From b8a02fe676cc200e1f93e77985c9fe218101a130 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Tue, 24 Oct 2023 15:04:14 -0400 Subject: [PATCH] Use strict DNS for mesh gateways with hostnames --- .changelog/19268.txt | 3 +++ agent/xds/clusters.go | 13 ++++++++----- ...-peer-through-mesh-gateway-enabled.latest.golden | 2 +- 3 files changed, 12 insertions(+), 6 deletions(-) create mode 100644 .changelog/19268.txt diff --git a/.changelog/19268.txt b/.changelog/19268.txt new file mode 100644 index 000000000000..2bb8f489e345 --- /dev/null +++ b/.changelog/19268.txt @@ -0,0 +1,3 @@ +```release-note:bug +Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize. +``` diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index dc8245627b0c..e9e5f57a1445 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -638,10 +638,13 @@ func (s *ResourceGenerator) makePeerServerClusters(cfgSnap *proxycfg.ConfigSnaps var cluster *envoy_cluster_v3.Cluster if servers.UseCDS { + // we use strict DNS here since multiple gateways with hostnames + // would result in an invalid cluster due to logical DNS requiring + // only a single host cluster = s.makeExternalHostnameCluster(cfgSnap, clusterOpts{ name: name, addresses: servers.Addresses, - }) + }, envoy_cluster_v3.Cluster_STRICT_DNS) } else { cluster = s.makeGatewayCluster(cfgSnap, clusterOpts{ name: name, @@ -860,7 +863,7 @@ func (s *ResourceGenerator) makeDestinationClusters(cfgSnap *proxycfg.ConfigSnap if structs.IsIP(address) { cluster = s.makeExternalIPCluster(cfgSnap, opts) } else { - cluster = s.makeExternalHostnameCluster(cfgSnap, opts) + cluster = s.makeExternalHostnameCluster(cfgSnap, opts, envoy_cluster_v3.Cluster_LOGICAL_DNS) } if err := s.injectGatewayDestinationAddons(cfgSnap, cluster, svcName); err != nil { return nil, err @@ -1885,8 +1888,8 @@ func (s *ResourceGenerator) makeExternalIPCluster(snap *proxycfg.ConfigSnapshot, } // makeExternalHostnameCluster creates an Envoy cluster for hostname endpoints that will be resolved with DNS -// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffice -func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster { +// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffic +func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts, discoveryType envoy_cluster_v3.Cluster_DiscoveryType) *envoy_cluster_v3.Cluster { cfg, err := ParseGatewayConfig(snap.Proxy.Config) if err != nil { // Don't hard fail on a config typo, just warn. The parse func returns @@ -1901,7 +1904,7 @@ func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSna // Having an empty config enables outlier detection with default config. OutlierDetection: &envoy_cluster_v3.OutlierDetection{}, - ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_LOGICAL_DNS}, + ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: discoveryType}, DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY, } diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden index 805b3bccc207..86cac4c9b3f8 100644 --- a/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden +++ b/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden @@ -30,7 +30,7 @@ { "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", "name": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5", - "type": "LOGICAL_DNS", + "type": "STRICT_DNS", "connectTimeout": "5s", "loadAssignment": { "clusterName": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5",