fix: use Envoy's default for validate_clusters to fix breaking routes when some backend clusters don't exist (#21587)

pull/21138/head
Nitya Dhanushkodi 2024-08-19 22:39:28 -07:00 committed by GitHub
parent b88ddb8f9f
commit ed738a6f98
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
94 changed files with 2300 additions and 1723 deletions

3
.changelog/21587.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones.
```

View File

@ -20,6 +20,14 @@ type MeshConfigEntry struct {
// MutualTLSMode=permissive in either service-defaults or proxy-defaults.
AllowEnablingPermissiveMutualTLS bool `json:",omitempty" alias:"allow_enabling_permissive_mutual_tls"`
// ValidateClusters controls whether the clusters the route table refers to are validated. The default value is
// false. When set to false and a route refers to a cluster that does not exist, the route table loads and routing
// to a non-existent cluster results in a 404. When set to true and the route is set to a cluster that do not exist,
// the route table will not load. For more information, refer to
// [HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters)
// for more details.
ValidateClusters bool `json:",omitempty" alias:"validate_clusters"`
TLS *MeshTLSConfig `json:",omitempty"`
HTTP *MeshHTTPConfig `json:",omitempty"`

View File

@ -623,6 +623,16 @@ func getConnectProxyDiscoChainTests(enterprise bool) []goldenTestCase {
},
alsoRunTestForV2: true,
},
{
name: "connect-proxy-with-chain-and-splitter-and-mesh-validate-clusters",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
cfgSnap := proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-splitter", enterprise, nil, nil)
cfgSnap.ConnectProxy.MeshConfig = &structs.MeshConfigEntry{
ValidateClusters: true,
}
return cfgSnap
},
},
{
name: "connect-proxy-with-grpc-router",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {

View File

@ -51,10 +51,19 @@ func (s *ResourceGenerator) routesFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot)
}
}
func meshValidateClusters(cfgSnap *proxycfg.ConfigSnapshot) bool {
validate := false
if mesh := cfgSnap.MeshConfig(); mesh != nil {
validate = mesh.ValidateClusters
}
return validate
}
// routesFromSnapshotConnectProxy returns the xDS API representation of the
// "routes" in the snapshot.
func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) {
var resources []proto.Message
validateClusters := meshValidateClusters(cfgSnap)
for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
if chain.Default {
continue
@ -76,10 +85,9 @@ func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapsh
route := &envoy_route_v3.RouteConfiguration{
Name: uid.EnvoyID(),
VirtualHosts: []*envoy_route_v3.VirtualHost{virtualHost},
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}
if validateClusters {
route.ValidateClusters = response.MakeBoolValue(true)
}
resources = append(resources, route)
}
@ -112,7 +120,7 @@ func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapsh
}
for routeName, clusters := range addressesMap {
routes, err := s.makeRoutesForAddresses(routeName, clusters)
routes, err := s.makeRoutesForAddresses(routeName, clusters, validateClusters)
if err != nil {
return nil, err
}
@ -125,10 +133,10 @@ func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapsh
return resources, nil
}
func (s *ResourceGenerator) makeRoutesForAddresses(routeName string, addresses map[string]string) ([]proto.Message, error) {
func (s *ResourceGenerator) makeRoutesForAddresses(routeName string, addresses map[string]string, validateClusters bool) ([]proto.Message, error) {
var resources []proto.Message
route, err := makeNamedAddressesRoute(routeName, addresses)
route, err := makeNamedAddressesRoute(routeName, addresses, validateClusters)
if err != nil {
s.Logger.Error("failed to make route", "cluster", "error", err)
return nil, err
@ -223,7 +231,8 @@ func (s *ResourceGenerator) makeRoutes(
if resolver.LoadBalancer != nil {
lb = resolver.LoadBalancer
}
route, err := makeNamedDefaultRouteWithLB(clusterName, lb, resolver.RequestTimeout, autoHostRewrite)
validateClusters := meshValidateClusters(cfgSnap)
route, err := makeNamedDefaultRouteWithLB(clusterName, lb, resolver.RequestTimeout, autoHostRewrite, validateClusters)
if err != nil {
s.Logger.Error("failed to make route", "cluster", clusterName, "error", err)
return nil, err
@ -233,7 +242,7 @@ func (s *ResourceGenerator) makeRoutes(
// If there is a service-resolver for this service then also setup routes for each subset
for name := range resolver.Subsets {
clusterName = connect.ServiceSNI(svc.Name, name, svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
route, err := makeNamedDefaultRouteWithLB(clusterName, lb, resolver.RequestTimeout, autoHostRewrite)
route, err := makeNamedDefaultRouteWithLB(clusterName, lb, resolver.RequestTimeout, autoHostRewrite, validateClusters)
if err != nil {
s.Logger.Error("failed to make route", "cluster", clusterName, "error", err)
return nil, err
@ -276,10 +285,9 @@ func (s *ResourceGenerator) routesForMeshGateway(cfgSnap *proxycfg.ConfigSnapsho
route := &envoy_route_v3.RouteConfiguration{
Name: uid.EnvoyID(),
VirtualHosts: []*envoy_route_v3.VirtualHost{virtualHost},
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}
if meshValidateClusters(cfgSnap) {
route.ValidateClusters = response.MakeBoolValue(true)
}
resources = append(resources, route)
}
@ -287,7 +295,7 @@ func (s *ResourceGenerator) routesForMeshGateway(cfgSnap *proxycfg.ConfigSnapsho
return resources, nil
}
func makeNamedDefaultRouteWithLB(clusterName string, lb *structs.LoadBalancer, timeout time.Duration, autoHostRewrite bool) (*envoy_route_v3.RouteConfiguration, error) {
func makeNamedDefaultRouteWithLB(clusterName string, lb *structs.LoadBalancer, timeout time.Duration, autoHostRewrite bool, validateClusters bool) (*envoy_route_v3.RouteConfiguration, error) {
action := makeRouteActionFromName(clusterName)
if err := injectLBToRouteAction(lb, action.Route); err != nil {
@ -305,7 +313,7 @@ func makeNamedDefaultRouteWithLB(clusterName string, lb *structs.LoadBalancer, t
action.Route.Timeout = durationpb.New(timeout)
}
return &envoy_route_v3.RouteConfiguration{
route := &envoy_route_v3.RouteConfiguration{
Name: clusterName,
VirtualHosts: []*envoy_route_v3.VirtualHost{
{
@ -319,20 +327,19 @@ func makeNamedDefaultRouteWithLB(clusterName string, lb *structs.LoadBalancer, t
},
},
},
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}, nil
}
if validateClusters {
route.ValidateClusters = response.MakeBoolValue(true)
}
return route, nil
}
func makeNamedAddressesRoute(routeName string, addresses map[string]string) (*envoy_route_v3.RouteConfiguration, error) {
func makeNamedAddressesRoute(routeName string, addresses map[string]string, validateClusters bool) (*envoy_route_v3.RouteConfiguration, error) {
route := &envoy_route_v3.RouteConfiguration{
Name: routeName,
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}
if validateClusters {
route.ValidateClusters = response.MakeBoolValue(true)
}
for clusterName, address := range addresses {
action := makeRouteActionFromName(clusterName)
@ -371,10 +378,10 @@ func (s *ResourceGenerator) routesForIngressGateway(cfgSnap *proxycfg.ConfigSnap
// don't have custom filter chains and routes to this.
defaultRoute := &envoy_route_v3.RouteConfiguration{
Name: listenerKey.RouteName(),
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}
validateClusters := meshValidateClusters(cfgSnap)
if validateClusters {
defaultRoute.ValidateClusters = response.MakeBoolValue(true)
}
for _, u := range upstreams {
@ -423,9 +430,11 @@ func (s *ResourceGenerator) routesForIngressGateway(cfgSnap *proxycfg.ConfigSnap
} else {
svcRoute := &envoy_route_v3.RouteConfiguration{
Name: svcRouteName,
ValidateClusters: response.MakeBoolValue(true),
VirtualHosts: []*envoy_route_v3.VirtualHost{virtualHost},
}
if validateClusters {
svcRoute.ValidateClusters = response.MakeBoolValue(true)
}
result = append(result, svcRoute)
}
}
@ -460,10 +469,10 @@ func (s *ResourceGenerator) routesForAPIGateway(cfgSnap *proxycfg.ConfigSnapshot
listenerRoute := &envoy_route_v3.RouteConfiguration{
Name: readyListener.listenerKey.RouteName(),
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}
validateClusters := meshValidateClusters(cfgSnap)
if validateClusters {
listenerRoute.ValidateClusters = response.MakeBoolValue(true)
}
// Consolidate all routes for this listener into the minimum possible set based on hostname matching.

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -27,7 +26,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -50,7 +48,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -27,7 +26,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -5,7 +5,6 @@
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"mostSpecificHeaderMutationsWins": true,
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -22,8 +22,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -0,0 +1,289 @@
{
"nonce": "00000001",
"resources": [
{
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"altStatName": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"circuitBreakers": {},
"commonLbConfig": {
"healthyPanicThreshold": {}
},
"connectTimeout": "5s",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
"resourceApiVersion": "V3"
}
},
"name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"outlierDetection": {},
"transportSocket": {
"name": "tls",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
"commonTlsContext": {
"tlsCertificates": [
{
"certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
},
"privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
}
}
],
"tlsParams": {},
"validationContext": {
"matchTypedSubjectAltNames": [
{
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side"
},
"sanType": "URI"
}
],
"trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
}
}
},
"sni": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}
},
"type": "EDS"
},
{
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"circuitBreakers": {},
"commonLbConfig": {
"healthyPanicThreshold": {}
},
"connectTimeout": "25s",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
"resourceApiVersion": "V3"
}
},
"name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"outlierDetection": {},
"transportSocket": {
"name": "tls",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
"commonTlsContext": {
"tlsCertificates": [
{
"certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
},
"privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
}
}
],
"tlsParams": {},
"validationContext": {
"matchTypedSubjectAltNames": [
{
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
},
"sanType": "URI"
}
],
"trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
}
}
},
"sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}
},
"type": "EDS"
},
{
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"circuitBreakers": {},
"connectTimeout": "5s",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
"resourceApiVersion": "V3"
}
},
"name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
"outlierDetection": {},
"transportSocket": {
"name": "tls",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
"commonTlsContext": {
"tlsCertificates": [
{
"certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
},
"privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
}
}
],
"tlsParams": {},
"validationContext": {
"matchTypedSubjectAltNames": [
{
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
"sanType": "URI"
},
{
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
},
"sanType": "URI"
}
],
"trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
}
}
},
"sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
}
},
"type": "EDS"
},
{
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"altStatName": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"circuitBreakers": {},
"commonLbConfig": {
"healthyPanicThreshold": {}
},
"connectTimeout": "5s",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
"resourceApiVersion": "V3"
}
},
"name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"outlierDetection": {},
"transportSocket": {
"name": "tls",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
"commonTlsContext": {
"tlsCertificates": [
{
"certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
},
"privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
}
}
],
"tlsParams": {},
"validationContext": {
"matchTypedSubjectAltNames": [
{
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side"
},
"sanType": "URI"
}
],
"trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
}
}
},
"sni": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}
},
"type": "EDS"
},
{
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"altStatName": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"circuitBreakers": {},
"commonLbConfig": {
"healthyPanicThreshold": {}
},
"connectTimeout": "5s",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
"resourceApiVersion": "V3"
}
},
"name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"outlierDetection": {},
"transportSocket": {
"name": "tls",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
"commonTlsContext": {
"tlsCertificates": [
{
"certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
},
"privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
}
}
],
"tlsParams": {},
"validationContext": {
"matchTypedSubjectAltNames": [
{
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side"
},
"sanType": "URI"
}
],
"trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
}
}
},
"sni": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}
},
"type": "EDS"
},
{
"@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"connectTimeout": "5s",
"loadAssignment": {
"clusterName": "local_app",
"endpoints": [
{
"lbEndpoints": [
{
"endpoint": {
"address": {
"socketAddress": {
"address": "127.0.0.1",
"portValue": 8080
}
}
}
}
]
}
]
},
"name": "local_app",
"type": "STATIC"
}
],
"typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster",
"versionInfo": "00000001"
}

View File

@ -0,0 +1,75 @@
{
"nonce": "00000001",
"resources": [
{
"@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
"clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"endpoints": [
{
"lbEndpoints": [
{
"endpoint": {
"address": {
"socketAddress": {
"address": "10.10.1.1",
"portValue": 8080
}
}
},
"healthStatus": "HEALTHY",
"loadBalancingWeight": 1
},
{
"endpoint": {
"address": {
"socketAddress": {
"address": "10.10.1.2",
"portValue": 8080
}
}
},
"healthStatus": "HEALTHY",
"loadBalancingWeight": 1
}
]
}
]
},
{
"@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
"clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
"endpoints": [
{
"lbEndpoints": [
{
"endpoint": {
"address": {
"socketAddress": {
"address": "10.10.1.1",
"portValue": 8080
}
}
},
"healthStatus": "HEALTHY",
"loadBalancingWeight": 1
},
{
"endpoint": {
"address": {
"socketAddress": {
"address": "10.20.1.2",
"portValue": 8080
}
}
},
"healthStatus": "HEALTHY",
"loadBalancingWeight": 1
}
]
}
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
"versionInfo": "00000001"
}

View File

@ -0,0 +1,137 @@
{
"nonce": "00000001",
"resources": [
{
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"address": {
"socketAddress": {
"address": "127.0.0.1",
"portValue": 9191
}
},
"filterChains": [
{
"filters": [
{
"name": "envoy.filters.network.http_connection_manager",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"httpFilters": [
{
"name": "envoy.filters.http.router",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
}
}
],
"rds": {
"configSource": {
"ads": {},
"resourceApiVersion": "V3"
},
"routeConfigName": "db"
},
"statPrefix": "upstream.db.default.default.dc1",
"tracing": {
"randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
}
}
]
}
],
"name": "db:127.0.0.1:9191",
"trafficDirection": "OUTBOUND"
},
{
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"address": {
"socketAddress": {
"address": "127.10.10.10",
"portValue": 8181
}
},
"filterChains": [
{
"filters": [
{
"name": "envoy.filters.network.tcp_proxy",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul",
"statPrefix": "upstream.prepared_query_geo-cache"
}
}
]
}
],
"name": "prepared_query:geo-cache:127.10.10.10:8181",
"trafficDirection": "OUTBOUND"
},
{
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"address": {
"socketAddress": {
"address": "0.0.0.0",
"portValue": 9999
}
},
"filterChains": [
{
"filters": [
{
"name": "envoy.filters.network.rbac",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {},
"statPrefix": "connect_authz"
}
},
{
"name": "envoy.filters.network.tcp_proxy",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"cluster": "local_app",
"statPrefix": "public_listener"
}
}
],
"transportSocket": {
"name": "tls",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": {
"tlsCertificates": [
{
"certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
},
"privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
}
}
],
"tlsParams": {},
"validationContext": {
"trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
}
}
},
"requireClientCertificate": true
}
}
}
],
"name": "public_listener:0.0.0.0:9999",
"trafficDirection": "INBOUND"
}
],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"versionInfo": "00000001"
}

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -0,0 +1,139 @@
{
"nonce": "00000001",
"resources": [
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
"*"
],
"name": "db",
"routes": [
{
"match": {
"prefix": "/big-side"
},
"route": {
"cluster": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"idleTimeout": "0s",
"timeout": "10s"
}
},
{
"match": {
"prefix": "/lil-bit-side"
},
"route": {
"cluster": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}
},
{
"match": {
"prefix": "/"
},
"route": {
"weightedClusters": {
"clusters": [
{
"name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"requestHeadersToAdd": [
{
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "x-split-leg",
"value": "db"
}
}
],
"responseHeadersToAdd": [
{
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "x-split-leg",
"value": "db"
}
}
],
"weight": 100
},
{
"name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"requestHeadersToAdd": [
{
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "x-split-leg",
"value": "big"
}
}
],
"responseHeadersToAdd": [
{
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "x-split-leg",
"value": "big"
}
}
],
"weight": 9550
},
{
"name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"requestHeadersToAdd": [
{
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "x-split-leg",
"value": "goldilocks"
}
}
],
"responseHeadersToAdd": [
{
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "x-split-leg",
"value": "goldilocks"
}
}
],
"weight": 300
},
{
"name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"requestHeadersToAdd": [
{
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "x-split-leg",
"value": "small"
}
}
],
"responseHeadersToAdd": [
{
"appendAction": "OVERWRITE_IF_EXISTS_OR_ADD",
"header": {
"key": "x-split-leg",
"value": "small"
}
}
],
"weight": 50
}
]
}
}
}
]
}
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"versionInfo": "00000001"
}

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "443",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -45,7 +44,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "443",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080_s1",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "9191",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "9191",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "9191_foo",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -29,7 +28,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "9191_web",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080_s1",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "9191",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -29,7 +28,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "9191_web",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080_s1",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080_s2",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -52,7 +50,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8082",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -76,7 +73,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8083",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -100,7 +96,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8084",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "9090",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -52,7 +50,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8082",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -52,7 +50,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8082",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "bar",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -27,7 +26,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "foo",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -50,7 +48,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "gir",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "alt.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -52,7 +50,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -76,7 +73,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "prod.cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -52,7 +50,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -29,7 +28,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -54,7 +52,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -48,7 +47,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -92,7 +90,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -52,7 +50,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -27,7 +26,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "destination.192-168-0-2.external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -27,7 +26,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "destination.httpbin-org.external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "bar",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -27,7 +26,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "foo",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -50,7 +48,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "gir",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -52,7 +50,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
@ -27,7 +26,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [

View File

@ -0,0 +1,5 @@
{
"nonce": "00000001",
"typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
"versionInfo": "00000001"
}

View File

@ -799,7 +799,6 @@ func makeTestRoute(t *testing.T, fixtureName string) *envoy_route_v3.RouteConfig
case "http2:db", "http:db":
return &envoy_route_v3.RouteConfiguration{
Name: "db",
ValidateClusters: response.MakeBoolValue(true),
VirtualHosts: []*envoy_route_v3.VirtualHost{
{
Name: "db",

View File

@ -35,10 +35,6 @@ func (pr *ProxyResources) makeEnvoyRoute(name string) (*envoy_route_v3.RouteConf
func (pr *ProxyResources) makeEnvoyRouteConfigFromProxystateRoute(name string, psRoute *pbproxystate.Route) *envoy_route_v3.RouteConfiguration {
envoyRouteConfig := &envoy_route_v3.RouteConfiguration{
Name: name,
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}
for _, vh := range psRoute.GetVirtualHosts() {

View File

@ -58,8 +58,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -58,8 +58,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -58,8 +58,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -58,8 +58,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
},
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
@ -44,8 +43,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
},
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
@ -44,8 +43,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
},
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
@ -44,8 +43,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
},
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
@ -44,8 +43,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -21,8 +21,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",

View File

@ -26,6 +26,14 @@ type MeshConfigEntry struct {
// MutualTLSMode=permissive in either service-defaults or proxy-defaults.
AllowEnablingPermissiveMutualTLS bool `json:",omitempty" alias:"allow_enabling_permissive_mutual_tls"`
// ValidateClusters controls whether the clusters the route table refers to are validated. The default value is
// false. When set to false and a route refers to a cluster that does not exist, the route table loads and routing
// to a non-existent cluster results in a 404. When set to true and the route is set to a cluster that do not exist,
// the route table will not load. For more information, refer to
// [HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters)
// for more details.
ValidateClusters bool `json:",omitempty" alias:"validate_clusters"`
TLS *MeshTLSConfig `json:",omitempty"`
HTTP *MeshHTTPConfig `json:",omitempty"`

View File

@ -1710,6 +1710,7 @@ func MeshConfigToStructs(s *MeshConfig, t *structs.MeshConfigEntry) {
TransparentProxyMeshConfigToStructs(s.TransparentProxy, &t.TransparentProxy)
}
t.AllowEnablingPermissiveMutualTLS = s.AllowEnablingPermissiveMutualTLS
t.ValidateClusters = s.ValidateClusters
if s.TLS != nil {
var x structs.MeshTLSConfig
MeshTLSConfigToStructs(s.TLS, &x)
@ -1738,6 +1739,7 @@ func MeshConfigFromStructs(t *structs.MeshConfigEntry, s *MeshConfig) {
s.TransparentProxy = &x
}
s.AllowEnablingPermissiveMutualTLS = t.AllowEnablingPermissiveMutualTLS
s.ValidateClusters = t.ValidateClusters
if t.TLS != nil {
var x MeshTLSConfig
MeshTLSConfigFromStructs(t.TLS, &x)

File diff suppressed because it is too large Load Diff

View File

@ -96,6 +96,7 @@ message MeshConfig {
PeeringMeshConfig Peering = 5;
bool AllowEnablingPermissiveMutualTLS = 6;
uint64 Hash = 7;
bool ValidateClusters = 8;
}
// mog annotation:

View File

@ -342,6 +342,17 @@ Note that the Kubernetes example does not include a `partition` field. Configura
description:
'Controls whether `MutualTLSMode=permissive` can be set in the `proxy-defaults` and `service-defaults` configuration entries. '
},
{
name: 'ValidateClusters',
type: 'bool: false',
description:
`Controls whether the clusters the route table refers to are validated. The default value is false. When set to
false and a route refers to a cluster that does not exist, the route table loads and routing to a non-existent
cluster results in a 404. When set to true and the route is set to a cluster that do not exist, the route table
will not load. For more information, refer to
[HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters)
for more details. `,
},
{
name: 'TLS',
type: 'TLSConfig: <optional>',