Commit Graph

175 Commits (759030e0b6e812f9421013e7a1c3c32d146e6a88)

Author SHA1 Message Date
Chris S. Kim 495936300e
Make envoy resources for inferred peered upstreams (#13758)
2 years ago
Dan Stough 49f3dadb8f feat: connect proxy xDS for destinations
2 years ago
Chris S. Kim f56810132f Check if an upstream is implicit from either intentions or peered services
2 years ago
Chris S. Kim 02cff2394d Use new maps for proxycfg peered data
2 years ago
Kyle Havlovitz 9097e2b0f0
Merge pull request #13699 from hashicorp/tgate-http2-upstream
2 years ago
Kyle Havlovitz 7d0c692374 Use protocol from resolved config entry, not gateway service
2 years ago
Kyle Havlovitz 7162e3bde2 Enable http2 options for grpc protocol
2 years ago
R.B. Boyer 2317f37b4d
state: prohibit exported discovery chains to have cross-datacenter or cross-partition references (#13726)
2 years ago
Kyle Havlovitz 439eccdd80 Respect http2 protocol for upstreams of terminating gateways
2 years ago
R.B. Boyer 1a9c86ea8f
xds: mesh gateways now correctly load up peer-exported discovery chains using L7 protocols (#13624)
2 years ago
Chris S. Kim fb5eb20563
Pass trust domain to RBAC to validate and fix use of wrong peer trust bundles (#13508)
2 years ago
DanStough 4b402e3119 feat: tgtwy xDS generation for destinations
2 years ago
R.B. Boyer f557509e58
xds: allow for peered upstreams to use tagged addresses that are hostnames (#13422)
2 years ago
Dan Upton b168424398
xds: remove HTTPCheckFetcher dependency (#13366)
3 years ago
R.B. Boyer 019aeaa57d
peering: update how cross-peer upstreams and represented in proxycfg and rendered in xds (#13362)
3 years ago
Freddy 74ca6406ea
Configure upstream TLS context with peer root certs (#13321)
3 years ago
freddygv 364758ef2f Use embedded SpiffeID for peered upstreams
3 years ago
freddygv c8edec0ab6 Remove intermediate representation of SPIFFE IDs
3 years ago
Kyle Havlovitz f2fbe8aec9 Fix proto lint errors after version bump
3 years ago
Kyle Havlovitz 4bc6c23357 Add connection limit setting to service defaults
3 years ago
R.B. Boyer 25ba9c147a
xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections (#12711)
3 years ago
Kyle Havlovitz 1a3b885027 Use the GatewayService SNI field for upstream SAN validation
3 years ago
Eric Haberkorn 458b1838db
Merge pull request #12659 from hashicorp/bump-go-control-plane
3 years ago
R.B. Boyer e79ce8ab03
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601)
3 years ago
R.B. Boyer 33fcc83d00 fail on error and use ptypes.MarshalAny for now instead of anypb.New
3 years ago
Eric e4b4f175ed Bump go-control-plane
3 years ago
R.B. Boyer ac5bea862a
server: ensure that service-defaults meta is incorporated into the discovery chain response (#12511)
3 years ago
freddygv cbea3d203c Fix race of upstreams with same passthrough ip
3 years ago
freddygv 659ebc05a9 Ensure passthrough addresses get cleaned up
3 years ago
R.B. Boyer 424f3cdd2c
proxycfg: introduce explicit UpstreamID in lieu of bare string (#12125)
3 years ago
Mike Morris 1b1a97e8f9
ingress: allow setting TLS min version and cipher suites in ingress gateway config entries (#11576)
3 years ago
freddygv c5c290c503 Validate chains are associated with upstreams
3 years ago
freddygv 90ce897456 Store GatewayKey in proxycfg snapshot for re-use
3 years ago
freddygv bbe46e9522 Update locality check in xds
3 years ago
freddygv e93c144d2f Update comments
3 years ago
freddygv 9480670b72 Fixup imports
3 years ago
freddygv 448701dbd8 Replace default partition check
3 years ago
freddygv 12923f5ebc PR comments
3 years ago
freddygv a33b6923e0 Account for partitions in xds gen for mesh gw
3 years ago
freddygv 935112a47a Account for partition in SNI for gateways
3 years ago
freddygv 110fae820a Update xds pkg to account for GatewayKey
3 years ago
Evan Culver 7e20a5e4f9
connect: remove support for Envoy 1.15
3 years ago
freddygv 9cd30e8650 Ensure partition is used for SAN validation
3 years ago
Dhia Ayachi 09197c989c
add partition to SNI when partition is non default (#10917)
3 years ago
freddygv af52d21884 Update prepared query cluster SAN validation
3 years ago
Dhia Ayachi 1950ebbe1f
oss portion of ent #1069 (#10883)
3 years ago
freddygv b4c5c58c9b Add TODOs about partition handling
3 years ago
freddygv 47da00d3c7 Validate SANs for passthrough clusters and failovers
3 years ago
freddygv a6d3fe90b1 Validate Subject Alternative Name for upstreams
3 years ago
Freddy ffb13f35f1
Rename CatalogDestinationsOnly (#10397)
4 years ago
Freddy 429f9d8bb8
Add flag for transparent proxies to dial individual instances (#10329)
4 years ago
Freddy 353280660f
Ensure passthrough clusters can be created (#10301)
4 years ago
Mark Anderson 8040f91a43 Add support for downstreams
4 years ago
R.B. Boyer 71d45a3460
Support Incremental xDS mode (#9855)
4 years ago
Freddy 078c40425f
Rename "cluster" config entry to "mesh" (#10127)
4 years ago
Freddy 439a7fce2d
Split Upstream.Identifier() so non-empty namespace is always prepended in ent (#10031)
4 years ago
freddygv 75edc9bc7c Avoid nil panic when cluster config doesn't exist
4 years ago
freddygv 7bd51ff536 Replace TransparentProxy bool with ProxyMode
4 years ago
freddygv f4f45af6d0 Merge master and fix upstream config protocol defaulting
4 years ago
freddygv ce964f8ea5 Update xds for transparent proxy
4 years ago
freddygv 8b46d8dcbb Restore old Envoy prefix on escape hatches
4 years ago
freddygv e3dc2a49df Turn Limits and PassiveHealthChecks into pointers
4 years ago
freddygv 1710ec87d2 finish moving UpstreamConfig and related fields to structs pkg
4 years ago
freddygv 87cde19b4c Create new types for service-defaults upstream cfg
4 years ago
R.B. Boyer 398b766532
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658)
4 years ago
R.B. Boyer 3b6ffc447b
xds: remove deprecated usages of xDS (#9602)
4 years ago
freddygv 9d2a9169fd PR comments
4 years ago
freddygv eab90ea9fa Revert EnvoyConfig nesting
4 years ago
freddygv 30ba080d25 Add explicit protocol overrides in tgw xds test cases
4 years ago
freddygv f81fe6a1a1 Remove LB infix and move injection to xds
4 years ago
freddygv 63f79e5f9b Restructure structs and other PR comments
4 years ago
freddygv 28d0602fc1 Pass LB config to Envoy via xDS
4 years ago
R.B. Boyer 1eef096dfe
xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions (#8222)
4 years ago
Daniel Nephin 010a609912 Fix a bunch of unparam lint issues
4 years ago
R.B. Boyer c63c994b04
connect: upgrade github.com/envoyproxy/go-control-plane to v0.9.5 (#8165)
4 years ago
Freddy 5baa7b1b04
Always return a gateway cluster (#8158)
5 years ago
Daniel Nephin 068b43df90 Enable gofmt simplify
5 years ago
Daniel Nephin 2eac5b8023
Merge pull request #8074 from hashicorp/dnephin/remove-references-to-PatchSliceOfMaps
5 years ago
freddygv 19e3954603 Move compound service names to use ServiceName type
5 years ago
Freddy 166a8b2a58
Only pass one hostname via EDS and prefer healthy ones (#8084)
5 years ago
Daniel Nephin 8ec029ae6a Update comments that reference PatchSliceOfMaps
5 years ago
Freddy 9ed325ba8b
Enable gateways to resolve hostnames to IPv4 addresses (#7999)
5 years ago
Daniel Nephin eaa05d623a xds: Add passive health check config for upstreams
5 years ago
Kyle Havlovitz 711d1389aa Support multiple listeners referencing the same service in gateway definitions
5 years ago
Kyle Havlovitz 247f9eaf13 Allow ingress gateways to route traffic based on Host header
5 years ago
Freddy 137a2c32c6
TLS Origination for Terminating Gateways (#7671)
5 years ago
freddygv 913b13f31f Add subset support
5 years ago
freddygv 219c78e586 Add xds cluster/listener/endpoint management
5 years ago
Kyle Havlovitz e9e8c0e730
Ingress Gateways for TCP services (#7509)
5 years ago
Andy Lindeman c1cb18c648
proxycfg: support path exposed with non-HTTP2 protocol (#7510)
5 years ago
Daniel Nephin 1d90ecc31d Remove unused token parameter
5 years ago
Freddy 18d356899c
Enable CLI to register terminating gateways (#7500)
5 years ago
Kim Ngo bef693df9c
agent/xds: Update mesh gateway to use service router timeout (#7444)
5 years ago
R.B. Boyer 6adad71125
wan federation via mesh gateways (#6884)
5 years ago
Matt Keeler 4c9577678e
xDS Mesh Gateway Resolver Subset Fixes (#7294)
5 years ago
Matt Keeler dfb0177dbc
Testing updates to support namespaced testing of the agent/xds… (#7185)
5 years ago
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130)
5 years ago
Matt Keeler c09693e545
Updates to Config Entries and Connect for Namespaces (#7116)
5 years ago
Matt Keeler 5934f803bf
Sync of OSS changes to support namespaces (#6909)
5 years ago
Chris Piraino f3b54fa535
Allow configuration of upstream connection limits in Envoy (#6829)
5 years ago