From 6396042ba7021c2e708cf7c2ec9b5664ee04afe2 Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Fri, 6 Nov 2020 20:47:29 -0500 Subject: [PATCH] connect: switch the default gateway port from 443 to 8443 (#9116) * test: update ingress gateway golden file to port 8443 * test: update Envoy flags_test to port 8443 Co-authored-by: R.B. Boyer --- .changelog/9113.txt | 3 +++ command/connect/envoy/flags.go | 2 +- command/connect/envoy/flags_test.go | 4 ++-- command/connect/envoy/testdata/ingress-gateway.golden | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 .changelog/9113.txt diff --git a/.changelog/9113.txt b/.changelog/9113.txt new file mode 100644 index 0000000000..107a9ca0e2 --- /dev/null +++ b/.changelog/9113.txt @@ -0,0 +1,3 @@ +```release-note:breaking-change +connect: Switch the default gateway port from 443 to 8443 to avoid assumption of Envoy running as root. +``` diff --git a/command/connect/envoy/flags.go b/command/connect/envoy/flags.go index 7dd714506f..78573f385d 100644 --- a/command/connect/envoy/flags.go +++ b/command/connect/envoy/flags.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/go-sockaddr/template" ) -const defaultGatewayPort int = 443 +const defaultGatewayPort int = 8443 // ServiceAddressValue implements a flag.Value that may be used to parse an // addr:port string into an api.ServiceAddress. diff --git a/command/connect/envoy/flags_test.go b/command/connect/envoy/flags_test.go index 4d6cba1245..ac5de0d9be 100644 --- a/command/connect/envoy/flags_test.go +++ b/command/connect/envoy/flags_test.go @@ -31,12 +31,12 @@ func TestServiceAddressValue_Value(t *testing.T) { func TestServiceAddressValue_String(t *testing.T) { t.Run("nil receiver", func(t *testing.T) { var addr *ServiceAddressValue - require.Equal(t, addr.String(), ":443") + require.Equal(t, addr.String(), ":8443") }) t.Run("default value", func(t *testing.T) { addr := &ServiceAddressValue{} - require.Equal(t, addr.String(), ":443") + require.Equal(t, addr.String(), ":8443") }) t.Run("set value", func(t *testing.T) { diff --git a/command/connect/envoy/testdata/ingress-gateway.golden b/command/connect/envoy/testdata/ingress-gateway.golden index ba56e634f1..d70b2b7486 100644 --- a/command/connect/envoy/testdata/ingress-gateway.golden +++ b/command/connect/envoy/testdata/ingress-gateway.golden @@ -53,7 +53,7 @@ "address": { "socket_address": { "address": "127.0.0.1", - "port_value": 443 + "port_value": 8443 } }, "filter_chains": [