luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Revert "Avoid adding original_dst filter when not needed" (#10365)

This commit is contained in:
Freddy 2021-06-08 13:18:41 -06:00 committed by GitHub
parent 979199696b
commit 62facc1a04
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.changelog/10302.txt
View File

@ -1,4 +0,0 @@
```release-note:improvement
connect: Avoid adding original_dst listener filter when it won't be used.
```

3
.changelog/10365.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
connect: Fix bug that prevented transparent proxies from working when mesh config restricted routing to catalog destinations.
```

18
agent/xds/listeners.go
View File

@ -78,6 +78,17 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
outboundListener = makePortListener(OutboundListenerName, "127.0.0.1", port, envoy_core_v3.TrafficDirection_OUTBOUND) outboundListener = makePortListener(OutboundListenerName, "127.0.0.1", port, envoy_core_v3.TrafficDirection_OUTBOUND)
outboundListener.FilterChains = make([]*envoy_listener_v3.FilterChain, 0) outboundListener.FilterChains = make([]*envoy_listener_v3.FilterChain, 0)
outboundListener.ListenerFilters = []*envoy_listener_v3.ListenerFilter{
{
// The original_dst filter is a listener filter that recovers the original destination
// address before the iptables redirection. This filter is needed for transparent
// proxies because they route to upstreams using filter chains that match on the
// destination IP address. If the filter is not present, no chain will match.
//
// TODO(tproxy): Hard-coded until we upgrade the go-control-plane library
Name: "envoy.filters.listener.original_dst",
},
}
} }
var hasFilterChains bool var hasFilterChains bool
@ -201,13 +212,6 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
if cfgSnap.ConnectProxy.MeshConfig == nil || if cfgSnap.ConnectProxy.MeshConfig == nil ||
!cfgSnap.ConnectProxy.MeshConfig.TransparentProxy.CatalogDestinationsOnly { !cfgSnap.ConnectProxy.MeshConfig.TransparentProxy.CatalogDestinationsOnly {
outboundListener.ListenerFilters = []*envoy_listener_v3.ListenerFilter{
{
// TODO (freddy): Hard-coded until we upgrade the go-control-plane library
Name: "envoy.filters.listener.original_dst",
},
}
filterChain, err := s.makeUpstreamFilterChainForDiscoveryChain( filterChain, err := s.makeUpstreamFilterChainForDiscoveryChain(
"passthrough", "passthrough",
OriginalDestinationClusterName, OriginalDestinationClusterName,

5
agent/xds/testdata/listeners/transparent-proxy-catalog-destinations-only.envoy-1-18-x.golden vendored
View File

@ -57,6 +57,11 @@
] ]
} }
], ],
"listenerFilters": [
{
"name": "envoy.filters.listener.original_dst"
}
],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {

5
agent/xds/testdata/listeners/transparent-proxy-catalog-destinations-only.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,6 +57,11 @@
] ]
} }
], ],
"listenerFilters": [
{
"name": "envoy.filters.listener.original_dst"
}
],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {