status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-09 13:26:07 +00:00
Code Issues Projects Releases Wiki Activity

Set tgw filter router config name to cluster name

Browse Source
This commit is contained in:
freddygv 2020-09-04 12:45:05 -06:00
parent 959d9913b8
commit 403a180430
5 changed files with 38 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
agent/xds/listeners.go
View File

@ -317,6 +317,7 @@ func (s *Server) makeIngressGatewayListeners(address string, cfgSnap *proxycfg.C
useRDS: true, useRDS: true,
protocol: listenerKey.Protocol, protocol: listenerKey.Protocol,
filterName: listenerKey.RouteName(), filterName: listenerKey.RouteName(),
routeName: listenerKey.RouteName(),
cluster: "", cluster: "",
statPrefix: "ingress_upstream_", statPrefix: "ingress_upstream_",
routePath: "", routePath: "",
@ -557,6 +558,7 @@ func (s *Server) makePublicListener(cInfo connectionInfo, cfgSnap *proxycfg.Conf
useRDS: false, useRDS: false,
protocol: cfg.Protocol, protocol: cfg.Protocol,
filterName: "public_listener", filterName: "public_listener",
routeName: "public_listener",
cluster: LocalAppClusterName, cluster: LocalAppClusterName,
statPrefix: "", statPrefix: "",
routePath: "", routePath: "",
@ -651,6 +653,7 @@ func (s *Server) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSnapshot, clus
useRDS: false, useRDS: false,
protocol: path.Protocol, protocol: path.Protocol,
filterName: filterName, filterName: filterName,
routeName: filterName,
cluster: cluster, cluster: cluster,
statPrefix: "", statPrefix: "",
routePath: path.Path, routePath: path.Path,
@ -822,6 +825,7 @@ func (s *Server) makeFilterChainTerminatingGateway(
opts := listenerFilterOpts{ opts := listenerFilterOpts{
protocol: protocol, protocol: protocol,
filterName: listener, filterName: listener,
routeName: cluster, // Set cluster name for route config since each will have its own
cluster: cluster, cluster: cluster,
statPrefix: statPrefix, statPrefix: statPrefix,
routePath: "", routePath: "",
@ -1001,6 +1005,7 @@ func (s *Server) makeUpstreamListenerForDiscoveryChain(
useRDS: useRDS, useRDS: useRDS,
protocol: cfg.Protocol, protocol: cfg.Protocol,
filterName: upstreamID, filterName: upstreamID,
routeName: upstreamID,
cluster: clusterName, cluster: clusterName,
statPrefix: "upstream_", statPrefix: "upstream_",
routePath: "", routePath: "",
@ -1074,6 +1079,7 @@ type listenerFilterOpts struct {
useRDS bool useRDS bool
protocol string protocol string
filterName string filterName string
routeName string
cluster string cluster string
statPrefix string statPrefix string
routePath string routePath string
@ -1083,12 +1089,8 @@ type listenerFilterOpts struct {
func makeListenerFilter(opts listenerFilterOpts) (*envoylistener.Filter, error) { func makeListenerFilter(opts listenerFilterOpts) (*envoylistener.Filter, error) {
switch opts.protocol { switch opts.protocol {
case "grpc": case "grpc", "http2", "http":
return makeHTTPFilter(opts.useRDS, opts.filterName, opts.cluster, opts.statPrefix, opts.routePath, opts.ingress, true, true, opts.httpAuthzFilter) return makeHTTPFilter(opts)
case "http2":
return makeHTTPFilter(opts.useRDS, opts.filterName, opts.cluster, opts.statPrefix, opts.routePath, opts.ingress, false, true, opts.httpAuthzFilter)
case "http":
return makeHTTPFilter(opts.useRDS, opts.filterName, opts.cluster, opts.statPrefix, opts.routePath, opts.ingress, false, false, opts.httpAuthzFilter)
case "tcp": case "tcp":
fallthrough fallthrough
default: default:
@ -1131,23 +1133,18 @@ func makeStatPrefix(protocol, prefix, filterName string) string {
return fmt.Sprintf("%s%s_%s", prefix, strings.Replace(filterName, ":", "_", -1), protocol) return fmt.Sprintf("%s%s_%s", prefix, strings.Replace(filterName, ":", "_", -1), protocol)
} }
func makeHTTPFilter( func makeHTTPFilter(opts listenerFilterOpts) (*envoylistener.Filter, error) {
useRDS bool,
filterName, cluster, statPrefix, routePath string,
ingress, grpc, http2 bool,
authzFilter *envoyhttp.HttpFilter,
) (*envoylistener.Filter, error) {
op := envoyhttp.HttpConnectionManager_Tracing_INGRESS op := envoyhttp.HttpConnectionManager_Tracing_INGRESS
if !ingress { if !opts.ingress {
op = envoyhttp.HttpConnectionManager_Tracing_EGRESS op = envoyhttp.HttpConnectionManager_Tracing_EGRESS
} }
proto := "http" proto := "http"
if grpc { if opts.protocol == "grpc" {
proto = "grpc" proto = opts.protocol
} }
cfg := &envoyhttp.HttpConnectionManager{ cfg := &envoyhttp.HttpConnectionManager{
StatPrefix: makeStatPrefix(proto, statPrefix, filterName), StatPrefix: makeStatPrefix(proto, opts.statPrefix, opts.filterName),
CodecType: envoyhttp.HttpConnectionManager_AUTO, CodecType: envoyhttp.HttpConnectionManager_AUTO,
HttpFilters: []*envoyhttp.HttpFilter{ HttpFilters: []*envoyhttp.HttpFilter{
{ {
@ -1163,13 +1160,13 @@ func makeHTTPFilter(
}, },
} }
if useRDS { if opts.useRDS {
if cluster != "" { if opts.cluster != "" {
return nil, fmt.Errorf("cannot specify cluster name when using RDS") return nil, fmt.Errorf("cannot specify cluster name when using RDS")
} }
cfg.RouteSpecifier = &envoyhttp.HttpConnectionManager_Rds{ cfg.RouteSpecifier = &envoyhttp.HttpConnectionManager_Rds{
Rds: &envoyhttp.Rds{ Rds: &envoyhttp.Rds{
RouteConfigName: filterName, RouteConfigName: opts.routeName,
ConfigSource: &envoycore.ConfigSource{ ConfigSource: &envoycore.ConfigSource{
ConfigSourceSpecifier: &envoycore.ConfigSource_Ads{ ConfigSourceSpecifier: &envoycore.ConfigSource_Ads{
Ads: &envoycore.AggregatedConfigSource{}, Ads: &envoycore.AggregatedConfigSource{},
@ -1178,7 +1175,7 @@ func makeHTTPFilter(
}, },
} }
} else { } else {
if cluster == "" { if opts.cluster == "" {
return nil, fmt.Errorf("must specify cluster name when not using RDS") return nil, fmt.Errorf("must specify cluster name when not using RDS")
} }
route := &envoyroute.Route{ route := &envoyroute.Route{
@ -1195,22 +1192,22 @@ func makeHTTPFilter(
Action: &envoyroute.Route_Route{ Action: &envoyroute.Route_Route{
Route: &envoyroute.RouteAction{ Route: &envoyroute.RouteAction{
ClusterSpecifier: &envoyroute.RouteAction_Cluster{ ClusterSpecifier: &envoyroute.RouteAction_Cluster{
Cluster: cluster, Cluster: opts.cluster,
}, },
}, },
}, },
} }
// If a path is provided, do not match on a catch-all prefix // If a path is provided, do not match on a catch-all prefix
if routePath != "" { if opts.routePath != "" {
route.Match.PathSpecifier = &envoyroute.RouteMatch_Path{Path: routePath} route.Match.PathSpecifier = &envoyroute.RouteMatch_Path{Path: opts.routePath}
} }
cfg.RouteSpecifier = &envoyhttp.HttpConnectionManager_RouteConfig{ cfg.RouteSpecifier = &envoyhttp.HttpConnectionManager_RouteConfig{
RouteConfig: &envoy.RouteConfiguration{ RouteConfig: &envoy.RouteConfiguration{
Name: filterName, Name: opts.routeName,
VirtualHosts: []*envoyroute.VirtualHost{ VirtualHosts: []*envoyroute.VirtualHost{
{ {
Name: filterName, Name: opts.filterName,
Domains: []string{"*"}, Domains: []string{"*"},
Routes: []*envoyroute.Route{ Routes: []*envoyroute.Route{
route, route,
@ -1221,7 +1218,7 @@ func makeHTTPFilter(
} }
} }
if http2 { if opts.protocol == "http2" || opts.protocol == "grpc" {
cfg.Http2ProtocolOptions = &envoycore.Http2ProtocolOptions{} cfg.Http2ProtocolOptions = &envoycore.Http2ProtocolOptions{}
} }
@ -1229,11 +1226,11 @@ func makeHTTPFilter(
// (other than the "envoy.grpc_http1_bridge" filter) in the http filter // (other than the "envoy.grpc_http1_bridge" filter) in the http filter
// chain of a public listener is the authz filter to prevent unauthorized // chain of a public listener is the authz filter to prevent unauthorized
// access and that every filter chain uses our TLS certs. // access and that every filter chain uses our TLS certs.
if authzFilter != nil { if opts.httpAuthzFilter != nil {
cfg.HttpFilters = append([]*envoyhttp.HttpFilter{authzFilter}, cfg.HttpFilters...) cfg.HttpFilters = append([]*envoyhttp.HttpFilter{opts.httpAuthzFilter}, cfg.HttpFilters...)
} }
if grpc { if opts.protocol == "grpc" {
// Add grpc bridge before router and authz // Add grpc bridge before router and authz
cfg.HttpFilters = append([]*envoyhttp.HttpFilter{{ cfg.HttpFilters = append([]*envoyhttp.HttpFilter{{
Name: "envoy.grpc_http1_bridge", Name: "envoy.grpc_http1_bridge",

6
agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-12-x.golden vendored
View File

@ -202,7 +202,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {
@ -264,7 +264,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {
@ -326,7 +326,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {

6
agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-13-x.golden vendored
View File

@ -202,7 +202,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {
@ -264,7 +264,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {
@ -326,7 +326,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {

6
agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-14-x.golden vendored
View File

@ -202,7 +202,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {
@ -264,7 +264,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {
@ -326,7 +326,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {

6
agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-15-x.golden vendored
View File

@ -202,7 +202,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {
@ -264,7 +264,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {
@ -326,7 +326,7 @@
"ads": { "ads": {
} }
}, },
"route_config_name": "default" "route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"stat_prefix": "terminating_gateway_default_web_default_http", "stat_prefix": "terminating_gateway_default_web_default_http",
"tracing": { "tracing": {