From e414cbee4ae3f9866cfb70ee9ee9a5f9bd7f229e Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Tue, 24 Oct 2023 15:04:14 -0400 Subject: [PATCH] Use strict DNS for mesh gateways with hostnames (#19268) * Use strict DNS for mesh gateways with hostnames * Add changelog --- .changelog/19268.txt | 3 +++ agent/xds/clusters.go | 13 ++++++++----- ...-peer-through-mesh-gateway-enabled.latest.golden | 2 +- 3 files changed, 12 insertions(+), 6 deletions(-) create mode 100644 .changelog/19268.txt diff --git a/.changelog/19268.txt b/.changelog/19268.txt new file mode 100644 index 0000000000..2bb8f489e3 --- /dev/null +++ b/.changelog/19268.txt @@ -0,0 +1,3 @@ +```release-note:bug +Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize. +``` diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 3f0ba0d7f3..b74fe371b2 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -641,10 +641,13 @@ func (s *ResourceGenerator) makePeerServerClusters(cfgSnap *proxycfg.ConfigSnaps var cluster *envoy_cluster_v3.Cluster if servers.UseCDS { + // we use strict DNS here since multiple gateways with hostnames + // would result in an invalid cluster due to logical DNS requiring + // only a single host cluster = s.makeExternalHostnameCluster(cfgSnap, clusterOpts{ name: name, addresses: servers.Addresses, - }) + }, envoy_cluster_v3.Cluster_STRICT_DNS) } else { cluster = s.makeGatewayCluster(cfgSnap, clusterOpts{ name: name, @@ -842,7 +845,7 @@ func (s *ResourceGenerator) makeDestinationClusters(cfgSnap *proxycfg.ConfigSnap if structs.IsIP(address) { cluster = s.makeExternalIPCluster(cfgSnap, opts) } else { - cluster = s.makeExternalHostnameCluster(cfgSnap, opts) + cluster = s.makeExternalHostnameCluster(cfgSnap, opts, envoy_cluster_v3.Cluster_LOGICAL_DNS) } if err := s.injectGatewayDestinationAddons(cfgSnap, cluster, svcName); err != nil { return nil, err @@ -1865,8 +1868,8 @@ func (s *ResourceGenerator) makeExternalIPCluster(snap *proxycfg.ConfigSnapshot, } // makeExternalHostnameCluster creates an Envoy cluster for hostname endpoints that will be resolved with DNS -// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffice -func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster { +// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffic +func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts, discoveryType envoy_cluster_v3.Cluster_DiscoveryType) *envoy_cluster_v3.Cluster { cfg, err := config.ParseGatewayConfig(snap.Proxy.Config) if err != nil { // Don't hard fail on a config typo, just warn. The parse func returns @@ -1881,7 +1884,7 @@ func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSna // Having an empty config enables outlier detection with default config. OutlierDetection: &envoy_cluster_v3.OutlierDetection{}, - ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_LOGICAL_DNS}, + ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: discoveryType}, DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY, } diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden index 462e9f406b..2d1ec4439e 100644 --- a/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden +++ b/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden @@ -53,7 +53,7 @@ }, "name": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5", "outlierDetection": {}, - "type": "LOGICAL_DNS" + "type": "STRICT_DNS" } ], "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",