github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Backport of Use strict DNS for mesh gateways with hostnames into release/1.15.x (#19394) 

Use strict DNS for mesh gateways with hostnames

Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
pull/19406/head
hc-github-team-consul-core 2023-10-27 12:29:50 -04:00 committed by GitHub
parent a83ff94c68
commit ece48dc09f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 49 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/19268.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize.
```

13
agent/xds/clusters.go
View File

@ -477,10 +477,13 @@ func (s *ResourceGenerator) makePeerServerClusters(cfgSnap *proxycfg.ConfigSnaps
var cluster *envoy_cluster_v3.Cluster
if servers.UseCDS {
// we use strict DNS here since multiple gateways with hostnames
// would result in an invalid cluster due to logical DNS requiring
// only a single host
cluster = s.makeExternalHostnameCluster(cfgSnap, clusterOpts{
name: name,
addresses: servers.Addresses,
})
}, envoy_cluster_v3.Cluster_STRICT_DNS)
} else {
cluster = s.makeGatewayCluster(cfgSnap, clusterOpts{
name: name,
@ -699,7 +702,7 @@ func (s *ResourceGenerator) makeDestinationClusters(cfgSnap *proxycfg.ConfigSnap
if structs.IsIP(address) {
cluster = s.makeExternalIPCluster(cfgSnap, opts)
} else {
cluster = s.makeExternalHostnameCluster(cfgSnap, opts)
cluster = s.makeExternalHostnameCluster(cfgSnap, opts, envoy_cluster_v3.Cluster_LOGICAL_DNS)
}
if err := s.injectGatewayDestinationAddons(cfgSnap, cluster, svcName); err != nil {
return nil, err
@ -1727,8 +1730,8 @@ func (s *ResourceGenerator) makeExternalIPCluster(snap *proxycfg.ConfigSnapshot,
}
// makeExternalHostnameCluster creates an Envoy cluster for hostname endpoints that will be resolved with DNS
// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffice
func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster {
// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffic
func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts, discoveryType envoy_cluster_v3.Cluster_DiscoveryType) *envoy_cluster_v3.Cluster {
cfg, err := ParseGatewayConfig(snap.Proxy.Config)
if err != nil {
// Don't hard fail on a config typo, just warn. The parse func returns
@ -1743,7 +1746,7 @@ func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSna
// Having an empty config enables outlier detection with default config.
OutlierDetection: &envoy_cluster_v3.OutlierDetection{},
ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_LOGICAL_DNS},
ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: discoveryType},
DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY,
}

76
agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden vendored
View File

@ -1,48 +1,48 @@
{
"versionInfo": "00000001",
"resources": [
"versionInfo": "00000001",
"resources": [
{
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "server.dc2.peering.6d942ff2-6a78-46f4-a52f-915e26c48797",
"type": "EDS",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
"resourceApiVersion": "V3"
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "server.dc2.peering.6d942ff2-6a78-46f4-a52f-915e26c48797",
"type": "EDS",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
"resourceApiVersion": "V3"
}
},
"connectTimeout": "5s",
"outlierDetection": {}
"connectTimeout": "5s",
"outlierDetection": {}
},
{
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "server.dc2.peering.f3f41279-001d-42bb-912e-f6103fb036b8",
"type": "EDS",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
"resourceApiVersion": "V3"
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "server.dc2.peering.f3f41279-001d-42bb-912e-f6103fb036b8",
"type": "EDS",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
"resourceApiVersion": "V3"
}
},
"connectTimeout": "5s",
"outlierDetection": {}
"connectTimeout": "5s",
"outlierDetection": {}
},
{
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5",
"type": "LOGICAL_DNS",
"connectTimeout": "5s",
"loadAssignment": {
"clusterName": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5",
"endpoints": [
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"name": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5",
"type": "STRICT_DNS",
"connectTimeout": "5s",
"loadAssignment": {
"clusterName": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5",
"endpoints": [
{
"lbEndpoints": [
"lbEndpoints": [
{
"endpoint": {
"address": {
"socketAddress": {
"address": "my-load-balancer-1234567890abcdef.elb.us-east-2.amazonaws.com",
"portValue": 8080
"endpoint": {
"address": {
"socketAddress": {
"address": "my-load-balancer-1234567890abcdef.elb.us-east-2.amazonaws.com",
"portValue": 8080
}
}
}
@ -51,11 +51,11 @@
}
]
},
"dnsRefreshRate": "10s",
"dnsLookupFamily": "V4_ONLY",
"outlierDetection": {}
"dnsRefreshRate": "10s",
"dnsLookupFamily": "V4_ONLY",
"outlierDetection": {}
}
],
"typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"nonce": "00000001"
"typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"nonce": "00000001"
}