github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/agent
History
Andy Lindeman fb0a990e4d
agent: rewrite checks with proxy address, not local service address (#7518) 
Exposing checks is supposed to allow a Consul agent bound to a different
IP address (e.g., in a different Kubernetes pod) to access healthchecks
through the proxy while the underlying service binds to localhost. This
is an important security feature that makes sure no external traffic
reaches the service except through the proxy.

However, as far as I can tell, this is subtly broken in the case where
the Consul agent cannot reach the proxy over localhost.

If a proxy is configured with: `{ LocalServiceAddress: "127.0.0.1",
Checks: true }`, as is typical with a sidecar proxy, the Consul checks
are currently rewritten to `127.0.0.1:<random port>`. A Consul agent
that does not share the loopback address cannot reach this address. Just
to make sure I was not misunderstanding, I tried configuring the proxy
with `{ LocalServiceAddress: "<pod ip>", Checks: true }`. In this case,
while the checks are rewritten as expected and the agent can reach the
dynamic port, the proxy can no longer reach its backend because the
traffic is no longer on the loopback interface.

I think rewriting the checks to use `proxy.Address`, the proxy's own
address, is more correct in this case. That is the IP where the proxy
can be reached, both by other proxies and by a Consul agent running on
a different IP. The local service address should continue to use
`127.0.0.1` in most cases.
 		2020-04-02 09:35:43 +02:00
..
ae agent: ensure node info sync and full sync. (#7189) 2020-02-06 15:30:58 +01:00
agentpb server: strip local ACL tokens from RPCs during forwarding if crossing datacenters (#7419) 2020-03-10 11:15:22 -05:00
cache avoid 'panic: Log in goroutine after TestCacheGet_refreshAge has completed' (#7276) 2020-02-12 10:01:51 -06:00
cache-types wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
checks feat: support sending body in HTTP checks (#6602) 2020-02-10 09:27:12 -07:00
config config: validate system limits against limits.http_max_conns_per_client (#7434) 2020-04-02 09:22:17 +02:00
connect ci: Run all connect/ca tests from the integration suite 2020-03-24 15:22:01 -04:00
consul agent: add len, cap while initializing arrays 2020-04-01 10:54:51 +02:00
debug fix comment typos (#4890) 2018-11-02 12:00:39 -05:00
exec
local Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
metadata wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
mock Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
pool wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
proxycfg proxycfg: support path exposed with non-HTTP2 protocol (#7510) 2020-04-02 09:35:04 +02:00
router wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
structs Add config entry for terminating gateways (#7545) 2020-03-31 13:27:32 -06:00
systemd
token Add managed service provider token (#7218) 2020-02-04 13:58:56 -07:00
xds proxycfg: support path exposed with non-HTTP2 protocol (#7510) 2020-04-02 09:35:04 +02:00
acl.go various tweaks on top of the hclog work (#7165) 2020-01-29 11:16:08 -06:00
acl_endpoint.go Add PolicyReadByName for API (#6615) 2020-03-25 10:34:24 -04:00
acl_endpoint_legacy.go Use encoding/json as JSON decoder instead of mapstructure (#6680) 2019-10-29 11:13:36 -07:00
acl_endpoint_legacy_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
acl_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
acl_test.go agent: Remove unused Encrypted from interface 2020-03-26 12:34:31 -04:00
agent.go agent: rewrite checks with proxy address, not local service address (#7518) 2020-04-02 09:35:43 +02:00
agent_endpoint.go Enable CLI to register terminating gateways (#7500) 2020-03-26 10:20:56 -06:00
agent_endpoint_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
agent_oss.go Add managed service provider token (#7218) 2020-02-04 13:58:56 -07:00
agent_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
bindata_assetfs.go update bindata_assetfs.go 2020-02-11 15:19:16 +00:00
blacklist.go
blacklist_test.go
catalog_endpoint.go Catalog + Namespace OSS changes. (#7219) 2020-02-10 10:40:44 -05:00
catalog_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
check.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
config.go Make a few config entry endpoints return 404s and allow for snake_case and lowercase key names. (#5748) 2019-04-30 18:19:19 -04:00
config_endpoint.go Small refactoring to move meta parsing into the switch statement (#7170) 2020-01-29 19:12:48 -05:00
config_endpoint_test.go [FIX BUILD] fix build due to merge of #7562 2020-04-01 18:29:45 +02:00
connect_auth.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
connect_ca_endpoint.go connect: Add AWS PCA provider (#6795) 2019-11-21 17:40:29 +00:00
connect_ca_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
coordinate_endpoint.go Use encoding/json as JSON decoder instead of mapstructure (#6680) 2019-10-29 11:13:36 -07:00
coordinate_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
discovery_chain_endpoint.go Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 10:04:58 -05:00
discovery_chain_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
dns.go dns: Remove a few unused params 2020-03-24 15:56:41 -04:00
dns_oss.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
dns_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
enterprise_delegate_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
event_endpoint.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
event_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
federation_state_endpoint.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
health_endpoint.go Catalog + Namespace OSS changes. (#7219) 2020-02-10 10:40:44 -05:00
health_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
http.go Adds http_config.response_headers to the UI headers plus tests (#7369) 2020-03-03 13:18:35 +00:00
http_decode_test.go feat: support sending body in HTTP checks (#6602) 2020-02-10 09:27:12 -07:00
http_oss.go fix spelling errors (#7135) 2020-01-27 07:00:33 -06:00
http_oss_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
http_register.go Add PolicyReadByName for API (#6615) 2020-03-25 10:34:24 -04:00
http_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
intentions_endpoint.go Fix a couple bugs regarding intentions with namespaces (#7169) 2020-01-29 17:30:38 -05:00
intentions_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
keyring.go agent: sensible keyring error (#7272) 2020-02-13 20:35:09 +01:00
keyring_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
kvs_endpoint.go docs: add docs for kv_max_value_size (#7405) 2020-03-09 11:13:40 +01:00
kvs_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
notify.go Fixes memory leak when blocking on /event/list (#4482) 2018-08-02 14:54:48 +01:00
notify_test.go Fixes memory leak when blocking on /event/list (#4482) 2018-08-02 14:54:48 +01:00
operator_endpoint.go Use encoding/json as JSON decoder instead of mapstructure (#6680) 2019-10-29 11:13:36 -07:00
operator_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
prepared_query_endpoint.go Add support for dual stack IPv4/IPv6 network (#6640) 2020-01-17 09:54:17 -05:00
prepared_query_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
remote_exec.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
remote_exec_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
retry_join.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
retry_join_test.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
service_checks_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
service_manager.go Enable CLI to register terminating gateways (#7500) 2020-03-26 10:20:56 -06:00
service_manager_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
session_endpoint.go Fix session backwards incompatibility with 1.6.x and earlier. 2020-03-05 15:34:55 -05:00
session_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
sidecar_service.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
sidecar_service_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
signal_unix.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
signal_windows.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
snapshot_endpoint.go
snapshot_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
status_endpoint.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
status_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
testagent.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
testagent_test.go
translate_addr.go Add the v1/catalog/node-services/:node endpoint (#7115) 2020-01-24 09:27:25 -05:00
txn_endpoint.go docs: add docs for kv_max_value_size (#7405) 2020-03-09 11:13:40 +01:00
txn_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
ui_endpoint.go Add information about which services are proxied to ui services… (#7417) 2020-03-27 10:57:46 -04:00
ui_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
user_event.go agent: ensure that we always use the same settings for msgpack (#7245) 2020-02-07 15:50:24 -06:00
user_event_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
util.go agent: ensure that we always use the same settings for msgpack (#7245) 2020-02-07 15:50:24 -06:00
util_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
watch_handler.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
watch_handler_test.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00