Commit Graph

108 Commits (b63aa1b8b46caae6e037ba12e84b95e305a543b3)

Author SHA1 Message Date
Freddy a09c776645 Update public listener with SPIFFE Validator
3 years ago
Freddy 74ca6406ea
Configure upstream TLS context with peer root certs (#13321)
3 years ago
Dan Upton 2427e38839
Enable servers to configure arbitrary proxies from the catalog (#13244)
3 years ago
Mark Anderson 98a2e282be Fixup acl.EnterpriseMeta
3 years ago
R.B. Boyer e79ce8ab03
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601)
3 years ago
freddygv cbea3d203c Fix race of upstreams with same passthrough ip
3 years ago
freddygv 659ebc05a9 Ensure passthrough addresses get cleaned up
3 years ago
R.B. Boyer 424f3cdd2c
proxycfg: introduce explicit UpstreamID in lieu of bare string (#12125)
3 years ago
freddygv 2fe27b748d Check ingress upstreams when gating chain watches
3 years ago
freddygv 70d6358426 Store intention upstreams in snapshot
3 years ago
freddygv 60066e5154 Exclude default partition from GatewayKey string
3 years ago
freddygv e3666b0bc4 Update GatewayKeys deduplication
3 years ago
freddygv 90ce897456 Store GatewayKey in proxycfg snapshot for re-use
3 years ago
freddygv 3a2061544d Fixup partitions assertion
3 years ago
freddygv 12923f5ebc PR comments
3 years ago
freddygv a33b6923e0 Account for partitions in xds gen for mesh gw
3 years ago
freddygv 110fae820a Update xds pkg to account for GatewayKey
3 years ago
freddygv 7e65678c52 Update mesh gateway proxy watches for partitions
3 years ago
freddygv 37a16e9487 Replace Split with SplitN
3 years ago
freddygv 62e0fc62c1 Configure sidecars to watch gateways in partitions
3 years ago
Paul Banks 136928a90f Minor PR typo and cleanup fixes
3 years ago
Paul Banks ccbda0c285 Update proxycfg to hold more ingress config state
3 years ago
Paul Banks 4e39f03d5b Add ingress-gateway config for SDS
3 years ago
Paul Banks f439dfc04f Ingress gateway header manip plumbing
3 years ago
freddygv 47da00d3c7 Validate SANs for passthrough clusters and failovers
3 years ago
Freddy 429f9d8bb8
Add flag for transparent proxies to dial individual instances (#10329)
4 years ago
Freddy 078c40425f
Rename "cluster" config entry to "mesh" (#10127)
4 years ago
freddygv 7bd51ff536 Replace TransparentProxy bool with ProxyMode
4 years ago
R.B. Boyer 499fee73b3
connect: add toggle to globally disable wildcard outbound network access when transparent proxy is enabled (#9973)
4 years ago
freddygv a54d6a9010 Update proxycfg for transparent proxy
4 years ago
R.B. Boyer 43193a35c6
xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists (#9651)
4 years ago
R.B. Boyer 74d5df7c7a
xds: use envoy's rbac filter to handle intentions entirely within envoy (#8569)
4 years ago
Daniel Nephin 068b43df90 Enable gofmt simplify
5 years ago
freddygv 19e3954603 Move compound service names to use ServiceName type
5 years ago
Freddy 9ed325ba8b
Enable gateways to resolve hostnames to IPv4 addresses (#7999)
5 years ago
Chris Piraino 0bd5618cb2 Cleanup proxycfg for TLS
5 years ago
Kyle Havlovitz f14c54e25e Add TLS option and DNS SAN support to ingress config
5 years ago
Chris Piraino 881760f701 xds: Use only the port number as the configured route name
5 years ago
Kyle Havlovitz 247f9eaf13 Allow ingress gateways to route traffic based on Host header
5 years ago
Freddy 137a2c32c6
TLS Origination for Terminating Gateways (#7671)
5 years ago
freddygv 034d7d83d4 Fix snapshot IsEmpty
5 years ago
freddygv c0e1751878 Allow terminating-gateway to setup listener before servicegroups are known
5 years ago
freddygv 913b13f31f Add subset support
5 years ago
freddygv 24207226ca Add proxycfg state management for terminating-gateways
5 years ago
Kyle Havlovitz e9e8c0e730
Ingress Gateways for TCP services (#7509)
5 years ago
R.B. Boyer 6adad71125
wan federation via mesh gateways (#6884)
5 years ago
Matt Keeler 4c9577678e
xDS Mesh Gateway Resolver Subset Fixes (#7294)
5 years ago
Matt Keeler c09693e545
Updates to Config Entries and Connect for Namespaces (#7116)
5 years ago
R.B. Boyer 2011f3d7dc
xds: mesh gateway CDS requests are now allowed to receive an empty CDS reply (#6787)
5 years ago
R.B. Boyer 97aa050c20
agent: allow mesh gateways to initialize even if there are no connect services registered yet (#6576)
5 years ago
Freddy fdd10dd8b8
Expose HTTP-based paths through Connect proxy (#6446)
5 years ago
R.B. Boyer 8e22d80e35
connect: fix failover through a mesh gateway to a remote datacenter (#6259)
5 years ago
R.B. Boyer c395affc93
connect: expose an API endpoint to compile the discovery chain (#6248)
5 years ago
Matt Keeler a7421c160f Implement mesh gateway management of service subsets
5 years ago
R.B. Boyer 4bdb690a25
activate most discovery chain features in xDS for envoy (#6024)
5 years ago
Matt Keeler 8d953f5840 Implement Mesh Gateways
5 years ago
Matt Keeler 813e009a2d
Prepare for having different service kinds that are all generic… (#6013)
6 years ago
Paul Banks 0f27ffd163 Proxy Config Manager (#4729)
6 years ago