From 52d858c6775667c452ba5c556a1ea3d2f0ccec84 Mon Sep 17 00:00:00 2001 From: Kyle Schochenmaier Date: Thu, 8 Apr 2021 08:32:05 -0500 Subject: [PATCH 1/3] remove health checks controller and use endpoints controller for health checks (#472) remove health checks controller and use endpoints controller for health checks. --- connect-inject/cleanup_resource.go | 0 connect-inject/cleanup_resource_ent_test.go | 0 connect-inject/cleanup_resource_test.go | 0 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 connect-inject/cleanup_resource.go create mode 100644 connect-inject/cleanup_resource_ent_test.go create mode 100644 connect-inject/cleanup_resource_test.go diff --git a/connect-inject/cleanup_resource.go b/connect-inject/cleanup_resource.go new file mode 100644 index 0000000000..e69de29bb2 diff --git a/connect-inject/cleanup_resource_ent_test.go b/connect-inject/cleanup_resource_ent_test.go new file mode 100644 index 0000000000..e69de29bb2 diff --git a/connect-inject/cleanup_resource_test.go b/connect-inject/cleanup_resource_test.go new file mode 100644 index 0000000000..e69de29bb2 From ba0b0d24cdd0dc15f668f8b565371c51dad1681e Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Tue, 20 Apr 2021 16:57:44 -0400 Subject: [PATCH 2/3] Update ProxyDefaults and ServiceDefaults with Transparent Proxy - Update the spec of ServiceDefaults and ProxyDefaults to support transparent proxy changes that are introduced as a part of Consul 1.10 --- connect-inject/cleanup_resource.go | 0 connect-inject/cleanup_resource_ent_test.go | 0 connect-inject/cleanup_resource_test.go | 0 3 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 connect-inject/cleanup_resource.go delete mode 100644 connect-inject/cleanup_resource_ent_test.go delete mode 100644 connect-inject/cleanup_resource_test.go diff --git a/connect-inject/cleanup_resource.go b/connect-inject/cleanup_resource.go deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/connect-inject/cleanup_resource_ent_test.go b/connect-inject/cleanup_resource_ent_test.go deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/connect-inject/cleanup_resource_test.go b/connect-inject/cleanup_resource_test.go deleted file mode 100644 index e69de29bb2..0000000000 From ce78d3ac91d037fbd9f3f2dd8aa30aa1645a0acf Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Mon, 26 Apr 2021 11:18:18 -0400 Subject: [PATCH 3/3] Add mode to ProxyDefault configEntry --- api/v1alpha1/proxydefaults_types.go | 11 +++++++++++ api/v1alpha1/proxydefaults_webhook_test.go | 13 +++++++++++++ api/v1alpha1/zz_generated.deepcopy.go | 5 +++++ .../bases/consul.hashicorp.com_proxydefaults.yaml | 3 +++ 4 files changed, 32 insertions(+) diff --git a/api/v1alpha1/proxydefaults_types.go b/api/v1alpha1/proxydefaults_types.go index 0d246b33ba..0818d26b0e 100644 --- a/api/v1alpha1/proxydefaults_types.go +++ b/api/v1alpha1/proxydefaults_types.go @@ -66,6 +66,14 @@ type ProxyDefaultsSpec struct { // Note: This cannot be set using the CRD and should be set using annotations on the // services that are part of the mesh. TransparentProxy *TransparentProxy `json:"transparentProxy,omitempty"` + // Mode can be one of "direct" or "transparent". "transparent" represents that inbound and outbound + // application traffic is being captured and redirected through the proxy. This mode does not + // enable the traffic redirection itself. Instead it signals Consul to configure Envoy as if + // traffic is already being redirected. "direct" represents that the proxy's listeners must be + // dialed directly by the local application and other proxies. + // Note: This cannot be set using the CRD and should be set using annotations on the + // services that are part of the mesh. + Mode *ProxyMode `json:"mode,omitempty"` } func (in *ProxyDefaults) GetObjectMeta() metav1.ObjectMeta { @@ -179,6 +187,9 @@ func (in *ProxyDefaults) Validate(namespacesEnabled bool) error { if err := in.Spec.TransparentProxy.validate(path.Child("transparentProxy")); err != nil { allErrs = append(allErrs, err) } + if err := in.Spec.Mode.validate(path.Child("mode")); err != nil { + allErrs = append(allErrs, err) + } if err := in.validateConfig(path.Child("config")); err != nil { allErrs = append(allErrs, err) } diff --git a/api/v1alpha1/proxydefaults_webhook_test.go b/api/v1alpha1/proxydefaults_webhook_test.go index 1aed2a888a..aad9d2512a 100644 --- a/api/v1alpha1/proxydefaults_webhook_test.go +++ b/api/v1alpha1/proxydefaults_webhook_test.go @@ -92,6 +92,19 @@ func TestValidateProxyDefault(t *testing.T) { expAllow: false, expErrMessage: "proxydefaults.consul.hashicorp.com \"global\" is invalid: spec.transparentProxy: Invalid value: v1alpha1.TransparentProxy{OutboundListenerPort:1000}: use the annotation `consul.hashicorp.com/transparent-proxy-outbound-listener-port` to configure the Outbound Listener Port", }, + "mode value set": { + existingResources: []runtime.Object{}, + newResource: &ProxyDefaults{ + ObjectMeta: metav1.ObjectMeta{ + Name: "global", + }, + Spec: ProxyDefaultsSpec{ + Mode: proxyModeRef("transparent"), + }, + }, + expAllow: false, + expErrMessage: "proxydefaults.consul.hashicorp.com \"global\" is invalid: spec.mode: Invalid value: \"transparent\": use the annotation `consul.hashicorp.com/transparent-proxy` to configure the Transparent Proxy Mode", + }, } for name, c := range cases { t.Run(name, func(t *testing.T) { diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 13165ead05..80dd04e02b 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -541,6 +541,11 @@ func (in *ProxyDefaultsSpec) DeepCopyInto(out *ProxyDefaultsSpec) { *out = new(TransparentProxy) **out = **in } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(ProxyMode) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyDefaultsSpec. diff --git a/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml b/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml index d3afe3f861..7f31893349 100644 --- a/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml +++ b/config/crd/bases/consul.hashicorp.com_proxydefaults.yaml @@ -81,6 +81,9 @@ spec: description: Mode is the mode that should be used for the upstream connection. One of none, local, or remote. type: string type: object + mode: + description: 'Mode can be one of "direct" or "transparent". "transparent" represents that inbound and outbound application traffic is being captured and redirected through the proxy. This mode does not enable the traffic redirection itself. Instead it signals Consul to configure Envoy as if traffic is already being redirected. "direct" represents that the proxy''s listeners must be dialed directly by the local application and other proxies. Note: This cannot be set using the CRD and should be set using annotations on the services that are part of the mesh.' + type: string transparentProxy: description: 'TransparentProxy controls configuration specific to proxies in transparent mode. Note: This cannot be set using the CRD and should be set using annotations on the services that are part of the mesh.' properties: