Commit Graph

67 Commits (02cff2394d921aeaecaf043fe1b1d519f465c3e6)

Author SHA1 Message Date
Chris S. Kim 02cff2394d Use new maps for proxycfg peered data
2 years ago
R.B. Boyer 31b95c747b
xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629)
2 years ago
R.B. Boyer 1a9c86ea8f
xds: mesh gateways now correctly load up peer-exported discovery chains using L7 protocols (#13624)
2 years ago
Chris S. Kim fb5eb20563
Pass trust domain to RBAC to validate and fix use of wrong peer trust bundles (#13508)
2 years ago
DanStough 4b402e3119 feat: tgtwy xDS generation for destinations
2 years ago
R.B. Boyer 201d1458c3
xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460)
2 years ago
R.B. Boyer f557509e58
xds: allow for peered upstreams to use tagged addresses that are hostnames (#13422)
3 years ago
R.B. Boyer ab758b7b32
peering: allow mesh gateways to proxy L4 peered traffic (#13339)
3 years ago
R.B. Boyer 019aeaa57d
peering: update how cross-peer upstreams and represented in proxycfg and rendered in xds (#13362)
3 years ago
Freddy a09c776645 Update public listener with SPIFFE Validator
3 years ago
Freddy 74ca6406ea
Configure upstream TLS context with peer root certs (#13321)
3 years ago
Dan Upton 2427e38839
Enable servers to configure arbitrary proxies from the catalog (#13244)
3 years ago
Mark Anderson 98a2e282be Fixup acl.EnterpriseMeta
3 years ago
R.B. Boyer e79ce8ab03
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601)
3 years ago
freddygv cbea3d203c Fix race of upstreams with same passthrough ip
3 years ago
freddygv 659ebc05a9 Ensure passthrough addresses get cleaned up
3 years ago
R.B. Boyer 424f3cdd2c
proxycfg: introduce explicit UpstreamID in lieu of bare string (#12125)
3 years ago
freddygv 2fe27b748d Check ingress upstreams when gating chain watches
3 years ago
freddygv 70d6358426 Store intention upstreams in snapshot
3 years ago
freddygv 60066e5154 Exclude default partition from GatewayKey string
3 years ago
freddygv e3666b0bc4 Update GatewayKeys deduplication
3 years ago
freddygv 90ce897456 Store GatewayKey in proxycfg snapshot for re-use
3 years ago
freddygv 3a2061544d Fixup partitions assertion
3 years ago
freddygv 12923f5ebc PR comments
3 years ago
freddygv a33b6923e0 Account for partitions in xds gen for mesh gw
3 years ago
freddygv 110fae820a Update xds pkg to account for GatewayKey
3 years ago
freddygv 7e65678c52 Update mesh gateway proxy watches for partitions
3 years ago
freddygv 37a16e9487 Replace Split with SplitN
3 years ago
freddygv 62e0fc62c1 Configure sidecars to watch gateways in partitions
3 years ago
Paul Banks 136928a90f Minor PR typo and cleanup fixes
3 years ago
Paul Banks ccbda0c285 Update proxycfg to hold more ingress config state
3 years ago
Paul Banks 4e39f03d5b Add ingress-gateway config for SDS
3 years ago
Paul Banks f439dfc04f Ingress gateway header manip plumbing
3 years ago
freddygv 47da00d3c7 Validate SANs for passthrough clusters and failovers
3 years ago
Freddy 429f9d8bb8
Add flag for transparent proxies to dial individual instances (#10329)
4 years ago
Freddy 078c40425f
Rename "cluster" config entry to "mesh" (#10127)
4 years ago
freddygv 7bd51ff536 Replace TransparentProxy bool with ProxyMode
4 years ago
R.B. Boyer 499fee73b3
connect: add toggle to globally disable wildcard outbound network access when transparent proxy is enabled (#9973)
4 years ago
freddygv a54d6a9010 Update proxycfg for transparent proxy
4 years ago
R.B. Boyer 43193a35c6
xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists (#9651)
4 years ago
R.B. Boyer 74d5df7c7a
xds: use envoy's rbac filter to handle intentions entirely within envoy (#8569)
4 years ago
Daniel Nephin 068b43df90 Enable gofmt simplify
5 years ago
freddygv 19e3954603 Move compound service names to use ServiceName type
5 years ago
Freddy 9ed325ba8b
Enable gateways to resolve hostnames to IPv4 addresses (#7999)
5 years ago
Chris Piraino 0bd5618cb2 Cleanup proxycfg for TLS
5 years ago
Kyle Havlovitz f14c54e25e Add TLS option and DNS SAN support to ingress config
5 years ago
Chris Piraino 881760f701 xds: Use only the port number as the configured route name
5 years ago
Kyle Havlovitz 247f9eaf13 Allow ingress gateways to route traffic based on Host header
5 years ago
Freddy 137a2c32c6
TLS Origination for Terminating Gateways (#7671)
5 years ago
freddygv 034d7d83d4 Fix snapshot IsEmpty
5 years ago