diff --git a/.circleci/config.yml b/.circleci/config.yml index 5374eda76f..b5f3663235 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -6,8 +6,8 @@ executors: - image: docker.mirror.hashicorp.services/circleci/golang:1.14 environment: TEST_RESULTS: /tmp/test-results # path to where test results are saved - CONSUL_VERSION: 1.9.4 # Consul's OSS version to use in tests - CONSUL_ENT_VERSION: 1.9.4+ent # Consul's enterprise version to use in tests + CONSUL_VERSION: 1.10.0-beta1 # Consul's OSS version to use in tests + CONSUL_ENT_VERSION: 1.10.0+ent-beta1 # Consul's enterprise version to use in tests jobs: go-fmt-and-vet: diff --git a/api/v1alpha1/ingressgateway_webhook.go b/api/v1alpha1/ingressgateway_webhook.go index b78852c230..b2c2cd7280 100644 --- a/api/v1alpha1/ingressgateway_webhook.go +++ b/api/v1alpha1/ingressgateway_webhook.go @@ -48,7 +48,7 @@ type IngressGatewayWebhook struct { // // NOTE: The below line cannot be combined with any other comment. If it is it will break the code generation. // -// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-ingressgateway,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=ingressgateways,versions=v1alpha1,name=mutate-ingressgateway.consul.hashicorp.com,webhookVersions=v1beta1,sideEffects=None +// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-ingressgateway,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=ingressgateways,versions=v1alpha1,name=mutate-ingressgateway.consul.hashicorp.com,sideEffects=None,admissionReviewVersions=v1beta1;v1 func (v *IngressGatewayWebhook) Handle(ctx context.Context, req admission.Request) admission.Response { var resource IngressGateway diff --git a/api/v1alpha1/proxydefaults_types.go b/api/v1alpha1/proxydefaults_types.go index 2214712290..5ed0b812c2 100644 --- a/api/v1alpha1/proxydefaults_types.go +++ b/api/v1alpha1/proxydefaults_types.go @@ -59,9 +59,11 @@ type ProxyDefaultsSpec struct { // +kubebuilder:pruning:PreserveUnknownFields Config json.RawMessage `json:"config,omitempty"` // MeshGateway controls the default mesh gateway configuration for this service. - MeshGateway MeshGatewayConfig `json:"meshGateway,omitempty"` + MeshGateway MeshGateway `json:"meshGateway,omitempty"` // Expose controls the default expose path configuration for Envoy. - Expose ExposeConfig `json:"expose,omitempty"` + Expose Expose `json:"expose,omitempty"` + // TransparentProxy controls configuration specific to proxies in transparent mode. + TransparentProxy *TransparentProxy `json:"transparentProxy,omitempty"` } func (in *ProxyDefaults) GetObjectMeta() metav1.ObjectMeta { @@ -146,12 +148,13 @@ func (in *ProxyDefaults) SetLastSyncedTime(time *metav1.Time) { func (in *ProxyDefaults) ToConsul(datacenter string) capi.ConfigEntry { consulConfig := in.convertConfig() return &capi.ProxyConfigEntry{ - Kind: in.ConsulKind(), - Name: in.ConsulName(), - MeshGateway: in.Spec.MeshGateway.toConsul(), - Expose: in.Spec.Expose.toConsul(), - Config: consulConfig, - Meta: meta(datacenter), + Kind: in.ConsulKind(), + Name: in.ConsulName(), + MeshGateway: in.Spec.MeshGateway.toConsul(), + Expose: in.Spec.Expose.toConsul(), + Config: consulConfig, + TransparentProxy: in.Spec.TransparentProxy.toConsul(), + Meta: meta(datacenter), } } @@ -171,6 +174,9 @@ func (in *ProxyDefaults) Validate(namespacesEnabled bool) error { if err := in.Spec.MeshGateway.validate(path.Child("meshGateway")); err != nil { allErrs = append(allErrs, err) } + if err := in.Spec.TransparentProxy.validate(path.Child("transparentProxy")); err != nil { + allErrs = append(allErrs, err) + } if err := in.validateConfig(path.Child("config")); err != nil { allErrs = append(allErrs, err) } diff --git a/api/v1alpha1/proxydefaults_types_test.go b/api/v1alpha1/proxydefaults_types_test.go index e84d3a25f3..c0516bbe6c 100644 --- a/api/v1alpha1/proxydefaults_types_test.go +++ b/api/v1alpha1/proxydefaults_types_test.go @@ -28,9 +28,12 @@ func TestProxyDefaults_MatchesConsul(t *testing.T) { Spec: ProxyDefaultsSpec{}, }, Theirs: &capi.ProxyConfigEntry{ - Name: common.Global, - Kind: capi.ProxyDefaults, - Namespace: "default", + Name: common.Global, + Kind: capi.ProxyDefaults, + Namespace: "default", + TransparentProxy: &capi.TransparentProxyConfig{ + OutboundListenerPort: 0, + }, CreateIndex: 1, ModifyIndex: 2, Meta: map[string]string{ @@ -47,10 +50,10 @@ func TestProxyDefaults_MatchesConsul(t *testing.T) { }, Spec: ProxyDefaultsSpec{ Config: json.RawMessage(`{"envoy_tracing_json": "{\"http\":{\"name\":\"envoy.zipkin\",\"config\":{\"collector_cluster\":\"zipkin\",\"collector_endpoint\":\"/api/v1/spans\",\"shared_span_context\":false}}}"}`), - MeshGateway: MeshGatewayConfig{ + MeshGateway: MeshGateway{ Mode: "local", }, - Expose: ExposeConfig{ + Expose: Expose{ Checks: true, Paths: []ExposePath{ { @@ -67,6 +70,9 @@ func TestProxyDefaults_MatchesConsul(t *testing.T) { }, }, }, + TransparentProxy: &TransparentProxy{ + OutboundListenerPort: 1000, + }, }, }, Theirs: &capi.ProxyConfigEntry{ @@ -95,6 +101,9 @@ func TestProxyDefaults_MatchesConsul(t *testing.T) { }, }, }, + TransparentProxy: &capi.TransparentProxyConfig{ + OutboundListenerPort: 1000, + }, }, Matches: true, }, @@ -138,6 +147,9 @@ func TestProxyDefaults_ToConsul(t *testing.T) { common.SourceKey: common.SourceValue, common.DatacenterKey: "datacenter", }, + TransparentProxy: &capi.TransparentProxyConfig{ + OutboundListenerPort: 0, + }, }, }, "every field set": { @@ -147,10 +159,10 @@ func TestProxyDefaults_ToConsul(t *testing.T) { }, Spec: ProxyDefaultsSpec{ Config: json.RawMessage(`{"envoy_tracing_json": "{\"http\":{\"name\":\"envoy.zipkin\",\"config\":{\"collector_cluster\":\"zipkin\",\"collector_endpoint\":\"/api/v1/spans\",\"shared_span_context\":false}}}"}`), - MeshGateway: MeshGatewayConfig{ + MeshGateway: MeshGateway{ Mode: "remote", }, - Expose: ExposeConfig{ + Expose: Expose{ Checks: true, Paths: []ExposePath{ { @@ -167,6 +179,9 @@ func TestProxyDefaults_ToConsul(t *testing.T) { }, }, }, + TransparentProxy: &TransparentProxy{ + OutboundListenerPort: 1000, + }, }, }, Exp: &capi.ProxyConfigEntry{ @@ -196,6 +211,9 @@ func TestProxyDefaults_ToConsul(t *testing.T) { }, }, }, + TransparentProxy: &capi.TransparentProxyConfig{ + OutboundListenerPort: 1000, + }, Meta: map[string]string{ common.SourceKey: common.SourceValue, common.DatacenterKey: "datacenter", diff --git a/api/v1alpha1/proxydefaults_webhook.go b/api/v1alpha1/proxydefaults_webhook.go index 2c427501cc..c4cb0d0e5f 100644 --- a/api/v1alpha1/proxydefaults_webhook.go +++ b/api/v1alpha1/proxydefaults_webhook.go @@ -31,7 +31,7 @@ type ProxyDefaultsWebhook struct { // NOTE: The below line cannot be combined with any other comment. If it is // it will break the code generation. // -// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-proxydefaults,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=proxydefaults,versions=v1alpha1,name=mutate-proxydefaults.consul.hashicorp.com,webhookVersions=v1beta1,sideEffects=None +// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-proxydefaults,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=proxydefaults,versions=v1alpha1,name=mutate-proxydefaults.consul.hashicorp.com,sideEffects=None,admissionReviewVersions=v1beta1;v1 func (v *ProxyDefaultsWebhook) Handle(ctx context.Context, req admission.Request) admission.Response { var proxyDefaults ProxyDefaults diff --git a/api/v1alpha1/proxydefaults_webhook_test.go b/api/v1alpha1/proxydefaults_webhook_test.go index 323059103e..1aed2a888a 100644 --- a/api/v1alpha1/proxydefaults_webhook_test.go +++ b/api/v1alpha1/proxydefaults_webhook_test.go @@ -59,7 +59,7 @@ func TestValidateProxyDefault(t *testing.T) { Name: common.Global, }, Spec: ProxyDefaultsSpec{ - MeshGateway: MeshGatewayConfig{ + MeshGateway: MeshGateway{ Mode: "local", }, }, @@ -77,6 +77,21 @@ func TestValidateProxyDefault(t *testing.T) { expAllow: false, expErrMessage: "proxydefaults resource name must be \"global\"", }, + "transparentProxy value set": { + existingResources: []runtime.Object{}, + newResource: &ProxyDefaults{ + ObjectMeta: metav1.ObjectMeta{ + Name: "global", + }, + Spec: ProxyDefaultsSpec{ + TransparentProxy: &TransparentProxy{ + OutboundListenerPort: 1000, + }, + }, + }, + expAllow: false, + expErrMessage: "proxydefaults.consul.hashicorp.com \"global\" is invalid: spec.transparentProxy: Invalid value: v1alpha1.TransparentProxy{OutboundListenerPort:1000}: use the annotation `consul.hashicorp.com/transparent-proxy-outbound-listener-port` to configure the Outbound Listener Port", + }, } for name, c := range cases { t.Run(name, func(t *testing.T) { diff --git a/api/v1alpha1/servicedefaults_types.go b/api/v1alpha1/servicedefaults_types.go index 0b72a1eacd..cf554f2465 100644 --- a/api/v1alpha1/servicedefaults_types.go +++ b/api/v1alpha1/servicedefaults_types.go @@ -49,38 +49,14 @@ type ServiceDefaultsSpec struct { // service-splitter and service-router config entries for a service. Protocol string `json:"protocol,omitempty"` // MeshGateway controls the default mesh gateway configuration for this service. - MeshGateway MeshGatewayConfig `json:"meshGateway,omitempty"` + MeshGateway MeshGateway `json:"meshGateway,omitempty"` // Expose controls the default expose path configuration for Envoy. - Expose ExposeConfig `json:"expose,omitempty"` + Expose Expose `json:"expose,omitempty"` // ExternalSNI is an optional setting that allows for the TLS SNI value // to be changed to a non-connect value when federating with an external system. ExternalSNI string `json:"externalSNI,omitempty"` -} - -// ExposeConfig describes HTTP paths to expose through Envoy outside of Connect. -// Users can expose individual paths and/or all HTTP/GRPC paths for checks. -type ExposeConfig struct { - // Checks defines whether paths associated with Consul checks will be exposed. - // This flag triggers exposing all HTTP and GRPC check paths registered for the service. - Checks bool `json:"checks,omitempty"` - - // Paths is the list of paths exposed through the proxy. - Paths []ExposePath `json:"paths,omitempty"` -} - -type ExposePath struct { - // ListenerPort defines the port of the proxy's listener for exposed paths. - ListenerPort int `json:"listenerPort,omitempty"` - - // Path is the path to expose through the proxy, ie. "/metrics". - Path string `json:"path,omitempty"` - - // LocalPathPort is the port that the service is listening on for the given path. - LocalPathPort int `json:"localPathPort,omitempty"` - - // Protocol describes the upstream's service protocol. - // Valid values are "http" and "http2", defaults to "http". - Protocol string `json:"protocol,omitempty"` + // TransparentProxy controls configuration specific to proxies in transparent mode. + TransparentProxy *TransparentProxy `json:"transparentProxy,omitempty"` } func (in *ServiceDefaults) ConsulKind() string { @@ -160,13 +136,14 @@ func (in *ServiceDefaults) SyncedConditionStatus() corev1.ConditionStatus { // ToConsul converts the entry into it's Consul equivalent struct. func (in *ServiceDefaults) ToConsul(datacenter string) capi.ConfigEntry { return &capi.ServiceConfigEntry{ - Kind: in.ConsulKind(), - Name: in.ConsulName(), - Protocol: in.Spec.Protocol, - MeshGateway: in.Spec.MeshGateway.toConsul(), - Expose: in.Spec.Expose.toConsul(), - ExternalSNI: in.Spec.ExternalSNI, - Meta: meta(datacenter), + Kind: in.ConsulKind(), + Name: in.ConsulName(), + Protocol: in.Spec.Protocol, + MeshGateway: in.Spec.MeshGateway.toConsul(), + Expose: in.Spec.Expose.toConsul(), + ExternalSNI: in.Spec.ExternalSNI, + TransparentProxy: in.Spec.TransparentProxy.toConsul(), + Meta: meta(datacenter), } } @@ -179,6 +156,9 @@ func (in *ServiceDefaults) Validate(namespacesEnabled bool) error { if err := in.Spec.MeshGateway.validate(path.Child("meshGateway")); err != nil { allErrs = append(allErrs, err) } + if err := in.Spec.TransparentProxy.validate(path.Child("transparentProxy")); err != nil { + allErrs = append(allErrs, err) + } allErrs = append(allErrs, in.Spec.Expose.validate(path.Child("expose"))...) if len(allErrs) > 0 { @@ -208,41 +188,3 @@ func (in *ServiceDefaults) MatchesConsul(candidate capi.ConfigEntry) bool { func (in *ServiceDefaults) ConsulGlobalResource() bool { return false } - -// toConsul returns the ExposeConfig for the entry -func (e ExposeConfig) toConsul() capi.ExposeConfig { - var paths []capi.ExposePath - for _, path := range e.Paths { - paths = append(paths, capi.ExposePath{ - ListenerPort: path.ListenerPort, - Path: path.Path, - LocalPathPort: path.LocalPathPort, - Protocol: path.Protocol, - }) - } - return capi.ExposeConfig{ - Checks: e.Checks, - Paths: paths, - } -} - -func (e ExposeConfig) validate(path *field.Path) []*field.Error { - var errs field.ErrorList - protocols := []string{"http", "http2"} - for i, pathCfg := range e.Paths { - indexPath := path.Child("paths").Index(i) - if invalidPathPrefix(pathCfg.Path) { - errs = append(errs, field.Invalid( - indexPath.Child("path"), - pathCfg.Path, - `must begin with a '/'`)) - } - if pathCfg.Protocol != "" && !sliceContains(protocols, pathCfg.Protocol) { - errs = append(errs, field.Invalid( - indexPath.Child("protocol"), - pathCfg.Protocol, - notInSliceMessage(protocols))) - } - } - return errs -} diff --git a/api/v1alpha1/servicedefaults_types_test.go b/api/v1alpha1/servicedefaults_types_test.go index d7d8415672..9bb834f601 100644 --- a/api/v1alpha1/servicedefaults_types_test.go +++ b/api/v1alpha1/servicedefaults_types_test.go @@ -26,6 +26,9 @@ func TestServiceDefaults_ToConsul(t *testing.T) { &capi.ServiceConfigEntry{ Name: "foo", Kind: capi.ServiceDefaults, + TransparentProxy: &capi.TransparentProxyConfig{ + OutboundListenerPort: 0, + }, Meta: map[string]string{ common.SourceKey: common.SourceValue, common.DatacenterKey: "datacenter", @@ -39,10 +42,10 @@ func TestServiceDefaults_ToConsul(t *testing.T) { }, Spec: ServiceDefaultsSpec{ Protocol: "https", - MeshGateway: MeshGatewayConfig{ + MeshGateway: MeshGateway{ Mode: "local", }, - Expose: ExposeConfig{ + Expose: Expose{ Checks: true, Paths: []ExposePath{ { @@ -60,6 +63,9 @@ func TestServiceDefaults_ToConsul(t *testing.T) { }, }, ExternalSNI: "external-sni", + TransparentProxy: &TransparentProxy{ + OutboundListenerPort: 1000, + }, }, }, &capi.ServiceConfigEntry{ @@ -87,6 +93,9 @@ func TestServiceDefaults_ToConsul(t *testing.T) { }, }, ExternalSNI: "external-sni", + TransparentProxy: &capi.TransparentProxyConfig{ + OutboundListenerPort: 1000, + }, Meta: map[string]string{ common.SourceKey: common.SourceValue, common.DatacenterKey: "datacenter", @@ -117,9 +126,12 @@ func TestServiceDefaults_MatchesConsul(t *testing.T) { Spec: ServiceDefaultsSpec{}, }, &capi.ServiceConfigEntry{ - Kind: capi.ServiceDefaults, - Name: "my-test-service", - Namespace: "namespace", + Kind: capi.ServiceDefaults, + Name: "my-test-service", + Namespace: "namespace", + TransparentProxy: &capi.TransparentProxyConfig{ + OutboundListenerPort: 0, + }, CreateIndex: 1, ModifyIndex: 2, Meta: map[string]string{ @@ -136,10 +148,10 @@ func TestServiceDefaults_MatchesConsul(t *testing.T) { }, Spec: ServiceDefaultsSpec{ Protocol: "http", - MeshGateway: MeshGatewayConfig{ + MeshGateway: MeshGateway{ Mode: "remote", }, - Expose: ExposeConfig{ + Expose: Expose{ Paths: []ExposePath{ { ListenerPort: 8080, @@ -156,6 +168,9 @@ func TestServiceDefaults_MatchesConsul(t *testing.T) { }, }, ExternalSNI: "sni-value", + TransparentProxy: &TransparentProxy{ + OutboundListenerPort: 1000, + }, }, }, &capi.ServiceConfigEntry{ @@ -182,6 +197,9 @@ func TestServiceDefaults_MatchesConsul(t *testing.T) { }, }, ExternalSNI: "sni-value", + TransparentProxy: &capi.TransparentProxyConfig{ + OutboundListenerPort: 1000, + }, }, true, }, @@ -221,10 +239,10 @@ func TestServiceDefaults_Validate(t *testing.T) { Name: "my-service", }, Spec: ServiceDefaultsSpec{ - MeshGateway: MeshGatewayConfig{ + MeshGateway: MeshGateway{ Mode: "remote", }, - Expose: ExposeConfig{ + Expose: Expose{ Checks: false, Paths: []ExposePath{ { @@ -245,7 +263,7 @@ func TestServiceDefaults_Validate(t *testing.T) { Name: "my-service", }, Spec: ServiceDefaultsSpec{ - MeshGateway: MeshGatewayConfig{ + MeshGateway: MeshGateway{ Mode: "foobar", }, }, @@ -258,7 +276,7 @@ func TestServiceDefaults_Validate(t *testing.T) { Name: "my-service", }, Spec: ServiceDefaultsSpec{ - Expose: ExposeConfig{ + Expose: Expose{ Paths: []ExposePath{ { Protocol: "invalid-protocol", @@ -276,7 +294,7 @@ func TestServiceDefaults_Validate(t *testing.T) { Name: "my-service", }, Spec: ServiceDefaultsSpec{ - Expose: ExposeConfig{ + Expose: Expose{ Paths: []ExposePath{ { Protocol: "http", @@ -288,16 +306,29 @@ func TestServiceDefaults_Validate(t *testing.T) { }, `servicedefaults.consul.hashicorp.com "my-service" is invalid: spec.expose.paths[0].path: Invalid value: "invalid-path": must begin with a '/'`, }, + "transparentProxy": { + &ServiceDefaults{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-service", + }, + Spec: ServiceDefaultsSpec{ + TransparentProxy: &TransparentProxy{ + OutboundListenerPort: 1000, + }, + }, + }, + "servicedefaults.consul.hashicorp.com \"my-service\" is invalid: spec.transparentProxy: Invalid value: v1alpha1.TransparentProxy{OutboundListenerPort:1000}: use the annotation `consul.hashicorp.com/transparent-proxy-outbound-listener-port` to configure the Outbound Listener Port", + }, "multi-error": { &ServiceDefaults{ ObjectMeta: metav1.ObjectMeta{ Name: "my-service", }, Spec: ServiceDefaultsSpec{ - MeshGateway: MeshGatewayConfig{ + MeshGateway: MeshGateway{ Mode: "invalid-mode", }, - Expose: ExposeConfig{ + Expose: Expose{ Paths: []ExposePath{ { Protocol: "invalid-protocol", diff --git a/api/v1alpha1/servicedefaults_webhook.go b/api/v1alpha1/servicedefaults_webhook.go index 5b5f600eba..33e92dfc46 100644 --- a/api/v1alpha1/servicedefaults_webhook.go +++ b/api/v1alpha1/servicedefaults_webhook.go @@ -48,7 +48,7 @@ type ServiceDefaultsWebhook struct { // // NOTE: The below line cannot be combined with any other comment. If it is it will break the code generation. // -// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-servicedefaults,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=servicedefaults,versions=v1alpha1,name=mutate-servicedefaults.consul.hashicorp.com,webhookVersions=v1beta1,sideEffects=None +// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-servicedefaults,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=servicedefaults,versions=v1alpha1,name=mutate-servicedefaults.consul.hashicorp.com,sideEffects=None,admissionReviewVersions=v1beta1;v1 func (v *ServiceDefaultsWebhook) Handle(ctx context.Context, req admission.Request) admission.Response { var svcDefaults ServiceDefaults diff --git a/api/v1alpha1/serviceintentions_webhook.go b/api/v1alpha1/serviceintentions_webhook.go index c285e26019..40422fa018 100644 --- a/api/v1alpha1/serviceintentions_webhook.go +++ b/api/v1alpha1/serviceintentions_webhook.go @@ -34,7 +34,7 @@ type ServiceIntentionsWebhook struct { // NOTE: The below line cannot be combined with any other comment. If it is // it will break the code generation. // -// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-serviceintentions,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=serviceintentions,versions=v1alpha1,name=mutate-serviceintentions.consul.hashicorp.com,webhookVersions=v1beta1,sideEffects=None +// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-serviceintentions,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=serviceintentions,versions=v1alpha1,name=mutate-serviceintentions.consul.hashicorp.com,sideEffects=None,admissionReviewVersions=v1beta1;v1 func (v *ServiceIntentionsWebhook) Handle(ctx context.Context, req admission.Request) admission.Response { var svcIntentions ServiceIntentions diff --git a/api/v1alpha1/serviceresolver_webhook.go b/api/v1alpha1/serviceresolver_webhook.go index 806b777646..9982530e5e 100644 --- a/api/v1alpha1/serviceresolver_webhook.go +++ b/api/v1alpha1/serviceresolver_webhook.go @@ -48,7 +48,7 @@ type ServiceResolverWebhook struct { // // NOTE: The below line cannot be combined with any other comment. If it is it will break the code generation. // -// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-serviceresolver,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=serviceresolvers,versions=v1alpha1,name=mutate-serviceresolver.consul.hashicorp.com,webhookVersions=v1beta1,sideEffects=None +// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-serviceresolver,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=serviceresolvers,versions=v1alpha1,name=mutate-serviceresolver.consul.hashicorp.com,sideEffects=None,admissionReviewVersions=v1beta1;v1 func (v *ServiceResolverWebhook) Handle(ctx context.Context, req admission.Request) admission.Response { var svcResolver ServiceResolver diff --git a/api/v1alpha1/servicerouter_webhook.go b/api/v1alpha1/servicerouter_webhook.go index 3c7ffb83a5..9670fe3f50 100644 --- a/api/v1alpha1/servicerouter_webhook.go +++ b/api/v1alpha1/servicerouter_webhook.go @@ -48,7 +48,7 @@ type ServiceRouterWebhook struct { // // NOTE: The below line cannot be combined with any other comment. If it is it will break the code generation. // -// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-servicerouter,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=servicerouters,versions=v1alpha1,name=mutate-servicerouter.consul.hashicorp.com,webhookVersions=v1beta1,sideEffects=None +// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-servicerouter,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=servicerouters,versions=v1alpha1,name=mutate-servicerouter.consul.hashicorp.com,sideEffects=None,admissionReviewVersions=v1beta1;v1 func (v *ServiceRouterWebhook) Handle(ctx context.Context, req admission.Request) admission.Response { var svcRouter ServiceRouter diff --git a/api/v1alpha1/servicesplitter_webhook.go b/api/v1alpha1/servicesplitter_webhook.go index bcda641bd7..2993d66b3b 100644 --- a/api/v1alpha1/servicesplitter_webhook.go +++ b/api/v1alpha1/servicesplitter_webhook.go @@ -49,7 +49,7 @@ type ServiceSplitterWebhook struct { // NOTE: The below line cannot be combined with any other comment. If it is // it will break the code generation. // -// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-servicesplitter,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=servicesplitters,versions=v1alpha1,name=mutate-servicesplitter.consul.hashicorp.com,webhookVersions=v1beta1,sideEffects=None +// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-servicesplitter,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=servicesplitters,versions=v1alpha1,name=mutate-servicesplitter.consul.hashicorp.com,sideEffects=None,admissionReviewVersions=v1beta1;v1 func (v *ServiceSplitterWebhook) Handle(ctx context.Context, req admission.Request) admission.Response { var serviceSplitter ServiceSplitter diff --git a/api/v1alpha1/terminatinggateway_webhook.go b/api/v1alpha1/terminatinggateway_webhook.go index efde0a6f44..9872248d13 100644 --- a/api/v1alpha1/terminatinggateway_webhook.go +++ b/api/v1alpha1/terminatinggateway_webhook.go @@ -48,7 +48,7 @@ type TerminatingGatewayWebhook struct { // // NOTE: The below line cannot be combined with any other comment. If it is it will break the code generation. // -// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-terminatinggateway,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=terminatinggateways,versions=v1alpha1,name=mutate-terminatinggateway.consul.hashicorp.com,webhookVersions=v1beta1,sideEffects=None +// +kubebuilder:webhook:verbs=create;update,path=/mutate-v1alpha1-terminatinggateway,mutating=true,failurePolicy=fail,groups=consul.hashicorp.com,resources=terminatinggateways,versions=v1alpha1,name=mutate-terminatinggateway.consul.hashicorp.com,sideEffects=None,admissionReviewVersions=v1beta1;v1 func (v *TerminatingGatewayWebhook) Handle(ctx context.Context, req admission.Request) admission.Response { var resource TerminatingGateway diff --git a/api/v1alpha1/types.go b/api/v1alpha1/types.go index 3eb9cef47d..4a3bcacd1b 100644 --- a/api/v1alpha1/types.go +++ b/api/v1alpha1/types.go @@ -11,36 +11,47 @@ import ( type MeshGatewayMode string -const ( - // MeshGatewayModeDefault represents no specific mode and should - // be used to indicate that a different layer of the configuration - // chain should take precedence - MeshGatewayModeDefault MeshGatewayMode = "" - - // MeshGatewayModeNone represents that the Upstream Connect connections - // should be direct and not flow through a mesh gateway. - MeshGatewayModeNone MeshGatewayMode = "none" - - // MeshGatewayModeLocal represents that the Upstream Connect connections - // should be made to a mesh gateway in the local datacenter. - MeshGatewayModeLocal MeshGatewayMode = "local" - - // MeshGatewayModeRemote represents that the Upstream Connect connections - // should be made to a mesh gateway in a remote datacenter. - MeshGatewayModeRemote MeshGatewayMode = "remote" -) +// Expose describes HTTP paths to expose through Envoy outside of Connect. +// Users can expose individual paths and/or all HTTP/GRPC paths for checks. +type Expose struct { + // Checks defines whether paths associated with Consul checks will be exposed. + // This flag triggers exposing all HTTP and GRPC check paths registered for the service. + Checks bool `json:"checks,omitempty"` + + // Paths is the list of paths exposed through the proxy. + Paths []ExposePath `json:"paths,omitempty"` +} + +type ExposePath struct { + // ListenerPort defines the port of the proxy's listener for exposed paths. + ListenerPort int `json:"listenerPort,omitempty"` -// MeshGatewayConfig controls how Mesh Gateways are used for upstream Connect + // Path is the path to expose through the proxy, ie. "/metrics". + Path string `json:"path,omitempty"` + + // LocalPathPort is the port that the service is listening on for the given path. + LocalPathPort int `json:"localPathPort,omitempty"` + + // Protocol describes the upstream's service protocol. + // Valid values are "http" and "http2", defaults to "http". + Protocol string `json:"protocol,omitempty"` +} + +type TransparentProxy struct { + // The port of the listener where outbound application traffic is being redirected to. + OutboundListenerPort int `json:"outboundListenerPort,omitempty"` +} + +// MeshGateway controls how Mesh Gateways are used for upstream Connect // services -type MeshGatewayConfig struct { +type MeshGateway struct { // Mode is the mode that should be used for the upstream connection. // One of none, local, or remote. Mode string `json:"mode,omitempty"` } -// toConsul returns the MeshGatewayConfig for the entry -func (m MeshGatewayConfig) toConsul() capi.MeshGatewayConfig { - mode := capi.MeshGatewayMode(m.Mode) +func (in MeshGateway) toConsul() capi.MeshGatewayConfig { + mode := capi.MeshGatewayMode(in.Mode) switch mode { case capi.MeshGatewayModeLocal, capi.MeshGatewayModeRemote, capi.MeshGatewayModeNone: return capi.MeshGatewayConfig{ @@ -53,10 +64,61 @@ func (m MeshGatewayConfig) toConsul() capi.MeshGatewayConfig { } } -func (m MeshGatewayConfig) validate(path *field.Path) *field.Error { +func (in MeshGateway) validate(path *field.Path) *field.Error { modes := []string{"remote", "local", "none", ""} - if !sliceContains(modes, m.Mode) { - return field.Invalid(path.Child("mode"), m.Mode, notInSliceMessage(modes)) + if !sliceContains(modes, in.Mode) { + return field.Invalid(path.Child("mode"), in.Mode, notInSliceMessage(modes)) + } + return nil +} + +func (in Expose) toConsul() capi.ExposeConfig { + var paths []capi.ExposePath + for _, path := range in.Paths { + paths = append(paths, capi.ExposePath{ + ListenerPort: path.ListenerPort, + Path: path.Path, + LocalPathPort: path.LocalPathPort, + Protocol: path.Protocol, + }) + } + return capi.ExposeConfig{ + Checks: in.Checks, + Paths: paths, + } +} + +func (in Expose) validate(path *field.Path) []*field.Error { + var errs field.ErrorList + protocols := []string{"http", "http2"} + for i, pathCfg := range in.Paths { + indexPath := path.Child("paths").Index(i) + if invalidPathPrefix(pathCfg.Path) { + errs = append(errs, field.Invalid( + indexPath.Child("path"), + pathCfg.Path, + `must begin with a '/'`)) + } + if pathCfg.Protocol != "" && !sliceContains(protocols, pathCfg.Protocol) { + errs = append(errs, field.Invalid( + indexPath.Child("protocol"), + pathCfg.Protocol, + notInSliceMessage(protocols))) + } + } + return errs +} + +func (in *TransparentProxy) toConsul() *capi.TransparentProxyConfig { + if in == nil { + return &capi.TransparentProxyConfig{OutboundListenerPort: 0} + } + return &capi.TransparentProxyConfig{OutboundListenerPort: in.OutboundListenerPort} +} + +func (in *TransparentProxy) validate(path *field.Path) *field.Error { + if in != nil { + return field.Invalid(path, in, "use the annotation `consul.hashicorp.com/transparent-proxy-outbound-listener-port` to configure the Outbound Listener Port") } return nil } diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index f709259905..5129d9dbbd 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -77,7 +77,7 @@ func (in *Destination) DeepCopy() *Destination { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExposeConfig) DeepCopyInto(out *ExposeConfig) { +func (in *Expose) DeepCopyInto(out *Expose) { *out = *in if in.Paths != nil { in, out := &in.Paths, &out.Paths @@ -86,12 +86,12 @@ func (in *ExposeConfig) DeepCopyInto(out *ExposeConfig) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExposeConfig. -func (in *ExposeConfig) DeepCopy() *ExposeConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Expose. +func (in *Expose) DeepCopy() *Expose { if in == nil { return nil } - out := new(ExposeConfig) + out := new(Expose) in.DeepCopyInto(out) return out } @@ -437,16 +437,16 @@ func (in *LoadBalancer) DeepCopy() *LoadBalancer { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MeshGatewayConfig) DeepCopyInto(out *MeshGatewayConfig) { +func (in *MeshGateway) DeepCopyInto(out *MeshGateway) { *out = *in } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshGatewayConfig. -func (in *MeshGatewayConfig) DeepCopy() *MeshGatewayConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshGateway. +func (in *MeshGateway) DeepCopy() *MeshGateway { if in == nil { return nil } - out := new(MeshGatewayConfig) + out := new(MeshGateway) in.DeepCopyInto(out) return out } @@ -520,6 +520,11 @@ func (in *ProxyDefaultsSpec) DeepCopyInto(out *ProxyDefaultsSpec) { } out.MeshGateway = in.MeshGateway in.Expose.DeepCopyInto(&out.Expose) + if in.TransparentProxy != nil { + in, out := &in.TransparentProxy, &out.TransparentProxy + *out = new(TransparentProxy) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyDefaultsSpec. @@ -611,6 +616,11 @@ func (in *ServiceDefaultsSpec) DeepCopyInto(out *ServiceDefaultsSpec) { *out = *in out.MeshGateway = in.MeshGateway in.Expose.DeepCopyInto(&out.Expose) + if in.TransparentProxy != nil { + in, out := &in.TransparentProxy, &out.TransparentProxy + *out = new(TransparentProxy) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceDefaultsSpec. @@ -1373,3 +1383,18 @@ func (in *TerminatingGatewaySpec) DeepCopy() *TerminatingGatewaySpec { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TransparentProxy) DeepCopyInto(out *TransparentProxy) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransparentProxy. +func (in *TransparentProxy) DeepCopy() *TransparentProxy { + if in == nil { + return nil + } + out := new(TransparentProxy) + in.DeepCopyInto(out) + return out +} diff --git a/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml b/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml index 1748a74eb0..1bcdb476f3 100644 --- a/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml +++ b/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml @@ -81,6 +81,13 @@ spec: description: Mode is the mode that should be used for the upstream connection. One of none, local, or remote. type: string type: object + transparentProxy: + description: TransparentProxy controls configuration specific to proxies in transparent mode. + properties: + outboundListenerPort: + description: The port of the listener where outbound application traffic is being redirected to. + type: integer + type: object type: object status: properties: diff --git a/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml b/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml index d65ee85fb0..1d1ab9958f 100644 --- a/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml +++ b/config/crd/bases/consul.hashicorp.com_servicedefaults.yaml @@ -83,6 +83,13 @@ spec: protocol: description: Protocol sets the protocol of the service. This is used by Connect proxies for things like observability features and to unlock usage of the service-splitter and service-router config entries for a service. type: string + transparentProxy: + description: TransparentProxy controls configuration specific to proxies in transparent mode. + properties: + outboundListenerPort: + description: The port of the listener where outbound application traffic is being redirected to. + type: integer + type: object type: object status: properties: diff --git a/config/webhook/manifests.v1beta1.yaml b/config/webhook/manifests.yaml similarity index 88% rename from config/webhook/manifests.v1beta1.yaml rename to config/webhook/manifests.yaml index 3c269f859f..96d63800b9 100644 --- a/config/webhook/manifests.v1beta1.yaml +++ b/config/webhook/manifests.yaml @@ -1,12 +1,14 @@ --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: creationTimestamp: null name: mutating-webhook-configuration webhooks: -- admissionReviewVersions: null +- admissionReviewVersions: + - v1beta1 + - v1 clientConfig: service: name: webhook-service @@ -25,7 +27,9 @@ webhooks: resources: - ingressgateways sideEffects: None -- admissionReviewVersions: null +- admissionReviewVersions: + - v1beta1 + - v1 clientConfig: service: name: webhook-service @@ -44,7 +48,9 @@ webhooks: resources: - proxydefaults sideEffects: None -- admissionReviewVersions: null +- admissionReviewVersions: + - v1beta1 + - v1 clientConfig: service: name: webhook-service @@ -63,7 +69,9 @@ webhooks: resources: - servicedefaults sideEffects: None -- admissionReviewVersions: null +- admissionReviewVersions: + - v1beta1 + - v1 clientConfig: service: name: webhook-service @@ -82,7 +90,9 @@ webhooks: resources: - serviceintentions sideEffects: None -- admissionReviewVersions: null +- admissionReviewVersions: + - v1beta1 + - v1 clientConfig: service: name: webhook-service @@ -101,7 +111,9 @@ webhooks: resources: - serviceresolvers sideEffects: None -- admissionReviewVersions: null +- admissionReviewVersions: + - v1beta1 + - v1 clientConfig: service: name: webhook-service @@ -120,7 +132,9 @@ webhooks: resources: - servicerouters sideEffects: None -- admissionReviewVersions: null +- admissionReviewVersions: + - v1beta1 + - v1 clientConfig: service: name: webhook-service @@ -139,7 +153,9 @@ webhooks: resources: - servicesplitters sideEffects: None -- admissionReviewVersions: null +- admissionReviewVersions: + - v1beta1 + - v1 clientConfig: service: name: webhook-service diff --git a/connect-inject/endpoints_controller_ent_test.go b/connect-inject/endpoints_controller_ent_test.go index a997d12ead..956cd75a76 100644 --- a/connect-inject/endpoints_controller_ent_test.go +++ b/connect-inject/endpoints_controller_ent_test.go @@ -151,6 +151,7 @@ func TestReconcileCreateEndpointWithNamespaces(t *testing.T) { ServiceProxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-created", DestinationServiceID: "pod1-service-created", + TransparentProxy: &api.TransparentProxyConfig{}, }, ServiceMeta: map[string]string{MetaKeyPodName: "pod1", MetaKeyKubeServiceName: "service-created", MetaKeyKubeNS: test.SourceKubeNS}, ServiceTags: []string{}, @@ -164,6 +165,7 @@ func TestReconcileCreateEndpointWithNamespaces(t *testing.T) { ServiceProxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-created", DestinationServiceID: "pod2-service-created", + TransparentProxy: &api.TransparentProxyConfig{}, }, ServiceMeta: map[string]string{MetaKeyPodName: "pod2", MetaKeyKubeServiceName: "service-created", MetaKeyKubeNS: test.SourceKubeNS}, ServiceTags: []string{}, @@ -430,6 +432,7 @@ func TestReconcileUpdateEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod1-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, Namespace: ts.ExpConsulNS, }, @@ -496,6 +499,7 @@ func TestReconcileUpdateEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod1-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, Namespace: ts.ExpConsulNS, }, @@ -571,6 +575,7 @@ func TestReconcileUpdateEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod1-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, Namespace: ts.ExpConsulNS, }, @@ -647,6 +652,7 @@ func TestReconcileUpdateEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod1-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": ts.SourceKubeNS}, Namespace: ts.ExpConsulNS, @@ -668,6 +674,7 @@ func TestReconcileUpdateEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod2-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": ts.SourceKubeNS}, Namespace: ts.ExpConsulNS, @@ -736,6 +743,7 @@ func TestReconcileUpdateEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod1-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": ts.SourceKubeNS}, Namespace: ts.ExpConsulNS, @@ -757,6 +765,7 @@ func TestReconcileUpdateEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod2-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": ts.SourceKubeNS}, Namespace: ts.ExpConsulNS, @@ -810,6 +819,7 @@ func TestReconcileUpdateEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod1-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": ts.SourceKubeNS}, Namespace: ts.ExpConsulNS, @@ -831,6 +841,7 @@ func TestReconcileUpdateEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod2-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": ts.SourceKubeNS}, Namespace: ts.ExpConsulNS, @@ -872,6 +883,7 @@ func TestReconcileUpdateEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod1-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": ts.SourceKubeNS}, Namespace: ts.ExpConsulNS, @@ -893,6 +905,7 @@ func TestReconcileUpdateEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod2-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": ts.SourceKubeNS}, Namespace: ts.ExpConsulNS, @@ -1087,6 +1100,7 @@ func TestReconcileDeleteEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-deleted", DestinationServiceID: "pod1-service-deleted", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-deleted", "k8s-namespace": ts.SourceKubeNS}, Namespace: ts.ExpConsulNS, @@ -1114,6 +1128,7 @@ func TestReconcileDeleteEndpointWithNamespaces(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod1-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-deleted", "k8s-namespace": ts.SourceKubeNS}, Namespace: ts.ExpConsulNS, diff --git a/connect-inject/endpoints_controller_test.go b/connect-inject/endpoints_controller_test.go index df006d73e8..1ed9b835de 100644 --- a/connect-inject/endpoints_controller_test.go +++ b/connect-inject/endpoints_controller_test.go @@ -560,6 +560,7 @@ func TestReconcileCreateEndpoint(t *testing.T) { DestinationServiceID: "pod1-service-created", LocalServiceAddress: "", LocalServicePort: 0, + TransparentProxy: &api.TransparentProxyConfig{}, }, ServiceMeta: map[string]string{MetaKeyPodName: "pod1", MetaKeyKubeServiceName: "service-created", MetaKeyKubeNS: "default"}, ServiceTags: []string{}, @@ -646,6 +647,7 @@ func TestReconcileCreateEndpoint(t *testing.T) { DestinationServiceID: "pod1-service-created", LocalServiceAddress: "", LocalServicePort: 0, + TransparentProxy: &api.TransparentProxyConfig{}, }, ServiceMeta: map[string]string{MetaKeyPodName: "pod1", MetaKeyKubeServiceName: "service-created", MetaKeyKubeNS: "default"}, ServiceTags: []string{}, @@ -660,6 +662,7 @@ func TestReconcileCreateEndpoint(t *testing.T) { DestinationServiceID: "pod2-service-created", LocalServiceAddress: "", LocalServicePort: 0, + TransparentProxy: &api.TransparentProxyConfig{}, }, ServiceMeta: map[string]string{MetaKeyPodName: "pod2", MetaKeyKubeServiceName: "service-created", MetaKeyKubeNS: "default"}, ServiceTags: []string{}, @@ -752,6 +755,7 @@ func TestReconcileCreateEndpoint(t *testing.T) { DestinationServiceID: "pod1-different-consul-svc-name", LocalServiceAddress: "127.0.0.1", LocalServicePort: 1234, + TransparentProxy: &api.TransparentProxyConfig{}, Upstreams: []api.Upstream{ { DestinationType: api.UpstreamDestTypeService, @@ -978,6 +982,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod1-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, }, }, @@ -1058,6 +1063,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod1-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, }, }, @@ -1130,6 +1136,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod1-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, }, }, @@ -1192,6 +1199,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod1-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, }, }, @@ -1263,6 +1271,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod1-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, }, }, @@ -1353,6 +1362,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod1-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": "default"}, }, @@ -1372,6 +1382,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod2-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": "default"}, }, @@ -1436,6 +1447,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod1-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": "default"}, }, @@ -1455,6 +1467,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod2-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": "default"}, }, @@ -1504,6 +1517,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod1-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": "default"}, }, @@ -1523,6 +1537,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-updated", DestinationServiceID: "pod2-service-updated", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": "default"}, }, @@ -1562,6 +1577,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod1-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": "default"}, }, @@ -1581,6 +1597,7 @@ func TestReconcileUpdateEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod2-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-updated", "k8s-namespace": "default"}, }, @@ -1733,6 +1750,7 @@ func TestReconcileDeleteEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "service-deleted", DestinationServiceID: "pod1-service-deleted", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-deleted", "k8s-namespace": "default"}, }, @@ -1758,6 +1776,7 @@ func TestReconcileDeleteEndpoint(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "different-consul-svc-name", DestinationServiceID: "pod1-different-consul-svc-name", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": "service-deleted", "k8s-namespace": "default"}, }, @@ -2475,6 +2494,7 @@ func TestServiceInstancesForK8SServiceNameAndNamespace(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "foo", DestinationServiceID: "foo1", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": k8sSvc, "k8s-namespace": k8sNS}, }, @@ -2499,6 +2519,7 @@ func TestServiceInstancesForK8SServiceNameAndNamespace(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "foo", DestinationServiceID: "foo1", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": c.k8sServiceNameMeta, "k8s-namespace": c.k8sNamespaceMeta}, }, @@ -2516,6 +2537,7 @@ func TestServiceInstancesForK8SServiceNameAndNamespace(t *testing.T) { Proxy: &api.AgentServiceConnectProxyConfig{ DestinationServiceName: "k8s-service-different-ns", DestinationServiceID: "k8s-service-different-ns-id", + TransparentProxy: &api.TransparentProxyConfig{}, }, Meta: map[string]string{"k8s-service-name": c.k8sServiceNameMeta, "k8s-namespace": "different-ns"}, }, diff --git a/controller/configentry_controller_ent_test.go b/controller/configentry_controller_ent_test.go index 8c27cbc89d..dd71f48b7d 100644 --- a/controller/configentry_controller_ent_test.go +++ b/controller/configentry_controller_ent_test.go @@ -124,7 +124,7 @@ func TestConfigEntryController_createsConfigEntry_consulNamespaces(tt *testing.T Namespace: c.SourceKubeNS, }, Spec: v1alpha1.ProxyDefaultsSpec{ - MeshGateway: v1alpha1.MeshGatewayConfig{ + MeshGateway: v1alpha1.MeshGateway{ Mode: "remote", }, }, @@ -356,7 +356,7 @@ func TestConfigEntryController_updatesConfigEntry_consulNamespaces(tt *testing.T Finalizers: []string{controller.FinalizerName}, }, Spec: v1alpha1.ProxyDefaultsSpec{ - MeshGateway: v1alpha1.MeshGatewayConfig{ + MeshGateway: v1alpha1.MeshGateway{ Mode: "remote", }, }, @@ -630,7 +630,7 @@ func TestConfigEntryController_deletesConfigEntry_consulNamespaces(tt *testing.T DeletionTimestamp: &metav1.Time{Time: time.Now()}, }, Spec: v1alpha1.ProxyDefaultsSpec{ - MeshGateway: v1alpha1.MeshGatewayConfig{ + MeshGateway: v1alpha1.MeshGateway{ Mode: "remote", }, }, diff --git a/controller/configentry_controller_test.go b/controller/configentry_controller_test.go index 75743ea288..b7322e4dd7 100644 --- a/controller/configentry_controller_test.go +++ b/controller/configentry_controller_test.go @@ -109,7 +109,7 @@ func TestConfigEntryControllers_createsConfigEntry(t *testing.T) { Namespace: kubeNS, }, Spec: v1alpha1.ProxyDefaultsSpec{ - MeshGateway: v1alpha1.MeshGatewayConfig{ + MeshGateway: v1alpha1.MeshGateway{ Mode: "remote", }, }, @@ -523,7 +523,7 @@ func TestConfigEntryControllers_updatesConfigEntry(t *testing.T) { Namespace: kubeNS, }, Spec: v1alpha1.ProxyDefaultsSpec{ - MeshGateway: v1alpha1.MeshGatewayConfig{ + MeshGateway: v1alpha1.MeshGateway{ Mode: "remote", }, }, @@ -962,7 +962,7 @@ func TestConfigEntryControllers_deletesConfigEntry(t *testing.T) { Finalizers: []string{FinalizerName}, }, Spec: v1alpha1.ProxyDefaultsSpec{ - MeshGateway: v1alpha1.MeshGatewayConfig{ + MeshGateway: v1alpha1.MeshGateway{ Mode: "remote", }, },