Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
xds: only try to create an ipv6 expose checks listener if ipv6 is sup…
…ported by the kernel (#9765) Fixes #9311 This only fails if the kernel has ipv6 hard-disabled. It is not sufficient to merely not provide an ipv6 address for a network interface.
- Loading branch information
Showing
15 changed files
with
674 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:improvement | ||
xds: only try to create an ipv6 expose checks listener if ipv6 is supported by the kernel | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
// +build !linux | ||
|
||
package xds | ||
|
||
func kernelSupportsIPv6() (bool, error) { | ||
return true, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
// +build linux | ||
|
||
package xds | ||
|
||
import ( | ||
"fmt" | ||
"os" | ||
"sync" | ||
) | ||
|
||
const ipv6SupportProcFile = "/proc/net/if_inet6" | ||
|
||
var ( | ||
ipv6SupportOnce sync.Once | ||
ipv6Supported bool | ||
ipv6SupportedErr error | ||
) | ||
|
||
func kernelSupportsIPv6() (bool, error) { | ||
ipv6SupportOnce.Do(func() { | ||
ipv6Supported, ipv6SupportedErr = checkIfKernelSupportsIPv6() | ||
}) | ||
return ipv6Supported, ipv6SupportedErr | ||
} | ||
|
||
func checkIfKernelSupportsIPv6() (bool, error) { | ||
_, err := os.Stat(ipv6SupportProcFile) | ||
if os.IsNotExist(err) { | ||
return false, nil | ||
} else if err != nil { | ||
return false, fmt.Errorf("error checking for ipv6 support file %s: %w", ipv6SupportProcFile, err) | ||
} | ||
|
||
return true, nil | ||
} |
109 changes: 109 additions & 0 deletions
109
agent/xds/testdata/listeners/expose-checks.envoy-1-13-x.golden
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
{ | ||
"versionInfo": "00000001", | ||
"resources": [ | ||
{ | ||
"@type": "type.googleapis.com/envoy.api.v2.Listener", | ||
"name": "exposed_path_debug:1.2.3.4:21500", | ||
"address": { | ||
"socketAddress": { | ||
"address": "1.2.3.4", | ||
"portValue": 21500 | ||
} | ||
}, | ||
"filterChains": [ | ||
{ | ||
"filterChainMatch": { | ||
"sourcePrefixRanges": [ | ||
{ | ||
"addressPrefix": "127.0.0.1", | ||
"prefixLen": 8 | ||
}, | ||
{ | ||
"addressPrefix": "192.0.2.1", | ||
"prefixLen": 32 | ||
}, | ||
{ | ||
"addressPrefix": "::1", | ||
"prefixLen": 128 | ||
} | ||
] | ||
}, | ||
"filters": [ | ||
{ | ||
"name": "envoy.http_connection_manager", | ||
"config": { | ||
"http_filters": [ | ||
{ | ||
"name": "envoy.router" | ||
} | ||
], | ||
"route_config": { | ||
"name": "exposed_path_filter_debug_21500", | ||
"virtual_hosts": [ | ||
{ | ||
"domains": [ | ||
"*" | ||
], | ||
"name": "exposed_path_filter_debug_21500", | ||
"routes": [ | ||
{ | ||
"match": { | ||
"path": "/debug" | ||
}, | ||
"route": { | ||
"cluster": "exposed_cluster_8181" | ||
} | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
"stat_prefix": "exposed_path_filter_debug_21500", | ||
"tracing": { | ||
"random_sampling": { | ||
} | ||
} | ||
} | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
{ | ||
"@type": "type.googleapis.com/envoy.api.v2.Listener", | ||
"name": "public_listener:1.2.3.4:8080", | ||
"address": { | ||
"socketAddress": { | ||
"address": "1.2.3.4", | ||
"portValue": 8080 | ||
} | ||
}, | ||
"filterChains": [ | ||
{ | ||
"tlsContext": { | ||
"requireClientCertificate": true | ||
}, | ||
"filters": [ | ||
{ | ||
"name": "envoy.filters.network.rbac", | ||
"config": { | ||
"rules": { | ||
}, | ||
"stat_prefix": "connect_authz" | ||
} | ||
}, | ||
{ | ||
"name": "envoy.tcp_proxy", | ||
"config": { | ||
"cluster": "local_app", | ||
"stat_prefix": "public_listener" | ||
} | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"typeUrl": "type.googleapis.com/envoy.api.v2.Listener", | ||
"nonce": "00000001" | ||
} |
109 changes: 109 additions & 0 deletions
109
agent/xds/testdata/listeners/expose-checks.envoy-1-14-x.golden
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
{ | ||
"versionInfo": "00000001", | ||
"resources": [ | ||
{ | ||
"@type": "type.googleapis.com/envoy.api.v2.Listener", | ||
"name": "exposed_path_debug:1.2.3.4:21500", | ||
"address": { | ||
"socketAddress": { | ||
"address": "1.2.3.4", | ||
"portValue": 21500 | ||
} | ||
}, | ||
"filterChains": [ | ||
{ | ||
"filterChainMatch": { | ||
"sourcePrefixRanges": [ | ||
{ | ||
"addressPrefix": "127.0.0.1", | ||
"prefixLen": 8 | ||
}, | ||
{ | ||
"addressPrefix": "192.0.2.1", | ||
"prefixLen": 32 | ||
}, | ||
{ | ||
"addressPrefix": "::1", | ||
"prefixLen": 128 | ||
} | ||
] | ||
}, | ||
"filters": [ | ||
{ | ||
"name": "envoy.http_connection_manager", | ||
"config": { | ||
"http_filters": [ | ||
{ | ||
"name": "envoy.router" | ||
} | ||
], | ||
"route_config": { | ||
"name": "exposed_path_filter_debug_21500", | ||
"virtual_hosts": [ | ||
{ | ||
"domains": [ | ||
"*" | ||
], | ||
"name": "exposed_path_filter_debug_21500", | ||
"routes": [ | ||
{ | ||
"match": { | ||
"path": "/debug" | ||
}, | ||
"route": { | ||
"cluster": "exposed_cluster_8181" | ||
} | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
"stat_prefix": "exposed_path_filter_debug_21500", | ||
"tracing": { | ||
"random_sampling": { | ||
} | ||
} | ||
} | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
{ | ||
"@type": "type.googleapis.com/envoy.api.v2.Listener", | ||
"name": "public_listener:1.2.3.4:8080", | ||
"address": { | ||
"socketAddress": { | ||
"address": "1.2.3.4", | ||
"portValue": 8080 | ||
} | ||
}, | ||
"filterChains": [ | ||
{ | ||
"tlsContext": { | ||
"requireClientCertificate": true | ||
}, | ||
"filters": [ | ||
{ | ||
"name": "envoy.filters.network.rbac", | ||
"config": { | ||
"rules": { | ||
}, | ||
"stat_prefix": "connect_authz" | ||
} | ||
}, | ||
{ | ||
"name": "envoy.tcp_proxy", | ||
"config": { | ||
"cluster": "local_app", | ||
"stat_prefix": "public_listener" | ||
} | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"typeUrl": "type.googleapis.com/envoy.api.v2.Listener", | ||
"nonce": "00000001" | ||
} |
Oops, something went wrong.