUBE_DNS_IP"
+Clear-DnsClientCache # Clears the DNS client cache. Equivalent to `ipconfig /flushdns`
+```
+
+## REUSE_PORT
+
+Socket reuse is effectively not supported on Windows (despite the options existing, they're either insecure or ineffective for our purposes)
@@ -17,8 +17,10 @@ use std::sync::{Arc, RwLock};
 use std::time::Duration;
 
 use bytes::Bytes;
+#[cfg(target_os = "linux")]
 use criterion::{Criterion, Throughput, criterion_group, criterion_main};
 use hickory_resolver::config::{ResolverConfig, ResolverOpts};
+#[cfg(target_os = "linux")]
 use pprof::criterion::{Output, PProfProfiler};
 use prometheus_client::registry::Registry;
 use tokio::runtime::Runtime;
@@ -33,6 +35,7 @@ use ztunnel::xds::istio::workload::Workload as XdsWorkload;
 use ztunnel::xds::istio::workload::load_balancing;
 use ztunnel::xds::istio::workload::{NetworkAddress as XdsNetworkAddress, PortList};
 
+#[cfg(target_os = "linux")]
 pub fn xds(c: &mut Criterion) {
     use ztunnel::xds::istio::workload::Port;
     use ztunnel::xds::istio::workload::Service as XdsService;
@@ -87,6 +90,7 @@ pub fn xds(c: &mut Criterion) {
     });
 }
 
+#[cfg(target_os = "linux")]
 pub fn load_balance(c: &mut Criterion) {
     let mut c = c.benchmark_group("load_balance");
     c.throughput(Throughput::Elements(1));
@@ -191,6 +195,7 @@ fn build_load_balancer(
     (rt, demand, src_wl, svc_addr)
 }
 
+#[cfg(target_os = "linux")]
 criterion_group! {
     name = benches;
     config = Criterion::default()
@@ -199,4 +204,10 @@ criterion_group! {
     targets = xds, load_balance
 }
 
+#[cfg(target_os = "linux")]
 criterion_main!(benches);
+
+#[cfg(not(target_os = "linux"))]
+fn main() {
+    println!("This benchmark is only supported on Linux");
+}