Backport of Use strict DNS for mesh gateways with hostnames into release/1.16.x (#19395)
Use strict DNS for mesh gateways with hostnames Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
This commit is contained in:
parent
3d7dc247fa
commit
4c4677f24e
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:bug
|
||||||
|
Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize.
|
||||||
|
```
|
|
@ -638,10 +638,13 @@ func (s *ResourceGenerator) makePeerServerClusters(cfgSnap *proxycfg.ConfigSnaps
|
||||||
|
|
||||||
var cluster *envoy_cluster_v3.Cluster
|
var cluster *envoy_cluster_v3.Cluster
|
||||||
if servers.UseCDS {
|
if servers.UseCDS {
|
||||||
|
// we use strict DNS here since multiple gateways with hostnames
|
||||||
|
// would result in an invalid cluster due to logical DNS requiring
|
||||||
|
// only a single host
|
||||||
cluster = s.makeExternalHostnameCluster(cfgSnap, clusterOpts{
|
cluster = s.makeExternalHostnameCluster(cfgSnap, clusterOpts{
|
||||||
name: name,
|
name: name,
|
||||||
addresses: servers.Addresses,
|
addresses: servers.Addresses,
|
||||||
})
|
}, envoy_cluster_v3.Cluster_STRICT_DNS)
|
||||||
} else {
|
} else {
|
||||||
cluster = s.makeGatewayCluster(cfgSnap, clusterOpts{
|
cluster = s.makeGatewayCluster(cfgSnap, clusterOpts{
|
||||||
name: name,
|
name: name,
|
||||||
|
@ -860,7 +863,7 @@ func (s *ResourceGenerator) makeDestinationClusters(cfgSnap *proxycfg.ConfigSnap
|
||||||
if structs.IsIP(address) {
|
if structs.IsIP(address) {
|
||||||
cluster = s.makeExternalIPCluster(cfgSnap, opts)
|
cluster = s.makeExternalIPCluster(cfgSnap, opts)
|
||||||
} else {
|
} else {
|
||||||
cluster = s.makeExternalHostnameCluster(cfgSnap, opts)
|
cluster = s.makeExternalHostnameCluster(cfgSnap, opts, envoy_cluster_v3.Cluster_LOGICAL_DNS)
|
||||||
}
|
}
|
||||||
if err := s.injectGatewayDestinationAddons(cfgSnap, cluster, svcName); err != nil {
|
if err := s.injectGatewayDestinationAddons(cfgSnap, cluster, svcName); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -1885,8 +1888,8 @@ func (s *ResourceGenerator) makeExternalIPCluster(snap *proxycfg.ConfigSnapshot,
|
||||||
}
|
}
|
||||||
|
|
||||||
// makeExternalHostnameCluster creates an Envoy cluster for hostname endpoints that will be resolved with DNS
|
// makeExternalHostnameCluster creates an Envoy cluster for hostname endpoints that will be resolved with DNS
|
||||||
// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffice
|
// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffic
|
||||||
func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster {
|
func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts, discoveryType envoy_cluster_v3.Cluster_DiscoveryType) *envoy_cluster_v3.Cluster {
|
||||||
cfg, err := ParseGatewayConfig(snap.Proxy.Config)
|
cfg, err := ParseGatewayConfig(snap.Proxy.Config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// Don't hard fail on a config typo, just warn. The parse func returns
|
// Don't hard fail on a config typo, just warn. The parse func returns
|
||||||
|
@ -1901,7 +1904,7 @@ func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSna
|
||||||
|
|
||||||
// Having an empty config enables outlier detection with default config.
|
// Having an empty config enables outlier detection with default config.
|
||||||
OutlierDetection: &envoy_cluster_v3.OutlierDetection{},
|
OutlierDetection: &envoy_cluster_v3.OutlierDetection{},
|
||||||
ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_LOGICAL_DNS},
|
ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: discoveryType},
|
||||||
DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY,
|
DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
{
|
{
|
||||||
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
|
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
|
||||||
"name": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5",
|
"name": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5",
|
||||||
"type": "LOGICAL_DNS",
|
"type": "STRICT_DNS",
|
||||||
"connectTimeout": "5s",
|
"connectTimeout": "5s",
|
||||||
"loadAssignment": {
|
"loadAssignment": {
|
||||||
"clusterName": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5",
|
"clusterName": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5",
|
||||||
|
|
Loading…
Reference in New Issue