envoyproxy · arkodg · Mar 8, 2024 · Mar 8, 2024
@@ -57,6 +57,22 @@
 	EndpointTypeStatic
 )
 
+func buildEndpointType(settings []*ir.DestinationSetting) EndpointType {
+	// Get endpoint address type for xds cluster by returning the first DestinationSetting's AddressType,
+	// since there's no Mixed AddressType among all the DestinationSettings.
+	if settings == nil {
+		return EndpointTypeStatic
+	}
+
+	addrType := settings[0].AddressType
+
+	if addrType != nil && *addrType == ir.FQDN {
+		return EndpointTypeDNS
+	}
+
+	return EndpointTypeStatic
+}
+
 func buildXdsCluster(args *xdsClusterArgs) *clusterv3.Cluster {
 	cluster := &clusterv3.Cluster{
 		Name:            args.name,

@@ -1,16 +1,30 @@
 tcp:
-- name: "tls-passthrough"
+- name: "tls-passthrough-foo"
   address: "0.0.0.0"
   port: 10080
   tls:
     passthrough:
       snis:
       - foo.com
   destination:
-    name: "tls-passthrough-dest"
+    name: "tls-passthrough-foo-dest"
     settings:
     - endpoints:
       - host: "1.2.3.4"
         port: 50000
       - host: "5.6.7.8"
         port: 50001
+- name: "tls-passthrough-bar"
+  address: "0.0.0.0"
+  port: 10081
+  tls:
+    passthrough:
+      snis:
+      - bar.com
+  destination:
+    name: "tls-passthrough-bar-dest"
+    settings:
+    - endpoints:
+      - host: "bar"
+        port: 50000
+      addressType: FQDN
@@ -9,9 +9,36 @@
     edsConfig:
       ads: {}
       resourceApiVersion: V3
-    serviceName: tls-passthrough-dest
+    serviceName: tls-passthrough-foo-dest
   lbPolicy: LEAST_REQUEST
-  name: tls-passthrough-dest
+  name: tls-passthrough-foo-dest
   outlierDetection: {}
   perConnectionBufferLimitBytes: 32768
   type: EDS
+- circuitBreakers:
+    thresholds:
+    - maxRetries: 1024
+  commonLbConfig:
+    localityWeightedLbConfig: {}
+  connectTimeout: 10s
+  dnsLookupFamily: V4_ONLY
+  dnsRefreshRate: 30s
+  lbPolicy: LEAST_REQUEST
+  loadAssignment:
+    clusterName: tls-passthrough-bar-dest
+    endpoints:
+    - lbEndpoints:
+      - endpoint:
+          address:
+            socketAddress:
+              address: bar
+              portValue: 50000
+        loadBalancingWeight: 1
+      loadBalancingWeight: 1
+      locality:
+        region: tls-passthrough-bar-dest/backend/0
+  name: tls-passthrough-bar-dest
+  outlierDetection: {}
+  perConnectionBufferLimitBytes: 32768
+  respectDnsTtl: true
+  type: STRICT_DNS
@@ -1,4 +1,4 @@
-- clusterName: tls-passthrough-dest
+- clusterName: tls-passthrough-foo-dest
   endpoints:
   - lbEndpoints:
     - endpoint:
@@ -15,4 +15,4 @@
       loadBalancingWeight: 1
     loadBalancingWeight: 1
     locality:
-      region: tls-passthrough-dest/backend/0
+      region: tls-passthrough-foo-dest/backend/0
@@ -11,11 +11,32 @@
     - name: envoy.filters.network.tcp_proxy
       typedConfig:
         '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
-        cluster: tls-passthrough-dest
+        cluster: tls-passthrough-foo-dest
         statPrefix: passthrough
   listenerFilters:
   - name: envoy.filters.listener.tls_inspector
     typedConfig:
       '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
-  name: tls-passthrough
+  name: tls-passthrough-foo
+  perConnectionBufferLimitBytes: 32768
+- address:
+    socketAddress:
+      address: 0.0.0.0
+      portValue: 10081
+  drainType: MODIFY_ONLY
+  filterChains:
+  - filterChainMatch:
+      serverNames:
+      - bar.com
+    filters:
+    - name: envoy.filters.network.tcp_proxy
+      typedConfig:
+        '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+        cluster: tls-passthrough-bar-dest
+        statPrefix: passthrough
+  listenerFilters:
+  - name: envoy.filters.listener.tls_inspector
+    typedConfig:
+      '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
+  name: tls-passthrough-bar
   perConnectionBufferLimitBytes: 32768
@@ -354,7 +354,7 @@ func processTCPListenerXdsTranslation(tCtx *types.ResourceVersionTable, tcpListe
 			name:         tcpListener.Destination.Name,
 			settings:     tcpListener.Destination.Settings,
 			tSocket:      nil,
-			endpointType: EndpointTypeStatic,
+			endpointType: buildEndpointType(tcpListener.Destination.Settings),
 		}); err != nil && !errors.Is(err, ErrXdsClusterExists) {
 			errs = errors.Join(errs, err)
 		}
@@ -402,7 +402,7 @@ func processUDPListenerXdsTranslation(tCtx *types.ResourceVersionTable, udpListe
 			name:         udpListener.Destination.Name,
 			settings:     udpListener.Destination.Settings,
 			tSocket:      nil,
-			endpointType: EndpointTypeStatic,
+			endpointType: buildEndpointType(udpListener.Destination.Settings),
 		}); err != nil && !errors.Is(err, ErrXdsClusterExists) {
 			errs = errors.Join(errs, err)
 		}
@@ -495,17 +495,6 @@ func findXdsEndpoint(tCtx *types.ResourceVersionTable, name string) *endpointv3.
 
 // processXdsCluster processes a xds cluster by its endpoint address type.
 func processXdsCluster(tCtx *types.ResourceVersionTable, httpRoute *ir.HTTPRoute, http1Settings *ir.HTTP1Settings) error {
-	// Get endpoint address type for xds cluster by returning the first DestinationSetting's AddressType,
-	// since there's no Mixed AddressType among all the DestinationSettings.
-	addrTypeState := httpRoute.Destination.Settings[0].AddressType
-
-	var endpointType EndpointType
-	if addrTypeState != nil && *addrTypeState == ir.FQDN {
-		endpointType = EndpointTypeDNS
-	} else {
-		endpointType = EndpointTypeStatic
-	}
-
 	var tSocket *corev3.TransportSocket
 
 	if httpRoute.Destination.Settings[0].TLS != nil {
@@ -528,7 +517,7 @@ func processXdsCluster(tCtx *types.ResourceVersionTable, httpRoute *ir.HTTPRoute
 		name:           httpRoute.Destination.Name,
 		settings:       httpRoute.Destination.Settings,
 		tSocket:        tSocket,
-		endpointType:   endpointType,
+		endpointType:   buildEndpointType(httpRoute.Destination.Settings),
 		loadBalancer:   httpRoute.LoadBalancer,
 		proxyProtocol:  httpRoute.ProxyProtocol,
 		circuitBreaker: httpRoute.CircuitBreaker,