Commit Graph

79 Commits (03734a1bacdac197864aa556f2cb8c437c4ef4bf)

Author SHA1 Message Date
DanStough 77ab28c5c7 feat: xDS updates for peerings control plane through mesh gw
2 years ago
Eric Haberkorn 1633cf20ea
Make the mesh gateway changes to allow `local` mode for cluster peering data plane traffic (#14817)
2 years ago
Freddy d9fe3578ac
Merge pull request #14734 from hashicorp/NET-643-update-mesh-gateway-envoy-config-for-inbound-peering-control-plane-traffic
2 years ago
freddygv b15d41534f Update xds generation for peering over mesh gws
2 years ago
cskh 69f40df548
feat(ingress gateway: support configuring limits in ingress-gateway c… (#14749)
2 years ago
Eric Haberkorn 6570d5f004
Enable outbound peered requests to go through local mesh gateway (#14763)
2 years ago
freddygv d818d7b096 Manage local server watches depending on mesh cfg
2 years ago
Eric Haberkorn 3726a0ab7a
Finish up cluster peering failover (#14396)
2 years ago
DanStough 2da8949d78 feat: convert destination address to slice
2 years ago
Chris S. Kim 495936300e
Make envoy resources for inferred peered upstreams (#13758)
2 years ago
Dan Stough 49f3dadb8f feat: connect proxy xDS for destinations
2 years ago
Chris S. Kim f56810132f Check if an upstream is implicit from either intentions or peered services
2 years ago
Chris S. Kim 02cff2394d Use new maps for proxycfg peered data
2 years ago
R.B. Boyer 31b95c747b
xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629)
2 years ago
R.B. Boyer 1a9c86ea8f
xds: mesh gateways now correctly load up peer-exported discovery chains using L7 protocols (#13624)
2 years ago
Chris S. Kim fb5eb20563
Pass trust domain to RBAC to validate and fix use of wrong peer trust bundles (#13508)
2 years ago
DanStough 4b402e3119 feat: tgtwy xDS generation for destinations
2 years ago
R.B. Boyer 201d1458c3
xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460)
2 years ago
R.B. Boyer f557509e58
xds: allow for peered upstreams to use tagged addresses that are hostnames (#13422)
3 years ago
R.B. Boyer ab758b7b32
peering: allow mesh gateways to proxy L4 peered traffic (#13339)
3 years ago
R.B. Boyer 019aeaa57d
peering: update how cross-peer upstreams and represented in proxycfg and rendered in xds (#13362)
3 years ago
Freddy a09c776645 Update public listener with SPIFFE Validator
3 years ago
Freddy 74ca6406ea
Configure upstream TLS context with peer root certs (#13321)
3 years ago
Dan Upton 2427e38839
Enable servers to configure arbitrary proxies from the catalog (#13244)
3 years ago
Mark Anderson 98a2e282be Fixup acl.EnterpriseMeta
3 years ago
R.B. Boyer e79ce8ab03
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601)
3 years ago
freddygv cbea3d203c Fix race of upstreams with same passthrough ip
3 years ago
freddygv 659ebc05a9 Ensure passthrough addresses get cleaned up
3 years ago
R.B. Boyer 424f3cdd2c
proxycfg: introduce explicit UpstreamID in lieu of bare string (#12125)
3 years ago
freddygv 2fe27b748d Check ingress upstreams when gating chain watches
3 years ago
freddygv 70d6358426 Store intention upstreams in snapshot
3 years ago
freddygv 60066e5154 Exclude default partition from GatewayKey string
3 years ago
freddygv e3666b0bc4 Update GatewayKeys deduplication
3 years ago
freddygv 90ce897456 Store GatewayKey in proxycfg snapshot for re-use
3 years ago
freddygv 3a2061544d Fixup partitions assertion
3 years ago
freddygv 12923f5ebc PR comments
3 years ago
freddygv a33b6923e0 Account for partitions in xds gen for mesh gw
3 years ago
freddygv 110fae820a Update xds pkg to account for GatewayKey
3 years ago
freddygv 7e65678c52 Update mesh gateway proxy watches for partitions
3 years ago
freddygv 37a16e9487 Replace Split with SplitN
3 years ago
freddygv 62e0fc62c1 Configure sidecars to watch gateways in partitions
3 years ago
Paul Banks 136928a90f Minor PR typo and cleanup fixes
3 years ago
Paul Banks ccbda0c285 Update proxycfg to hold more ingress config state
3 years ago
Paul Banks 4e39f03d5b Add ingress-gateway config for SDS
3 years ago
Paul Banks f439dfc04f Ingress gateway header manip plumbing
3 years ago
freddygv 47da00d3c7 Validate SANs for passthrough clusters and failovers
3 years ago
Freddy 429f9d8bb8
Add flag for transparent proxies to dial individual instances (#10329)
4 years ago
Freddy 078c40425f
Rename "cluster" config entry to "mesh" (#10127)
4 years ago
freddygv 7bd51ff536 Replace TransparentProxy bool with ProxyMode
4 years ago
R.B. Boyer 499fee73b3
connect: add toggle to globally disable wildcard outbound network access when transparent proxy is enabled (#9973)
4 years ago