luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent
History
Andy Lindeman 0d1d5d0863
agent: rewrite checks with proxy address, not local service address (#7518) 
Exposing checks is supposed to allow a Consul agent bound to a different
IP address (e.g., in a different Kubernetes pod) to access healthchecks
through the proxy while the underlying service binds to localhost. This
is an important security feature that makes sure no external traffic
reaches the service except through the proxy.

However, as far as I can tell, this is subtly broken in the case where
the Consul agent cannot reach the proxy over localhost.

If a proxy is configured with: `{ LocalServiceAddress: "127.0.0.1",
Checks: true }`, as is typical with a sidecar proxy, the Consul checks
are currently rewritten to `127.0.0.1:<random port>`. A Consul agent
that does not share the loopback address cannot reach this address. Just
to make sure I was not misunderstanding, I tried configuring the proxy
with `{ LocalServiceAddress: "<pod ip>", Checks: true }`. In this case,
while the checks are rewritten as expected and the agent can reach the
dynamic port, the proxy can no longer reach its backend because the
traffic is no longer on the loopback interface.

I think rewriting the checks to use `proxy.Address`, the proxy's own
address, is more correct in this case. That is the IP where the proxy
can be reached, both by other proxies and by a Consul agent running on
a different IP. The local service address should continue to use
`127.0.0.1` in most cases.
 		2020-04-02 09:35:43 +02:00
..
ae agent: ensure node info sync and full sync. (#7189) 2020-02-06 15:30:58 +01:00
agentpb server: strip local ACL tokens from RPCs during forwarding if crossing datacenters (#7419) 2020-03-10 11:15:22 -05:00
cache avoid 'panic: Log in goroutine after TestCacheGet_refreshAge has completed' (#7276) 2020-02-12 10:01:51 -06:00
cache-types wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
checks feat: support sending body in HTTP checks (#6602) 2020-02-10 09:27:12 -07:00
config config: validate system limits against limits.http_max_conns_per_client (#7434) 2020-04-02 09:22:17 +02:00
connect ci: Run all connect/ca tests from the integration suite 2020-03-24 15:22:01 -04:00
consul agent: add len, cap while initializing arrays 2020-04-01 10:54:51 +02:00
debug
exec
local Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
metadata wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
mock
pool wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
proxycfg proxycfg: support path exposed with non-HTTP2 protocol (#7510) 2020-04-02 09:35:04 +02:00
router wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
structs Add config entry for terminating gateways (#7545) 2020-03-31 13:27:32 -06:00
systemd
token Add managed service provider token (#7218) 2020-02-04 13:58:56 -07:00
xds proxycfg: support path exposed with non-HTTP2 protocol (#7510) 2020-04-02 09:35:04 +02:00
acl.go
acl_endpoint.go Add PolicyReadByName for API (#6615) 2020-03-25 10:34:24 -04:00
acl_endpoint_legacy.go
acl_endpoint_legacy_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
acl_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
acl_test.go agent: Remove unused Encrypted from interface 2020-03-26 12:34:31 -04:00
agent.go agent: rewrite checks with proxy address, not local service address (#7518) 2020-04-02 09:35:43 +02:00
agent_endpoint.go Enable CLI to register terminating gateways (#7500) 2020-03-26 10:20:56 -06:00
agent_endpoint_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
agent_oss.go Add managed service provider token (#7218) 2020-02-04 13:58:56 -07:00
agent_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
bindata_assetfs.go update bindata_assetfs.go 2020-02-11 15:19:16 +00:00
blacklist.go
blacklist_test.go
catalog_endpoint.go Catalog + Namespace OSS changes. (#7219) 2020-02-10 10:40:44 -05:00
catalog_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
check.go
config.go
config_endpoint.go Small refactoring to move meta parsing into the switch statement (#7170) 2020-01-29 19:12:48 -05:00
config_endpoint_test.go [FIX BUILD] fix build due to merge of #7562 2020-04-01 18:29:45 +02:00
connect_auth.go
connect_ca_endpoint.go
connect_ca_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
coordinate_endpoint.go
coordinate_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
discovery_chain_endpoint.go
discovery_chain_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
dns.go dns: Remove a few unused params 2020-03-24 15:56:41 -04:00
dns_oss.go
dns_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
enterprise_delegate_oss.go
event_endpoint.go
event_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
federation_state_endpoint.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
health_endpoint.go Catalog + Namespace OSS changes. (#7219) 2020-02-10 10:40:44 -05:00
health_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
http.go Adds http_config.response_headers to the UI headers plus tests (#7369) 2020-03-03 13:18:35 +00:00
http_decode_test.go feat: support sending body in HTTP checks (#6602) 2020-02-10 09:27:12 -07:00
http_oss.go
http_oss_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
http_register.go Add PolicyReadByName for API (#6615) 2020-03-25 10:34:24 -04:00
http_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
intentions_endpoint.go
intentions_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
keyring.go agent: sensible keyring error (#7272) 2020-02-13 20:35:09 +01:00
keyring_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
kvs_endpoint.go docs: add docs for kv_max_value_size (#7405) 2020-03-09 11:13:40 +01:00
kvs_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
notify.go
notify_test.go
operator_endpoint.go
operator_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
prepared_query_endpoint.go
prepared_query_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
remote_exec.go
remote_exec_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
retry_join.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
retry_join_test.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
service_checks_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
service_manager.go Enable CLI to register terminating gateways (#7500) 2020-03-26 10:20:56 -06:00
service_manager_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
session_endpoint.go Fix session backwards incompatibility with 1.6.x and earlier. 2020-03-05 15:34:55 -05:00
session_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
sidecar_service.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
sidecar_service_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
signal_unix.go
signal_windows.go
snapshot_endpoint.go
snapshot_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
status_endpoint.go
status_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
testagent.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
testagent_test.go
translate_addr.go
txn_endpoint.go docs: add docs for kv_max_value_size (#7405) 2020-03-09 11:13:40 +01:00
txn_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
ui_endpoint.go Add information about which services are proxied to ui services… (#7417) 2020-03-27 10:57:46 -04:00
ui_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
user_event.go agent: ensure that we always use the same settings for msgpack (#7245) 2020-02-07 15:50:24 -06:00
user_event_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
util.go agent: ensure that we always use the same settings for msgpack (#7245) 2020-02-07 15:50:24 -06:00
util_test.go
watch_handler.go
watch_handler_test.go