diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index cfdfd4d7f3..64ea872680 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -317,6 +317,7 @@ func (s *Server) makeIngressGatewayListeners(address string, cfgSnap *proxycfg.C useRDS: true, protocol: listenerKey.Protocol, filterName: listenerKey.RouteName(), + routeName: listenerKey.RouteName(), cluster: "", statPrefix: "ingress_upstream_", routePath: "", @@ -557,6 +558,7 @@ func (s *Server) makePublicListener(cInfo connectionInfo, cfgSnap *proxycfg.Conf useRDS: false, protocol: cfg.Protocol, filterName: "public_listener", + routeName: "public_listener", cluster: LocalAppClusterName, statPrefix: "", routePath: "", @@ -651,6 +653,7 @@ func (s *Server) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSnapshot, clus useRDS: false, protocol: path.Protocol, filterName: filterName, + routeName: filterName, cluster: cluster, statPrefix: "", routePath: path.Path, @@ -822,6 +825,7 @@ func (s *Server) makeFilterChainTerminatingGateway( opts := listenerFilterOpts{ protocol: protocol, filterName: listener, + routeName: cluster, // Set cluster name for route config since each will have its own cluster: cluster, statPrefix: statPrefix, routePath: "", @@ -1001,6 +1005,7 @@ func (s *Server) makeUpstreamListenerForDiscoveryChain( useRDS: useRDS, protocol: cfg.Protocol, filterName: upstreamID, + routeName: upstreamID, cluster: clusterName, statPrefix: "upstream_", routePath: "", @@ -1074,6 +1079,7 @@ type listenerFilterOpts struct { useRDS bool protocol string filterName string + routeName string cluster string statPrefix string routePath string @@ -1083,12 +1089,8 @@ type listenerFilterOpts struct { func makeListenerFilter(opts listenerFilterOpts) (*envoylistener.Filter, error) { switch opts.protocol { - case "grpc": - return makeHTTPFilter(opts.useRDS, opts.filterName, opts.cluster, opts.statPrefix, opts.routePath, opts.ingress, true, true, opts.httpAuthzFilter) - case "http2": - return makeHTTPFilter(opts.useRDS, opts.filterName, opts.cluster, opts.statPrefix, opts.routePath, opts.ingress, false, true, opts.httpAuthzFilter) - case "http": - return makeHTTPFilter(opts.useRDS, opts.filterName, opts.cluster, opts.statPrefix, opts.routePath, opts.ingress, false, false, opts.httpAuthzFilter) + case "grpc", "http2", "http": + return makeHTTPFilter(opts) case "tcp": fallthrough default: @@ -1131,23 +1133,18 @@ func makeStatPrefix(protocol, prefix, filterName string) string { return fmt.Sprintf("%s%s_%s", prefix, strings.Replace(filterName, ":", "_", -1), protocol) } -func makeHTTPFilter( - useRDS bool, - filterName, cluster, statPrefix, routePath string, - ingress, grpc, http2 bool, - authzFilter *envoyhttp.HttpFilter, -) (*envoylistener.Filter, error) { +func makeHTTPFilter(opts listenerFilterOpts) (*envoylistener.Filter, error) { op := envoyhttp.HttpConnectionManager_Tracing_INGRESS - if !ingress { + if !opts.ingress { op = envoyhttp.HttpConnectionManager_Tracing_EGRESS } proto := "http" - if grpc { - proto = "grpc" + if opts.protocol == "grpc" { + proto = opts.protocol } cfg := &envoyhttp.HttpConnectionManager{ - StatPrefix: makeStatPrefix(proto, statPrefix, filterName), + StatPrefix: makeStatPrefix(proto, opts.statPrefix, opts.filterName), CodecType: envoyhttp.HttpConnectionManager_AUTO, HttpFilters: []*envoyhttp.HttpFilter{ { @@ -1163,13 +1160,13 @@ func makeHTTPFilter( }, } - if useRDS { - if cluster != "" { + if opts.useRDS { + if opts.cluster != "" { return nil, fmt.Errorf("cannot specify cluster name when using RDS") } cfg.RouteSpecifier = &envoyhttp.HttpConnectionManager_Rds{ Rds: &envoyhttp.Rds{ - RouteConfigName: filterName, + RouteConfigName: opts.routeName, ConfigSource: &envoycore.ConfigSource{ ConfigSourceSpecifier: &envoycore.ConfigSource_Ads{ Ads: &envoycore.AggregatedConfigSource{}, @@ -1178,7 +1175,7 @@ func makeHTTPFilter( }, } } else { - if cluster == "" { + if opts.cluster == "" { return nil, fmt.Errorf("must specify cluster name when not using RDS") } route := &envoyroute.Route{ @@ -1195,22 +1192,22 @@ func makeHTTPFilter( Action: &envoyroute.Route_Route{ Route: &envoyroute.RouteAction{ ClusterSpecifier: &envoyroute.RouteAction_Cluster{ - Cluster: cluster, + Cluster: opts.cluster, }, }, }, } // If a path is provided, do not match on a catch-all prefix - if routePath != "" { - route.Match.PathSpecifier = &envoyroute.RouteMatch_Path{Path: routePath} + if opts.routePath != "" { + route.Match.PathSpecifier = &envoyroute.RouteMatch_Path{Path: opts.routePath} } cfg.RouteSpecifier = &envoyhttp.HttpConnectionManager_RouteConfig{ RouteConfig: &envoy.RouteConfiguration{ - Name: filterName, + Name: opts.routeName, VirtualHosts: []*envoyroute.VirtualHost{ { - Name: filterName, + Name: opts.filterName, Domains: []string{"*"}, Routes: []*envoyroute.Route{ route, @@ -1221,7 +1218,7 @@ func makeHTTPFilter( } } - if http2 { + if opts.protocol == "http2" || opts.protocol == "grpc" { cfg.Http2ProtocolOptions = &envoycore.Http2ProtocolOptions{} } @@ -1229,11 +1226,11 @@ func makeHTTPFilter( // (other than the "envoy.grpc_http1_bridge" filter) in the http filter // chain of a public listener is the authz filter to prevent unauthorized // access and that every filter chain uses our TLS certs. - if authzFilter != nil { - cfg.HttpFilters = append([]*envoyhttp.HttpFilter{authzFilter}, cfg.HttpFilters...) + if opts.httpAuthzFilter != nil { + cfg.HttpFilters = append([]*envoyhttp.HttpFilter{opts.httpAuthzFilter}, cfg.HttpFilters...) } - if grpc { + if opts.protocol == "grpc" { // Add grpc bridge before router and authz cfg.HttpFilters = append([]*envoyhttp.HttpFilter{{ Name: "envoy.grpc_http1_bridge", diff --git a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-12-x.golden b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-12-x.golden index c6ab6ce7c5..9947e4838b 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-12-x.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-12-x.golden @@ -202,7 +202,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": { @@ -264,7 +264,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": { @@ -326,7 +326,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": { diff --git a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-13-x.golden b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-13-x.golden index c6ab6ce7c5..9947e4838b 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-13-x.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-13-x.golden @@ -202,7 +202,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": { @@ -264,7 +264,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": { @@ -326,7 +326,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": { diff --git a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-14-x.golden b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-14-x.golden index c6ab6ce7c5..9947e4838b 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-14-x.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-14-x.golden @@ -202,7 +202,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": { @@ -264,7 +264,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": { @@ -326,7 +326,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": { diff --git a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-15-x.golden b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-15-x.golden index c6ab6ce7c5..9947e4838b 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-15-x.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.envoy-1-15-x.golden @@ -202,7 +202,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": { @@ -264,7 +264,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": { @@ -326,7 +326,7 @@ "ads": { } }, - "route_config_name": "default" + "route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, "stat_prefix": "terminating_gateway_default_web_default_http", "tracing": {