status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

NET-5822 - Add default outbound router in TProxy (#19087) 

* NET-5822 - Add default outbound router in TProxy

* fixing connection timeout to be 5 s instead of 10 seconds
This commit is contained in:
John Murret 2023-10-11 10:31:45 -06:00 committed by GitHub
parent b9ab63c55d
commit 6cbd417f29
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 162 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
agent/xdsv2/testdata/input/l4-single-implicit-destination-tproxy.golden vendored
View File

@ -37,7 +37,15 @@
], ],
"capabilities": [ "capabilities": [
"CAPABILITY_TRANSPARENT" "CAPABILITY_TRANSPARENT"
] ],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
}
} }
], ],
"clusters": { "clusters": {
@ -66,18 +74,20 @@
} }
} }
}, },
"leafCertificates": { "leafCertificates": {
"test-identity": { "test-identity": {
"cert": "cert1", "cert": "cert1",
"key": "key1" "key": "key1"
} }
}, },
"trustBundles": { "trustBundles": {
"local": { "local": {
"trustDomain": "foo.consul", "trustDomain": "foo.consul",
"roots": ["root1"] "roots": [
"root1"
]
}
} }
}
}, },
"requiredEndpoints": { "requiredEndpoints": {
"api-1.default.dc1.internal.foo.consul": { "api-1.default.dc1.internal.foo.consul": {

12
agent/xdsv2/testdata/output/listeners/l4-single-implicit-destination-tproxy.golden vendored
View File

@ -10,6 +10,18 @@
"portValue": 15001 "portValue": 15001
} }
}, },
"defaultFilterChain": {
"filters": [
{
"name": "envoy.filters.network.tcp_proxy",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"cluster": "original-destination",
"statPrefix": "upstream.original-destination"
}
}
]
},
"filterChains": [ "filterChains": [
{ {
"filterChainMatch": { "filterChainMatch": {

23
internal/mesh/internal/controllers/sidecarproxy/builder/destination_builder.go
View File

@ -5,6 +5,7 @@ package builder
import ( import (
"fmt" "fmt"
"github.com/hashicorp/consul/agent/xds/naming"
"time" "time"
"google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/durationpb"
@ -27,6 +28,8 @@ func (b *Builder) BuildDestinations(destinations []*intermediate.Destination) *B
var lb *ListenerBuilder var lb *ListenerBuilder
if b.proxyCfg.IsTransparentProxy() { if b.proxyCfg.IsTransparentProxy() {
lb = b.addTransparentProxyOutboundListener(b.proxyCfg.DynamicConfig.TransparentProxy.OutboundListenerPort) lb = b.addTransparentProxyOutboundListener(b.proxyCfg.DynamicConfig.TransparentProxy.OutboundListenerPort)
lb.listener.DefaultRouter = lb.addL4RouterForDirect(naming.OriginalDestinationClusterName, fmt.Sprintf("upstream.%s", naming.OriginalDestinationClusterName)).router
b.addL4ClusterForDirect(naming.OriginalDestinationClusterName)
} }
for _, destination := range destinations { for _, destination := range destinations {
@ -372,6 +375,26 @@ func (b *ListenerBuilder) addL4RouterForDirect(clusterName, statPrefix string) *
return b.NewRouterBuilder(router) return b.NewRouterBuilder(router)
} }
func (b *Builder) addL4ClusterForDirect(clusterName string) *Builder {
cluster := &pbproxystate.Cluster{
Name: clusterName,
Group: &pbproxystate.Cluster_EndpointGroup{
EndpointGroup: &pbproxystate.EndpointGroup{
Group: &pbproxystate.EndpointGroup_Passthrough{
Passthrough: &pbproxystate.PassthroughEndpointGroup{
Config: &pbproxystate.PassthroughEndpointGroupConfig{
ConnectTimeout: durationpb.New(5 * time.Second),
},
},
},
},
},
}
b.proxyStateTemplate.ProxyState.Clusters[cluster.Name] = cluster
return b
}
func (b *ListenerBuilder) addL4RouterForSplit( func (b *ListenerBuilder) addL4RouterForSplit(
clusters []*pbproxystate.L4WeightedDestinationCluster, clusters []*pbproxystate.L4WeightedDestinationCluster,
statPrefix string, statPrefix string,

18
internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy.golden vendored
View File

@ -1,6 +1,16 @@
{ {
"proxyState": { "proxyState": {
"clusters": { "clusters": {
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"tcp.api-1.default.dc1.internal.foo.consul": { "tcp.api-1.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-1.default.dc1.internal.foo.consul", "altStatName": "tcp.api-1.default.dc1.internal.foo.consul",
"endpointGroup": { "endpointGroup": {
@ -87,6 +97,14 @@
"capabilities": [ "capabilities": [
"CAPABILITY_TRANSPARENT" "CAPABILITY_TRANSPARENT"
], ],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND", "direction": "DIRECTION_OUTBOUND",
"hostPort": { "hostPort": {
"host": "127.0.0.1", "host": "127.0.0.1",

18
internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy.golden vendored
View File

@ -1,6 +1,16 @@
{ {
"proxyState": { "proxyState": {
"clusters": { "clusters": {
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"tcp.api-1.default.dc1.internal.foo.consul": { "tcp.api-1.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-1.default.dc1.internal.foo.consul", "altStatName": "tcp.api-1.default.dc1.internal.foo.consul",
"endpointGroup": { "endpointGroup": {
@ -69,6 +79,14 @@
"capabilities": [ "capabilities": [
"CAPABILITY_TRANSPARENT" "CAPABILITY_TRANSPARENT"
], ],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND", "direction": "DIRECTION_OUTBOUND",
"hostPort": { "hostPort": {
"host": "127.0.0.1", "host": "127.0.0.1",

18
internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy.golden vendored
View File

@ -1,6 +1,16 @@
{ {
"proxyState": { "proxyState": {
"clusters": { "clusters": {
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"tcp.api-1.default.dc1.internal.foo.consul": { "tcp.api-1.default.dc1.internal.foo.consul": {
"altStatName": "tcp.api-1.default.dc1.internal.foo.consul", "altStatName": "tcp.api-1.default.dc1.internal.foo.consul",
"endpointGroup": { "endpointGroup": {
@ -42,6 +52,14 @@
"capabilities": [ "capabilities": [
"CAPABILITY_TRANSPARENT" "CAPABILITY_TRANSPARENT"
], ],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND", "direction": "DIRECTION_OUTBOUND",
"hostPort": { "hostPort": {
"host": "127.0.0.1", "host": "127.0.0.1",

18
internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-multiple-implicit-destinations-tproxy.golden vendored
View File

@ -1,6 +1,16 @@
{ {
"proxyState": { "proxyState": {
"clusters": { "clusters": {
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"http.api-app.default.dc1.internal.foo.consul": { "http.api-app.default.dc1.internal.foo.consul": {
"altStatName": "http.api-app.default.dc1.internal.foo.consul", "altStatName": "http.api-app.default.dc1.internal.foo.consul",
"endpointGroup": { "endpointGroup": {
@ -177,6 +187,14 @@
"capabilities": [ "capabilities": [
"CAPABILITY_TRANSPARENT" "CAPABILITY_TRANSPARENT"
], ],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND", "direction": "DIRECTION_OUTBOUND",
"hostPort": { "hostPort": {
"host": "127.0.0.1", "host": "127.0.0.1",

18
internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-single-implicit-destination-tproxy.golden vendored
View File

@ -1,6 +1,16 @@
{ {
"proxyState": { "proxyState": {
"clusters": { "clusters": {
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"http.api-app.default.dc1.internal.foo.consul": { "http.api-app.default.dc1.internal.foo.consul": {
"altStatName": "http.api-app.default.dc1.internal.foo.consul", "altStatName": "http.api-app.default.dc1.internal.foo.consul",
"endpointGroup": { "endpointGroup": {
@ -96,6 +106,14 @@
"capabilities": [ "capabilities": [
"CAPABILITY_TRANSPARENT" "CAPABILITY_TRANSPARENT"
], ],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND", "direction": "DIRECTION_OUTBOUND",
"hostPort": { "hostPort": {
"host": "127.0.0.1", "host": "127.0.0.1",

18
internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-single-implicit-destination-with-multiple-workloads-tproxy.golden vendored
View File

@ -1,6 +1,16 @@
{ {
"proxyState": { "proxyState": {
"clusters": { "clusters": {
"original-destination": {
"endpointGroup": {
"passthrough": {
"config": {
"connectTimeout": "5s"
}
}
},
"name": "original-destination"
},
"http.api-app.default.dc1.internal.foo.consul": { "http.api-app.default.dc1.internal.foo.consul": {
"altStatName": "http.api-app.default.dc1.internal.foo.consul", "altStatName": "http.api-app.default.dc1.internal.foo.consul",
"endpointGroup": { "endpointGroup": {
@ -96,6 +106,14 @@
"capabilities": [ "capabilities": [
"CAPABILITY_TRANSPARENT" "CAPABILITY_TRANSPARENT"
], ],
"defaultRouter": {
"l4": {
"cluster": {
"name": "original-destination"
},
"statPrefix": "upstream.original-destination"
}
},
"direction": "DIRECTION_OUTBOUND", "direction": "DIRECTION_OUTBOUND",
"hostPort": { "hostPort": {
"host": "127.0.0.1", "host": "127.0.0.1",