diff --git a/agent/proxycfg/mesh_gateway.go b/agent/proxycfg/mesh_gateway.go index d5463e9187..22f510620b 100644 --- a/agent/proxycfg/mesh_gateway.go +++ b/agent/proxycfg/mesh_gateway.go @@ -13,6 +13,8 @@ import ( "github.com/hashicorp/consul/logging" ) +const exportingPartitionsWatchID = "exporting-partitions" + type handlerMeshGateway struct { handlerState } @@ -33,7 +35,7 @@ func (s *handlerMeshGateway) initialize(ctx context.Context) (ConfigSnapshot, er wildcardEntMeta := s.proxyID.WithWildcardNamespace() // Watch for all services. - // Eventually we will have to watch connect enable instances for each service as well as the + // Eventually we will have to watch connect enabled instances for each service as well as the // destination services themselves but those notifications will be setup later. // We cannot setup those watches until we know what the services are. err = s.cache.Notify(ctx, cachetype.CatalogServiceListName, &structs.DCSpecificRequest{ diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index 3b0acaaefd..dce76f8c31 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -294,7 +294,7 @@ type configSnapshotMeshGateway struct { HostnameDatacenters map[string]structs.CheckServiceNodes } -func (c *configSnapshotMeshGateway) Keys() []GatewayKey { +func (c *configSnapshotMeshGateway) GatewayKeys() []GatewayKey { sz1, sz2 := len(c.GatewayGroups), len(c.FedStateGateways) sz := sz1 diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go index cb46764f30..2c443f6be6 100644 --- a/agent/proxycfg/state.go +++ b/agent/proxycfg/state.go @@ -37,7 +37,6 @@ const ( datacentersWatchID = "datacenters" serviceResolversWatchID = "service-resolvers" gatewayServicesWatchID = "gateway-services" - exportingPartitionsWatchID = "exporting-partitions" gatewayConfigWatchID = "gateway-config" externalServiceIDPrefix = "external-service:" serviceLeafIDPrefix = "service-leaf:" diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index b0788d324e..9e7477c8d7 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -19,6 +19,7 @@ import ( "github.com/golang/protobuf/ptypes/any" "github.com/golang/protobuf/ptypes/wrappers" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" @@ -202,7 +203,7 @@ func makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, // for a mesh gateway. This will include 1 cluster per remote datacenter as well as // 1 cluster for each service subset. func (s *ResourceGenerator) clustersFromSnapshotMeshGateway(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) { - keys := cfgSnap.MeshGateway.Keys() + keys := cfgSnap.MeshGateway.GatewayKeys() // 1 cluster per remote dc + 1 cluster per local service (this is a lower bound - all subset specific clusters will be appended) clusters := make([]proto.Message, 0, len(keys)+len(cfgSnap.MeshGateway.ServiceGroups)) @@ -222,7 +223,10 @@ func (s *ResourceGenerator) clustersFromSnapshotMeshGateway(cfgSnap *proxycfg.Co clusters = append(clusters, cluster) } - if cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && cfgSnap.ServerSNIFn != nil { + if cfgSnap.ProxyID.PartitionOrEmpty() == acl.DefaultPartitionName && + cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && + cfgSnap.ServerSNIFn != nil { + // Add all of the remote wildcard datacenter mappings for servers. for _, key := range keys { hostnameEndpoints := cfgSnap.MeshGateway.HostnameDatacenters[key.String()] diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index 6d36956c8d..e40f4a71c4 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -10,6 +10,7 @@ import ( "github.com/golang/protobuf/proto" bexpr "github.com/hashicorp/go-bexpr" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" @@ -109,14 +110,13 @@ func (s *ResourceGenerator) endpointsFromSnapshotTerminatingGateway(cfgSnap *pro } func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) { - keys := cfgSnap.MeshGateway.Keys() + keys := cfgSnap.MeshGateway.GatewayKeys() resources := make([]proto.Message, 0, len(keys)+len(cfgSnap.MeshGateway.ServiceGroups)) - // generate the endpoints for the gateways in the remote datacenters for _, key := range keys { - // Skip creating endpoints for mesh gateways in local DC/partition and gateways. - // Also skip gateways with a hostname as their address. - // EDS cannot resolve hostnames, so we provide them through CDS instead. + // Skip creating endpoints for mesh gateways in local DC/partition. + // Also skip gateways with a hostname as their address. EDS cannot resolve hostnames, + // so we provide them through CDS instead. if key.Matches(cfgSnap.Datacenter, cfgSnap.ProxyID.PartitionOrEmpty()) || len(cfgSnap.MeshGateway.HostnameDatacenters[key.String()]) > 0 { continue @@ -144,9 +144,11 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C resources = append(resources, la) } - if cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && cfgSnap.ServerSNIFn != nil { - clusterName := cfgSnap.ServerSNIFn(key.Datacenter, "") + if cfgSnap.ProxyID.PartitionOrEmpty() == acl.DefaultPartitionName && + cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && + cfgSnap.ServerSNIFn != nil { + clusterName := cfgSnap.ServerSNIFn(key.Datacenter, "") la := makeLoadAssignment( clusterName, []loadAssignmentEndpointGroup{ @@ -159,7 +161,9 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C } // generate endpoints for our servers if WAN federation is enabled - if cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && cfgSnap.ServerSNIFn != nil { + if cfgSnap.ProxyID.PartitionOrEmpty() == acl.DefaultPartitionName && + cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && + cfgSnap.ServerSNIFn != nil { var allServersLbEndpoints []*envoy_endpoint_v3.LbEndpoint for _, srv := range cfgSnap.MeshGateway.ConsulServers { diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index ab4a45b257..1f9e7f1f57 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -11,6 +11,7 @@ import ( "strings" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect/ca" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" @@ -1137,7 +1138,7 @@ func (s *ResourceGenerator) makeMeshGatewayListener(name, addr string, port int, // TODO (mesh-gateway) - Do we need to create clusters for all the old trust domains as well? // We need 1 Filter Chain per datacenter - keys := cfgSnap.MeshGateway.Keys() + keys := cfgSnap.MeshGateway.GatewayKeys() for _, key := range keys { if key.Matches(cfgSnap.Datacenter, cfgSnap.ProxyID.PartitionOrEmpty()) { continue // skip local @@ -1160,7 +1161,10 @@ func (s *ResourceGenerator) makeMeshGatewayListener(name, addr string, port int, }) } - if cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && cfgSnap.ServerSNIFn != nil { + if cfgSnap.ProxyID.PartitionOrEmpty() == acl.DefaultPartitionName && + cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && + cfgSnap.ServerSNIFn != nil { + for _, key := range keys { if key.Datacenter == cfgSnap.Datacenter { continue // skip local