mirror of https://github.com/hashicorp/consul
e3cd4a8539
Fixes #8466 Since Consul 1.8.0 there was a bug in how ingress gateway protocol compatibility was enforced. At the point in time that an ingress-gateway config entry was modified the discovery chain for each upstream was checked to ensure the ingress gateway protocol matched. Unfortunately future modifications of other config entries were not validated against existing ingress-gateway definitions, such as: 1. create tcp ingress-gateway pointing to 'api' (ok) 2. create service-defaults for 'api' setting protocol=http (worked, but not ok) 3. create service-splitter or service-router for 'api' (worked, but caused an agent panic) If you were to do these in a different order, it would fail without a crash: 1. create service-defaults for 'api' setting protocol=http (ok) 2. create service-splitter or service-router for 'api' (ok) 3. create tcp ingress-gateway pointing to 'api' (fail with message about protocol mismatch) This PR introduces the missing validation. The two new behaviors are: 1. create tcp ingress-gateway pointing to 'api' (ok) 2. (NEW) create service-defaults for 'api' setting protocol=http ("ok" for back compat) 3. (NEW) create service-splitter or service-router for 'api' (fail with message about protocol mismatch) In consideration for any existing users that may be inadvertently be falling into item (2) above, that is now officiall a valid configuration to be in. For anyone falling into item (3) above while you cannot use the API to manufacture that scenario anymore, anyone that has old (now bad) data will still be able to have the agent use them just enough to generate a new agent/proxycfg error message rather than a panic. Unfortunately we just don't have enough information to properly fix the config entries. |
||
---|---|---|
.. | ||
proxysupport | ||
testdata | ||
clusters.go | ||
clusters_test.go | ||
config.go | ||
config_test.go | ||
endpoints.go | ||
endpoints_test.go | ||
envoy_versioning.go | ||
envoy_versioning_test.go | ||
failover_math.go | ||
failover_math_test.go | ||
golden_test.go | ||
listeners.go | ||
listeners_test.go | ||
naming.go | ||
response.go | ||
routes.go | ||
routes_test.go | ||
server.go | ||
server_oss.go | ||
server_test.go | ||
testing.go | ||
xds.go |