diff --git a/agent/config/config.go b/agent/config/config.go index 36ffd03b2c..c79a8f8333 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -100,6 +100,7 @@ func Parse(data string, format string) (c Config, err error) { "services.connect.sidecar_service.proxy.upstreams", "config_entries.bootstrap", + "config_entries.bootstrap.Splits", }) // There is a difference of representation of some fields depending on diff --git a/agent/consul/discoverychain/compile.go b/agent/consul/discoverychain/compile.go index ce699aa80d..aa7eee8c78 100644 --- a/agent/consul/discoverychain/compile.go +++ b/agent/consul/discoverychain/compile.go @@ -533,11 +533,13 @@ RESOLVE_AGAIN: } groupResolver := groupResolverNode.GroupResolver - // Digest mesh gateway settings. + // Default mesh gateway settings if serviceDefault := c.entries.GetService(resolver.Name); serviceDefault != nil { groupResolver.MeshGateway = serviceDefault.MeshGateway - } else if c.entries.GlobalProxy != nil { - groupResolver.MeshGateway = c.entries.GlobalProxy.MeshGateway + } + + if c.entries.GlobalProxy != nil && groupResolver.MeshGateway.Mode == structs.MeshGatewayModeDefault { + groupResolver.MeshGateway.Mode = c.entries.GlobalProxy.MeshGateway.Mode } // Retain this target even if we may not retain the group resolver. diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go index aaca3ebf7b..2149a7f743 100644 --- a/agent/proxycfg/state.go +++ b/agent/proxycfg/state.go @@ -624,14 +624,14 @@ func (s *state) resetWatchesFromChain( ctx, cancel := context.WithCancel(s.ctx) - meshGateway := structs.MeshGatewayModeNone + meshGateway := structs.MeshGatewayModeDefault if target.Datacenter != s.source.Datacenter { meshGateway = meshGatewayModes[target] - if meshGateway == structs.MeshGatewayModeDefault { - meshGateway = structs.MeshGatewayModeNone - } - } else { - meshGateway = structs.MeshGatewayModeNone + } + + // if the default mode + if meshGateway == structs.MeshGatewayModeDefault { + meshGateway = s.proxyCfg.MeshGateway.Mode } // TODO(rb): update the health endpoint to allow returning even unhealthy endpoints diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index a58e42f2d0..67bf059aaf 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -57,7 +57,7 @@ func (s *Server) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.ConfigSnapsh chain = cfgSnap.ConnectProxy.DiscoveryChain[id] } - if chain == nil || chain.IsDefault() { + if chain == nil { // Either old-school upstream or prepared query. upstreamCluster, err := s.makeUpstreamCluster(u, cfgSnap) if err != nil { @@ -66,7 +66,7 @@ func (s *Server) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.ConfigSnapsh clusters = append(clusters, upstreamCluster) } else { - upstreamClusters, err := s.makeUpstreamClustersForDiscoveryChain(id, chain, cfgSnap) + upstreamClusters, err := s.makeUpstreamClustersForDiscoveryChain(u, chain, cfgSnap) if err != nil { return nil, err } @@ -183,8 +183,11 @@ func (s *Server) makeUpstreamCluster(upstream structs.Upstream, cfgSnap *proxycf if upstream.Datacenter != "" { dc = upstream.Datacenter } - sni := ServiceSNI(upstream.DestinationName, "", ns, dc, cfgSnap) + sni := ServiceSNI(upstream.DestinationName, "", ns, dc, cfgSnap) + if upstream.DestinationType == "prepared_query" { + sni = QuerySNI(upstream.DestinationName, dc, cfgSnap) + } cfg, err := ParseUpstreamConfig(upstream.Config) if err != nil { // Don't hard fail on a config typo, just warn. The parse func returns @@ -202,7 +205,7 @@ func (s *Server) makeUpstreamCluster(upstream structs.Upstream, cfgSnap *proxycf if c == nil { c = &envoy.Cluster{ - Name: upstream.Identifier(), + Name: sni, ConnectTimeout: time.Duration(cfg.ConnectTimeoutMs) * time.Millisecond, ClusterDiscoveryType: &envoy.Cluster_Type{Type: envoy.Cluster_EDS}, EdsClusterConfig: &envoy.Cluster_EdsClusterConfig{ @@ -230,10 +233,19 @@ func (s *Server) makeUpstreamCluster(upstream structs.Upstream, cfgSnap *proxycf } func (s *Server) makeUpstreamClustersForDiscoveryChain( - upstreamID string, + upstream structs.Upstream, chain *structs.CompiledDiscoveryChain, cfgSnap *proxycfg.ConfigSnapshot, ) ([]*envoy.Cluster, error) { + + cfg, err := ParseUpstreamConfigNoDefaults(upstream.Config) + if err != nil { + // Don't hard fail on a config typo, just warn. The parse func returns + // default config if there is an error so it's safe to continue. + s.Logger.Printf("[WARN] envoy: failed to parse Upstream[%s].Config: %s", + upstream.Identifier(), err) + } + if chain == nil { panic("chain must be provided") } @@ -246,10 +258,11 @@ func (s *Server) makeUpstreamClustersForDiscoveryChain( // TODO(rb): failover // Failover *DiscoveryFailover `json:",omitempty"` // sad path - clusterName := makeClusterName(upstreamID, target, cfgSnap.Datacenter) + sni := TargetSNI(target, cfgSnap) + s.Logger.Printf("[DEBUG] xds.clusters - generating cluster for %s", sni) c := &envoy.Cluster{ - Name: clusterName, - AltStatName: clusterName, // TODO(rb): change this? + Name: sni, + AltStatName: sni, // TODO(rb): change this? ConnectTimeout: groupResolver.ConnectTimeout, ClusterDiscoveryType: &envoy.Cluster_Type{Type: envoy.Cluster_EDS}, CommonLbConfig: &envoy.Cluster_CommonLbConfig{ @@ -268,13 +281,24 @@ func (s *Server) makeUpstreamClustersForDiscoveryChain( // Having an empty config enables outlier detection with default config. OutlierDetection: &envoycluster.OutlierDetection{}, } - if chain.Protocol == "http2" || chain.Protocol == "grpc" { + + proto := cfg.Protocol + if proto == "" { + proto = chain.Protocol + } + + if proto == "" { + proto = "tcp" + } + + if proto == "http2" || proto == "grpc" { c.Http2ProtocolOptions = &envoycore.Http2ProtocolOptions{} } // Enable TLS upstream with the configured client certificate. c.TlsContext = &envoyauth.UpstreamTlsContext{ CommonTlsContext: makeCommonTLSContext(cfgSnap), + Sni: sni, } out = append(out, c) @@ -283,31 +307,6 @@ func (s *Server) makeUpstreamClustersForDiscoveryChain( return out, nil } -// makeClusterName returns a string representation that uniquely identifies the -// cluster in a canonical but human readable way. -func makeClusterName(upstreamID string, target structs.DiscoveryTarget, currentDatacenter string) string { - var name string - if target.ServiceSubset != "" { - name = target.Service + "/" + target.ServiceSubset - } else { - name = target.Service - } - - if target.Namespace != "" && target.Namespace != "default" { - name = target.Namespace + "/" + name - } - if target.Datacenter != "" && target.Datacenter != currentDatacenter { - name += "?dc=" + target.Datacenter - } - - if upstreamID == target.Service { - // In the common case don't stutter. - return name - } - - return upstreamID + "//" + name -} - // makeClusterFromUserConfig returns the listener config decoded from an // arbitrary proto3 json format string or an error if it's invalid. // diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go index fba7399b17..6ef3fa1f59 100644 --- a/agent/xds/clusters_test.go +++ b/agent/xds/clusters_test.go @@ -204,7 +204,7 @@ func expectClustersJSONResources(t *testing.T, snap *proxycfg.ConfigSnapshot, to "db": ` { "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "db", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "type": "EDS", "edsClusterConfig": { "edsConfig": { @@ -222,7 +222,7 @@ func expectClustersJSONResources(t *testing.T, snap *proxycfg.ConfigSnapshot, to "prepared_query:geo-cache": ` { "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "prepared_query:geo-cache", + "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "type": "EDS", "edsClusterConfig": { "edsConfig": { @@ -235,7 +235,7 @@ func expectClustersJSONResources(t *testing.T, snap *proxycfg.ConfigSnapshot, to }, "connectTimeout": "5s", - "tlsContext": ` + expectedUpstreamTLSContextJSON(t, snap, "geo-cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul") + ` + "tlsContext": ` + expectedUpstreamTLSContextJSON(t, snap, "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul") + ` }`, } } diff --git a/agent/xds/config.go b/agent/xds/config.go index 83a67b944b..53703d191b 100644 --- a/agent/xds/config.go +++ b/agent/xds/config.go @@ -123,12 +123,17 @@ type UpstreamConfig struct { ConnectTimeoutMs int `mapstructure:"connect_timeout_ms"` } +func ParseUpstreamConfigNoDefaults(m map[string]interface{}) (UpstreamConfig, error) { + var cfg UpstreamConfig + err := mapstructure.WeakDecode(m, &cfg) + return cfg, err +} + // ParseUpstreamConfig returns the UpstreamConfig parsed from the an opaque map. // If an error occurs during parsing it is returned along with the default // config this allows caller to choose whether and how to report the error. func ParseUpstreamConfig(m map[string]interface{}) (UpstreamConfig, error) { - var cfg UpstreamConfig - err := mapstructure.WeakDecode(m, &cfg) + cfg, err := ParseUpstreamConfigNoDefaults(m) // Set defaults (even if error is returned) if cfg.Protocol == "" { cfg.Protocol = "tcp" diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index 671df61c6e..8f99abf457 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -51,10 +51,11 @@ func (s *Server) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg.ConfigSnaps if chain == nil { // We ONLY want this branch for prepared queries. + sni := ServiceSNI(u.DestinationName, "", u.DestinationNamespace, u.Datacenter, cfgSnap) endpoints, ok := cfgSnap.ConnectProxy.UpstreamEndpoints[id] if ok { la := makeLoadAssignment( - id, + sni, 0, []structs.CheckServiceNodes{endpoints}, cfgSnap.Datacenter, @@ -110,10 +111,10 @@ func (s *Server) endpointsFromSnapshotConnectProxy(cfgSnap *proxycfg.ConfigSnaps } } - clusterName := makeClusterName(id, target, cfgSnap.Datacenter) + sni := TargetSNI(target, cfgSnap) la := makeLoadAssignment( - clusterName, + sni, overprovisioningFactor, priorityEndpoints, cfgSnap.Datacenter, diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index 9c90cdd939..317246b7b4 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -288,7 +288,7 @@ func (s *Server) makeUpstreamListener(u *structs.Upstream, cfgSnap *proxycfg.Con upstreamID := u.Identifier() - clusterName := upstreamID + clusterName := UpstreamSNI(u, "", cfgSnap) l := makeListener(upstreamID, addr, u.LocalBindPort) filter, err := makeListenerFilter(false, cfg.Protocol, upstreamID, clusterName, "upstream_", false) @@ -367,6 +367,13 @@ func (s *Server) makeUpstreamListenerForDiscoveryChain( cfgSnap *proxycfg.ConfigSnapshot, ) (proto.Message, error) { // TODO(rb): make the listener escape hatch work again + cfg, err := ParseUpstreamConfigNoDefaults(u.Config) + if err != nil { + // Don't hard fail on a config typo, just warn. The parse func returns + // default config if there is an error so it's safe to continue. + s.Logger.Printf("[WARN] envoy: failed to parse Upstream[%s].Config: %s", + u.Identifier(), err) + } addr := u.LocalBindAddress if addr == "" { @@ -376,7 +383,17 @@ func (s *Server) makeUpstreamListenerForDiscoveryChain( upstreamID := u.Identifier() l := makeListener(upstreamID, addr, u.LocalBindPort) - filter, err := makeListenerFilter(true, chain.Protocol, upstreamID, "", "upstream_", false) + + proto := cfg.Protocol + if proto == "" { + proto = chain.Protocol + } + + if proto == "" { + proto = "tcp" + } + + filter, err := makeListenerFilter(true, proto, upstreamID, "", "upstream_", false) if err != nil { return nil, err } diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go index 223fadc21d..b3f1ab12f5 100644 --- a/agent/xds/listeners_test.go +++ b/agent/xds/listeners_test.go @@ -275,7 +275,7 @@ func expectListenerJSONResources(t *testing.T, snap *proxycfg.ConfigSnapshot, to { "name": "envoy.tcp_proxy", "config": { - "cluster": "db", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_db_tcp" } } @@ -298,7 +298,7 @@ func expectListenerJSONResources(t *testing.T, snap *proxycfg.ConfigSnapshot, to { "name": "envoy.tcp_proxy", "config": { - "cluster": "prepared_query:geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_prepared_query_geo-cache_tcp" } } diff --git a/agent/xds/routes.go b/agent/xds/routes.go index 5d5585d40a..a9f71b5bf5 100644 --- a/agent/xds/routes.go +++ b/agent/xds/routes.go @@ -90,14 +90,14 @@ func makeUpstreamRouteForDiscoveryChain( next := discoveryRoute.DestinationNode if next.Type == structs.DiscoveryGraphNodeTypeSplitter { - routeAction, err = makeRouteActionForSplitter(upstreamID, cfgSnap.Datacenter, next.Splits) + routeAction, err = makeRouteActionForSplitter(next.Splits, cfgSnap) if err != nil { return nil, err } } else if next.Type == structs.DiscoveryGraphNodeTypeGroupResolver { groupResolver := next.GroupResolver - routeAction = makeRouteActionForSingleCluster(upstreamID, cfgSnap.Datacenter, groupResolver.Target) + routeAction = makeRouteActionForSingleCluster(groupResolver.Target, cfgSnap) } else { return nil, fmt.Errorf("unexpected graph node after route %q", next.Type) @@ -110,7 +110,7 @@ func makeUpstreamRouteForDiscoveryChain( } case structs.DiscoveryGraphNodeTypeSplitter: - routeAction, err := makeRouteActionForSplitter(upstreamID, cfgSnap.Datacenter, chain.Node.Splits) + routeAction, err := makeRouteActionForSplitter(chain.Node.Splits, cfgSnap) if err != nil { return nil, err } @@ -125,7 +125,7 @@ func makeUpstreamRouteForDiscoveryChain( case structs.DiscoveryGraphNodeTypeGroupResolver: groupResolver := chain.Node.GroupResolver - routeAction := makeRouteActionForSingleCluster(upstreamID, cfgSnap.Datacenter, groupResolver.Target) + routeAction := makeRouteActionForSingleCluster(groupResolver.Target, cfgSnap) defaultRoute := envoyroute.Route{ Match: makeDefaultRouteMatch(), @@ -255,8 +255,8 @@ func makeDefaultRouteMatch() envoyroute.RouteMatch { } } -func makeRouteActionForSingleCluster(upstreamID, currentDatacenter string, target structs.DiscoveryTarget) *envoyroute.Route_Route { - clusterName := makeClusterName(upstreamID, target, currentDatacenter) +func makeRouteActionForSingleCluster(target structs.DiscoveryTarget, cfgSnap *proxycfg.ConfigSnapshot) *envoyroute.Route_Route { + clusterName := TargetSNI(target, cfgSnap) return &envoyroute.Route_Route{ Route: &envoyroute.RouteAction{ @@ -267,7 +267,7 @@ func makeRouteActionForSingleCluster(upstreamID, currentDatacenter string, targe } } -func makeRouteActionForSplitter(upstreamID, currentDatacenter string, splits []*structs.DiscoverySplit) (*envoyroute.Route_Route, error) { +func makeRouteActionForSplitter(splits []*structs.DiscoverySplit, cfgSnap *proxycfg.ConfigSnapshot) (*envoyroute.Route_Route, error) { clusters := make([]*envoyroute.WeightedCluster_ClusterWeight, 0, len(splits)) for _, split := range splits { if split.Node.Type != structs.DiscoveryGraphNodeTypeGroupResolver { @@ -275,7 +275,7 @@ func makeRouteActionForSplitter(upstreamID, currentDatacenter string, splits []* } groupResolver := split.Node.GroupResolver target := groupResolver.Target - clusterName := makeClusterName(upstreamID, target, currentDatacenter) + clusterName := TargetSNI(target, cfgSnap) // TODO(rb): scale up by 100 and adjust total weight cw := &envoyroute.WeightedCluster_ClusterWeight{ diff --git a/agent/xds/server_test.go b/agent/xds/server_test.go index 9bef7e8e34..22481c7fae 100644 --- a/agent/xds/server_test.go +++ b/agent/xds/server_test.go @@ -236,7 +236,7 @@ func expectEndpointsJSON(t *testing.T, snap *proxycfg.ConfigSnapshot, token stri "resources": [ { "@type": "type.googleapis.com/envoy.api.v2.ClusterLoadAssignment", - "clusterName": "db", + "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "endpoints": [ { "lbEndpoints": [ diff --git a/agent/xds/sni.go b/agent/xds/sni.go index b41d49076f..62cdb6e8a2 100644 --- a/agent/xds/sni.go +++ b/agent/xds/sni.go @@ -4,16 +4,44 @@ import ( "fmt" "github.com/hashicorp/consul/agent/proxycfg" + "github.com/hashicorp/consul/agent/structs" ) +func UpstreamSNI(u *structs.Upstream, subset string, cfgSnap *proxycfg.ConfigSnapshot) string { + if u.DestinationType == "prepared_query" { + return QuerySNI(u.DestinationName, u.Datacenter, cfgSnap) + } + return ServiceSNI(u.DestinationName, subset, u.DestinationNamespace, u.Datacenter, cfgSnap) +} + func DatacenterSNI(dc string, cfgSnap *proxycfg.ConfigSnapshot) string { return fmt.Sprintf("%s.internal.%s", dc, cfgSnap.Roots.TrustDomain) } func ServiceSNI(service string, subset string, namespace string, datacenter string, cfgSnap *proxycfg.ConfigSnapshot) string { + if namespace == "" { + namespace = "default" + } + + if datacenter == "" { + datacenter = cfgSnap.Datacenter + } + if subset == "" { return fmt.Sprintf("%s.%s.%s.internal.%s", service, namespace, datacenter, cfgSnap.Roots.TrustDomain) } else { return fmt.Sprintf("%s.%s.%s.%s.internal.%s", subset, service, namespace, datacenter, cfgSnap.Roots.TrustDomain) } } + +func QuerySNI(service string, datacenter string, cfgSnap *proxycfg.ConfigSnapshot) string { + if datacenter == "" { + datacenter = cfgSnap.Datacenter + } + + return fmt.Sprintf("%s.default.%s.query.%s", service, datacenter, cfgSnap.Roots.TrustDomain) +} + +func TargetSNI(target structs.DiscoveryTarget, cfgSnap *proxycfg.ConfigSnapshot) string { + return ServiceSNI(target.Service, target.ServiceSubset, target.Namespace, target.Datacenter, cfgSnap) +} diff --git a/agent/xds/testdata/clusters/custom-local-app.golden b/agent/xds/testdata/clusters/custom-local-app.golden index a17d285f8c..13bee88d7e 100644 --- a/agent/xds/testdata/clusters/custom-local-app.golden +++ b/agent/xds/testdata/clusters/custom-local-app.golden @@ -3,7 +3,7 @@ "resources": [ { "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "db", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "type": "EDS", "edsClusterConfig": { "edsConfig": { @@ -42,20 +42,7 @@ }, { "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "mylocal", - "connectTimeout": "5s", - "hosts": [ - { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - ] - }, - { - "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "prepared_query:geo-cache", + "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "type": "EDS", "edsClusterConfig": { "edsConfig": { @@ -86,11 +73,24 @@ } } }, - "sni": "geo-cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" }, "outlierDetection": { } + }, + { + "@type": "type.googleapis.com/envoy.api.v2.Cluster", + "name": "mylocal", + "connectTimeout": "5s", + "hosts": [ + { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + ] } ], "typeUrl": "type.googleapis.com/envoy.api.v2.Cluster", diff --git a/agent/xds/testdata/clusters/custom-timeouts.golden b/agent/xds/testdata/clusters/custom-timeouts.golden index c8c776fed0..dfc34272fd 100644 --- a/agent/xds/testdata/clusters/custom-timeouts.golden +++ b/agent/xds/testdata/clusters/custom-timeouts.golden @@ -3,7 +3,7 @@ "resources": [ { "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "db", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "type": "EDS", "edsClusterConfig": { "edsConfig": { @@ -42,32 +42,7 @@ }, { "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "local_app", - "type": "STATIC", - "connectTimeout": "1.234s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - } - }, - { - "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "prepared_query:geo-cache", + "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "type": "EDS", "edsClusterConfig": { "edsConfig": { @@ -98,11 +73,36 @@ } } }, - "sni": "geo-cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" }, "outlierDetection": { } + }, + { + "@type": "type.googleapis.com/envoy.api.v2.Cluster", + "name": "local_app", + "type": "STATIC", + "connectTimeout": "1.234s", + "loadAssignment": { + "clusterName": "local_app", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } } ], "typeUrl": "type.googleapis.com/envoy.api.v2.Cluster", diff --git a/agent/xds/testdata/clusters/custom-upstream.golden b/agent/xds/testdata/clusters/custom-upstream.golden index ffc14d89b5..dd4e9ea24c 100644 --- a/agent/xds/testdata/clusters/custom-upstream.golden +++ b/agent/xds/testdata/clusters/custom-upstream.golden @@ -1,6 +1,45 @@ { "versionInfo": "00000001", "resources": [ + { + "@type": "type.googleapis.com/envoy.api.v2.Cluster", + "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": { + + } + } + }, + "connectTimeout": "5s", + "tlsContext": { + "commonTlsContext": { + "tlsParams": { + + }, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" + }, + "outlierDetection": { + + } + }, { "@type": "type.googleapis.com/envoy.api.v2.Cluster", "name": "local_app", @@ -61,45 +100,6 @@ }, "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } - }, - { - "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "prepared_query:geo-cache", - "type": "EDS", - "edsClusterConfig": { - "edsConfig": { - "ads": { - - } - } - }, - "connectTimeout": "5s", - "tlsContext": { - "commonTlsContext": { - "tlsParams": { - - }, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "outlierDetection": { - - } } ], "typeUrl": "type.googleapis.com/envoy.api.v2.Cluster", diff --git a/agent/xds/testdata/clusters/defaults.golden b/agent/xds/testdata/clusters/defaults.golden index 11074a4355..5d5565ceaa 100644 --- a/agent/xds/testdata/clusters/defaults.golden +++ b/agent/xds/testdata/clusters/defaults.golden @@ -3,7 +3,7 @@ "resources": [ { "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "db", + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "type": "EDS", "edsClusterConfig": { "edsConfig": { @@ -42,32 +42,7 @@ }, { "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "local_app", - "type": "STATIC", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - } - }, - { - "@type": "type.googleapis.com/envoy.api.v2.Cluster", - "name": "prepared_query:geo-cache", + "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "type": "EDS", "edsClusterConfig": { "edsConfig": { @@ -98,11 +73,36 @@ } } }, - "sni": "geo-cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" }, "outlierDetection": { } + }, + { + "@type": "type.googleapis.com/envoy.api.v2.Cluster", + "name": "local_app", + "type": "STATIC", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "local_app", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } } ], "typeUrl": "type.googleapis.com/envoy.api.v2.Cluster", diff --git a/agent/xds/testdata/endpoints/defaults.golden b/agent/xds/testdata/endpoints/defaults.golden index 8b89eae6ea..347b9201e0 100644 --- a/agent/xds/testdata/endpoints/defaults.golden +++ b/agent/xds/testdata/endpoints/defaults.golden @@ -3,7 +3,7 @@ "resources": [ { "@type": "type.googleapis.com/envoy.api.v2.ClusterLoadAssignment", - "clusterName": "db", + "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "endpoints": [ { "lbEndpoints": [ diff --git a/agent/xds/testdata/listeners/custom-public-listener.golden b/agent/xds/testdata/listeners/custom-public-listener.golden index 0c7df92f12..4013593d99 100644 --- a/agent/xds/testdata/listeners/custom-public-listener.golden +++ b/agent/xds/testdata/listeners/custom-public-listener.golden @@ -79,7 +79,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "db", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_db_tcp" } } @@ -102,7 +102,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "prepared_query:geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_prepared_query_geo-cache_tcp" } } diff --git a/agent/xds/testdata/listeners/custom-upstream.golden b/agent/xds/testdata/listeners/custom-upstream.golden index 81f0245577..ad3951fce4 100644 --- a/agent/xds/testdata/listeners/custom-upstream.golden +++ b/agent/xds/testdata/listeners/custom-upstream.golden @@ -39,7 +39,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "prepared_query:geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_prepared_query_geo-cache_tcp" } } diff --git a/agent/xds/testdata/listeners/defaults.golden b/agent/xds/testdata/listeners/defaults.golden index bcc865abac..8908c8c0ef 100644 --- a/agent/xds/testdata/listeners/defaults.golden +++ b/agent/xds/testdata/listeners/defaults.golden @@ -16,7 +16,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "db", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_db_tcp" } } @@ -39,7 +39,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "prepared_query:geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_prepared_query_geo-cache_tcp" } } diff --git a/agent/xds/testdata/listeners/http-public-listener.golden b/agent/xds/testdata/listeners/http-public-listener.golden index ce7ea64f1c..9641c6f353 100644 --- a/agent/xds/testdata/listeners/http-public-listener.golden +++ b/agent/xds/testdata/listeners/http-public-listener.golden @@ -16,7 +16,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "db", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_db_tcp" } } @@ -39,7 +39,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "prepared_query:geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_prepared_query_geo-cache_tcp" } } diff --git a/agent/xds/testdata/listeners/http-upstream.golden b/agent/xds/testdata/listeners/http-upstream.golden index 5dbdfc17df..d645db4e74 100644 --- a/agent/xds/testdata/listeners/http-upstream.golden +++ b/agent/xds/testdata/listeners/http-upstream.golden @@ -35,7 +35,7 @@ "prefix": "/" }, "route": { - "cluster": "db" + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] @@ -69,7 +69,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "prepared_query:geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_prepared_query_geo-cache_tcp" } } diff --git a/agent/xds/testdata/listeners/listener-bind-address-port.golden b/agent/xds/testdata/listeners/listener-bind-address-port.golden index 1d7a8114fe..fe52dbd0ff 100644 --- a/agent/xds/testdata/listeners/listener-bind-address-port.golden +++ b/agent/xds/testdata/listeners/listener-bind-address-port.golden @@ -16,7 +16,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "db", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_db_tcp" } } @@ -39,7 +39,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "prepared_query:geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_prepared_query_geo-cache_tcp" } } @@ -113,4 +113,4 @@ ], "typeUrl": "type.googleapis.com/envoy.api.v2.Listener", "nonce": "00000001" -} +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/listener-bind-address.golden b/agent/xds/testdata/listeners/listener-bind-address.golden index 59f9b159c5..1166269315 100644 --- a/agent/xds/testdata/listeners/listener-bind-address.golden +++ b/agent/xds/testdata/listeners/listener-bind-address.golden @@ -16,7 +16,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "db", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_db_tcp" } } @@ -39,7 +39,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "prepared_query:geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_prepared_query_geo-cache_tcp" } } @@ -113,4 +113,4 @@ ], "typeUrl": "type.googleapis.com/envoy.api.v2.Listener", "nonce": "00000001" -} +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/listener-bind-port.golden b/agent/xds/testdata/listeners/listener-bind-port.golden index 4a4173b3f8..f82c174425 100644 --- a/agent/xds/testdata/listeners/listener-bind-port.golden +++ b/agent/xds/testdata/listeners/listener-bind-port.golden @@ -16,7 +16,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "db", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_db_tcp" } } @@ -39,7 +39,7 @@ { "name": "envoy.tcp_proxy", "config": { - "cluster": "prepared_query:geo-cache", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", "stat_prefix": "upstream_prepared_query_geo-cache_tcp" } } @@ -113,4 +113,4 @@ ], "typeUrl": "type.googleapis.com/envoy.api.v2.Listener", "nonce": "00000001" -} +} \ No newline at end of file diff --git a/test/integration/connect/envoy/case-grpc/verify.bats b/test/integration/connect/envoy/case-grpc/verify.bats index 08b9de0f29..33a0d60e3d 100644 --- a/test/integration/connect/envoy/case-grpc/verify.bats +++ b/test/integration/connect/envoy/case-grpc/verify.bats @@ -19,7 +19,7 @@ load helpers } @test "s1 proxy should be sending gRPC metrics to statsd" { - run retry_default must_match_in_statsd_logs 'envoy.cluster.grpc.PingServer.total' + run retry_default must_match_in_statsd_logs 'envoy.cluster.default.dc1.internal.*.consul.grpc.PingServer.total' echo "OUTPUT: $output"