diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go index 1b238c068a..8dd0145504 100644 --- a/agent/agent_endpoint_test.go +++ b/agent/agent_endpoint_test.go @@ -197,6 +197,7 @@ func TestAgent_Services_Sidecar(t *testing.T) { Proxy: structs.ConnectProxyConfig{ DestinationServiceName: "db", Upstreams: structs.TestUpstreams(t), + TransparentProxy: true, }, } a.State.AddService(srv1, "") @@ -396,7 +397,7 @@ func TestAgent_Service(t *testing.T) { Service: "web-sidecar-proxy", Port: 8000, Proxy: expectProxy.ToAPI(), - ContentHash: "4c7d5f8d3748be6d", + ContentHash: "fa3af167b81f6721", Weights: api.AgentWeights{ Passing: 1, Warning: 1, @@ -410,7 +411,7 @@ func TestAgent_Service(t *testing.T) { // Copy and modify updatedResponse := *expectedResponse updatedResponse.Port = 9999 - updatedResponse.ContentHash = "713435ba1f5badcf" + updatedResponse.ContentHash = "c7739b50900c7483" // Simple response for non-proxy service registered in TestAgent config expectWebResponse := &api.AgentService{ diff --git a/agent/config/builder.go b/agent/config/builder.go index 367048c56d..e85715ffe9 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -1690,6 +1690,7 @@ func (b *builder) serviceProxyVal(v *ServiceProxy) *structs.ConnectProxyConfig { Upstreams: b.upstreamsVal(v.Upstreams), MeshGateway: b.meshGatewayConfVal(v.MeshGateway), Expose: b.exposeConfVal(v.Expose), + TransparentProxy: boolVal(v.TransparentProxy), } } diff --git a/agent/config/config.go b/agent/config/config.go index 9bb1ab9007..b575d5b350 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -473,6 +473,10 @@ type ServiceProxy struct { // Expose defines whether checks or paths are exposed through the proxy Expose *ExposeConfig `mapstructure:"expose"` + + // TransparentProxy toggles whether inbound and outbound traffic is being + // redirected to the proxy. + TransparentProxy *bool `mapstructure:"transparent_proxy"` } // Upstream represents a single upstream dependency for a service or proxy. It diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index f1abcc8b3d..47c54ec240 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -2582,6 +2582,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { } ] }, + "transparent_proxy": true, "upstreams": [ { "destination_name": "db", @@ -2617,7 +2618,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { protocol = "http" } ] - }, + } + transparent_proxy = true upstreams = [ { destination_name = "db" @@ -2657,6 +2659,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, }, }, + TransparentProxy: true, Upstreams: structs.Upstreams{ structs.Upstream{ DestinationType: "service", @@ -2711,6 +2714,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { } ] }, + "transparent_proxy": true, "upstreams": [ { "destination_name": "db", @@ -2746,7 +2750,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { protocol = "http" } ] - }, + } + transparent_proxy = true, upstreams = [ { destination_name = "db" @@ -2786,6 +2791,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, }, }, + TransparentProxy: true, Upstreams: structs.Upstreams{ structs.Upstream{ DestinationType: "service", @@ -3428,7 +3434,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, "mesh_gateway": { "mode": "remote" - } + }, + "transparent_proxy": true } ] } @@ -3447,6 +3454,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { mesh_gateway { mode = "remote" } + transparent_proxy = true } }`}, expected: func(rt *RuntimeConfig) { @@ -3465,6 +3473,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { MeshGateway: structs.MeshGatewayConfig{ Mode: structs.MeshGatewayModeRemote, }, + TransparentProxy: true, }, } }, @@ -3486,7 +3495,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { }, "MeshGateway": { "Mode": "remote" - } + }, + "TransparentProxy": true } ] } @@ -3505,6 +3515,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { MeshGateway { Mode = "remote" } + TransparentProxy = true } }`}, expected: func(rt *RuntimeConfig) { @@ -3523,6 +3534,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { MeshGateway: structs.MeshGatewayConfig{ Mode: structs.MeshGatewayModeRemote, }, + TransparentProxy: true, }, } }, @@ -3544,7 +3556,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { "external_sni": "abc-123", "mesh_gateway": { "mode": "remote" - } + }, + "transparent_proxy": true } ] } @@ -3563,6 +3576,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { mesh_gateway { mode = "remote" } + transparent_proxy = true } }`}, expected: func(rt *RuntimeConfig) { @@ -3581,6 +3595,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { MeshGateway: structs.MeshGatewayConfig{ Mode: structs.MeshGatewayModeRemote, }, + TransparentProxy: true, }, } }, @@ -3602,7 +3617,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { "ExternalSNI": "abc-123", "MeshGateway": { "Mode": "remote" - } + }, + "TransparentProxy": true } ] } @@ -3621,6 +3637,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { MeshGateway { Mode = "remote" } + TransparentProxy = true } }`}, expected: func(rt *RuntimeConfig) { @@ -3639,6 +3656,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { MeshGateway: structs.MeshGatewayConfig{ Mode: structs.MeshGatewayModeRemote, }, + TransparentProxy: true, }, } }, @@ -5464,6 +5482,7 @@ func TestLoad_FullConfig(t *testing.T) { }, }, }, + TransparentProxy: true, }, Weights: &structs.Weights{ Passing: 1, diff --git a/agent/config/testdata/full-config.hcl b/agent/config/testdata/full-config.hcl index 9dc4b6224b..9d25247e6d 100644 --- a/agent/config/testdata/full-config.hcl +++ b/agent/config/testdata/full-config.hcl @@ -582,6 +582,7 @@ services = [ } ] } + transparent_proxy = true } }, { diff --git a/agent/config/testdata/full-config.json b/agent/config/testdata/full-config.json index e9b9d47ef7..106bea01a9 100644 --- a/agent/config/testdata/full-config.json +++ b/agent/config/testdata/full-config.json @@ -563,6 +563,7 @@ } ] }, + "transparent_proxy": true, "upstreams": [ { "destination_name": "KPtAj2cb", diff --git a/agent/consul/config_endpoint.go b/agent/consul/config_endpoint.go index 49e3f7d504..3367ff799d 100644 --- a/agent/consul/config_endpoint.go +++ b/agent/consul/config_endpoint.go @@ -357,6 +357,7 @@ func (c *ConfigEntry) ResolveServiceConfig(args *structs.ServiceConfigRequest, r reply.ProxyConfig = mapCopy.(map[string]interface{}) reply.MeshGateway = proxyConf.MeshGateway reply.Expose = proxyConf.Expose + reply.TransparentProxy = proxyConf.TransparentProxy // Extract the global protocol from proxyConf for upstream configs. rawProtocol := proxyConf.Config["protocol"] @@ -395,6 +396,9 @@ func (c *ConfigEntry) ResolveServiceConfig(args *structs.ServiceConfigRequest, r } reply.ProxyConfig["protocol"] = serviceConf.Protocol } + if serviceConf.TransparentProxy { + reply.TransparentProxy = serviceConf.TransparentProxy + } } // First collect all upstreams into a set of seen upstreams. diff --git a/agent/consul/config_endpoint_test.go b/agent/consul/config_endpoint_test.go index d65705957c..35f26ce3f5 100644 --- a/agent/consul/config_endpoint_test.go +++ b/agent/consul/config_endpoint_test.go @@ -893,6 +893,105 @@ func TestConfigEntry_ResolveServiceConfig(t *testing.T) { require.Equal(map[string]interface{}{"foo": 1}, proxyConf.Config) } +func TestConfigEntry_ResolveServiceConfig_TransparentProxy(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + + tt := []struct { + name string + entries []structs.ConfigEntry + request structs.ServiceConfigRequest + proxyCfg structs.ConnectProxyConfig + expect structs.ServiceConfigResponse + }{ + { + name: "from proxy-defaults", + entries: []structs.ConfigEntry{ + &structs.ProxyConfigEntry{ + Kind: structs.ProxyDefaults, + Name: structs.ProxyConfigGlobal, + TransparentProxy: true, + }, + }, + request: structs.ServiceConfigRequest{ + Name: "foo", + Datacenter: "dc1", + }, + expect: structs.ServiceConfigResponse{ + TransparentProxy: true, + }, + }, + { + name: "from service-defaults", + entries: []structs.ConfigEntry{ + &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "foo", + TransparentProxy: true, + }, + }, + request: structs.ServiceConfigRequest{ + Name: "foo", + Datacenter: "dc1", + }, + expect: structs.ServiceConfigResponse{ + TransparentProxy: true, + }, + }, + { + name: "service-defaults overrides proxy-defaults", + entries: []structs.ConfigEntry{ + &structs.ProxyConfigEntry{ + Kind: structs.ProxyDefaults, + Name: structs.ProxyConfigGlobal, + TransparentProxy: false, + }, + &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "foo", + TransparentProxy: true, + }, + }, + request: structs.ServiceConfigRequest{ + Name: "foo", + Datacenter: "dc1", + }, + expect: structs.ServiceConfigResponse{ + TransparentProxy: true, + }, + }, + } + + for _, tc := range tt { + t.Run(tc.name, func(t *testing.T) { + dir1, s1 := testServer(t) + defer os.RemoveAll(dir1) + defer s1.Shutdown() + + codec := rpcClient(t, s1) + defer codec.Close() + + // Boostrap the config entries + idx := uint64(1) + for _, conf := range tc.entries { + require.NoError(t, s1.fsm.State().EnsureConfigEntry(idx, conf)) + idx++ + } + + var out structs.ServiceConfigResponse + require.NoError(t, msgpackrpc.CallWithCodec(codec, "ConfigEntry.ResolveServiceConfig", &tc.request, &out)) + + // Don't know what this is deterministically, so we grab it from the response + tc.expect.QueryMeta = out.QueryMeta + + require.Equal(t, tc.expect, out) + }) + } +} + func TestConfigEntry_ResolveServiceConfig_Upstreams(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") diff --git a/agent/service_manager.go b/agent/service_manager.go index 2f4e88ba91..2c0fc2f2db 100644 --- a/agent/service_manager.go +++ b/agent/service_manager.go @@ -376,39 +376,78 @@ func mergeServiceConfig(defaults *structs.ServiceConfigResponse, service *struct if ns.Proxy.MeshGateway.Mode == structs.MeshGatewayModeDefault { ns.Proxy.MeshGateway.Mode = defaults.MeshGateway.Mode } + if !ns.Proxy.TransparentProxy { + ns.Proxy.TransparentProxy = defaults.TransparentProxy + } - // Merge upstream defaults if there were any returned + // remoteUpstreams contains synthetic Upstreams generated from central config (service-defaults.UpstreamConfigs). + remoteUpstreams := make(map[structs.ServiceID]structs.Upstream) + + for _, us := range defaults.UpstreamIDConfigs { + parsed, err := structs.ParseUpstreamConfig(us.Config) + if err != nil { + return nil, fmt.Errorf("failed to parse upstream config map for %s: %v", us.Upstream.String(), err) + } + + // Delete the mesh gateway key since this is the only place it is read from an opaque map. + // Later reads use Proxy.MeshGateway. + // Note that we use the "mesh_gateway" key and not other variants like "MeshGateway" because + // UpstreamConfig.MergeInto and ResolveServiceConfig only use "mesh_gateway". + delete(us.Config, "mesh_gateway") + + remoteUpstreams[us.Upstream] = structs.Upstream{ + DestinationNamespace: us.Upstream.NamespaceOrDefault(), + DestinationName: us.Upstream.ID, + Config: us.Config, + MeshGateway: parsed.MeshGateway, + CentrallyConfigured: true, + } + } + + // localUpstreams stores the upstreams seen from the local registration so that we can merge in the synthetic entries. + // In TransparentProxy mode ns.Proxy.Upstreams will likely be empty because users do not need to define upstreams explicitly. + // So to store upstream-specific flags from central config, we add entries to ns.Proxy.Upstream with those values. + localUpstreams := make(map[structs.ServiceID]struct{}) + + // Merge upstream defaults into the local registration for i := range ns.Proxy.Upstreams { // Get a pointer not a value copy of the upstream struct us := &ns.Proxy.Upstreams[i] if us.DestinationType != "" && us.DestinationType != structs.UpstreamDestTypeService { continue } + localUpstreams[us.DestinationID()] = struct{}{} - usCfg, ok := defaults.UpstreamIDConfigs.GetUpstreamConfig(us.DestinationID()) + usCfg, ok := remoteUpstreams[us.DestinationID()] if !ok { // No config defaults to merge continue } - // MeshGateway mode is fetched separately since it is a first class field and not read from us.Config - parsed, err := structs.ParseUpstreamConfig(usCfg) - if err != nil { - return nil, fmt.Errorf("failed to parse upstream config map for %s: %v", us.Identifier(), err) - } - // The local upstream config mode has the highest precedence, so only overwrite when it's set to the default if us.MeshGateway.Mode == structs.MeshGatewayModeDefault { - us.MeshGateway.Mode = parsed.MeshGateway.Mode + us.MeshGateway.Mode = usCfg.MeshGateway.Mode } - // Delete the mesh gateway key since this is the only place it is read from an opaque map. - delete(usCfg, "mesh_gateway") - // Merge in everything else that is read from the map - if err := mergo.Merge(&us.Config, usCfg); err != nil { + if err := mergo.Merge(&us.Config, usCfg.Config); err != nil { return nil, err } } + + // Ensure upstreams present in central config are represented in the local configuration. + // This does not apply outside of TransparentProxy mode because in that situation every upstream needs to be defined + // explicitly and locally with a local bind port. + if ns.Proxy.TransparentProxy { + for id, remote := range remoteUpstreams { + if _, ok := localUpstreams[id]; ok { + // Remote upstream is already present locally + continue + } + + ns.Proxy.Upstreams = append(ns.Proxy.Upstreams, remote) + } + } + return ns, err } diff --git a/agent/service_manager_test.go b/agent/service_manager_test.go index 3d179377aa..de3b4e3cc3 100644 --- a/agent/service_manager_test.go +++ b/agent/service_manager_test.go @@ -922,6 +922,125 @@ func Test_mergeServiceConfig_UpstreamOverrides(t *testing.T) { }, }, }, + { + name: "remote upstream config expands local upstream list in tproxy mode", + args: args{ + defaults: &structs.ServiceConfigResponse{ + UpstreamIDConfigs: structs.OpaqueUpstreamConfigs{ + { + Upstream: structs.ServiceID{ + ID: "zap", + EnterpriseMeta: *structs.DefaultEnterpriseMeta(), + }, + Config: map[string]interface{}{ + "protocol": "grpc", + }, + }, + }, + }, + service: &structs.NodeService{ + ID: "foo-proxy", + Service: "foo-proxy", + Proxy: structs.ConnectProxyConfig{ + DestinationServiceName: "foo", + DestinationServiceID: "foo", + TransparentProxy: true, + Upstreams: structs.Upstreams{ + structs.Upstream{ + DestinationNamespace: "default", + DestinationName: "zip", + LocalBindPort: 8080, + Config: map[string]interface{}{ + "protocol": "http", + }, + }, + }, + }, + }, + }, + want: &structs.NodeService{ + ID: "foo-proxy", + Service: "foo-proxy", + Proxy: structs.ConnectProxyConfig{ + DestinationServiceName: "foo", + DestinationServiceID: "foo", + TransparentProxy: true, + Upstreams: structs.Upstreams{ + structs.Upstream{ + DestinationNamespace: "default", + DestinationName: "zip", + LocalBindPort: 8080, + Config: map[string]interface{}{ + "protocol": "http", + }, + }, + structs.Upstream{ + DestinationNamespace: "default", + DestinationName: "zap", + Config: map[string]interface{}{ + "protocol": "grpc", + }, + CentrallyConfigured: true, + }, + }, + }, + }, + }, + { + name: "remote upstream config not added to local upstream list outside of tproxy mode", + args: args{ + defaults: &structs.ServiceConfigResponse{ + UpstreamIDConfigs: structs.OpaqueUpstreamConfigs{ + { + Upstream: structs.ServiceID{ + ID: "zap", + EnterpriseMeta: *structs.DefaultEnterpriseMeta(), + }, + Config: map[string]interface{}{ + "protocol": "grpc", + }, + }, + }, + }, + service: &structs.NodeService{ + ID: "foo-proxy", + Service: "foo-proxy", + Proxy: structs.ConnectProxyConfig{ + DestinationServiceName: "foo", + DestinationServiceID: "foo", + TransparentProxy: false, + Upstreams: structs.Upstreams{ + structs.Upstream{ + DestinationNamespace: "default", + DestinationName: "zip", + LocalBindPort: 8080, + Config: map[string]interface{}{ + "protocol": "http", + }, + }, + }, + }, + }, + }, + want: &structs.NodeService{ + ID: "foo-proxy", + Service: "foo-proxy", + Proxy: structs.ConnectProxyConfig{ + DestinationServiceName: "foo", + DestinationServiceID: "foo", + Upstreams: structs.Upstreams{ + structs.Upstream{ + DestinationNamespace: "default", + DestinationName: "zip", + LocalBindPort: 8080, + Config: map[string]interface{}{ + "protocol": "http", + }, + }, + }, + }, + }, + }, { name: "upstream mode from remote defaults overrides local default", args: args{ diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go index 5bae12f0f6..4678f8cc2e 100644 --- a/agent/structs/config_entry.go +++ b/agent/structs/config_entry.go @@ -79,11 +79,12 @@ type UpdatableConfigEntry interface { // ServiceConfiguration is the top-level struct for the configuration of a service // across the entire cluster. type ServiceConfigEntry struct { - Kind string - Name string - Protocol string - MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` - Expose ExposeConfig `json:",omitempty"` + Kind string + Name string + Protocol string + MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` + Expose ExposeConfig `json:",omitempty"` + TransparentProxy bool `json:",omitempty" alias:"transparent_proxy"` ExternalSNI string `json:",omitempty" alias:"external_sni"` @@ -211,11 +212,12 @@ func (cfg ConnectConfiguration) Validate() error { // ProxyConfigEntry is the top-level struct for global proxy configuration defaults. type ProxyConfigEntry struct { - Kind string - Name string - Config map[string]interface{} - MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` - Expose ExposeConfig `json:",omitempty"` + Kind string + Name string + Config map[string]interface{} + MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` + Expose ExposeConfig `json:",omitempty"` + TransparentProxy bool `json:",omitempty" alias:"transparent_proxy"` Meta map[string]string `json:",omitempty"` EnterpriseMeta `hcl:",squash" mapstructure:",squash"` @@ -839,6 +841,7 @@ type ServiceConfigResponse struct { UpstreamIDConfigs OpaqueUpstreamConfigs MeshGateway MeshGatewayConfig `json:",omitempty"` Expose ExposeConfig `json:",omitempty"` + TransparentProxy bool `json:",omitempty"` QueryMeta } diff --git a/agent/structs/connect_proxy_config.go b/agent/structs/connect_proxy_config.go index 3348c49000..4031c78d80 100644 --- a/agent/structs/connect_proxy_config.go +++ b/agent/structs/connect_proxy_config.go @@ -118,6 +118,10 @@ type ConnectProxyConfig struct { // Expose defines whether checks or paths are exposed through the proxy Expose ExposeConfig `json:",omitempty"` + + // TransparentProxy toggles whether inbound and outbound traffic is being + // redirected to the proxy. + TransparentProxy bool `json:",omitempty" alias:"transparent_proxy"` } func (t *ConnectProxyConfig) UnmarshalJSON(data []byte) (err error) { @@ -128,6 +132,7 @@ func (t *ConnectProxyConfig) UnmarshalJSON(data []byte) (err error) { LocalServiceAddressSnake string `json:"local_service_address"` LocalServicePortSnake int `json:"local_service_port"` MeshGatewaySnake MeshGatewayConfig `json:"mesh_gateway"` + TransparentProxySnake bool `json:"transparent_proxy"` *Alias }{ @@ -151,6 +156,9 @@ func (t *ConnectProxyConfig) UnmarshalJSON(data []byte) (err error) { if t.MeshGateway.Mode == "" { t.MeshGateway.Mode = aux.MeshGatewaySnake.Mode } + if !t.TransparentProxy { + t.TransparentProxy = aux.TransparentProxySnake + } return nil @@ -183,6 +191,7 @@ func (c *ConnectProxyConfig) ToAPI() *api.AgentServiceConnectProxyConfig { Upstreams: c.Upstreams.ToAPI(), MeshGateway: c.MeshGateway.ToAPI(), Expose: c.Expose.ToAPI(), + TransparentProxy: c.TransparentProxy, } } @@ -256,6 +265,10 @@ type Upstream struct { // an ingress gateway. This cannot and should not be set by a user, it is // used internally to store the association of hosts to an upstream service. IngressHosts []string `json:"-" bexpr:"-"` + + // CentrallyConfigured indicates whether the upstream was defined in a proxy + // instance registration or whether it was generated from a config entry. + CentrallyConfigured bool `json:",omitempty" bexpr:"-"` } func (t *Upstream) UnmarshalJSON(data []byte) (err error) { @@ -312,7 +325,7 @@ func (u *Upstream) Validate() error { return fmt.Errorf("upstream destination name cannot be empty") } - if u.LocalBindPort == 0 { + if u.LocalBindPort == 0 && !u.CentrallyConfigured { return fmt.Errorf("upstream local bind port cannot be zero") } return nil diff --git a/agent/structs/structs_filtering_test.go b/agent/structs/structs_filtering_test.go index 319f47e9e2..2fa419eeb3 100644 --- a/agent/structs/structs_filtering_test.go +++ b/agent/structs/structs_filtering_test.go @@ -207,6 +207,11 @@ var expectedFieldConfigConnectProxyConfig bexpr.FieldConfigurations = bexpr.Fiel StructFieldName: "Expose", SubFields: expectedFieldConfigExposeConfig, }, + "TransparentProxy": &bexpr.FieldConfiguration{ + StructFieldName: "TransparentProxy", + CoerceFn: bexpr.CoerceBool, + SupportedOperations: []bexpr.MatchOperator{bexpr.MatchEqual, bexpr.MatchNotEqual}, + }, } var expectedFieldConfigServiceConnect bexpr.FieldConfigurations = bexpr.FieldConfigurations{ diff --git a/api/agent.go b/api/agent.go index 43e9b89e24..8c843ab4d0 100644 --- a/api/agent.go +++ b/api/agent.go @@ -122,6 +122,7 @@ type AgentServiceConnectProxyConfig struct { Upstreams []Upstream `json:",omitempty"` MeshGateway MeshGatewayConfig `json:",omitempty"` Expose ExposeConfig `json:",omitempty"` + TransparentProxy bool `json:",omitempty"` } const ( @@ -407,6 +408,7 @@ type Upstream struct { LocalBindPort int `json:",omitempty"` Config map[string]interface{} `json:",omitempty" bexpr:"-"` MeshGateway MeshGatewayConfig `json:",omitempty"` + CentrallyConfigured bool `json:",omitempty" bexpr:"-"` } // Agent can be used to query the Agent endpoints diff --git a/api/agent_test.go b/api/agent_test.go index 29dedd2ae6..ef267bff18 100644 --- a/api/agent_test.go +++ b/api/agent_test.go @@ -437,6 +437,7 @@ func TestAPI_AgentServices_ExternalConnectProxy(t *testing.T) { Port: 8001, Proxy: &AgentServiceConnectProxyConfig{ DestinationServiceName: "foo", + TransparentProxy: true, }, } if err := agent.ServiceRegister(reg); err != nil { @@ -453,6 +454,9 @@ func TestAPI_AgentServices_ExternalConnectProxy(t *testing.T) { if _, ok := services["foo-proxy"]; !ok { t.Fatalf("missing proxy service: %v", services) } + if !services["foo-proxy"].Proxy.TransparentProxy { + t.Fatalf("expected transparent proxy mode to be enabled") + } if err := agent.ServiceDeregister("foo"); err != nil { t.Fatalf("err: %v", err) diff --git a/api/config_entry.go b/api/config_entry.go index cd38c05ef6..f303187cdd 100644 --- a/api/config_entry.go +++ b/api/config_entry.go @@ -167,17 +167,18 @@ type UpstreamLimits struct { } type ServiceConfigEntry struct { - Kind string - Name string - Namespace string `json:",omitempty"` - Protocol string `json:",omitempty"` - MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` - Connect ConnectConfiguration `json:",omitempty"` - Expose ExposeConfig `json:",omitempty"` - ExternalSNI string `json:",omitempty" alias:"external_sni"` - Meta map[string]string `json:",omitempty"` - CreateIndex uint64 - ModifyIndex uint64 + Kind string + Name string + Namespace string `json:",omitempty"` + Protocol string `json:",omitempty"` + MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` + Connect ConnectConfiguration `json:",omitempty"` + Expose ExposeConfig `json:",omitempty"` + TransparentProxy bool `json:",omitempty" alias:"transparent_proxy"` + ExternalSNI string `json:",omitempty" alias:"external_sni"` + Meta map[string]string `json:",omitempty"` + CreateIndex uint64 + ModifyIndex uint64 } func (s *ServiceConfigEntry) GetKind() string { @@ -205,15 +206,16 @@ func (s *ServiceConfigEntry) GetModifyIndex() uint64 { } type ProxyConfigEntry struct { - Kind string - Name string - Namespace string `json:",omitempty"` - Config map[string]interface{} `json:",omitempty"` - MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` - Expose ExposeConfig `json:",omitempty"` - Meta map[string]string `json:",omitempty"` - CreateIndex uint64 - ModifyIndex uint64 + Kind string + Name string + Namespace string `json:",omitempty"` + Config map[string]interface{} `json:",omitempty"` + MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` + Expose ExposeConfig `json:",omitempty"` + TransparentProxy bool `json:",omitempty" alias:"transparent_proxy"` + Meta map[string]string `json:",omitempty"` + CreateIndex uint64 + ModifyIndex uint64 } func (p *ProxyConfigEntry) GetKind() string { diff --git a/api/config_entry_test.go b/api/config_entry_test.go index a1fe9f6994..443995e123 100644 --- a/api/config_entry_test.go +++ b/api/config_entry_test.go @@ -296,7 +296,8 @@ func TestDecodeConfigEntry(t *testing.T) { }, "MeshGateway": { "Mode": "remote" - } + }, + "TransparentProxy": true } `, expect: &ProxyConfigEntry{ @@ -316,6 +317,7 @@ func TestDecodeConfigEntry(t *testing.T) { MeshGateway: MeshGatewayConfig{ Mode: MeshGatewayModeRemote, }, + TransparentProxy: true, }, }, { @@ -333,6 +335,7 @@ func TestDecodeConfigEntry(t *testing.T) { "MeshGateway": { "Mode": "remote" }, + "TransparentProxy": true, "Connect": { "UpstreamConfigs": { "redis": { @@ -377,6 +380,7 @@ func TestDecodeConfigEntry(t *testing.T) { MeshGateway: MeshGatewayConfig{ Mode: MeshGatewayModeRemote, }, + TransparentProxy: true, Connect: ConnectConfiguration{ UpstreamConfigs: map[string]UpstreamConfig{ "redis": { diff --git a/command/config/write/config_write_test.go b/command/config/write/config_write_test.go index dbcff13ae3..e628c13e46 100644 --- a/command/config/write/config_write_test.go +++ b/command/config/write/config_write_test.go @@ -181,6 +181,7 @@ func TestParseConfigEntry(t *testing.T) { mesh_gateway { mode = "remote" } + transparent_proxy = true `, camel: ` Kind = "proxy-defaults" @@ -199,6 +200,7 @@ func TestParseConfigEntry(t *testing.T) { MeshGateway { Mode = "remote" } + TransparentProxy = true `, snakeJSON: ` { @@ -217,7 +219,8 @@ func TestParseConfigEntry(t *testing.T) { }, "mesh_gateway": { "mode": "remote" - } + }, + "transparent_proxy": true } `, camelJSON: ` @@ -237,7 +240,8 @@ func TestParseConfigEntry(t *testing.T) { }, "MeshGateway": { "Mode": "remote" - } + }, + "TransparentProxy": true } `, expect: &api.ProxyConfigEntry{ @@ -257,6 +261,7 @@ func TestParseConfigEntry(t *testing.T) { MeshGateway: api.MeshGatewayConfig{ Mode: api.MeshGatewayModeRemote, }, + TransparentProxy: true, }, expectJSON: &api.ProxyConfigEntry{ Kind: "proxy-defaults", @@ -275,6 +280,7 @@ func TestParseConfigEntry(t *testing.T) { MeshGateway: api.MeshGatewayConfig{ Mode: api.MeshGatewayModeRemote, }, + TransparentProxy: true, }, }, { @@ -436,6 +442,7 @@ func TestParseConfigEntry(t *testing.T) { mesh_gateway { mode = "remote" } + transparent_proxy = true connect { upstream_configs { "redis" { @@ -479,6 +486,7 @@ func TestParseConfigEntry(t *testing.T) { MeshGateway { Mode = "remote" } + TransparentProxy = true connect = { upstream_configs = { "redis" = { @@ -523,6 +531,7 @@ func TestParseConfigEntry(t *testing.T) { "mesh_gateway": { "mode": "remote" }, + "transparent_proxy": true, "connect": { "upstream_configs": { "redis": { @@ -568,6 +577,7 @@ func TestParseConfigEntry(t *testing.T) { "MeshGateway": { "Mode": "remote" }, + "TransparentProxy": true, "Connect": { "UpstreamConfigs": { "redis": { @@ -612,6 +622,7 @@ func TestParseConfigEntry(t *testing.T) { MeshGateway: api.MeshGatewayConfig{ Mode: api.MeshGatewayModeRemote, }, + TransparentProxy: true, Connect: api.ConnectConfiguration{ UpstreamConfigs: map[string]api.UpstreamConfig{ "redis": { diff --git a/proto/pbservice/service.gen.go b/proto/pbservice/service.gen.go index 45b4fb154c..0b0bb3443e 100644 --- a/proto/pbservice/service.gen.go +++ b/proto/pbservice/service.gen.go @@ -14,6 +14,7 @@ func ConnectProxyConfigToStructs(s ConnectProxyConfig) structs.ConnectProxyConfi t.Upstreams = UpstreamsToStructs(s.Upstreams) t.MeshGateway = MeshGatewayConfigToStructs(s.MeshGateway) t.Expose = ExposeConfigToStructs(s.Expose) + t.TransparentProxy = s.TransparentProxy return t } func NewConnectProxyConfigFromStructs(t structs.ConnectProxyConfig) ConnectProxyConfig { @@ -26,6 +27,7 @@ func NewConnectProxyConfigFromStructs(t structs.ConnectProxyConfig) ConnectProxy s.Upstreams = NewUpstreamsFromStructs(t.Upstreams) s.MeshGateway = NewMeshGatewayConfigFromStructs(t.MeshGateway) s.Expose = NewExposeConfigFromStructs(t.Expose) + s.TransparentProxy = t.TransparentProxy return s } func ExposeConfigToStructs(s ExposeConfig) structs.ExposeConfig { @@ -130,6 +132,7 @@ func UpstreamToStructs(s Upstream) structs.Upstream { t.LocalBindPort = int(s.LocalBindPort) t.Config = ProtobufTypesStructToMapStringInterface(s.Config) t.MeshGateway = MeshGatewayConfigToStructs(s.MeshGateway) + t.CentrallyConfigured = s.CentrallyConfigured return t } func NewUpstreamFromStructs(t structs.Upstream) Upstream { @@ -142,5 +145,6 @@ func NewUpstreamFromStructs(t structs.Upstream) Upstream { s.LocalBindPort = int32(t.LocalBindPort) s.Config = MapStringInterfaceToProtobufTypesStruct(t.Config) s.MeshGateway = NewMeshGatewayConfigFromStructs(t.MeshGateway) + s.CentrallyConfigured = t.CentrallyConfigured return s } diff --git a/proto/pbservice/service.pb.go b/proto/pbservice/service.pb.go index 8922de3ec3..f42fd42e81 100644 --- a/proto/pbservice/service.pb.go +++ b/proto/pbservice/service.pb.go @@ -71,6 +71,9 @@ type ConnectProxyConfig struct { MeshGateway MeshGatewayConfig `protobuf:"bytes,7,opt,name=MeshGateway,proto3" json:"MeshGateway"` // Expose defines whether checks or paths are exposed through the proxy Expose ExposeConfig `protobuf:"bytes,8,opt,name=Expose,proto3" json:"Expose"` + // TransparentProxy enables configuring the service mesh as if all inbound + // and outbound traffic is being redirected to this proxy + TransparentProxy bool `protobuf:"varint,9,opt,name=TransparentProxy,proto3" json:"TransparentProxy,omitempty"` } func (m *ConnectProxyConfig) Reset() { *m = ConnectProxyConfig{} } @@ -146,6 +149,9 @@ type Upstream struct { Config *types.Struct `protobuf:"bytes,7,opt,name=Config,proto3" json:"Config,omitempty"` // MeshGateway is the configuration for mesh gateway usage of this upstream MeshGateway MeshGatewayConfig `protobuf:"bytes,8,opt,name=MeshGateway,proto3" json:"MeshGateway"` + // CentrallyConfigured indicates whether the upstream was defined in a proxy + // instance registration or whether it was generated from a config entry. + CentrallyConfigured bool `protobuf:"varint,9,opt,name=CentrallyConfigured,proto3" json:"CentrallyConfigured,omitempty"` } func (m *Upstream) Reset() { *m = Upstream{} } @@ -556,73 +562,75 @@ func init() { func init() { proto.RegisterFile("proto/pbservice/service.proto", fileDescriptor_cbb99233b75fb80b) } var fileDescriptor_cbb99233b75fb80b = []byte{ - // 1048 bytes of a gzipped FileDescriptorProto + // 1083 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x56, 0xdd, 0x6e, 0x1b, 0x45, - 0x14, 0xf6, 0xfa, 0x27, 0xb6, 0x4f, 0x42, 0x7e, 0xa6, 0x26, 0x2c, 0xa1, 0x75, 0xcc, 0x0a, 0x21, - 0x0b, 0x22, 0xbb, 0x4d, 0x54, 0x4a, 0x2b, 0x15, 0x89, 0xc4, 0x01, 0x55, 0xd4, 0xc5, 0x6c, 0x8c, - 0x2a, 0x90, 0xb8, 0x18, 0xaf, 0x27, 0xeb, 0x55, 0xec, 0x1d, 0x6b, 0x67, 0x1c, 0xea, 0xcb, 0xbe, - 0x01, 0x97, 0x3c, 0x06, 0x8f, 0x11, 0x89, 0x9b, 0x5e, 0x72, 0x15, 0x41, 0xf2, 0x16, 0xbd, 0x42, - 0x73, 0x76, 0x76, 0xb3, 0xde, 0x35, 0x11, 0x70, 0xe5, 0x99, 0xf3, 0x9d, 0xf3, 0x9d, 0xdd, 0xf3, - 0x7d, 0x33, 0x6b, 0xb8, 0x37, 0x0d, 0xb8, 0xe4, 0xed, 0xe9, 0x40, 0xb0, 0xe0, 0xdc, 0x73, 0x58, - 0x5b, 0xff, 0xb6, 0x30, 0x4e, 0xaa, 0x31, 0xb0, 0x73, 0xd7, 0xe5, 0xdc, 0x1d, 0xb3, 0x36, 0x02, - 0x83, 0xd9, 0x69, 0x5b, 0xc8, 0x60, 0xe6, 0xc8, 0x30, 0x71, 0xe7, 0x83, 0x88, 0xc7, 0xe1, 0x93, - 0x09, 0xf7, 0xdb, 0xe1, 0x8f, 0x06, 0x3f, 0x4c, 0x37, 0x19, 0x31, 0x3a, 0x96, 0x23, 0x67, 0xc4, - 0x9c, 0x33, 0x9d, 0x52, 0x73, 0xb9, 0xcb, 0xc3, 0x34, 0xb5, 0x0a, 0xa3, 0xd6, 0xef, 0x05, 0x20, - 0x47, 0xdc, 0xf7, 0x99, 0x23, 0x7b, 0x01, 0x7f, 0x35, 0x3f, 0xe2, 0xfe, 0xa9, 0xe7, 0x92, 0xcf, - 0x60, 0xbb, 0xc3, 0x84, 0xf4, 0x7c, 0x2a, 0x3d, 0xee, 0x9f, 0x84, 0xa4, 0x2f, 0xe8, 0x84, 0x99, - 0x46, 0xc3, 0x68, 0x56, 0xed, 0x7f, 0x40, 0xc9, 0x3e, 0xd4, 0xb2, 0xc8, 0xb3, 0x8e, 0x99, 0xc7, - 0xaa, 0xa5, 0x18, 0xb9, 0x0f, 0x77, 0x9e, 0x73, 0x87, 0x8e, 0x75, 0xe4, 0xcb, 0xe1, 0x30, 0x60, - 0x42, 0x98, 0x05, 0x2c, 0x59, 0x06, 0x91, 0x4f, 0x60, 0x33, 0x19, 0xee, 0xf1, 0x40, 0x9a, 0xc5, - 0x86, 0xd1, 0x2c, 0xd9, 0x99, 0x38, 0x79, 0x08, 0x2b, 0xe1, 0x3b, 0x99, 0xa5, 0x86, 0xd1, 0x5c, - 0xdd, 0x7f, 0xaf, 0x15, 0x4e, 0xb9, 0x15, 0x4d, 0xb9, 0x75, 0x82, 0x53, 0x3e, 0x2c, 0x5e, 0x5c, - 0xee, 0x1a, 0xb6, 0x4e, 0x26, 0x8f, 0xa0, 0xfa, 0xfd, 0x54, 0xc8, 0x80, 0xd1, 0x89, 0x30, 0x57, - 0x1a, 0x85, 0xe6, 0xea, 0xfe, 0x9d, 0x56, 0x3c, 0xde, 0x56, 0x84, 0x61, 0x55, 0xce, 0xbe, 0xc9, - 0x25, 0x1d, 0x58, 0xed, 0x32, 0x31, 0xfa, 0x9a, 0x4a, 0xf6, 0x33, 0x9d, 0x9b, 0x65, 0x6c, 0x7a, - 0x37, 0x51, 0x9a, 0x40, 0xc3, 0x5e, 0x9a, 0x23, 0x59, 0xa6, 0x9e, 0xfa, 0xf8, 0xd5, 0x94, 0x0b, - 0x66, 0x56, 0xf4, 0x53, 0xdf, 0x10, 0x84, 0xc0, 0x42, 0xad, 0x4e, 0xb6, 0x5e, 0x17, 0xa0, 0x12, - 0x3d, 0x0a, 0x69, 0xc2, 0x46, 0x62, 0xde, 0xfd, 0xf9, 0x34, 0x12, 0x2f, 0x1d, 0x4e, 0xa9, 0xa6, - 0x84, 0x14, 0x53, 0xea, 0xb0, 0x25, 0xaa, 0xc5, 0x58, 0x8a, 0x1d, 0xad, 0x51, 0xc8, 0xb0, 0xa3, - 0x27, 0xea, 0x00, 0x1d, 0x2a, 0xa9, 0xc3, 0x7c, 0xc9, 0x02, 0xd4, 0xa9, 0x6a, 0x27, 0x22, 0xb1, - 0x9a, 0x87, 0x9e, 0x3f, 0x8c, 0xc4, 0x2f, 0x61, 0x56, 0x26, 0x4e, 0x3e, 0x82, 0x77, 0xe2, 0x18, - 0xca, 0xbe, 0x82, 0xb2, 0x2f, 0x06, 0x13, 0x9a, 0x97, 0xff, 0x8b, 0xe6, 0x29, 0xe9, 0x2a, 0xff, - 0x4b, 0x3a, 0xcb, 0x87, 0x75, 0xed, 0x3f, 0x7d, 0xae, 0xc8, 0x36, 0xac, 0xbc, 0xa0, 0xd2, 0x3b, - 0x0f, 0xe7, 0x5f, 0xb1, 0xf5, 0x8e, 0x74, 0x60, 0xfd, 0xc4, 0x1b, 0x32, 0x87, 0x06, 0xba, 0x00, - 0x27, 0xb8, 0xd8, 0x52, 0x23, 0x1d, 0x76, 0xea, 0xf9, 0x9e, 0x1a, 0xa9, 0x9d, 0xaa, 0xb1, 0x7e, - 0x80, 0xb5, 0xa4, 0x23, 0x54, 0xb7, 0x23, 0x75, 0xec, 0x45, 0xd4, 0x2d, 0xdc, 0x91, 0x07, 0x50, - 0xea, 0x51, 0x39, 0x12, 0x66, 0x1e, 0xdd, 0xfc, 0x6e, 0xc6, 0x51, 0x0a, 0xd5, 0x2f, 0x14, 0x66, - 0x5a, 0xbf, 0x19, 0x00, 0x37, 0x18, 0xb1, 0x60, 0xed, 0xb9, 0x27, 0x24, 0xf3, 0x59, 0x80, 0xb3, - 0x37, 0x70, 0xf6, 0x0b, 0x31, 0x42, 0xa0, 0xa8, 0x72, 0xb5, 0x75, 0x70, 0x1d, 0x8b, 0xa6, 0x36, - 0x58, 0x58, 0x48, 0x88, 0x16, 0x05, 0xc9, 0x0e, 0x54, 0x7a, 0x4a, 0x1e, 0x87, 0x8f, 0xb5, 0x49, - 0xe2, 0xbd, 0x32, 0x5b, 0x8f, 0x06, 0x82, 0x0d, 0xbf, 0x0a, 0xf8, 0x04, 0xdf, 0x07, 0x1d, 0x52, - 0xb1, 0xd3, 0x61, 0xeb, 0x14, 0xb6, 0x32, 0x2a, 0x91, 0xef, 0xa0, 0xd8, 0xe5, 0x43, 0x6d, 0xff, - 0xc3, 0xa7, 0x6f, 0x2f, 0x77, 0x1f, 0xbb, 0x9e, 0x1c, 0xcd, 0x06, 0x2d, 0x87, 0x4f, 0xda, 0x23, - 0x2a, 0x46, 0x9e, 0xc3, 0x83, 0x69, 0xdb, 0xe1, 0xbe, 0x98, 0x8d, 0xdb, 0xd4, 0x65, 0xbe, 0xd4, - 0x97, 0xaf, 0x48, 0x8a, 0xae, 0x48, 0x6c, 0xa4, 0xb2, 0x5e, 0x97, 0x61, 0x2b, 0xa3, 0x0d, 0xe9, - 0x42, 0xf1, 0x1b, 0xcf, 0x1f, 0xea, 0x46, 0x8f, 0xdf, 0x5e, 0xee, 0x3e, 0xfc, 0xf7, 0x8d, 0x34, - 0x9d, 0x22, 0xb0, 0x91, 0x86, 0xac, 0x43, 0x3e, 0xbe, 0x3b, 0xf3, 0xcf, 0x3a, 0x6a, 0xb8, 0x89, - 0x83, 0x86, 0x6b, 0x15, 0xeb, 0x53, 0x57, 0x98, 0xc5, 0x46, 0x41, 0xc5, 0xd4, 0x9a, 0x98, 0x50, - 0x5e, 0x3c, 0x48, 0xd1, 0x96, 0x50, 0xd8, 0xe8, 0x53, 0xd7, 0x65, 0xd1, 0x81, 0x62, 0xc2, 0xdc, - 0x44, 0x3b, 0x3c, 0xb8, 0xcd, 0x73, 0xad, 0x54, 0xcd, 0xb1, 0x2f, 0x83, 0xb9, 0xb6, 0x4a, 0x9a, - 0x8f, 0x3c, 0x81, 0x62, 0x97, 0x49, 0xaa, 0x2f, 0xcd, 0x8f, 0x6f, 0xe5, 0x55, 0x89, 0x48, 0x66, - 0x63, 0x0d, 0xba, 0x47, 0x19, 0xa4, 0x8c, 0x06, 0xc1, 0x35, 0xb9, 0x0f, 0xa5, 0x50, 0xf1, 0xf0, - 0x3c, 0xd6, 0x12, 0x84, 0x18, 0x57, 0x37, 0x58, 0x64, 0x5b, 0x0c, 0x90, 0xbd, 0xf8, 0x04, 0x54, - 0xf1, 0x19, 0x96, 0x96, 0xc4, 0xe7, 0x62, 0x0f, 0xca, 0x2f, 0x99, 0xe7, 0x8e, 0xa4, 0x30, 0x01, - 0x3b, 0x90, 0x44, 0xba, 0x46, 0xec, 0x28, 0x85, 0xd4, 0xa0, 0xd4, 0xe7, 0x67, 0xcc, 0x37, 0x57, - 0x71, 0xb0, 0xe1, 0x86, 0xec, 0xc1, 0xd6, 0xb1, 0x4f, 0x07, 0x63, 0xd6, 0xa7, 0xee, 0xb7, 0xe7, - 0x2c, 0x08, 0xbc, 0x21, 0x33, 0xd7, 0xd0, 0xa1, 0x59, 0x80, 0x1c, 0x40, 0x09, 0xbf, 0xb5, 0xe6, - 0x3a, 0xf6, 0xbb, 0x97, 0x7c, 0xbc, 0xcc, 0xa7, 0xd8, 0x0e, 0x73, 0xd5, 0x65, 0x71, 0xac, 0xae, - 0xcb, 0x69, 0xe0, 0x09, 0x86, 0x03, 0xde, 0xc2, 0xea, 0xed, 0x96, 0xfe, 0x23, 0xb0, 0x88, 0xea, - 0x89, 0xa4, 0x6a, 0xc8, 0x01, 0x94, 0x75, 0x0b, 0x73, 0x03, 0xcb, 0xdf, 0xcf, 0xea, 0xa3, 0x13, - 0xec, 0x28, 0x73, 0xe7, 0x27, 0xa8, 0x2d, 0x33, 0x00, 0xd9, 0x84, 0xc2, 0x19, 0x9b, 0xeb, 0x8f, - 0x8a, 0x5a, 0x92, 0x36, 0x94, 0xce, 0xe9, 0x78, 0x16, 0x7e, 0x39, 0x96, 0x92, 0x6b, 0x0a, 0x3b, - 0xcc, 0x7b, 0x92, 0xff, 0xdc, 0xd8, 0x79, 0x04, 0xd5, 0xd8, 0x07, 0x4b, 0x38, 0x6b, 0x49, 0xce, - 0x6a, 0xa2, 0xd0, 0xfa, 0x22, 0xbe, 0x69, 0x23, 0x7b, 0x27, 0x8c, 0x6f, 0x2c, 0x1a, 0x3f, 0x72, - 0x56, 0xfe, 0xc6, 0x59, 0xd6, 0xd3, 0x58, 0x79, 0x55, 0xd8, 0xa3, 0x42, 0x78, 0xbe, 0xab, 0x6f, - 0xb5, 0x68, 0xab, 0x90, 0x97, 0x34, 0xf0, 0x15, 0x12, 0xd6, 0x46, 0xdb, 0xc3, 0xee, 0xc5, 0x5f, - 0xf5, 0xdc, 0xc5, 0x55, 0xdd, 0x78, 0x73, 0x55, 0x37, 0xfe, 0xbc, 0xaa, 0x1b, 0xbf, 0x5c, 0xd7, - 0x73, 0xbf, 0x5e, 0xd7, 0x73, 0x6f, 0xae, 0xeb, 0xb9, 0x3f, 0xae, 0xeb, 0xb9, 0x1f, 0x3f, 0xbd, - 0xed, 0xf0, 0xa7, 0xfe, 0xb1, 0x0d, 0x56, 0x30, 0x70, 0xf0, 0x77, 0x00, 0x00, 0x00, 0xff, 0xff, - 0x62, 0x98, 0x42, 0xf5, 0x30, 0x0a, 0x00, 0x00, + 0x14, 0xf6, 0xfa, 0x27, 0xb6, 0x4f, 0x42, 0x7e, 0x26, 0x26, 0x2c, 0xa1, 0x75, 0x8c, 0x85, 0x90, + 0x05, 0x91, 0x9d, 0x26, 0x2a, 0xa5, 0x95, 0x8a, 0x44, 0xe2, 0x80, 0x2a, 0x9a, 0x62, 0x36, 0x46, + 0x15, 0x48, 0x5c, 0x4c, 0xd6, 0x93, 0xf5, 0x2a, 0xf6, 0x8c, 0x35, 0x33, 0x0e, 0xcd, 0x25, 0x6f, + 0xc0, 0x25, 0x8f, 0x81, 0xc4, 0x4b, 0xe4, 0xb2, 0x97, 0x5c, 0x45, 0x90, 0x3c, 0x04, 0x52, 0xaf, + 0xd0, 0xfc, 0xec, 0x66, 0xbd, 0x6b, 0x22, 0xe0, 0xca, 0x33, 0xe7, 0x3b, 0x3f, 0xe3, 0xf3, 0x7d, + 0xe7, 0xd8, 0x70, 0x7f, 0xc2, 0x99, 0x64, 0x9d, 0xc9, 0x89, 0x20, 0xfc, 0x3c, 0xf4, 0x49, 0xc7, + 0x7e, 0xb6, 0xb5, 0x1d, 0x55, 0x63, 0x60, 0xf3, 0x5e, 0xc0, 0x58, 0x30, 0x22, 0x1d, 0x0d, 0x9c, + 0x4c, 0x4f, 0x3b, 0x42, 0xf2, 0xa9, 0x2f, 0x8d, 0xe3, 0xe6, 0x7b, 0x51, 0x1e, 0x9f, 0x8d, 0xc7, + 0x8c, 0x76, 0xcc, 0x87, 0x05, 0xdf, 0x4f, 0x17, 0x19, 0x12, 0x3c, 0x92, 0x43, 0x7f, 0x48, 0xfc, + 0x33, 0xeb, 0x52, 0x0b, 0x58, 0xc0, 0x8c, 0x9b, 0x3a, 0x19, 0x6b, 0xf3, 0xaf, 0x02, 0xa0, 0x03, + 0x46, 0x29, 0xf1, 0x65, 0x8f, 0xb3, 0x57, 0x17, 0x07, 0x8c, 0x9e, 0x86, 0x01, 0xfa, 0x04, 0x36, + 0xba, 0x44, 0xc8, 0x90, 0x62, 0x19, 0x32, 0x7a, 0x6c, 0x92, 0xbe, 0xc0, 0x63, 0xe2, 0x3a, 0x0d, + 0xa7, 0x55, 0xf5, 0xfe, 0x01, 0x45, 0xbb, 0x50, 0xcb, 0x22, 0xcf, 0xba, 0x6e, 0x5e, 0x47, 0xcd, + 0xc5, 0xd0, 0x0e, 0xac, 0x3f, 0x67, 0x3e, 0x1e, 0x59, 0xcb, 0xe7, 0x83, 0x01, 0x27, 0x42, 0xb8, + 0x05, 0x1d, 0x32, 0x0f, 0x42, 0x1f, 0xc1, 0x6a, 0xd2, 0xdc, 0x63, 0x5c, 0xba, 0xc5, 0x86, 0xd3, + 0x2a, 0x79, 0x19, 0x3b, 0x7a, 0x08, 0x0b, 0xe6, 0x3b, 0xb9, 0xa5, 0x86, 0xd3, 0x5a, 0xdc, 0x7d, + 0xa7, 0x6d, 0xba, 0xdc, 0x8e, 0xba, 0xdc, 0x3e, 0xd6, 0x5d, 0xde, 0x2f, 0x5e, 0x5e, 0x6d, 0x39, + 0x9e, 0x75, 0x46, 0x8f, 0xa0, 0xfa, 0xed, 0x44, 0x48, 0x4e, 0xf0, 0x58, 0xb8, 0x0b, 0x8d, 0x42, + 0x6b, 0x71, 0x77, 0xbd, 0x1d, 0xb7, 0xb7, 0x1d, 0x61, 0x3a, 0x2a, 0xe7, 0xdd, 0xfa, 0xa2, 0x2e, + 0x2c, 0x1e, 0x11, 0x31, 0xfc, 0x12, 0x4b, 0xf2, 0x23, 0xbe, 0x70, 0xcb, 0xba, 0xe8, 0xbd, 0x44, + 0x68, 0x02, 0x35, 0xb5, 0x6c, 0x8e, 0x64, 0x98, 0x7a, 0xf5, 0xe1, 0xab, 0x09, 0x13, 0xc4, 0xad, + 0xd8, 0x57, 0xdf, 0x26, 0x30, 0xc0, 0x4c, 0xac, 0x75, 0x56, 0x8d, 0xe9, 0x73, 0x4c, 0xc5, 0x04, + 0x73, 0x42, 0x0d, 0xa1, 0x6e, 0xb5, 0xe1, 0xb4, 0x2a, 0x5e, 0xc6, 0xde, 0xfc, 0xad, 0x00, 0x95, + 0xe8, 0xd9, 0xa8, 0x05, 0x2b, 0x09, 0x6e, 0xfa, 0x17, 0x93, 0x88, 0xe8, 0xb4, 0x39, 0xc5, 0xb0, + 0x22, 0x5d, 0x4c, 0xb0, 0x4f, 0xe6, 0x30, 0x1c, 0x63, 0xa9, 0xec, 0x5a, 0x46, 0x85, 0x4c, 0x76, + 0xad, 0x9f, 0x3a, 0x40, 0x17, 0x4b, 0xec, 0x13, 0x2a, 0x09, 0xd7, 0x9c, 0x56, 0xbd, 0x84, 0x25, + 0x66, 0x7e, 0x3f, 0xa4, 0x83, 0x48, 0x28, 0x25, 0xed, 0x95, 0xb1, 0xa3, 0x0f, 0xe0, 0xad, 0xd8, + 0xa6, 0x25, 0xb2, 0xa0, 0x25, 0x32, 0x6b, 0x4c, 0xe8, 0xa3, 0xfc, 0x5f, 0xf4, 0x91, 0xa2, 0xb9, + 0xf2, 0xff, 0x68, 0xde, 0x81, 0xf5, 0x03, 0x42, 0x25, 0xc7, 0xa3, 0x91, 0xf5, 0x9a, 0x72, 0x32, + 0xb0, 0x94, 0xcd, 0x83, 0x9a, 0x14, 0x96, 0xad, 0xba, 0xed, 0xd4, 0xa2, 0x0d, 0x58, 0x78, 0x81, + 0x65, 0x78, 0x6e, 0x18, 0xab, 0x78, 0xf6, 0x86, 0xba, 0xb0, 0x7c, 0x1c, 0x0e, 0x88, 0x8f, 0xb9, + 0x0d, 0xd0, 0x3d, 0x9f, 0x7d, 0xa4, 0x45, 0xba, 0xe4, 0x34, 0xa4, 0xa1, 0x22, 0xc1, 0x4b, 0xc5, + 0x34, 0xbf, 0x83, 0xa5, 0xa4, 0xde, 0x54, 0xb5, 0x03, 0xb5, 0x54, 0x44, 0x54, 0xcd, 0xdc, 0xd0, + 0x03, 0x28, 0xf5, 0xb0, 0x1c, 0x0a, 0x37, 0xaf, 0x67, 0xe5, 0xed, 0x8c, 0x5e, 0x15, 0x6a, 0x5b, + 0x60, 0x3c, 0x9b, 0xbf, 0x3a, 0x00, 0xb7, 0x18, 0x6a, 0xc2, 0xd2, 0xf3, 0x50, 0x48, 0x42, 0x09, + 0xd7, 0x6c, 0x39, 0x9a, 0xad, 0x19, 0x1b, 0x42, 0x50, 0x54, 0xbe, 0x56, 0x6c, 0xfa, 0x1c, 0xd3, + 0xac, 0x2e, 0x3a, 0xb0, 0x90, 0xa0, 0x39, 0x32, 0xa2, 0x4d, 0xa8, 0xf4, 0x14, 0xa1, 0x3e, 0x1b, + 0x59, 0x59, 0xc5, 0x77, 0x25, 0xcf, 0x1e, 0xe6, 0x82, 0x0c, 0xbe, 0xe0, 0x6c, 0xac, 0xbf, 0x8f, + 0xd6, 0x54, 0xc5, 0x4b, 0x9b, 0x9b, 0xa7, 0xb0, 0x96, 0xe1, 0x15, 0x7d, 0x03, 0xc5, 0x23, 0x36, + 0xb0, 0x03, 0xb3, 0xff, 0xf4, 0xcd, 0xd5, 0xd6, 0xe3, 0x20, 0x94, 0xc3, 0xe9, 0x49, 0xdb, 0x67, + 0xe3, 0xce, 0x10, 0x8b, 0x61, 0xe8, 0x33, 0x3e, 0xe9, 0xf8, 0x8c, 0x8a, 0xe9, 0xa8, 0x83, 0x03, + 0x42, 0xa5, 0x5d, 0xed, 0x22, 0x29, 0x13, 0x95, 0xc4, 0xd3, 0xa9, 0x9a, 0x3f, 0x95, 0x61, 0x2d, + 0xc3, 0x0d, 0x3a, 0x82, 0xe2, 0x57, 0x21, 0x1d, 0xd8, 0x42, 0x8f, 0xdf, 0x5c, 0x6d, 0x3d, 0xfc, + 0xf7, 0x85, 0x6c, 0x3a, 0x95, 0xc0, 0xd3, 0x69, 0xd0, 0x32, 0xe4, 0xe3, 0xcd, 0x9c, 0x7f, 0xd6, + 0x55, 0xcd, 0x4d, 0x8c, 0xa6, 0x3e, 0x2b, 0x5b, 0x1f, 0x07, 0xc2, 0x2d, 0x36, 0x0a, 0xca, 0xa6, + 0xce, 0xc8, 0x85, 0xf2, 0xec, 0xe8, 0x45, 0x57, 0x84, 0x61, 0xa5, 0x8f, 0x83, 0x80, 0x44, 0x23, + 0x48, 0x84, 0xbb, 0xaa, 0xe5, 0xf0, 0xe0, 0x2e, 0xcd, 0xb5, 0x53, 0x31, 0x87, 0x54, 0xf2, 0x0b, + 0x2b, 0x95, 0x74, 0x3e, 0xf4, 0x04, 0x8a, 0x47, 0x44, 0x62, 0xbb, 0x92, 0x3f, 0xbc, 0x33, 0xaf, + 0x72, 0xd4, 0xc9, 0x3c, 0x1d, 0xa3, 0xd5, 0xa3, 0x04, 0x52, 0xd6, 0x02, 0xd1, 0x67, 0xb4, 0x03, + 0x25, 0xc3, 0xb8, 0x99, 0xe0, 0x5a, 0x22, 0xa1, 0xb6, 0xab, 0x9d, 0x17, 0xc9, 0x56, 0x1b, 0xd0, + 0x76, 0x3c, 0x01, 0x55, 0xfd, 0x86, 0xb9, 0x21, 0xf1, 0x5c, 0x6c, 0x43, 0xf9, 0x25, 0x09, 0x83, + 0xa1, 0x14, 0x2e, 0xe8, 0x0a, 0x28, 0xe1, 0x6e, 0x11, 0x2f, 0x72, 0x41, 0x35, 0x28, 0xf5, 0xd9, + 0x19, 0xa1, 0xee, 0xa2, 0x6e, 0xac, 0xb9, 0xa0, 0x6d, 0x58, 0x3b, 0xa4, 0xf8, 0x64, 0x44, 0xfa, + 0x38, 0xf8, 0xfa, 0x9c, 0x70, 0x1e, 0x0e, 0x88, 0xbb, 0xa4, 0x15, 0x9a, 0x05, 0xd0, 0x1e, 0x94, + 0xcc, 0xe2, 0x5f, 0xd6, 0xf5, 0xee, 0x27, 0x9f, 0x97, 0xf9, 0xa1, 0xf7, 0x8c, 0xaf, 0x5a, 0x16, + 0x87, 0x6a, 0xc1, 0x4e, 0x78, 0x28, 0x88, 0x6e, 0xf0, 0x9a, 0x8e, 0xde, 0x68, 0xdb, 0xbf, 0x19, + 0xb3, 0xa8, 0xed, 0x48, 0x2a, 0x06, 0xed, 0x41, 0xd9, 0x96, 0x70, 0x57, 0x74, 0xf8, 0xbb, 0x59, + 0x7e, 0xac, 0x83, 0x17, 0x79, 0x6e, 0xfe, 0x00, 0xb5, 0x79, 0x02, 0x40, 0xab, 0x50, 0x38, 0x23, + 0x17, 0xf6, 0x67, 0x48, 0x1d, 0x51, 0x07, 0x4a, 0xe7, 0x78, 0x34, 0x35, 0xbf, 0x35, 0x73, 0x93, + 0xdb, 0x14, 0x9e, 0xf1, 0x7b, 0x92, 0xff, 0xd4, 0xd9, 0x7c, 0x04, 0xd5, 0x58, 0x07, 0x73, 0x72, + 0xd6, 0x92, 0x39, 0xab, 0x89, 0xc0, 0xe6, 0x67, 0xf1, 0xa6, 0x8d, 0xe4, 0x9d, 0x10, 0xbe, 0x33, + 0x2b, 0xfc, 0x48, 0x59, 0xf9, 0x5b, 0x65, 0x35, 0x9f, 0xc6, 0xcc, 0xab, 0xc0, 0x1e, 0x16, 0x22, + 0xa4, 0x81, 0xdd, 0x6a, 0xd1, 0x55, 0x21, 0x2f, 0x31, 0xa7, 0x0a, 0x31, 0xb1, 0xd1, 0x75, 0xff, + 0xe8, 0xf2, 0xcf, 0x7a, 0xee, 0xf2, 0xba, 0xee, 0xbc, 0xbe, 0xae, 0x3b, 0x7f, 0x5c, 0xd7, 0x9d, + 0x9f, 0x6f, 0xea, 0xb9, 0x5f, 0x6e, 0xea, 0xb9, 0xd7, 0x37, 0xf5, 0xdc, 0xef, 0x37, 0xf5, 0xdc, + 0xf7, 0x1f, 0xdf, 0x35, 0xfc, 0xa9, 0xff, 0x83, 0x27, 0x0b, 0xda, 0xb0, 0xf7, 0x77, 0x00, 0x00, + 0x00, 0xff, 0xff, 0x79, 0x3a, 0x36, 0x1b, 0x8e, 0x0a, 0x00, 0x00, } func (m *ConnectProxyConfig) Marshal() (dAtA []byte, err error) { @@ -645,6 +653,16 @@ func (m *ConnectProxyConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.TransparentProxy { + i-- + if m.TransparentProxy { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x48 + } { size, err := m.Expose.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -740,6 +758,16 @@ func (m *Upstream) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.CentrallyConfigured { + i-- + if m.CentrallyConfigured { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x48 + } { size, err := m.MeshGateway.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -1297,6 +1325,9 @@ func (m *ConnectProxyConfig) Size() (n int) { n += 1 + l + sovService(uint64(l)) l = m.Expose.Size() n += 1 + l + sovService(uint64(l)) + if m.TransparentProxy { + n += 2 + } return n } @@ -1335,6 +1366,9 @@ func (m *Upstream) Size() (n int) { } l = m.MeshGateway.Size() n += 1 + l + sovService(uint64(l)) + if m.CentrallyConfigured { + n += 2 + } return n } @@ -1808,6 +1842,26 @@ func (m *ConnectProxyConfig) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field TransparentProxy", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.TransparentProxy = bool(v != 0) default: iNdEx = preIndex skippy, err := skipService(dAtA[iNdEx:]) @@ -2109,6 +2163,26 @@ func (m *Upstream) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field CentrallyConfigured", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowService + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.CentrallyConfigured = bool(v != 0) default: iNdEx = preIndex skippy, err := skipService(dAtA[iNdEx:]) diff --git a/proto/pbservice/service.proto b/proto/pbservice/service.proto index b40a93911c..89e781d0d7 100644 --- a/proto/pbservice/service.proto +++ b/proto/pbservice/service.proto @@ -69,6 +69,10 @@ message ConnectProxyConfig { // Expose defines whether checks or paths are exposed through the proxy ExposeConfig Expose = 8 [(gogoproto.nullable) = false]; + + // TransparentProxy enables configuring the service mesh as if all inbound + // and outbound traffic is being redirected to this proxy + bool TransparentProxy = 9; } // Upstream represents a single upstream dependency for a service or proxy. It @@ -116,6 +120,10 @@ message Upstream { // MeshGateway is the configuration for mesh gateway usage of this upstream MeshGatewayConfig MeshGateway = 8 [(gogoproto.nullable) = false]; + + // CentrallyConfigured indicates whether the upstream was defined in a proxy + // instance registration or whether it was generated from a config entry. + bool CentrallyConfigured = 9; } // ServiceConnect are the shared Connect settings between all service