From 6cbd417f29b73f1b4fbe005c4d4c52a91b9a5bc4 Mon Sep 17 00:00:00 2001 From: John Murret Date: Wed, 11 Oct 2023 10:31:45 -0600 Subject: [PATCH] NET-5822 - Add default outbound router in TProxy (#19087) * NET-5822 - Add default outbound router in TProxy * fixing connection timeout to be 5 s instead of 10 seconds --- ...-single-implicit-destination-tproxy.golden | 28 +++++++++++++------ ...-single-implicit-destination-tproxy.golden | 12 ++++++++ .../builder/destination_builder.go | 23 +++++++++++++++ ...it-and-explicit-destinations-tproxy.golden | 18 ++++++++++++ ...ltiple-implicit-destinations-tproxy.golden | 18 ++++++++++++ ...-single-implicit-destination-tproxy.golden | 18 ++++++++++++ ...ltiple-implicit-destinations-tproxy.golden | 18 ++++++++++++ ...-single-implicit-destination-tproxy.golden | 18 ++++++++++++ ...tion-with-multiple-workloads-tproxy.golden | 18 ++++++++++++ 9 files changed, 162 insertions(+), 9 deletions(-) diff --git a/agent/xdsv2/testdata/input/l4-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/input/l4-single-implicit-destination-tproxy.golden index 72715b7215..feaa68bd3c 100644 --- a/agent/xdsv2/testdata/input/l4-single-implicit-destination-tproxy.golden +++ b/agent/xdsv2/testdata/input/l4-single-implicit-destination-tproxy.golden @@ -37,7 +37,15 @@ ], "capabilities": [ "CAPABILITY_TRANSPARENT" - ] + ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + } } ], "clusters": { @@ -66,18 +74,20 @@ } } }, - "leafCertificates": { - "test-identity": { + "leafCertificates": { + "test-identity": { "cert": "cert1", "key": "key1" - } - }, - "trustBundles": { - "local": { + } + }, + "trustBundles": { + "local": { "trustDomain": "foo.consul", - "roots": ["root1"] + "roots": [ + "root1" + ] + } } - } }, "requiredEndpoints": { "api-1.default.dc1.internal.foo.consul": { diff --git a/agent/xdsv2/testdata/output/listeners/l4-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/output/listeners/l4-single-implicit-destination-tproxy.golden index 816161b266..d34b4e6107 100644 --- a/agent/xdsv2/testdata/output/listeners/l4-single-implicit-destination-tproxy.golden +++ b/agent/xdsv2/testdata/output/listeners/l4-single-implicit-destination-tproxy.golden @@ -10,6 +10,18 @@ "portValue": 15001 } }, + "defaultFilterChain": { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "cluster": "original-destination", + "statPrefix": "upstream.original-destination" + } + } + ] + }, "filterChains": [ { "filterChainMatch": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/destination_builder.go b/internal/mesh/internal/controllers/sidecarproxy/builder/destination_builder.go index b683620667..9bb2b1f612 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/destination_builder.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/destination_builder.go @@ -5,6 +5,7 @@ package builder import ( "fmt" + "github.com/hashicorp/consul/agent/xds/naming" "time" "google.golang.org/protobuf/types/known/durationpb" @@ -27,6 +28,8 @@ func (b *Builder) BuildDestinations(destinations []*intermediate.Destination) *B var lb *ListenerBuilder if b.proxyCfg.IsTransparentProxy() { lb = b.addTransparentProxyOutboundListener(b.proxyCfg.DynamicConfig.TransparentProxy.OutboundListenerPort) + lb.listener.DefaultRouter = lb.addL4RouterForDirect(naming.OriginalDestinationClusterName, fmt.Sprintf("upstream.%s", naming.OriginalDestinationClusterName)).router + b.addL4ClusterForDirect(naming.OriginalDestinationClusterName) } for _, destination := range destinations { @@ -372,6 +375,26 @@ func (b *ListenerBuilder) addL4RouterForDirect(clusterName, statPrefix string) * return b.NewRouterBuilder(router) } +func (b *Builder) addL4ClusterForDirect(clusterName string) *Builder { + cluster := &pbproxystate.Cluster{ + Name: clusterName, + Group: &pbproxystate.Cluster_EndpointGroup{ + EndpointGroup: &pbproxystate.EndpointGroup{ + Group: &pbproxystate.EndpointGroup_Passthrough{ + Passthrough: &pbproxystate.PassthroughEndpointGroup{ + Config: &pbproxystate.PassthroughEndpointGroupConfig{ + ConnectTimeout: durationpb.New(5 * time.Second), + }, + }, + }, + }, + }, + } + + b.proxyStateTemplate.ProxyState.Clusters[cluster.Name] = cluster + return b +} + func (b *ListenerBuilder) addL4RouterForSplit( clusters []*pbproxystate.L4WeightedDestinationCluster, statPrefix string, diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden index b087652882..a6650f6710 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden @@ -1,6 +1,16 @@ { "proxyState": { "clusters": { + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination" + }, "tcp.api-1.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", "endpointGroup": { @@ -87,6 +97,14 @@ "capabilities": [ "CAPABILITY_TRANSPARENT" ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, "direction": "DIRECTION_OUTBOUND", "hostPort": { "host": "127.0.0.1", diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden index 6c54b24487..128c8fff3e 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden @@ -1,6 +1,16 @@ { "proxyState": { "clusters": { + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination" + }, "tcp.api-1.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", "endpointGroup": { @@ -69,6 +79,14 @@ "capabilities": [ "CAPABILITY_TRANSPARENT" ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, "direction": "DIRECTION_OUTBOUND", "hostPort": { "host": "127.0.0.1", diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy.golden index 2b116150fe..36be8f2f94 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy.golden @@ -1,6 +1,16 @@ { "proxyState": { "clusters": { + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination" + }, "tcp.api-1.default.dc1.internal.foo.consul": { "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", "endpointGroup": { @@ -42,6 +52,14 @@ "capabilities": [ "CAPABILITY_TRANSPARENT" ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, "direction": "DIRECTION_OUTBOUND", "hostPort": { "host": "127.0.0.1", diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-multiple-implicit-destinations-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-multiple-implicit-destinations-tproxy.golden index d082eb568c..53aacf8944 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-multiple-implicit-destinations-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-multiple-implicit-destinations-tproxy.golden @@ -1,6 +1,16 @@ { "proxyState": { "clusters": { + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination" + }, "http.api-app.default.dc1.internal.foo.consul": { "altStatName": "http.api-app.default.dc1.internal.foo.consul", "endpointGroup": { @@ -177,6 +187,14 @@ "capabilities": [ "CAPABILITY_TRANSPARENT" ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, "direction": "DIRECTION_OUTBOUND", "hostPort": { "host": "127.0.0.1", diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-single-implicit-destination-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-single-implicit-destination-tproxy.golden index fe01e99324..11d37d6b19 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-single-implicit-destination-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-single-implicit-destination-tproxy.golden @@ -1,6 +1,16 @@ { "proxyState": { "clusters": { + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination" + }, "http.api-app.default.dc1.internal.foo.consul": { "altStatName": "http.api-app.default.dc1.internal.foo.consul", "endpointGroup": { @@ -96,6 +106,14 @@ "capabilities": [ "CAPABILITY_TRANSPARENT" ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, "direction": "DIRECTION_OUTBOUND", "hostPort": { "host": "127.0.0.1", diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-single-implicit-destination-with-multiple-workloads-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-single-implicit-destination-with-multiple-workloads-tproxy.golden index fe01e99324..11d37d6b19 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-single-implicit-destination-with-multiple-workloads-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-single-implicit-destination-with-multiple-workloads-tproxy.golden @@ -1,6 +1,16 @@ { "proxyState": { "clusters": { + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination" + }, "http.api-app.default.dc1.internal.foo.consul": { "altStatName": "http.api-app.default.dc1.internal.foo.consul", "endpointGroup": { @@ -96,6 +106,14 @@ "capabilities": [ "CAPABILITY_TRANSPARENT" ], + "defaultRouter": { + "l4": { + "cluster": { + "name": "original-destination" + }, + "statPrefix": "upstream.original-destination" + } + }, "direction": "DIRECTION_OUTBOUND", "hostPort": { "host": "127.0.0.1",