mirror of https://github.com/hashicorp/consul
Set tgw filter router config name to cluster name
parent
959d9913b8
commit
403a180430
|
@ -317,6 +317,7 @@ func (s *Server) makeIngressGatewayListeners(address string, cfgSnap *proxycfg.C
|
||||||
useRDS: true,
|
useRDS: true,
|
||||||
protocol: listenerKey.Protocol,
|
protocol: listenerKey.Protocol,
|
||||||
filterName: listenerKey.RouteName(),
|
filterName: listenerKey.RouteName(),
|
||||||
|
routeName: listenerKey.RouteName(),
|
||||||
cluster: "",
|
cluster: "",
|
||||||
statPrefix: "ingress_upstream_",
|
statPrefix: "ingress_upstream_",
|
||||||
routePath: "",
|
routePath: "",
|
||||||
|
@ -557,6 +558,7 @@ func (s *Server) makePublicListener(cInfo connectionInfo, cfgSnap *proxycfg.Conf
|
||||||
useRDS: false,
|
useRDS: false,
|
||||||
protocol: cfg.Protocol,
|
protocol: cfg.Protocol,
|
||||||
filterName: "public_listener",
|
filterName: "public_listener",
|
||||||
|
routeName: "public_listener",
|
||||||
cluster: LocalAppClusterName,
|
cluster: LocalAppClusterName,
|
||||||
statPrefix: "",
|
statPrefix: "",
|
||||||
routePath: "",
|
routePath: "",
|
||||||
|
@ -651,6 +653,7 @@ func (s *Server) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSnapshot, clus
|
||||||
useRDS: false,
|
useRDS: false,
|
||||||
protocol: path.Protocol,
|
protocol: path.Protocol,
|
||||||
filterName: filterName,
|
filterName: filterName,
|
||||||
|
routeName: filterName,
|
||||||
cluster: cluster,
|
cluster: cluster,
|
||||||
statPrefix: "",
|
statPrefix: "",
|
||||||
routePath: path.Path,
|
routePath: path.Path,
|
||||||
|
@ -822,6 +825,7 @@ func (s *Server) makeFilterChainTerminatingGateway(
|
||||||
opts := listenerFilterOpts{
|
opts := listenerFilterOpts{
|
||||||
protocol: protocol,
|
protocol: protocol,
|
||||||
filterName: listener,
|
filterName: listener,
|
||||||
|
routeName: cluster, // Set cluster name for route config since each will have its own
|
||||||
cluster: cluster,
|
cluster: cluster,
|
||||||
statPrefix: statPrefix,
|
statPrefix: statPrefix,
|
||||||
routePath: "",
|
routePath: "",
|
||||||
|
@ -1001,6 +1005,7 @@ func (s *Server) makeUpstreamListenerForDiscoveryChain(
|
||||||
useRDS: useRDS,
|
useRDS: useRDS,
|
||||||
protocol: cfg.Protocol,
|
protocol: cfg.Protocol,
|
||||||
filterName: upstreamID,
|
filterName: upstreamID,
|
||||||
|
routeName: upstreamID,
|
||||||
cluster: clusterName,
|
cluster: clusterName,
|
||||||
statPrefix: "upstream_",
|
statPrefix: "upstream_",
|
||||||
routePath: "",
|
routePath: "",
|
||||||
|
@ -1074,6 +1079,7 @@ type listenerFilterOpts struct {
|
||||||
useRDS bool
|
useRDS bool
|
||||||
protocol string
|
protocol string
|
||||||
filterName string
|
filterName string
|
||||||
|
routeName string
|
||||||
cluster string
|
cluster string
|
||||||
statPrefix string
|
statPrefix string
|
||||||
routePath string
|
routePath string
|
||||||
|
@ -1083,12 +1089,8 @@ type listenerFilterOpts struct {
|
||||||
|
|
||||||
func makeListenerFilter(opts listenerFilterOpts) (*envoylistener.Filter, error) {
|
func makeListenerFilter(opts listenerFilterOpts) (*envoylistener.Filter, error) {
|
||||||
switch opts.protocol {
|
switch opts.protocol {
|
||||||
case "grpc":
|
case "grpc", "http2", "http":
|
||||||
return makeHTTPFilter(opts.useRDS, opts.filterName, opts.cluster, opts.statPrefix, opts.routePath, opts.ingress, true, true, opts.httpAuthzFilter)
|
return makeHTTPFilter(opts)
|
||||||
case "http2":
|
|
||||||
return makeHTTPFilter(opts.useRDS, opts.filterName, opts.cluster, opts.statPrefix, opts.routePath, opts.ingress, false, true, opts.httpAuthzFilter)
|
|
||||||
case "http":
|
|
||||||
return makeHTTPFilter(opts.useRDS, opts.filterName, opts.cluster, opts.statPrefix, opts.routePath, opts.ingress, false, false, opts.httpAuthzFilter)
|
|
||||||
case "tcp":
|
case "tcp":
|
||||||
fallthrough
|
fallthrough
|
||||||
default:
|
default:
|
||||||
|
@ -1131,23 +1133,18 @@ func makeStatPrefix(protocol, prefix, filterName string) string {
|
||||||
return fmt.Sprintf("%s%s_%s", prefix, strings.Replace(filterName, ":", "_", -1), protocol)
|
return fmt.Sprintf("%s%s_%s", prefix, strings.Replace(filterName, ":", "_", -1), protocol)
|
||||||
}
|
}
|
||||||
|
|
||||||
func makeHTTPFilter(
|
func makeHTTPFilter(opts listenerFilterOpts) (*envoylistener.Filter, error) {
|
||||||
useRDS bool,
|
|
||||||
filterName, cluster, statPrefix, routePath string,
|
|
||||||
ingress, grpc, http2 bool,
|
|
||||||
authzFilter *envoyhttp.HttpFilter,
|
|
||||||
) (*envoylistener.Filter, error) {
|
|
||||||
op := envoyhttp.HttpConnectionManager_Tracing_INGRESS
|
op := envoyhttp.HttpConnectionManager_Tracing_INGRESS
|
||||||
if !ingress {
|
if !opts.ingress {
|
||||||
op = envoyhttp.HttpConnectionManager_Tracing_EGRESS
|
op = envoyhttp.HttpConnectionManager_Tracing_EGRESS
|
||||||
}
|
}
|
||||||
proto := "http"
|
proto := "http"
|
||||||
if grpc {
|
if opts.protocol == "grpc" {
|
||||||
proto = "grpc"
|
proto = opts.protocol
|
||||||
}
|
}
|
||||||
|
|
||||||
cfg := &envoyhttp.HttpConnectionManager{
|
cfg := &envoyhttp.HttpConnectionManager{
|
||||||
StatPrefix: makeStatPrefix(proto, statPrefix, filterName),
|
StatPrefix: makeStatPrefix(proto, opts.statPrefix, opts.filterName),
|
||||||
CodecType: envoyhttp.HttpConnectionManager_AUTO,
|
CodecType: envoyhttp.HttpConnectionManager_AUTO,
|
||||||
HttpFilters: []*envoyhttp.HttpFilter{
|
HttpFilters: []*envoyhttp.HttpFilter{
|
||||||
{
|
{
|
||||||
|
@ -1163,13 +1160,13 @@ func makeHTTPFilter(
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if useRDS {
|
if opts.useRDS {
|
||||||
if cluster != "" {
|
if opts.cluster != "" {
|
||||||
return nil, fmt.Errorf("cannot specify cluster name when using RDS")
|
return nil, fmt.Errorf("cannot specify cluster name when using RDS")
|
||||||
}
|
}
|
||||||
cfg.RouteSpecifier = &envoyhttp.HttpConnectionManager_Rds{
|
cfg.RouteSpecifier = &envoyhttp.HttpConnectionManager_Rds{
|
||||||
Rds: &envoyhttp.Rds{
|
Rds: &envoyhttp.Rds{
|
||||||
RouteConfigName: filterName,
|
RouteConfigName: opts.routeName,
|
||||||
ConfigSource: &envoycore.ConfigSource{
|
ConfigSource: &envoycore.ConfigSource{
|
||||||
ConfigSourceSpecifier: &envoycore.ConfigSource_Ads{
|
ConfigSourceSpecifier: &envoycore.ConfigSource_Ads{
|
||||||
Ads: &envoycore.AggregatedConfigSource{},
|
Ads: &envoycore.AggregatedConfigSource{},
|
||||||
|
@ -1178,7 +1175,7 @@ func makeHTTPFilter(
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if cluster == "" {
|
if opts.cluster == "" {
|
||||||
return nil, fmt.Errorf("must specify cluster name when not using RDS")
|
return nil, fmt.Errorf("must specify cluster name when not using RDS")
|
||||||
}
|
}
|
||||||
route := &envoyroute.Route{
|
route := &envoyroute.Route{
|
||||||
|
@ -1195,22 +1192,22 @@ func makeHTTPFilter(
|
||||||
Action: &envoyroute.Route_Route{
|
Action: &envoyroute.Route_Route{
|
||||||
Route: &envoyroute.RouteAction{
|
Route: &envoyroute.RouteAction{
|
||||||
ClusterSpecifier: &envoyroute.RouteAction_Cluster{
|
ClusterSpecifier: &envoyroute.RouteAction_Cluster{
|
||||||
Cluster: cluster,
|
Cluster: opts.cluster,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
// If a path is provided, do not match on a catch-all prefix
|
// If a path is provided, do not match on a catch-all prefix
|
||||||
if routePath != "" {
|
if opts.routePath != "" {
|
||||||
route.Match.PathSpecifier = &envoyroute.RouteMatch_Path{Path: routePath}
|
route.Match.PathSpecifier = &envoyroute.RouteMatch_Path{Path: opts.routePath}
|
||||||
}
|
}
|
||||||
|
|
||||||
cfg.RouteSpecifier = &envoyhttp.HttpConnectionManager_RouteConfig{
|
cfg.RouteSpecifier = &envoyhttp.HttpConnectionManager_RouteConfig{
|
||||||
RouteConfig: &envoy.RouteConfiguration{
|
RouteConfig: &envoy.RouteConfiguration{
|
||||||
Name: filterName,
|
Name: opts.routeName,
|
||||||
VirtualHosts: []*envoyroute.VirtualHost{
|
VirtualHosts: []*envoyroute.VirtualHost{
|
||||||
{
|
{
|
||||||
Name: filterName,
|
Name: opts.filterName,
|
||||||
Domains: []string{"*"},
|
Domains: []string{"*"},
|
||||||
Routes: []*envoyroute.Route{
|
Routes: []*envoyroute.Route{
|
||||||
route,
|
route,
|
||||||
|
@ -1221,7 +1218,7 @@ func makeHTTPFilter(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if http2 {
|
if opts.protocol == "http2" || opts.protocol == "grpc" {
|
||||||
cfg.Http2ProtocolOptions = &envoycore.Http2ProtocolOptions{}
|
cfg.Http2ProtocolOptions = &envoycore.Http2ProtocolOptions{}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1229,11 +1226,11 @@ func makeHTTPFilter(
|
||||||
// (other than the "envoy.grpc_http1_bridge" filter) in the http filter
|
// (other than the "envoy.grpc_http1_bridge" filter) in the http filter
|
||||||
// chain of a public listener is the authz filter to prevent unauthorized
|
// chain of a public listener is the authz filter to prevent unauthorized
|
||||||
// access and that every filter chain uses our TLS certs.
|
// access and that every filter chain uses our TLS certs.
|
||||||
if authzFilter != nil {
|
if opts.httpAuthzFilter != nil {
|
||||||
cfg.HttpFilters = append([]*envoyhttp.HttpFilter{authzFilter}, cfg.HttpFilters...)
|
cfg.HttpFilters = append([]*envoyhttp.HttpFilter{opts.httpAuthzFilter}, cfg.HttpFilters...)
|
||||||
}
|
}
|
||||||
|
|
||||||
if grpc {
|
if opts.protocol == "grpc" {
|
||||||
// Add grpc bridge before router and authz
|
// Add grpc bridge before router and authz
|
||||||
cfg.HttpFilters = append([]*envoyhttp.HttpFilter{{
|
cfg.HttpFilters = append([]*envoyhttp.HttpFilter{{
|
||||||
Name: "envoy.grpc_http1_bridge",
|
Name: "envoy.grpc_http1_bridge",
|
||||||
|
|
|
@ -202,7 +202,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
@ -264,7 +264,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
@ -326,7 +326,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
|
|
@ -202,7 +202,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
@ -264,7 +264,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
@ -326,7 +326,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
|
|
@ -202,7 +202,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
@ -264,7 +264,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
@ -326,7 +326,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
|
|
@ -202,7 +202,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
@ -264,7 +264,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
@ -326,7 +326,7 @@
|
||||||
"ads": {
|
"ads": {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"route_config_name": "default"
|
"route_config_name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
|
||||||
},
|
},
|
||||||
"stat_prefix": "terminating_gateway_default_web_default_http",
|
"stat_prefix": "terminating_gateway_default_web_default_http",
|
||||||
"tracing": {
|
"tracing": {
|
||||||
|
|
Loading…
Reference in New Issue