mirror of
https://github.com/status-im/consul.git
synced 2025-01-15 00:04:47 +00:00
0ec7bddb9a
* If a workload does not implement a port, it should not be included in the list of endpoints for the Envoy cluster for that port. * Adds tenancy tests for xds controller and xdsv2 resource generation, and adds all those files. * The original change in this PR was for filtering the list of endpoints by the port being routed to (bullet 1). Since I made changes to sidecarproxycontroller golden files, I realized some of the golden files were unused because of the tenancy changes, so when I deleted those, that broke xds controller tests which weren't correctly using tenancy. So when I fixed that, then the xdsv2 tests broke, so I added tenancy support there too. So now, from sidecarproxy controller -> xds controller -> xdsv2 we now have tenancy support and all the golden files are lined up.
217 lines
10 KiB
Plaintext
217 lines
10 KiB
Plaintext
{
|
|
"versionInfo": "00000001",
|
|
"resources": [
|
|
{
|
|
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
|
|
"name": "null_route_cluster",
|
|
"type": "STATIC",
|
|
"connectTimeout": "10s"
|
|
},
|
|
{
|
|
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
|
|
"name": "tcp.api-1.bar.dc1.internal.foo.consul",
|
|
"type": "EDS",
|
|
"edsClusterConfig": {
|
|
"edsConfig": {
|
|
"ads": {},
|
|
"resourceApiVersion": "V3"
|
|
}
|
|
},
|
|
"connectTimeout": "5s",
|
|
"commonLbConfig": {
|
|
"healthyPanicThreshold": {}
|
|
},
|
|
"transportSocket": {
|
|
"name": "tls",
|
|
"typedConfig": {
|
|
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
|
|
"commonTlsContext": {
|
|
"tlsParams": {},
|
|
"tlsCertificates": [
|
|
{
|
|
"certificateChain": {
|
|
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n"
|
|
},
|
|
"privateKey": {
|
|
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
|
|
}
|
|
}
|
|
],
|
|
"validationContext": {
|
|
"trustedCa": {
|
|
"inlineString": "some-root\nsome-other-root\n"
|
|
},
|
|
"matchTypedSubjectAltNames": [
|
|
{
|
|
"sanType": "URI",
|
|
"matcher": {
|
|
"exact": "spiffe://foo.consul/ap/default/ns/bar/identity/api1-identity"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"alpnProtocols": [
|
|
"consul~tcp"
|
|
]
|
|
},
|
|
"sni": "api-1.bar.dc1.internal.foo.consul"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
|
|
"name": "tcp.api-2.bar.dc1.internal.foo.consul",
|
|
"type": "EDS",
|
|
"edsClusterConfig": {
|
|
"edsConfig": {
|
|
"ads": {},
|
|
"resourceApiVersion": "V3"
|
|
}
|
|
},
|
|
"connectTimeout": "5s",
|
|
"commonLbConfig": {
|
|
"healthyPanicThreshold": {}
|
|
},
|
|
"transportSocket": {
|
|
"name": "tls",
|
|
"typedConfig": {
|
|
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
|
|
"commonTlsContext": {
|
|
"tlsParams": {},
|
|
"tlsCertificates": [
|
|
{
|
|
"certificateChain": {
|
|
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n"
|
|
},
|
|
"privateKey": {
|
|
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
|
|
}
|
|
}
|
|
],
|
|
"validationContext": {
|
|
"trustedCa": {
|
|
"inlineString": "some-root\nsome-other-root\n"
|
|
},
|
|
"matchTypedSubjectAltNames": [
|
|
{
|
|
"sanType": "URI",
|
|
"matcher": {
|
|
"exact": "spiffe://foo.consul/ap/default/ns/bar/identity/api2-identity"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"alpnProtocols": [
|
|
"consul~tcp"
|
|
]
|
|
},
|
|
"sni": "api-2.bar.dc1.internal.foo.consul"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
|
|
"name": "tcp2.api-1.bar.dc1.internal.foo.consul",
|
|
"type": "EDS",
|
|
"edsClusterConfig": {
|
|
"edsConfig": {
|
|
"ads": {},
|
|
"resourceApiVersion": "V3"
|
|
}
|
|
},
|
|
"connectTimeout": "5s",
|
|
"commonLbConfig": {
|
|
"healthyPanicThreshold": {}
|
|
},
|
|
"transportSocket": {
|
|
"name": "tls",
|
|
"typedConfig": {
|
|
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
|
|
"commonTlsContext": {
|
|
"tlsParams": {},
|
|
"tlsCertificates": [
|
|
{
|
|
"certificateChain": {
|
|
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n"
|
|
},
|
|
"privateKey": {
|
|
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
|
|
}
|
|
}
|
|
],
|
|
"validationContext": {
|
|
"trustedCa": {
|
|
"inlineString": "some-root\nsome-other-root\n"
|
|
},
|
|
"matchTypedSubjectAltNames": [
|
|
{
|
|
"sanType": "URI",
|
|
"matcher": {
|
|
"exact": "spiffe://foo.consul/ap/default/ns/bar/identity/api1-identity"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"alpnProtocols": [
|
|
"consul~tcp2"
|
|
]
|
|
},
|
|
"sni": "api-1.bar.dc1.internal.foo.consul"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
|
|
"name": "tcp2.api-2.bar.dc1.internal.foo.consul",
|
|
"type": "EDS",
|
|
"edsClusterConfig": {
|
|
"edsConfig": {
|
|
"ads": {},
|
|
"resourceApiVersion": "V3"
|
|
}
|
|
},
|
|
"connectTimeout": "5s",
|
|
"commonLbConfig": {
|
|
"healthyPanicThreshold": {}
|
|
},
|
|
"transportSocket": {
|
|
"name": "tls",
|
|
"typedConfig": {
|
|
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
|
|
"commonTlsContext": {
|
|
"tlsParams": {},
|
|
"tlsCertificates": [
|
|
{
|
|
"certificateChain": {
|
|
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n"
|
|
},
|
|
"privateKey": {
|
|
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n"
|
|
}
|
|
}
|
|
],
|
|
"validationContext": {
|
|
"trustedCa": {
|
|
"inlineString": "some-root\nsome-other-root\n"
|
|
},
|
|
"matchTypedSubjectAltNames": [
|
|
{
|
|
"sanType": "URI",
|
|
"matcher": {
|
|
"exact": "spiffe://foo.consul/ap/default/ns/bar/identity/api2-identity"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"alpnProtocols": [
|
|
"consul~tcp2"
|
|
]
|
|
},
|
|
"sni": "api-2.bar.dc1.internal.foo.consul"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
|
|
"nonce": "00000001"
|
|
} |