Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OSS] proxycfg: server-local datasources for config entries, intentions and intention upstreams #13658

Merged
merged 4 commits into from Jul 4, 2022
Merged

[OSS] proxycfg: server-local datasources for config entries, intentions and intention upstreams #13658

merged 4 commits into from Jul 4, 2022

Commits on Jul 1, 2022

  1. proxycfg: server-local config entry data sources 

    This is the OSS portion of enterprise PR 2056.

This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.

It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.

It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.

Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.

Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
    @boxofrad
    boxofrad committed Jul 1, 2022
    Configuration menu
    Copy the full SHA
    c7f491d View commit details
    Browse the repository at this point in the history

  2. proxycfg: server-local intentions data source 

    This is the OSS portion of enterprise PR 2141.

This commit provides a server-local implementation of the `proxycfg.Intentions`
interface that sources data from streaming events.

It adds events for the `service-intentions` config entry type, and then consumes
event streams (via materialized views) for the service's explicit intentions and
any applicable wildcard intentions, merging them into a single list of intentions.

An alternative approach I considered was to consume _all_ intention events (via
`SubjectWildcard`) and filter out the irrelevant ones. This would admittedly
remove some complexity in the `agent/proxycfg-glue` package but at the expense
of considerable overhead from waking potentially many thousands of connect
proxies every time any intention is updated.
    @boxofrad
    boxofrad committed Jul 1, 2022
    Configuration menu
    Copy the full SHA
    52dce8e View commit details
    Browse the repository at this point in the history

  3. proxycfg: server-local intention upstreams data source 

    This is the OSS portion of enterprise PR 2157.

It builds on the local blocking query work in #13438 to implement the
proxycfg.IntentionUpstreams interface using server-local data.

Also moves the ACL filtering logic from agent/consul into the acl/filter
package so that it can be reused here.
    @boxofrad
    boxofrad committed Jul 1, 2022
    Configuration menu
    Copy the full SHA
    cec00ea View commit details
    Browse the repository at this point in the history

  4. Changelog entry

    @boxofrad
    boxofrad committed Jul 1, 2022
    Configuration menu
    Copy the full SHA
    d738e0d View commit details
    Browse the repository at this point in the history