This repository has been archived by the owner on Jul 11, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 277
/
ingress.go
82 lines (70 loc) · 2.91 KB
/
ingress.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package lds
import (
xds_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
xds_listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
"github.com/envoyproxy/go-control-plane/pkg/wellknown"
"github.com/golang/protobuf/ptypes"
"github.com/golang/protobuf/ptypes/any"
"github.com/openservicemesh/osm/pkg/configurator"
"github.com/openservicemesh/osm/pkg/envoy"
"github.com/openservicemesh/osm/pkg/envoy/route"
"github.com/openservicemesh/osm/pkg/service"
)
func getIngressTransportProtocol(cfg configurator.Configurator) string {
if cfg.UseHTTPSIngress() {
return envoy.TransportProtocolTLS
}
return ""
}
func newIngressFilterChain(cfg configurator.Configurator, svc service.MeshService) *xds_listener.FilterChain {
marshalledDownstreamTLSContext, err := envoy.MessageToAny(envoy.GetDownstreamTLSContext(svc, false /* TLS */))
if err != nil {
log.Error().Err(err).Msgf("Error marshalling DownstreamTLSContext object for proxy %s", svc)
return nil
}
inboundConnManager := getHTTPConnectionManager(route.InboundRouteConfigName, cfg)
marshalledInboundConnManager, err := ptypes.MarshalAny(inboundConnManager)
if err != nil {
log.Error().Err(err).Msgf("Error marshalling inbound HttpConnectionManager object for proxy %s", svc)
return nil
}
return &xds_listener.FilterChain{
// Filter chain with SNI matching enabled for clients that set the SNI
FilterChainMatch: &xds_listener.FilterChainMatch{
TransportProtocol: getIngressTransportProtocol(cfg),
},
TransportSocket: getIngressTransportSocket(cfg, marshalledDownstreamTLSContext),
Filters: []*xds_listener.Filter{
{
Name: wellknown.HTTPConnectionManager,
ConfigType: &xds_listener.Filter_TypedConfig{
TypedConfig: marshalledInboundConnManager,
},
},
},
}
}
func getIngressFilterChains(svc service.MeshService, cfg configurator.Configurator) []*xds_listener.FilterChain {
var ingressFilterChains []*xds_listener.FilterChain
if cfg.UseHTTPSIngress() {
// Filter chain with SNI matching enabled for HTTPS clients that set the SNI
ingressFilterChainWithSNI := newIngressFilterChain(cfg, svc)
ingressFilterChainWithSNI.FilterChainMatch.ServerNames = []string{svc.GetCommonName().String()}
ingressFilterChains = append(ingressFilterChains, ingressFilterChainWithSNI)
}
// Filter chain without SNI matching enabled for HTTP clients and HTTPS clients that don't set the SNI
ingressFilterChainWithoutSNI := newIngressFilterChain(cfg, svc)
ingressFilterChains = append(ingressFilterChains, ingressFilterChainWithoutSNI)
return ingressFilterChains
}
func getIngressTransportSocket(cfg configurator.Configurator, marshalledDownstreamTLSContext *any.Any) *xds_core.TransportSocket {
if cfg.UseHTTPSIngress() {
return &xds_core.TransportSocket{
Name: wellknown.TransportSocketTls,
ConfigType: &xds_core.TransportSocket_TypedConfig{
TypedConfig: marshalledDownstreamTLSContext,
},
}
}
return nil
}