status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/agent/xds/endpoints_test.go

399 lines
13 KiB
Go
Raw Normal View History

copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files
2023-03-28 18:39:22 +00:00
// Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-08-11 13:12:13 +00:00
// SPDX-License-Identifier: BUSL-1.1
copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files
2023-03-28 18:39:22 +00:00
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
package xds
import (
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
"path/filepath"
Fix a bunch of xds flaky tests The clusters/endpoints test were still relying on deterministic ordering of clusters/endpoints which cannot be relied upon due to golang purposefully not providing any guarantee about consistent interation ordering of maps. Also fixed a small bug in the connect proxy cluster generation that was causing the clusters slice to be double the size it needed to with the first half being all nil pointers.
2019-07-02 19:53:06 +00:00
"sort"
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
"testing"
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
Implement Mesh Gateways This includes both ingress and egress functionality.
2019-06-18 00:52:01 +00:00
"github.com/hashicorp/consul/agent/proxycfg"
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
"github.com/hashicorp/consul/agent/structs"
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
"github.com/hashicorp/consul/agent/xds/proxystateconverter"
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
"github.com/hashicorp/consul/agent/xds/response"
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
"github.com/hashicorp/consul/agent/xds/testcommon"
"github.com/hashicorp/consul/agent/xdsv2"
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 17:14:35 +00:00
"github.com/hashicorp/consul/envoyextensions/xdscommon"
Allow users to configure either unstructured or JSON logging (#7130) * hclog Allow users to choose between unstructured and JSON logging
2020-01-28 23:50:41 +00:00
"github.com/hashicorp/consul/sdk/testutil"
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
"github.com/hashicorp/go-hclog"
"github.com/mitchellh/copystructure"
testinf "github.com/mitchellh/go-testing-interface"
"github.com/stretchr/testify/require"
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
)
func Test_makeLoadAssignment(t *testing.T) {
testCheckServiceNodes := structs.CheckServiceNodes{
structs.CheckServiceNode{
Node: &structs.Node{
ID: "node1-id",
Node: "node1",
Address: "10.10.10.10",
Datacenter: "dc1",
},
Service: &structs.NodeService{
Service: "web",
Port: 1234,
},
Checks: structs.HealthChecks{
&structs.HealthCheck{
Node: "node1",
CheckID: "serfHealth",
Status: "passing",
},
&structs.HealthCheck{
Node: "node1",
ServiceID: "web",
CheckID: "web:check",
Status: "passing",
},
},
},
structs.CheckServiceNode{
Node: &structs.Node{
ID: "node2-id",
Node: "node2",
Address: "10.10.10.20",
Datacenter: "dc1",
},
Service: &structs.NodeService{
Service: "web",
Port: 1234,
},
Checks: structs.HealthChecks{
&structs.HealthCheck{
Node: "node2",
CheckID: "serfHealth",
Status: "passing",
},
&structs.HealthCheck{
Node: "node2",
ServiceID: "web",
CheckID: "web:check",
Status: "passing",
},
},
},
}
testWeightedCheckServiceNodesRaw, err := copystructure.Copy(testCheckServiceNodes)
require.NoError(t, err)
testWeightedCheckServiceNodes := testWeightedCheckServiceNodesRaw.(structs.CheckServiceNodes)
testWeightedCheckServiceNodes[0].Service.Weights = &structs.Weights{
Passing: 10,
Warning: 1,
}
testWeightedCheckServiceNodes[1].Service.Weights = &structs.Weights{
Passing: 5,
Warning: 0,
}
testWarningCheckServiceNodesRaw, err := copystructure.Copy(testWeightedCheckServiceNodes)
require.NoError(t, err)
testWarningCheckServiceNodes := testWarningCheckServiceNodesRaw.(structs.CheckServiceNodes)
testWarningCheckServiceNodes[0].Checks[0].Status = "warning"
testWarningCheckServiceNodes[1].Checks[0].Status = "warning"
connect: rework how the service resolver subset OnlyPassing flag works (#6173) The main change is that we no longer filter service instances by health, preferring instead to render all results down into EDS endpoints in envoy and merely label the endpoints as HEALTHY or UNHEALTHY. When OnlyPassing is set to true we will force consul checks in a 'warning' state to render as UNHEALTHY in envoy. Fixes #6171
2019-07-24 01:20:24 +00:00
// TODO(rb): test onlypassing
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
tests := []struct {
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor.
2019-08-02 20:34:54 +00:00
name string
clusterName string
Make locality aware routing xDS changes (#17826)
2023-06-21 16:39:53 +00:00
locality *structs.Locality
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor.
2019-08-02 20:34:54 +00:00
endpoints []loadAssignmentEndpointGroup
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
want *envoy_endpoint_v3.ClusterLoadAssignment
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
}{
{
name: "no instances",
clusterName: "service:test",
connect: rework how the service resolver subset OnlyPassing flag works (#6173) The main change is that we no longer filter service instances by health, preferring instead to render all results down into EDS endpoints in envoy and merely label the endpoints as HEALTHY or UNHEALTHY. When OnlyPassing is set to true we will force consul checks in a 'warning' state to render as UNHEALTHY in envoy. Fixes #6171
2019-07-24 01:20:24 +00:00
endpoints: []loadAssignmentEndpointGroup{
{Endpoints: nil},
activate most discovery chain features in xDS for envoy (#6024)
2019-07-02 03:10:51 +00:00
},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
want: &envoy_endpoint_v3.ClusterLoadAssignment{
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
ClusterName: "service:test",
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{{
LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{},
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
}},
},
},
{
name: "instances, no weights",
clusterName: "service:test",
connect: rework how the service resolver subset OnlyPassing flag works (#6173) The main change is that we no longer filter service instances by health, preferring instead to render all results down into EDS endpoints in envoy and merely label the endpoints as HEALTHY or UNHEALTHY. When OnlyPassing is set to true we will force consul checks in a 'warning' state to render as UNHEALTHY in envoy. Fixes #6171
2019-07-24 01:20:24 +00:00
endpoints: []loadAssignmentEndpointGroup{
{Endpoints: testCheckServiceNodes},
activate most discovery chain features in xDS for envoy (#6024)
2019-07-02 03:10:51 +00:00
},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
want: &envoy_endpoint_v3.ClusterLoadAssignment{
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
ClusterName: "service:test",
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{{
LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
Endpoint: &envoy_endpoint_v3.Endpoint{
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
Address: response.MakeAddress("10.10.10.10", 1234),
Upgrade xDS (go-control-plane) API to support Envoy 1.10. (#5872) * Upgrade xDS (go-control-plane) API to support Envoy 1.10. This includes backwards compatibility shim to work around the ext_authz package rename in 1.10. It also adds integration test support in CI for 1.10.0. * Fix go vet complaints * go mod vendor * Update Envoy version info in docs * Update website/source/docs/connect/proxies/envoy.md
2019-06-07 12:10:43 +00:00
}},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HealthStatus: envoy_core_v3.HealthStatus_HEALTHY,
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
LoadBalancingWeight: response.MakeUint32Value(1),
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
},
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
Endpoint: &envoy_endpoint_v3.Endpoint{
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
Address: response.MakeAddress("10.10.10.20", 1234),
Upgrade xDS (go-control-plane) API to support Envoy 1.10. (#5872) * Upgrade xDS (go-control-plane) API to support Envoy 1.10. This includes backwards compatibility shim to work around the ext_authz package rename in 1.10. It also adds integration test support in CI for 1.10.0. * Fix go vet complaints * go mod vendor * Update Envoy version info in docs * Update website/source/docs/connect/proxies/envoy.md
2019-06-07 12:10:43 +00:00
}},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HealthStatus: envoy_core_v3.HealthStatus_HEALTHY,
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
LoadBalancingWeight: response.MakeUint32Value(1),
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
},
},
}},
},
},
{
name: "instances, healthy weights",
clusterName: "service:test",
connect: rework how the service resolver subset OnlyPassing flag works (#6173) The main change is that we no longer filter service instances by health, preferring instead to render all results down into EDS endpoints in envoy and merely label the endpoints as HEALTHY or UNHEALTHY. When OnlyPassing is set to true we will force consul checks in a 'warning' state to render as UNHEALTHY in envoy. Fixes #6171
2019-07-24 01:20:24 +00:00
endpoints: []loadAssignmentEndpointGroup{
{Endpoints: testWeightedCheckServiceNodes},
activate most discovery chain features in xDS for envoy (#6024)
2019-07-02 03:10:51 +00:00
},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
want: &envoy_endpoint_v3.ClusterLoadAssignment{
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
ClusterName: "service:test",
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{{
LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
Endpoint: &envoy_endpoint_v3.Endpoint{
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
Address: response.MakeAddress("10.10.10.10", 1234),
Upgrade xDS (go-control-plane) API to support Envoy 1.10. (#5872) * Upgrade xDS (go-control-plane) API to support Envoy 1.10. This includes backwards compatibility shim to work around the ext_authz package rename in 1.10. It also adds integration test support in CI for 1.10.0. * Fix go vet complaints * go mod vendor * Update Envoy version info in docs * Update website/source/docs/connect/proxies/envoy.md
2019-06-07 12:10:43 +00:00
}},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HealthStatus: envoy_core_v3.HealthStatus_HEALTHY,
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
LoadBalancingWeight: response.MakeUint32Value(10),
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
},
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
Endpoint: &envoy_endpoint_v3.Endpoint{
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
Address: response.MakeAddress("10.10.10.20", 1234),
Upgrade xDS (go-control-plane) API to support Envoy 1.10. (#5872) * Upgrade xDS (go-control-plane) API to support Envoy 1.10. This includes backwards compatibility shim to work around the ext_authz package rename in 1.10. It also adds integration test support in CI for 1.10.0. * Fix go vet complaints * go mod vendor * Update Envoy version info in docs * Update website/source/docs/connect/proxies/envoy.md
2019-06-07 12:10:43 +00:00
}},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HealthStatus: envoy_core_v3.HealthStatus_HEALTHY,
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
LoadBalancingWeight: response.MakeUint32Value(5),
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
},
},
}},
},
},
{
name: "instances, warning weights",
clusterName: "service:test",
connect: rework how the service resolver subset OnlyPassing flag works (#6173) The main change is that we no longer filter service instances by health, preferring instead to render all results down into EDS endpoints in envoy and merely label the endpoints as HEALTHY or UNHEALTHY. When OnlyPassing is set to true we will force consul checks in a 'warning' state to render as UNHEALTHY in envoy. Fixes #6171
2019-07-24 01:20:24 +00:00
endpoints: []loadAssignmentEndpointGroup{
{Endpoints: testWarningCheckServiceNodes},
activate most discovery chain features in xDS for envoy (#6024)
2019-07-02 03:10:51 +00:00
},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
want: &envoy_endpoint_v3.ClusterLoadAssignment{
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
ClusterName: "service:test",
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{{
LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
Endpoint: &envoy_endpoint_v3.Endpoint{
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
Address: response.MakeAddress("10.10.10.10", 1234),
Upgrade xDS (go-control-plane) API to support Envoy 1.10. (#5872) * Upgrade xDS (go-control-plane) API to support Envoy 1.10. This includes backwards compatibility shim to work around the ext_authz package rename in 1.10. It also adds integration test support in CI for 1.10.0. * Fix go vet complaints * go mod vendor * Update Envoy version info in docs * Update website/source/docs/connect/proxies/envoy.md
2019-06-07 12:10:43 +00:00
}},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HealthStatus: envoy_core_v3.HealthStatus_HEALTHY,
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
LoadBalancingWeight: response.MakeUint32Value(1),
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
},
Enable gofmt simplify Code changes done automatically with 'gofmt -s -w'
2020-06-16 17:19:31 +00:00
{
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{
Endpoint: &envoy_endpoint_v3.Endpoint{
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
Address: response.MakeAddress("10.10.10.20", 1234),
Upgrade xDS (go-control-plane) API to support Envoy 1.10. (#5872) * Upgrade xDS (go-control-plane) API to support Envoy 1.10. This includes backwards compatibility shim to work around the ext_authz package rename in 1.10. It also adds integration test support in CI for 1.10.0. * Fix go vet complaints * go mod vendor * Update Envoy version info in docs * Update website/source/docs/connect/proxies/envoy.md
2019-06-07 12:10:43 +00:00
}},
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
HealthStatus: envoy_core_v3.HealthStatus_UNHEALTHY,
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
LoadBalancingWeight: response.MakeUint32Value(1),
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
},
},
}},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
connect: rework how the service resolver subset OnlyPassing flag works (#6173) The main change is that we no longer filter service instances by health, preferring instead to render all results down into EDS endpoints in envoy and merely label the endpoints as HEALTHY or UNHEALTHY. When OnlyPassing is set to true we will force consul checks in a 'warning' state to render as UNHEALTHY in envoy. Fixes #6171
2019-07-24 01:20:24 +00:00
got := makeLoadAssignment(
[NET-5217] [OSS] Derive sidecar proxy locality from parent service (#18437) * Add logging to locality policy application In OSS, this is currently a no-op. * Inherit locality when registering sidecars When sidecar locality is not explicitly configured, inherit locality from the proxied service.
2023-08-10 18:00:44 +00:00
hclog.NewNullLogger(),
Make locality aware routing xDS changes (#17826)
2023-06-21 16:39:53 +00:00
&proxycfg.ConfigSnapshot{ServiceLocality: tt.locality},
connect: rework how the service resolver subset OnlyPassing flag works (#6173) The main change is that we no longer filter service instances by health, preferring instead to render all results down into EDS endpoints in envoy and merely label the endpoints as HEALTHY or UNHEALTHY. When OnlyPassing is set to true we will force consul checks in a 'warning' state to render as UNHEALTHY in envoy. Fixes #6171
2019-07-24 01:20:24 +00:00
tt.clusterName,
Make locality aware routing xDS changes (#17826)
2023-06-21 16:39:53 +00:00
nil,
connect: rework how the service resolver subset OnlyPassing flag works (#6173) The main change is that we no longer filter service instances by health, preferring instead to render all results down into EDS endpoints in envoy and merely label the endpoints as HEALTHY or UNHEALTHY. When OnlyPassing is set to true we will force consul checks in a 'warning' state to render as UNHEALTHY in envoy. Fixes #6171
2019-07-24 01:20:24 +00:00
tt.endpoints,
Update locality check in xds
2021-10-29 00:41:58 +00:00
proxycfg.GatewayKey{Datacenter: "dc1"},
connect: rework how the service resolver subset OnlyPassing flag works (#6173) The main change is that we no longer filter service instances by health, preferring instead to render all results down into EDS endpoints in envoy and merely label the endpoints as HEALTHY or UNHEALTHY. When OnlyPassing is set to true we will force consul checks in a 'warning' state to render as UNHEALTHY in envoy. Fixes #6171
2019-07-24 01:20:24 +00:00
)
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
require.Equal(t, tt.want, got)
Make locality aware routing xDS changes (#17826)
2023-06-21 16:39:53 +00:00
if tt.locality == nil {
got := makeLoadAssignment(
[NET-5217] [OSS] Derive sidecar proxy locality from parent service (#18437) * Add logging to locality policy application In OSS, this is currently a no-op. * Inherit locality when registering sidecars When sidecar locality is not explicitly configured, inherit locality from the proxied service.
2023-08-10 18:00:44 +00:00
hclog.NewNullLogger(),
Make locality aware routing xDS changes (#17826)
2023-06-21 16:39:53 +00:00
&proxycfg.ConfigSnapshot{ServiceLocality: &structs.Locality{Region: "us-west-1", Zone: "us-west-1a"}},
tt.clusterName,
nil,
tt.endpoints,
proxycfg.GatewayKey{Datacenter: "dc1"},
)
require.Equal(t, tt.want, got)
}
Connect: Fix Envoy getting stuck during load (#5499) * Connect: Fix Envoy getting stuck during load Also in this PR: - Enabled outlier detection on upstreams which will mark instances unhealthy after 5 failures (using Envoy's defaults) - Enable weighted load balancing where DNS weights are configured * Fix empty load assignments in the right place * Fix import names from review * Move millisecond parse to a helper function
2019-03-22 19:37:14 +00:00
})
}
}
Implement Mesh Gateways This includes both ingress and egress functionality.
2019-06-18 00:52:01 +00:00
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
type endpointTestCase struct {
name string
create func(t testinf.T) *proxycfg.ConfigSnapshot
overrideGoldenName string
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
alsoRunTestForV2 bool
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
}
Implement Mesh Gateways This includes both ingress and egress functionality.
2019-06-18 00:52:01 +00:00
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
func TestEndpointsFromSnapshot(t *testing.T) {
// TODO: we should move all of these to TestAllResourcesFromSnapshot
// eventually to test all of the xDS types at once with the same input,
// just as it would be triggered by our xDS server.
if testing.Short() {
t.Skip("too slow for testing.Short")
}
tests := []endpointTestCase{
connect: fix failover through a mesh gateway to a remote datacenter (#6259) Failover is pushed entirely down to the data plane by creating envoy clusters and putting each successive destination in a different load assignment priority band. For example this shows that normally requests go to 1.2.3.4:8080 but when that fails they go to 6.7.8.9:8080: - name: foo load_assignment: cluster_name: foo policy: overprovisioning_factor: 100000 endpoints: - priority: 0 lb_endpoints: - endpoint: address: socket_address: address: 1.2.3.4 port_value: 8080 - priority: 1 lb_endpoints: - endpoint: address: socket_address: address: 6.7.8.9 port_value: 8080 Mesh gateways route requests based solely on the SNI header tacked onto the TLS layer. Envoy currently only lets you configure the outbound SNI header at the cluster layer. If you try to failover through a mesh gateway you ideally would configure the SNI value per endpoint, but that's not possible in envoy today. This PR introduces a simpler way around the problem for now: 1. We identify any target of failover that will use mesh gateway mode local or remote and then further isolate any resolver node in the compiled discovery chain that has a failover destination set to one of those targets. 2. For each of these resolvers we will perform a small measurement of comparative healths of the endpoints that come back from the health API for the set of primary target and serial failover targets. We walk the list of targets in order and if any endpoint is healthy we return that target, otherwise we move on to the next target. 3. The CDS and EDS endpoints both perform the measurements in (2) for the affected resolver nodes. 4. For CDS this measurement selects which TLS SNI field to use for the cluster (note the cluster is always going to be named for the primary target) 5. For EDS this measurement selects which set of endpoints will populate the cluster. Priority tiered failover is ignored. One of the big downsides to this approach to failover is that the failover detection and correction is going to be controlled by consul rather than deferring that entirely to the data plane as with the prior version. This also means that we are bound to only failover using official health signals and cannot make use of data plane signals like outlier detection to affect failover. In this specific scenario the lack of data plane signals is ok because the effectiveness is already muted by the fact that the ultimate destination endpoints will have their data plane signals scrambled when they pass through the mesh gateway wrapper anyway so we're not losing much. Another related fix is that we now use the endpoint health from the underlying service, not the health of the gateway (regardless of failover mode).
2019-08-05 18:30:35 +00:00
{
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
name: "mesh-gateway",
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotMeshGateway(t, "default", nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
// TODO(proxystate): mesh gateway will come at a later time
alsoRunTestForV2: false,
connect: fix failover through a mesh gateway to a remote datacenter (#6259) Failover is pushed entirely down to the data plane by creating envoy clusters and putting each successive destination in a different load assignment priority band. For example this shows that normally requests go to 1.2.3.4:8080 but when that fails they go to 6.7.8.9:8080: - name: foo load_assignment: cluster_name: foo policy: overprovisioning_factor: 100000 endpoints: - priority: 0 lb_endpoints: - endpoint: address: socket_address: address: 1.2.3.4 port_value: 8080 - priority: 1 lb_endpoints: - endpoint: address: socket_address: address: 6.7.8.9 port_value: 8080 Mesh gateways route requests based solely on the SNI header tacked onto the TLS layer. Envoy currently only lets you configure the outbound SNI header at the cluster layer. If you try to failover through a mesh gateway you ideally would configure the SNI value per endpoint, but that's not possible in envoy today. This PR introduces a simpler way around the problem for now: 1. We identify any target of failover that will use mesh gateway mode local or remote and then further isolate any resolver node in the compiled discovery chain that has a failover destination set to one of those targets. 2. For each of these resolvers we will perform a small measurement of comparative healths of the endpoints that come back from the health API for the set of primary target and serial failover targets. We walk the list of targets in order and if any endpoint is healthy we return that target, otherwise we move on to the next target. 3. The CDS and EDS endpoints both perform the measurements in (2) for the affected resolver nodes. 4. For CDS this measurement selects which TLS SNI field to use for the cluster (note the cluster is always going to be named for the primary target) 5. For EDS this measurement selects which set of endpoints will populate the cluster. Priority tiered failover is ignored. One of the big downsides to this approach to failover is that the failover detection and correction is going to be controlled by consul rather than deferring that entirely to the data plane as with the prior version. This also means that we are bound to only failover using official health signals and cannot make use of data plane signals like outlier detection to affect failover. In this specific scenario the lack of data plane signals is ok because the effectiveness is already muted by the fact that the ultimate destination endpoints will have their data plane signals scrambled when they pass through the mesh gateway wrapper anyway so we're not losing much. Another related fix is that we now use the endpoint health from the underlying service, not the health of the gateway (regardless of failover mode).
2019-08-05 18:30:35 +00:00
},
{
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
name: "mesh-gateway-using-federation-states",
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
// TODO(proxystate): mesh gateway will come at a later time
alsoRunTestForV2: false,
connect: fix failover through a mesh gateway to a remote datacenter (#6259) Failover is pushed entirely down to the data plane by creating envoy clusters and putting each successive destination in a different load assignment priority band. For example this shows that normally requests go to 1.2.3.4:8080 but when that fails they go to 6.7.8.9:8080: - name: foo load_assignment: cluster_name: foo policy: overprovisioning_factor: 100000 endpoints: - priority: 0 lb_endpoints: - endpoint: address: socket_address: address: 1.2.3.4 port_value: 8080 - priority: 1 lb_endpoints: - endpoint: address: socket_address: address: 6.7.8.9 port_value: 8080 Mesh gateways route requests based solely on the SNI header tacked onto the TLS layer. Envoy currently only lets you configure the outbound SNI header at the cluster layer. If you try to failover through a mesh gateway you ideally would configure the SNI value per endpoint, but that's not possible in envoy today. This PR introduces a simpler way around the problem for now: 1. We identify any target of failover that will use mesh gateway mode local or remote and then further isolate any resolver node in the compiled discovery chain that has a failover destination set to one of those targets. 2. For each of these resolvers we will perform a small measurement of comparative healths of the endpoints that come back from the health API for the set of primary target and serial failover targets. We walk the list of targets in order and if any endpoint is healthy we return that target, otherwise we move on to the next target. 3. The CDS and EDS endpoints both perform the measurements in (2) for the affected resolver nodes. 4. For CDS this measurement selects which TLS SNI field to use for the cluster (note the cluster is always going to be named for the primary target) 5. For EDS this measurement selects which set of endpoints will populate the cluster. Priority tiered failover is ignored. One of the big downsides to this approach to failover is that the failover detection and correction is going to be controlled by consul rather than deferring that entirely to the data plane as with the prior version. This also means that we are bound to only failover using official health signals and cannot make use of data plane signals like outlier detection to affect failover. In this specific scenario the lack of data plane signals is ok because the effectiveness is already muted by the fact that the ultimate destination endpoints will have their data plane signals scrambled when they pass through the mesh gateway wrapper anyway so we're not losing much. Another related fix is that we now use the endpoint health from the underlying service, not the health of the gateway (regardless of failover mode).
2019-08-05 18:30:35 +00:00
},
{
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
name: "mesh-gateway-newer-information-in-federation-states",
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotMeshGateway(t, "newer-info-in-federation-states", nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
// TODO(proxystate): mesh gateway will come at a later time
alsoRunTestForV2: false,
connect: fix failover through a mesh gateway to a remote datacenter (#6259) Failover is pushed entirely down to the data plane by creating envoy clusters and putting each successive destination in a different load assignment priority band. For example this shows that normally requests go to 1.2.3.4:8080 but when that fails they go to 6.7.8.9:8080: - name: foo load_assignment: cluster_name: foo policy: overprovisioning_factor: 100000 endpoints: - priority: 0 lb_endpoints: - endpoint: address: socket_address: address: 1.2.3.4 port_value: 8080 - priority: 1 lb_endpoints: - endpoint: address: socket_address: address: 6.7.8.9 port_value: 8080 Mesh gateways route requests based solely on the SNI header tacked onto the TLS layer. Envoy currently only lets you configure the outbound SNI header at the cluster layer. If you try to failover through a mesh gateway you ideally would configure the SNI value per endpoint, but that's not possible in envoy today. This PR introduces a simpler way around the problem for now: 1. We identify any target of failover that will use mesh gateway mode local or remote and then further isolate any resolver node in the compiled discovery chain that has a failover destination set to one of those targets. 2. For each of these resolvers we will perform a small measurement of comparative healths of the endpoints that come back from the health API for the set of primary target and serial failover targets. We walk the list of targets in order and if any endpoint is healthy we return that target, otherwise we move on to the next target. 3. The CDS and EDS endpoints both perform the measurements in (2) for the affected resolver nodes. 4. For CDS this measurement selects which TLS SNI field to use for the cluster (note the cluster is always going to be named for the primary target) 5. For EDS this measurement selects which set of endpoints will populate the cluster. Priority tiered failover is ignored. One of the big downsides to this approach to failover is that the failover detection and correction is going to be controlled by consul rather than deferring that entirely to the data plane as with the prior version. This also means that we are bound to only failover using official health signals and cannot make use of data plane signals like outlier detection to affect failover. In this specific scenario the lack of data plane signals is ok because the effectiveness is already muted by the fact that the ultimate destination endpoints will have their data plane signals scrambled when they pass through the mesh gateway wrapper anyway so we're not losing much. Another related fix is that we now use the endpoint health from the underlying service, not the health of the gateway (regardless of failover mode).
2019-08-05 18:30:35 +00:00
},
[OSS] Improve xDS Code Coverage - Endpoints and Misc (#18222) test: improve xDS endpoints code coverage
2023-07-21 21:48:25 +00:00
{
name: "mesh-gateway-using-federation-control-plane",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil)
},
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
// TODO(proxystate): mesh gateway will come at a later time
alsoRunTestForV2: false,
[OSS] Improve xDS Code Coverage - Endpoints and Misc (#18222) test: improve xDS endpoints code coverage
2023-07-21 21:48:25 +00:00
},
connect: fix endpoints clusterName when using cluster escape hatch (#7319) ```changelog * fix(connect): fix endpoints clusterName when using cluster escape hatch ```
2020-05-26 08:57:22 +00:00
{
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
name: "mesh-gateway-older-information-in-federation-states",
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotMeshGateway(t, "older-info-in-federation-states", nil, nil)
xDS Mesh Gateway Resolver Subset Fixes (#7294) * xDS Mesh Gateway Resolver Subset Fixes The first fix was that clusters were being generated for every service resolver subset regardless of there being any service instances of the associated service in that dc. The previous logic didn’t care at all but now it will omit generating those clusters unless we also have service instances that should be proxied. The second fix was to respect the DefaultSubset of a service resolver so that mesh-gateways would configure the endpoints of the unnamed subset cluster to only those endpoints matched by the default subsets filters. * Refactor the gateway endpoint generation to be a little easier to read
2020-02-19 16:57:55 +00:00
},
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
// TODO(proxystate): mesh gateway will come at a later time
alsoRunTestForV2: false,
xDS Mesh Gateway Resolver Subset Fixes (#7294) * xDS Mesh Gateway Resolver Subset Fixes The first fix was that clusters were being generated for every service resolver subset regardless of there being any service instances of the associated service in that dc. The previous logic didn’t care at all but now it will omit generating those clusters unless we also have service instances that should be proxied. The second fix was to respect the DefaultSubset of a service resolver so that mesh-gateways would configure the endpoints of the unnamed subset cluster to only those endpoints matched by the default subsets filters. * Refactor the gateway endpoint generation to be a little easier to read
2020-02-19 16:57:55 +00:00
},
Ingress Gateways for TCP services (#7509) * Implements a simple, tcp ingress gateway workflow This adds a new type of gateway for allowing Ingress traffic into Connect from external services. Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-04-16 21:00:48 +00:00
{
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
name: "mesh-gateway-no-services",
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
add enterprise xds tests (#16738)
2023-03-22 18:56:18 +00:00
return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil)
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
},
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
// TODO(proxystate): mesh gateway will come at a later time
alsoRunTestForV2: false,
Ingress Gateways for TCP services (#7509) * Implements a simple, tcp ingress gateway workflow This adds a new type of gateway for allowing Ingress traffic into Connect from external services. Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-04-16 21:00:48 +00:00
},
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "mesh-gateway-service-subsets",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotMeshGateway(t, "service-subsets2", nil, nil)
},
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
// TODO(proxystate): mesh gateway will come at a later time
alsoRunTestForV2: false,
Ingress Gateways for TCP services (#7509) * Implements a simple, tcp ingress gateway workflow This adds a new type of gateway for allowing Ingress traffic into Connect from external services. Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-04-16 21:00:48 +00:00
},
Add all the xds ingress tests This commit copies many of the connect-proxy xds testcases and reuses for ingress gateways. This allows us to more easily see changes to the envoy configuration when make updates to ingress gateways.
2020-04-14 21:30:00 +00:00
{
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531) Prior to this PR for the envoy xDS golden tests in the agent/xds package we were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for input to the xDS generator. Over time this intermediate structure has gotten trickier to build correctly for the various tests. This PR proposes to switch to using the existing mechanism for turning a structs.NodeService and a sequence of cache.UpdateEvent copies into a proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns more with how the data arrives. NOTE: almost all of this is in test-related code. I tried super hard to craft correct event inputs to get the golden files to be the same, or similar enough after construction to feel ok that i recreated the spirit of the original test cases.
2022-03-07 17:47:14 +00:00
name: "mesh-gateway-default-service-subset",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
return proxycfg.TestConfigSnapshotMeshGateway(t, "default-service-subsets2", nil, nil)
},
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
// TODO(proxystate): mesh gateway will come at a later time
alsoRunTestForV2: false,
Add all the xds ingress tests This commit copies many of the connect-proxy xds testcases and reuses for ingress gateways. This allows us to more easily see changes to the envoy configuration when make updates to ingress gateways.
2020-04-14 21:30:00 +00:00
},
Implement Mesh Gateways This includes both ingress and egress functionality.
2019-06-18 00:52:01 +00:00
}
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 17:14:35 +00:00
latestEnvoyVersion := xdscommon.EnvoyVersions[0]
for _, envoyVersion := range xdscommon.EnvoyVersions {
refactor: move service to service validation to troubleshoot package (#16132) This is to reduce the dependency on xds from within the troubleshoot package.
2023-02-03 06:18:10 +00:00
sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion)
xds: add support for envoy 1.15.0 and drop support for 1.11.x (#8424) Related changes: - hard-fail the xDS connection attempt if the envoy version is known to be too old to be supported - remove the RouterMatchSafeRegex proxy feature since all supported envoy versions have it - stop using --max-obj-name-len (due to: envoyproxy/envoy#11740)
2020-07-31 20:52:49 +00:00
require.NoError(t, err)
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
t.Run("envoy-"+envoyVersion, func(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
// Sanity check default with no overrides first
snap := tt.create(t)
Implement Mesh Gateways This includes both ingress and egress functionality.
2019-06-18 00:52:01 +00:00
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
// We need to replace the TLS certs with deterministic ones to make golden
// files workable. Note we don't update these otherwise they'd change
// golden files for every test case and so not be any use!
refactor: move service to service validation to troubleshoot package (#16132) This is to reduce the dependency on xds from within the troubleshoot package.
2023-02-03 06:18:10 +00:00
testcommon.SetupTLSRootsAndLeaf(t, snap)
Implement Mesh Gateways This includes both ingress and egress functionality.
2019-06-18 00:52:01 +00:00
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
// Need server just for logger dependency
refactor: move service to service validation to troubleshoot package (#16132) This is to reduce the dependency on xds from within the troubleshoot package.
2023-02-03 06:18:10 +00:00
g := NewResourceGenerator(testutil.Logger(t), nil, false)
Support Incremental xDS mode (#9855) This adds support for the Incremental xDS protocol when using xDS v3. This is best reviewed commit-by-commit and will not be squashed when merged. Union of all commit messages follows to give an overarching summary: xds: exclusively support incremental xDS when using xDS v3 Attempts to use SoTW via v3 will fail, much like attempts to use incremental via v2 will fail. Work around a strange older envoy behavior involving empty CDS responses over incremental xDS. xds: various cleanups and refactors that don't strictly concern the addition of incremental xDS support Dissolve the connectionInfo struct in favor of per-connection ResourceGenerators instead. Do a better job of ensuring the xds code uses a well configured logger that accurately describes the connected client. xds: pull out checkStreamACLs method in advance of a later commit xds: rewrite SoTW xDS protocol tests to use protobufs rather than hand-rolled json strings In the test we very lightly reuse some of the more boring protobuf construction helper code that is also technically under test. The important thing of the protocol tests is testing the protocol. The actual inputs and outputs are largely already handled by the xds golden output tests now so these protocol tests don't have to do double-duty. This also updates the SoTW protocol test to exclusively use xDS v2 which is the only variant of SoTW that will be supported in Consul 1.10. xds: default xds.Server.AuthCheckFrequency at use-time instead of construction-time
2021-04-29 18:54:05 +00:00
g.ProxyFeatures = sf
Implement Mesh Gateways This includes both ingress and egress functionality.
2019-06-18 00:52:01 +00:00
Support Incremental xDS mode (#9855) This adds support for the Incremental xDS protocol when using xDS v3. This is best reviewed commit-by-commit and will not be squashed when merged. Union of all commit messages follows to give an overarching summary: xds: exclusively support incremental xDS when using xDS v3 Attempts to use SoTW via v3 will fail, much like attempts to use incremental via v2 will fail. Work around a strange older envoy behavior involving empty CDS responses over incremental xDS. xds: various cleanups and refactors that don't strictly concern the addition of incremental xDS support Dissolve the connectionInfo struct in favor of per-connection ResourceGenerators instead. Do a better job of ensuring the xds code uses a well configured logger that accurately describes the connected client. xds: pull out checkStreamACLs method in advance of a later commit xds: rewrite SoTW xDS protocol tests to use protobufs rather than hand-rolled json strings In the test we very lightly reuse some of the more boring protobuf construction helper code that is also technically under test. The important thing of the protocol tests is testing the protocol. The actual inputs and outputs are largely already handled by the xds golden output tests now so these protocol tests don't have to do double-duty. This also updates the SoTW protocol test to exclusively use xDS v2 which is the only variant of SoTW that will be supported in Consul 1.10. xds: default xds.Server.AuthCheckFrequency at use-time instead of construction-time
2021-04-29 18:54:05 +00:00
endpoints, err := g.endpointsFromSnapshot(snap)
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
require.NoError(t, err)
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
sort.Slice(endpoints, func(i, j int) bool {
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
return endpoints[i].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName < endpoints[j].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
})
NET-4853 - xds v2 - implement base connect proxy functionality for clusters (#18499)
2023-08-17 18:43:21 +00:00
r, err := response.CreateResponse(xdscommon.EndpointType, "00000001", "00000001", endpoints)
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
require.NoError(t, err)
Implement Mesh Gateways This includes both ingress and egress functionality.
2019-06-18 00:52:01 +00:00
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
t.Run("current-xdsv1", func(t *testing.T) {
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
gotJSON := protoToJSON(t, r)
Implement Mesh Gateways This includes both ingress and egress functionality.
2019-06-18 00:52:01 +00:00
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) - Also add support for envoy 1.17.0
2021-02-26 22:23:15 +00:00
gName := tt.name
if tt.overrideGoldenName != "" {
gName = tt.overrideGoldenName
}
require.JSONEq(t, goldenEnvoy(t, filepath.Join("endpoints", gName), envoyVersion, latestEnvoyVersion, gotJSON), gotJSON)
})
NET-4932 - xds v2 - implement base connect proxy functionality for endpoints (#18500) * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4853 - xds v2 - implement base connect proxy functionality for clusters * NET-4932 - xds v2 - implement base connect proxy functionality for endpoints * Update endpoints_test.go * gofmt * Update naming.go
2023-08-17 19:55:54 +00:00
if tt.alsoRunTestForV2 {
generator := xdsv2.NewResourceGenerator(testutil.Logger(t))
converter := proxystateconverter.NewConverter(testutil.Logger(t), &mockCfgFetcher{addressLan: "10.10.10.10"})
proxyState, err := converter.ProxyStateFromSnapshot(snap)
require.NoError(t, err)
res, err := generator.AllResourcesFromIR(proxyState)
require.NoError(t, err)
endpoints = res[xdscommon.EndpointType]
// The order of listeners returned via LDS isn't relevant, so it's safe
// to sort these for the purposes of test comparisons.
sort.Slice(endpoints, func(i, j int) bool {
return endpoints[i].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName < endpoints[j].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName
})
r, err := response.CreateResponse(xdscommon.EndpointType, "00000001", "00000001", endpoints)
require.NoError(t, err)
t.Run("current-xdsv2", func(t *testing.T) {
gotJSON := protoToJSON(t, r)
gName := tt.name
if tt.overrideGoldenName != "" {
gName = tt.overrideGoldenName
}
expectedJSON := goldenEnvoy(t, filepath.Join("endpoints", gName), envoyVersion, latestEnvoyVersion, gotJSON)
require.JSONEq(t, expectedJSON, gotJSON)
})
}
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222) - cut down on extra node metadata transmission - split the golden file generation to compare all envoy version
2020-07-09 22:04:51 +00:00
})
}
Implement Mesh Gateways This includes both ingress and egress functionality.
2019-06-18 00:52:01 +00:00
})
}
}