luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/consul
History
Derek Menteer 9e76d274ec
Fix mesh gateway configuration with proxy-defaults (#15186) 
* Fix mesh gateway proxy-defaults not affecting upstreams.

* Clarify distinction with upstream settings

Top-level mesh gateway mode in proxy-defaults and service-defaults gets
merged into NodeService.Proxy.MeshGateway, and only gets merged with
the mode attached to an an upstream in proxycfg/xds.

* Fix mgw mode usage for peered upstreams

There were a couple issues with how mgw mode was being handled for
peered upstreams.

For starters, mesh gateway mode from proxy-defaults
and the top-level of service-defaults gets stored in
NodeService.Proxy.MeshGateway, but the upstream watch for peered data
was only considering the mesh gateway config attached in
NodeService.Proxy.Upstreams[i]. This means that applying a mesh gateway
mode via global proxy-defaults or service-defaults on the downstream
would not have an effect.

Separately, transparent proxy watches for peered upstreams didn't
consider mesh gateway mode at all.

This commit addresses the first issue by ensuring that we overlay the
upstream config for peered upstreams as we do for non-peered. The second
issue is addressed by re-using setupWatchesForPeeredUpstream when
handling transparent proxy updates.

Note that for transparent proxies we do not yet support mesh gateway
mode per upstream, so the NodeService.Proxy.MeshGateway mode is used.

* Fix upstream mesh gateway mode handling in xds

This commit ensures that when determining the mesh gateway mode for
peered upstreams we consider the NodeService.Proxy.MeshGateway config as
a baseline.

In absense of this change, setting a mesh gateway mode via
proxy-defaults or the top-level of service-defaults will not have an
effect for peered upstreams.

* Merge service/proxy defaults in cfg resolver

Previously the mesh gateway mode for connect proxies would be
merged at three points:

1. On servers, in ComputeResolvedServiceConfig.
2. On clients, in MergeServiceConfig.
3. On clients, in proxycfg/xds.

The first merge returns a ServiceConfigResponse where there is a
top-level MeshGateway config from proxy/service-defaults, along with
per-upstream config.

The second merge combines per-upstream config specified at the service
instance with per-upstream config specified centrally.

The third merge combines the NodeService.Proxy.MeshGateway
config containing proxy/service-defaults data with the per-upstream
mode. This third merge is easy to miss, which led to peered upstreams
not considering the mesh gateway mode from proxy-defaults.

This commit removes the third merge, and ensures that all mesh gateway
config is available at the upstream. This way proxycfg/xds do not need
to do additional overlays.

* Ensure that proxy-defaults is considered in wc

Upstream defaults become a synthetic Upstream definition under a
wildcard key "*". Now that proxycfg/xds expect Upstream definitions to
have the final MeshGateway values, this commit ensures that values from
proxy-defaults/service-defaults are the default for this synthetic
upstream.

* Add changelog.

Co-authored-by: freddygv <freddy@hashicorp.com>
 		2022-11-09 10:14:29 -06:00
..
auth acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
authmethod Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
autopilotevents fix(peering): add missing grpc_tls_port for server address reconciliation (#14944) 2022-10-11 10:56:29 -04:00
discoverychain Update the structs and discovery chain for service resolver redirects to cluster peers. (#14366) 2022-08-29 09:51:32 -04:00
fsm fix: persist peering CA updates to dialing clusters (#15243) 2022-11-04 12:53:20 -04:00
prepared_query Rename `PeerName` to `Peer` on prepared queries and exported services (#14854) 2022-10-04 14:46:15 -04:00
servercert Share mgw addrs in peering stream if needed 2022-10-03 11:42:20 -06:00
state fix: persist peering CA updates to dialing clusters (#15243) 2022-11-04 12:53:20 -04:00
stream proxycfg: server-local config entry data sources 2022-07-04 10:48:36 +01:00
testdata ca: examine the full chain in newCARoot 2022-02-17 18:21:30 -05:00
usagemetrics add non-double-prefixed metrics (#14193) 2022-09-09 12:13:43 -05:00
wanfed
watch Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
xdscapacity Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
acl.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
acl_authmethod.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_authmethod_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
acl_client.go Generate ACL token for server management 2022-09-16 17:54:34 -06:00
acl_endpoint.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
acl_endpoint_legacy.go acl: remove most of the rest of structs/acl_legacy.go 2021-10-25 17:20:06 -04:00
acl_endpoint_oss.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_endpoint_test.go proxycfg: server-local intention upstreams data source 2022-07-04 10:48:36 +01:00
acl_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
acl_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
acl_replication.go
acl_replication_test.go proxycfg: server-local intention upstreams data source 2022-07-04 10:48:36 +01:00
acl_replication_types.go proxycfg: server-local intention upstreams data source 2022-07-04 10:48:36 +01:00
acl_server.go Add server certificate manager 2022-09-16 17:57:10 -06:00
acl_server_oss.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_test.go Add server certificate manager 2022-09-16 17:57:10 -06:00
acl_token_exp.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_token_exp_test.go [OSS] Remove remaining references to master (#11827) 2022-01-20 12:47:50 +00:00
auto_config_backend.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
auto_config_backend_test.go [OSS] Remove remaining references to master (#11827) 2022-01-20 12:47:50 +00:00
auto_config_endpoint.go Add CSR check for number of URIs. (#14579) 2022-09-13 14:21:47 -05:00
auto_config_endpoint_test.go Add CSR check for number of URIs. (#14579) 2022-09-13 14:21:47 -05:00
auto_encrypt_endpoint.go autoencrypt: helpful error for clients with wrong dc (#14832) 2022-10-25 10:13:41 -07:00
auto_encrypt_endpoint_test.go autoencrypt: helpful error for clients with wrong dc (#14832) 2022-10-25 10:13:41 -07:00
autopilot.go xDS Load Balancing (#14397) 2022-09-09 15:02:01 +01:00
autopilot_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
autopilot_test.go Add event generation for autopilot state updates (#12626) 2022-04-19 13:03:03 -04:00
catalog_endpoint.go chore: remove unused argument from MergeNodeServiceWithCentralConfig (#15024) 2022-11-09 14:54:57 +00:00
catalog_endpoint_test.go Refactor client RPC timeouts (#14965) 2022-10-18 15:05:09 -04:00
client.go Refactor client RPC timeouts (#14965) 2022-10-18 15:05:09 -04:00
client_serf.go add HCP integration component (#14723) 2022-09-26 14:58:15 -04:00
client_test.go Refactor client RPC timeouts (#14965) 2022-10-18 15:05:09 -04:00
cluster_test.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
config.go Refactor client RPC timeouts (#14965) 2022-10-18 15:05:09 -04:00
config_endpoint.go proxycfg-glue: server-local implementation of ResolvedServiceConfig 2022-09-06 23:27:25 +01:00
config_endpoint_test.go Fix mesh gateway configuration with proxy-defaults (#15186) 2022-11-09 10:14:29 -06:00
config_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
config_replication.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
config_replication_test.go server: partly fix config entry replication issue that prevents replication in some circumstances (#12307) 2022-02-23 17:27:48 -06:00
config_test.go Upgrade serf to v0.10.1 and memberlist to v0.5.0 to get memberlist size metrics and broadcast queue depth metric (#14873) 2022-10-04 17:51:37 -06:00
connect_ca_endpoint.go ConnectCA.Sign gRPC Endpoint (#12787) 2022-04-14 14:26:14 +01:00
connect_ca_endpoint_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
coordinate_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
coordinate_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
discovery_chain_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
discovery_chain_endpoint_test.go Cluster peering failover disco chain changes (#14296) 2022-08-23 09:13:43 -04:00
enterprise_client_oss.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
enterprise_config_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
enterprise_server_oss.go Add leader routine to clean up peerings 2022-06-14 15:36:50 -06:00
enterprise_server_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
federation_state_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
federation_state_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
federation_state_replication.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
federation_state_replication_test.go
filter.go
filter_test.go acl: remove id and revision from Policy constructors 2021-11-05 15:45:08 -04:00
flood.go
gateway_locator.go rpc: improve docs for blockingQuery 2022-02-15 14:20:14 -05:00
gateway_locator_test.go rpc: improve docs for blockingQuery 2022-02-15 14:20:14 -05:00
grpc_integration_test.go Support Stale Queries for Trust Bundle Lookups (#14724) 2022-09-28 09:56:59 -07:00
health_endpoint.go chore: remove unused argument from MergeNodeServiceWithCentralConfig (#15024) 2022-11-09 14:54:57 +00:00
health_endpoint_test.go block PeerName register requests (#13887) 2022-07-29 14:36:22 -07:00
helper_test.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
intention_endpoint.go add non-double-prefixed metrics (#14193) 2022-09-09 12:13:43 -05:00
intention_endpoint_test.go peering: block Intention.Apply ops (#13451) 2022-06-16 12:07:28 -07:00
internal_endpoint.go Prevent consul peer-exports by discovery chain. 2022-10-13 12:45:09 -05:00
internal_endpoint_test.go Rename `PeerName` to `Peer` on prepared queries and exported services (#14854) 2022-10-04 14:46:15 -04:00
issue_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
kvs_endpoint.go Add kv txn get-not-exists operation. 2022-09-06 10:28:59 -05:00
kvs_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
leader.go Add server certificate manager 2022-09-16 17:57:10 -06:00
leader_connect.go Add virtual IP generation for term gateway backed services 2022-01-12 12:08:49 -08:00
leader_connect_ca.go Merge pull request #14598 from hashicorp/root-removal-fix 2022-09-15 14:36:01 -07:00
leader_connect_ca_test.go Add CSR check for number of URIs. (#14579) 2022-09-13 14:21:47 -05:00
leader_connect_test.go connect/ca: don't discard old roots on primaryInitialize 2022-09-15 12:59:09 -07:00
leader_federation_state_ae.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
leader_federation_state_ae_test.go Rename `ACLMasterToken` => `ACLInitialManagementToken` (#11746) 2021-12-07 12:39:28 +00:00
leader_intentions.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
leader_intentions_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
leader_intentions_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
leader_intentions_test.go configentry: make a new package to hold shared config entry structs that aren't used for RPC or the FSM (#12384) 2022-02-22 10:36:36 -06:00
leader_metrics.go ca: use the new leaf signing lookup func in leader metrics 2022-01-06 16:55:49 -05:00
leader_oss_test.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
leader_peering.go Decrease retry time for failed peering connections. 2022-10-31 14:30:27 -05:00
leader_peering_test.go Update hcp-scada-provider to fix diamond dependency problem with go-msgpack (#15185) 2022-11-07 11:34:30 -05:00
leader_test.go add HCP integration component (#14723) 2022-09-26 14:58:15 -04:00
logging.go
logging_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
merge.go catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
merge_oss.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
merge_oss_test.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
merge_test.go catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
operator_autopilot_endpoint.go Enable running autopilot state updates on all servers (#12617) 2022-04-07 10:48:48 -04:00
operator_autopilot_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
operator_endpoint.go
operator_raft_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
operator_raft_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
options.go add HCP integration component (#14723) 2022-09-26 14:58:15 -04:00
options_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
peering_backend.go Bring back parameter ServerExternalAddresses in GenerateToken endpoint (#15267) 2022-11-08 14:55:18 -06:00
peering_backend_oss.go peering: move peer replication to the external gRPC port (#13698) 2022-07-08 12:01:13 -05:00
peering_backend_oss_test.go Update hcp-scada-provider to fix diamond dependency problem with go-msgpack (#15185) 2022-11-07 11:34:30 -05:00
peering_backend_test.go Bring back parameter ServerExternalAddresses in GenerateToken endpoint (#15267) 2022-11-08 14:55:18 -06:00
prepared_query_endpoint.go Rename `PeerName` to `Peer` on prepared queries and exported services (#14854) 2022-10-04 14:46:15 -04:00
prepared_query_endpoint_test.go Update hcp-scada-provider to fix diamond dependency problem with go-msgpack (#15185) 2022-11-07 11:34:30 -05:00
raft_rpc.go
replication.go Apply suggestions from code review 2022-01-26 12:24:13 -05:00
replication_test.go
rpc.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
rpc_test.go Refactor client RPC timeouts (#14965) 2022-10-18 15:05:09 -04:00
rtt.go
rtt_test.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
segment_oss.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
serf_filter.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
serf_test.go
server.go Refactor client RPC timeouts (#14965) 2022-10-18 15:05:09 -04:00
server_connect.go Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
server_lookup.go
server_lookup_test.go
server_oss.go feat(telemetry): add labels to serf and memberlist metrics (#14161) 2022-08-11 22:09:56 -04:00
server_overview.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
server_overview_test.go oss: Add overview UI internal endpoint 2022-03-22 17:05:09 -07:00
server_register.go Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
server_serf.go add HCP integration component (#14723) 2022-09-26 14:58:15 -04:00
server_test.go Update hcp-scada-provider to fix diamond dependency problem with go-msgpack (#15185) 2022-11-07 11:34:30 -05:00
session_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
session_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
session_timers.go
session_timers_test.go
session_ttl.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
session_ttl_test.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
snapshot_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
snapshot_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
stats_fetcher.go introduce EmptyReadRequest for status_endpoint (#12653) 2022-03-29 18:05:45 -07:00
stats_fetcher_test.go
status_endpoint.go introduce EmptyReadRequest for status_endpoint (#12653) 2022-03-29 18:05:45 -07:00
status_endpoint_test.go Support per-listener TLS configuration ⚙️ (#12504) 2022-03-18 10:46:58 +00:00
subscribe_backend.go grpc: rename public/private directories to external/internal (#13721) 2022-07-13 16:33:48 +01:00
subscribe_backend_test.go test: fix flaky TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages test (#15195) 2022-10-31 12:10:43 -05:00
system_metadata.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
system_metadata_test.go testing: Revert assertion for virtual IP flag (#11932) 2022-01-04 11:24:56 -05:00
txn_endpoint.go Move ACLResolveResult into acl/resolver package (#13467) 2022-06-17 10:24:43 +01:00
txn_endpoint_test.go Enable servers to configure arbitrary proxies from the catalog (#13244) 2022-05-27 12:38:52 +01:00
util.go catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
util_test.go