154eafe140
* xDS Mesh Gateway Resolver Subset Fixes The first fix was that clusters were being generated for every service resolver subset regardless of there being any service instances of the associated service in that dc. The previous logic didn’t care at all but now it will omit generating those clusters unless we also have service instances that should be proxied. The second fix was to respect the DefaultSubset of a service resolver so that mesh-gateways would configure the endpoints of the unnamed subset cluster to only those endpoints matched by the default subsets filters. * Refactor the gateway endpoint generation to be a little easier to read
128 lines
4.7 KiB
Go
128 lines
4.7 KiB
Go
package proxycfg
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
"github.com/mitchellh/copystructure"
|
|
)
|
|
|
|
type configSnapshotConnectProxy struct {
|
|
Leaf *structs.IssuedCert
|
|
DiscoveryChain map[string]*structs.CompiledDiscoveryChain // this is keyed by the Upstream.Identifier(), not the chain name
|
|
WatchedUpstreams map[string]map[string]context.CancelFunc
|
|
WatchedUpstreamEndpoints map[string]map[string]structs.CheckServiceNodes
|
|
WatchedGateways map[string]map[string]context.CancelFunc
|
|
WatchedGatewayEndpoints map[string]map[string]structs.CheckServiceNodes
|
|
WatchedServiceChecks map[structs.ServiceID][]structs.CheckType // TODO: missing garbage collection
|
|
|
|
PreparedQueryEndpoints map[string]structs.CheckServiceNodes // DEPRECATED:see:WatchedUpstreamEndpoints
|
|
}
|
|
|
|
func (c *configSnapshotConnectProxy) IsEmpty() bool {
|
|
if c == nil {
|
|
return true
|
|
}
|
|
return c.Leaf == nil &&
|
|
len(c.DiscoveryChain) == 0 &&
|
|
len(c.WatchedUpstreams) == 0 &&
|
|
len(c.WatchedUpstreamEndpoints) == 0 &&
|
|
len(c.WatchedGateways) == 0 &&
|
|
len(c.WatchedGatewayEndpoints) == 0 &&
|
|
len(c.WatchedServiceChecks) == 0 &&
|
|
len(c.PreparedQueryEndpoints) == 0
|
|
}
|
|
|
|
type configSnapshotMeshGateway struct {
|
|
// map of service id to a cancel function. This cancel function is tied to the watch of
|
|
// connect enabled services for the given id. If the main datacenter services watch would
|
|
// indicate the removal of a service all together we then cancel watching that service for
|
|
// its connect endpoints.
|
|
WatchedServices map[structs.ServiceID]context.CancelFunc
|
|
// Indicates that the watch on the datacenters services has completed. Even when there
|
|
// are no connect services, this being set (and the Connect roots being available) will be enough for
|
|
// the config snapshot to be considered valid. In the case of Envoy, this allows it to start its listeners
|
|
// even when no services would be proxied and allow its health check to pass.
|
|
WatchedServicesSet bool
|
|
// map of datacenter name to a cancel function. This cancel function is tied
|
|
// to the watch of mesh-gateway services in that datacenter.
|
|
WatchedDatacenters map[string]context.CancelFunc
|
|
// map of service id to the service instances of that service in the local datacenter
|
|
ServiceGroups map[structs.ServiceID]structs.CheckServiceNodes
|
|
// map of service id to an associated service-resolver config entry for that service
|
|
ServiceResolvers map[structs.ServiceID]*structs.ServiceResolverConfigEntry
|
|
// map of datacenter names to services of kind mesh-gateway in that datacenter
|
|
GatewayGroups map[string]structs.CheckServiceNodes
|
|
}
|
|
|
|
func (c *configSnapshotMeshGateway) IsEmpty() bool {
|
|
if c == nil {
|
|
return true
|
|
}
|
|
return len(c.WatchedServices) == 0 &&
|
|
!c.WatchedServicesSet &&
|
|
len(c.WatchedDatacenters) == 0 &&
|
|
len(c.ServiceGroups) == 0 &&
|
|
len(c.ServiceResolvers) == 0 &&
|
|
len(c.GatewayGroups) == 0
|
|
}
|
|
|
|
// ConfigSnapshot captures all the resulting config needed for a proxy instance.
|
|
// It is meant to be point-in-time coherent and is used to deliver the current
|
|
// config state to observers who need it to be pushed in (e.g. XDS server).
|
|
type ConfigSnapshot struct {
|
|
Kind structs.ServiceKind
|
|
Service string
|
|
ProxyID structs.ServiceID
|
|
Address string
|
|
Port int
|
|
TaggedAddresses map[string]structs.ServiceAddress
|
|
Proxy structs.ConnectProxyConfig
|
|
Datacenter string
|
|
|
|
Roots *structs.IndexedCARoots
|
|
|
|
// connect-proxy specific
|
|
ConnectProxy configSnapshotConnectProxy
|
|
|
|
// mesh-gateway specific
|
|
MeshGateway configSnapshotMeshGateway
|
|
|
|
// Skip intentions for now as we don't push those down yet, just pre-warm them.
|
|
}
|
|
|
|
// Valid returns whether or not the snapshot has all required fields filled yet.
|
|
func (s *ConfigSnapshot) Valid() bool {
|
|
switch s.Kind {
|
|
case structs.ServiceKindConnectProxy:
|
|
return s.Roots != nil && s.ConnectProxy.Leaf != nil
|
|
case structs.ServiceKindMeshGateway:
|
|
return s.Roots != nil && (s.MeshGateway.WatchedServicesSet || len(s.MeshGateway.ServiceGroups) > 0)
|
|
default:
|
|
return false
|
|
}
|
|
}
|
|
|
|
// Clone makes a deep copy of the snapshot we can send to other goroutines
|
|
// without worrying that they will racily read or mutate shared maps etc.
|
|
func (s *ConfigSnapshot) Clone() (*ConfigSnapshot, error) {
|
|
snapCopy, err := copystructure.Copy(s)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
snap := snapCopy.(*ConfigSnapshot)
|
|
|
|
// nil these out as anything receiving one of these clones does not need them and should never "cancel" our watches
|
|
switch s.Kind {
|
|
case structs.ServiceKindConnectProxy:
|
|
snap.ConnectProxy.WatchedUpstreams = nil
|
|
snap.ConnectProxy.WatchedGateways = nil
|
|
case structs.ServiceKindMeshGateway:
|
|
snap.MeshGateway.WatchedDatacenters = nil
|
|
snap.MeshGateway.WatchedServices = nil
|
|
}
|
|
|
|
return snap, nil
|
|
}
|