luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/xds/testdata/clusters
History
Freddy 6ef38eaea7
Configure upstream TLS context with peer root certs (#13321) 
For mTLS to work between two proxies in peered clusters with different root CAs,
proxies need to configure their outbound listener to use different root certificates
for validation.

Up until peering was introduced proxies would only ever use one set of root certificates
to validate all mesh traffic, both inbound and outbound. Now an upstream proxy
may have a leaf certificate signed by a CA that's different from the dialing proxy's.

This PR makes changes to proxycfg and xds so that the upstream TLS validation
uses different root certificates depending on which cluster is being dialed.
 		2022-06-01 15:53:52 -06:00
..
connect-proxy-lb-in-resolver.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain-and-failover.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain-and-overrides.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain-external-sni.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-peered-upstreams.latest.golden Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tls-outgoing-cipher-suites.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tls-outgoing-max-version.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tls-outgoing-min-version-auto.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tls-outgoing-min-version.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-limits-max-connections-only.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-limits-set-to-zero.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-limits.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-local-app.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-max-inbound-connections.latest.golden Add connection limit setting to service defaults 2022-05-24 10:13:38 -07:00
custom-timeouts.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-upstream-default-chain.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-upstream.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
defaults.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
downstream-service-with-unix-sockets.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
expose-paths-grpc-new-cluster-http1.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
expose-paths-local-app-paths.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
expose-paths-new-cluster-http2.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-gateway-no-services.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-gateway-with-tls-outgoing-max-version.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-gateway-with-tls-outgoing-min-version.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-lb-in-resolver.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-multiple-listeners-duplicate-service.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-splitter-with-resolver-redirect.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-chain-and-failover.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-chain-external-sni.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-chain.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-failover-through-local-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-hash-lb-ignored.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-ignore-extra-resolvers.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-no-services.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-non-hash-lb-injected.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-service-subsets.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-service-timeouts.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-using-federation-states.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
splitter-with-resolver-redirect.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-hostname-service-subsets.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-ignore-extra-resolvers.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-lb-config.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-no-services.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-service-subsets.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-sni.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
transparent-proxy-catalog-destinations-only.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
transparent-proxy-dial-instances-directly.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
transparent-proxy.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00