2020-07-09 22:04:51 +00:00
|
|
|
package xds
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
|
2021-02-26 22:23:15 +00:00
|
|
|
envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
|
2021-02-22 21:00:15 +00:00
|
|
|
|
2020-07-09 22:04:51 +00:00
|
|
|
"github.com/hashicorp/go-version"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
2020-07-31 20:52:49 +00:00
|
|
|
// minSupportedVersion is the oldest mainline version we support. This should always be
|
|
|
|
// the zero'th point release of the last element of proxysupport.EnvoyVersions.
|
2021-04-29 20:22:03 +00:00
|
|
|
minSupportedVersion = version.Must(version.NewVersion("1.15.0"))
|
2021-02-22 21:00:15 +00:00
|
|
|
|
2021-04-29 18:54:05 +00:00
|
|
|
minVersionAllowingEmptyGatewayClustersWithIncrementalXDS = version.Must(version.NewVersion("1.16.0"))
|
|
|
|
minVersionAllowingMultipleIncrementalXDSChanges = version.Must(version.NewVersion("1.16.0"))
|
|
|
|
|
2021-02-22 21:00:15 +00:00
|
|
|
specificUnsupportedVersions = []unsupportedVersion{}
|
2020-07-09 22:04:51 +00:00
|
|
|
)
|
|
|
|
|
2020-10-06 22:09:13 +00:00
|
|
|
type unsupportedVersion struct {
|
|
|
|
Version *version.Version
|
|
|
|
UpgradeTo string
|
|
|
|
Why string
|
|
|
|
}
|
|
|
|
|
2020-07-09 22:04:51 +00:00
|
|
|
type supportedProxyFeatures struct {
|
2020-07-31 20:52:49 +00:00
|
|
|
// add version dependent feature flags here
|
2021-04-29 18:54:05 +00:00
|
|
|
|
|
|
|
// GatewaysNeedStubClusterWhenEmptyWithIncrementalXDS is needed to paper
|
|
|
|
// over some weird envoy behavior.
|
|
|
|
//
|
|
|
|
// For some reason Envoy versions prior to 1.16.0 when sent an empty CDS
|
|
|
|
// list via the incremental xDS protocol will correctly ack the message and
|
|
|
|
// just never request LDS resources.
|
|
|
|
GatewaysNeedStubClusterWhenEmptyWithIncrementalXDS bool
|
|
|
|
|
|
|
|
// IncrementalXDSUpdatesMustBeSerial is needed to avoid an envoy crash.
|
|
|
|
//
|
|
|
|
// Versions of Envoy prior to 1.16.0 could crash if multiple in-flight
|
|
|
|
// changes to resources were happening during incremental xDS. To prevent
|
|
|
|
// that we force serial updates on those older versions.
|
|
|
|
//
|
|
|
|
// issue: https://github.com/envoyproxy/envoy/issues/11877
|
|
|
|
// PR: https://github.com/envoyproxy/envoy/pull/12069
|
|
|
|
IncrementalXDSUpdatesMustBeSerial bool
|
2020-07-09 22:04:51 +00:00
|
|
|
}
|
|
|
|
|
2021-02-26 22:23:15 +00:00
|
|
|
func determineSupportedProxyFeatures(node *envoy_core_v3.Node) (supportedProxyFeatures, error) {
|
2020-07-09 22:04:51 +00:00
|
|
|
version := determineEnvoyVersionFromNode(node)
|
2020-07-31 20:52:49 +00:00
|
|
|
return determineSupportedProxyFeaturesFromVersion(version)
|
|
|
|
}
|
|
|
|
|
|
|
|
func determineSupportedProxyFeaturesFromString(vs string) (supportedProxyFeatures, error) {
|
|
|
|
version := version.Must(version.NewVersion(vs))
|
|
|
|
return determineSupportedProxyFeaturesFromVersion(version)
|
|
|
|
}
|
|
|
|
|
|
|
|
func determineSupportedProxyFeaturesFromVersion(version *version.Version) (supportedProxyFeatures, error) {
|
2020-07-09 22:04:51 +00:00
|
|
|
if version == nil {
|
2020-07-31 20:52:49 +00:00
|
|
|
// This would happen on either extremely old builds OR perhaps on
|
|
|
|
// custom builds. Should we error?
|
|
|
|
return supportedProxyFeatures{}, nil
|
2020-07-09 22:04:51 +00:00
|
|
|
}
|
|
|
|
|
2020-07-31 20:52:49 +00:00
|
|
|
if version.LessThan(minSupportedVersion) {
|
|
|
|
return supportedProxyFeatures{}, fmt.Errorf("Envoy %s is too old and is not supported by Consul", version)
|
2020-07-09 22:04:51 +00:00
|
|
|
}
|
2020-07-31 20:52:49 +00:00
|
|
|
|
2020-10-06 22:09:13 +00:00
|
|
|
for _, uv := range specificUnsupportedVersions {
|
|
|
|
if version.Equal(uv.Version) {
|
|
|
|
return supportedProxyFeatures{}, fmt.Errorf(
|
|
|
|
"Envoy %s is too old of a point release and is not supported by Consul because it %s. "+
|
|
|
|
"Please upgrade to version %s.",
|
|
|
|
version,
|
|
|
|
uv.Why,
|
|
|
|
uv.UpgradeTo,
|
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-29 18:54:05 +00:00
|
|
|
sf := supportedProxyFeatures{}
|
|
|
|
|
|
|
|
if version.LessThan(minVersionAllowingEmptyGatewayClustersWithIncrementalXDS) {
|
|
|
|
sf.GatewaysNeedStubClusterWhenEmptyWithIncrementalXDS = true
|
|
|
|
}
|
|
|
|
|
|
|
|
if version.LessThan(minVersionAllowingMultipleIncrementalXDSChanges) {
|
|
|
|
sf.IncrementalXDSUpdatesMustBeSerial = true
|
|
|
|
}
|
|
|
|
|
|
|
|
return sf, nil
|
2020-07-09 22:04:51 +00:00
|
|
|
}
|
|
|
|
|
2021-02-26 22:23:15 +00:00
|
|
|
func determineEnvoyVersionFromNode(node *envoy_core_v3.Node) *version.Version {
|
2020-07-09 22:04:51 +00:00
|
|
|
if node == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
if node.UserAgentVersionType == nil {
|
2021-02-22 21:00:15 +00:00
|
|
|
return nil
|
2020-07-09 22:04:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if node.UserAgentName != "envoy" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-02-26 22:23:15 +00:00
|
|
|
bv, ok := node.UserAgentVersionType.(*envoy_core_v3.Node_UserAgentBuildVersion)
|
2020-07-09 22:04:51 +00:00
|
|
|
if !ok {
|
|
|
|
// NOTE: we could sniff for *envoycore.Node_UserAgentVersion and do more regex but official builds don't have this problem.
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
if bv.UserAgentBuildVersion == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
v := bv.UserAgentBuildVersion.Version
|
|
|
|
|
|
|
|
return version.Must(version.NewVersion(
|
|
|
|
fmt.Sprintf("%d.%d.%d",
|
|
|
|
v.GetMajorNumber(),
|
|
|
|
v.GetMinorNumber(),
|
|
|
|
v.GetPatch(),
|
|
|
|
),
|
|
|
|
))
|
|
|
|
}
|