-
Notifications
You must be signed in to change notification settings - Fork 4.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix explicit tproxy listeners with discovery chains. (#14751)
- Loading branch information
1 parent
0a6a570
commit 9c2b54c
Showing
5 changed files
with
258 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:bug | ||
connect: Fixed a bug where transparent proxy does not correctly spawn listeners for upstreams to service-resolvers. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
176 changes: 176 additions & 0 deletions
176
agent/xds/testdata/listeners/transparent-proxy-with-resolver-redirect-upstream.latest.golden
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,176 @@ | ||
{ | ||
"versionInfo": "00000001", | ||
"resources": [ | ||
{ | ||
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", | ||
"name": "db-redir:127.0.0.1:9191", | ||
"address": { | ||
"socketAddress": { | ||
"address": "127.0.0.1", | ||
"portValue": 9191 | ||
} | ||
}, | ||
"filterChains": [ | ||
{ | ||
"filters": [ | ||
{ | ||
"name": "envoy.filters.network.tcp_proxy", | ||
"typedConfig": { | ||
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", | ||
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", | ||
"statPrefix": "upstream.db-redir.default.default.dc1" | ||
} | ||
} | ||
] | ||
} | ||
], | ||
"trafficDirection": "OUTBOUND" | ||
}, | ||
{ | ||
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", | ||
"name": "outbound_listener:127.0.0.1:15001", | ||
"address": { | ||
"socketAddress": { | ||
"address": "127.0.0.1", | ||
"portValue": 15001 | ||
} | ||
}, | ||
"filterChains": [ | ||
{ | ||
"filterChainMatch": { | ||
"prefixRanges": [ | ||
{ | ||
"addressPrefix": "10.0.0.1", | ||
"prefixLen": 32 | ||
}, | ||
{ | ||
"addressPrefix": "240.0.0.1", | ||
"prefixLen": 32 | ||
} | ||
] | ||
}, | ||
"filters": [ | ||
{ | ||
"name": "envoy.filters.network.tcp_proxy", | ||
"typedConfig": { | ||
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", | ||
"statPrefix": "upstream.google.default.default.dc1", | ||
"cluster": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" | ||
} | ||
} | ||
] | ||
}, | ||
{ | ||
"filters": [ | ||
{ | ||
"name": "envoy.filters.network.tcp_proxy", | ||
"typedConfig": { | ||
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", | ||
"statPrefix": "upstream.original-destination", | ||
"cluster": "original-destination" | ||
} | ||
} | ||
] | ||
} | ||
], | ||
"listenerFilters": [ | ||
{ | ||
"name": "envoy.filters.listener.original_dst", | ||
"typedConfig": { | ||
"@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" | ||
} | ||
} | ||
], | ||
"trafficDirection": "OUTBOUND" | ||
}, | ||
{ | ||
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", | ||
"name": "prepared_query:geo-cache:127.10.10.10:8181", | ||
"address": { | ||
"socketAddress": { | ||
"address": "127.10.10.10", | ||
"portValue": 8181 | ||
} | ||
}, | ||
"filterChains": [ | ||
{ | ||
"filters": [ | ||
{ | ||
"name": "envoy.filters.network.tcp_proxy", | ||
"typedConfig": { | ||
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", | ||
"statPrefix": "upstream.prepared_query_geo-cache", | ||
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" | ||
} | ||
} | ||
] | ||
} | ||
], | ||
"trafficDirection": "OUTBOUND" | ||
}, | ||
{ | ||
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", | ||
"name": "public_listener:0.0.0.0:9999", | ||
"address": { | ||
"socketAddress": { | ||
"address": "0.0.0.0", | ||
"portValue": 9999 | ||
} | ||
}, | ||
"filterChains": [ | ||
{ | ||
"filters": [ | ||
{ | ||
"name": "envoy.filters.network.rbac", | ||
"typedConfig": { | ||
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", | ||
"rules": { | ||
|
||
}, | ||
"statPrefix": "connect_authz" | ||
} | ||
}, | ||
{ | ||
"name": "envoy.filters.network.tcp_proxy", | ||
"typedConfig": { | ||
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", | ||
"statPrefix": "public_listener", | ||
"cluster": "local_app" | ||
} | ||
} | ||
], | ||
"transportSocket": { | ||
"name": "tls", | ||
"typedConfig": { | ||
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", | ||
"commonTlsContext": { | ||
"tlsParams": { | ||
|
||
}, | ||
"tlsCertificates": [ | ||
{ | ||
"certificateChain": { | ||
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" | ||
}, | ||
"privateKey": { | ||
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" | ||
} | ||
} | ||
], | ||
"validationContext": { | ||
"trustedCa": { | ||
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" | ||
} | ||
} | ||
}, | ||
"requireClientCertificate": true | ||
} | ||
} | ||
} | ||
], | ||
"trafficDirection": "INBOUND" | ||
} | ||
], | ||
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", | ||
"nonce": "00000001" | ||
} |