From 980e4392928230f2eac8016c84f1e7de53d98a29 Mon Sep 17 00:00:00 2001 From: Kamil Smigielski Date: Thu, 17 Oct 2024 18:18:57 +0200 Subject: [PATCH] custom routes --- .../snapshot/SnapshotProperties.kt | 7 ++ .../resource/routes/AdminRoutesFactory.kt | 20 +++--- .../resource/routes/CustomRoutesFactory.kt | 36 ++++++++++ .../routes/EnvoyIngressRoutesFactory.kt | 6 +- .../routes/EnvoyIngressRoutesFactoryTest.kt | 20 ++++++ .../envoycontrol/CustomRouteTest.kt | 66 +++++++++++++++++++ .../config/envoy/EnvoyContainer.kt | 8 ++- .../config/envoy/EnvoyExtension.kt | 6 +- .../src/main/resources/envoy/bad_config.yaml | 11 ++++ .../src/main/resources/envoy/config_ads.yaml | 11 ++++ .../envoy/config_ads_all_dependencies.yaml | 11 ++++ .../envoy/config_ads_custom_health_check.yaml | 11 ++++ ...fig_ads_disabled_endpoint_permissions.yaml | 11 ++++ .../config_ads_dynamic_forward_proxy.yaml | 11 ++++ .../envoy/config_ads_no_dependencies.yaml | 11 ++++ .../envoy/config_ads_static_listeners.yaml | 12 +++- .../src/main/resources/envoy/config_auth.yaml | 11 ++++ .../main/resources/envoy/config_oauth.yaml | 11 ++++ .../src/main/resources/envoy/config_xds.yaml | 11 ++++ .../envoy/config_xds_compression.yaml | 11 ++++ .../src/main/resources/envoy/launch_envoy.sh | 4 +- 21 files changed, 286 insertions(+), 20 deletions(-) create mode 100644 envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/CustomRoutesFactory.kt create mode 100644 envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/CustomRouteTest.kt diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt index 6c64b7405..d36feb317 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt @@ -188,6 +188,7 @@ class RoutesProperties { var admin = AdminRouteProperties() var status = StatusRouteProperties() var authorization = AuthorizationProperties() + var customs = emptyList() } class ClusterOutlierDetectionProperties { @@ -260,6 +261,12 @@ class AuthorizationProperties { var unauthorizedResponseMessage = "You have to be authorized" } +class CustomRuteProperties { + var enabled = false + var cluster = "custom" + var path = StringMatcher() +} + class ServiceTagsProperties { var enabled = false var metadataKey = "tag" diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/AdminRoutesFactory.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/AdminRoutesFactory.kt index a0f11e2dd..6636aa334 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/AdminRoutesFactory.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/AdminRoutesFactory.kt @@ -42,6 +42,15 @@ class AdminRoutesFactory( HttpMethod.POST ) + private val adminRoutes = guardAccessWithDisableHeader() + + generateSecuredAdminRoutes() + + listOfNotNull( + adminPostRoute.authorized.takeIf { properties.admin.publicAccessEnabled }, + adminPostRoute.unauthorized.takeIf { properties.admin.publicAccessEnabled }, + adminRoute.takeIf { properties.admin.publicAccessEnabled }, + adminRedirectRoute.takeIf { properties.admin.publicAccessEnabled } + ) + private fun generateSecuredAdminRoutes(): List { return properties.admin.securedPaths .flatMap { @@ -55,16 +64,7 @@ class AdminRoutesFactory( } } - fun generateAdminRoutes(): List { - return guardAccessWithDisableHeader() + - generateSecuredAdminRoutes() + - listOfNotNull( - adminPostRoute.authorized.takeIf { properties.admin.publicAccessEnabled }, - adminPostRoute.unauthorized.takeIf { properties.admin.publicAccessEnabled }, - adminRoute.takeIf { properties.admin.publicAccessEnabled }, - adminRedirectRoute.takeIf { properties.admin.publicAccessEnabled } - ) - } + fun generateAdminRoutes() = adminRoutes private fun createAuthorizedRoute( pathPrefix: String, diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/CustomRoutesFactory.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/CustomRoutesFactory.kt new file mode 100644 index 000000000..a72fc5346 --- /dev/null +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/CustomRoutesFactory.kt @@ -0,0 +1,36 @@ +package pl.allegro.tech.servicemesh.envoycontrol.snapshot.resource.routes + +import io.envoyproxy.envoy.config.route.v3.Route +import io.envoyproxy.envoy.config.route.v3.RouteAction +import io.envoyproxy.envoy.config.route.v3.RouteMatch +import io.envoyproxy.envoy.type.matcher.v3.RegexMatcher +import pl.allegro.tech.servicemesh.envoycontrol.snapshot.RoutesProperties +import pl.allegro.tech.servicemesh.envoycontrol.snapshot.StringMatcherType + +class CustomRoutesFactory(properties: RoutesProperties) { + + val routes: List = properties.customs.filter { it.enabled }.map { + val matcher = when(it.path.type) { + StringMatcherType.REGEX -> RouteMatch.newBuilder() + .setSafeRegex( + RegexMatcher.newBuilder() + .setRegex(it.path.value) + .setGoogleRe2(RegexMatcher.GoogleRE2.getDefaultInstance()) + ) + StringMatcherType.EXACT -> RouteMatch.newBuilder().setPath(it.path.value) + StringMatcherType.PREFIX -> RouteMatch.newBuilder().setPrefix(it.path.value) + } + RouteMatch.newBuilder() + Route.newBuilder() + .setName(it.cluster) + .setRoute(RouteAction.newBuilder() + .setCluster(it.cluster) + ) + .setMatch(matcher) + .build() + } + + fun generateCustomRoutes() = routes + + +} diff --git a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyIngressRoutesFactory.kt b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyIngressRoutesFactory.kt index f92fe7fce..cdc80da5d 100644 --- a/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyIngressRoutesFactory.kt +++ b/envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyIngressRoutesFactory.kt @@ -37,7 +37,8 @@ class EnvoyIngressRoutesFactory( envoyHttpFilters: EnvoyHttpFilters = EnvoyHttpFilters.emptyFilters, private val currentZone: String ) { - + private val adminRoutesFactory = AdminRoutesFactory(properties.routes) + private val customRoutesFactory = CustomRoutesFactory(properties.routes) private val allClients = setOf( ClientWithSelector.create(properties.incomingPermissions.tlsAuthentication.wildcardClientIdentifier) ) @@ -231,13 +232,12 @@ class EnvoyIngressRoutesFactory( emptyList() } - val adminRoutesFactory = AdminRoutesFactory(properties.routes) - val virtualHost = VirtualHost.newBuilder() .setName("secured_local_service") .addDomains("*") .addAllVirtualClusters(virtualClusters) .addAllRoutes(adminRoutesFactory.generateAdminRoutes()) + .addAllRoutes(customRoutesFactory.generateCustomRoutes()) .addAllRoutes(generateSecuredIngressRoutes(proxySettings, group)) .also { if (properties.localService.retryPolicy.default.enabled) { diff --git a/envoy-control-core/src/test/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyIngressRoutesFactoryTest.kt b/envoy-control-core/src/test/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyIngressRoutesFactoryTest.kt index c9875872a..4c84db416 100644 --- a/envoy-control-core/src/test/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyIngressRoutesFactoryTest.kt +++ b/envoy-control-core/src/test/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/routes/EnvoyIngressRoutesFactoryTest.kt @@ -32,14 +32,20 @@ import pl.allegro.tech.servicemesh.envoycontrol.groups.hasStatusVirtualClusters import pl.allegro.tech.servicemesh.envoycontrol.groups.ingressRoute import pl.allegro.tech.servicemesh.envoycontrol.groups.matchingOnAnyMethod import pl.allegro.tech.servicemesh.envoycontrol.groups.matchingOnMethod +import pl.allegro.tech.servicemesh.envoycontrol.groups.matchingOnPrefix import pl.allegro.tech.servicemesh.envoycontrol.groups.matchingRetryPolicy import pl.allegro.tech.servicemesh.envoycontrol.groups.pathMatcher import pl.allegro.tech.servicemesh.envoycontrol.groups.prefixPathMatcher +import pl.allegro.tech.servicemesh.envoycontrol.groups.publicAccess +import pl.allegro.tech.servicemesh.envoycontrol.groups.toCluster +import pl.allegro.tech.servicemesh.envoycontrol.snapshot.CustomRuteProperties import pl.allegro.tech.servicemesh.envoycontrol.snapshot.EndpointMatch import pl.allegro.tech.servicemesh.envoycontrol.snapshot.LocalRetryPoliciesProperties import pl.allegro.tech.servicemesh.envoycontrol.snapshot.LocalRetryPolicyProperties import pl.allegro.tech.servicemesh.envoycontrol.snapshot.SecuredRoute import pl.allegro.tech.servicemesh.envoycontrol.snapshot.SnapshotProperties +import pl.allegro.tech.servicemesh.envoycontrol.snapshot.StringMatcher +import pl.allegro.tech.servicemesh.envoycontrol.snapshot.StringMatcherType import java.time.Duration internal class EnvoyIngressRoutesFactoryTest { @@ -95,6 +101,14 @@ internal class EnvoyIngressRoutesFactoryTest { pathPrefix = "/config_dump" method = "GET" }) + routes.customs = listOf(CustomRuteProperties().apply { + enabled = true + cluster = "wrapper" + path = StringMatcher().apply { + type = StringMatcherType.PREFIX + value = "/status/wrapper/" + } + }) }, currentZone = currentZone) val responseTimeout = Durations.fromSeconds(777) val idleTimeout = Durations.fromSeconds(61) @@ -144,6 +158,12 @@ internal class EnvoyIngressRoutesFactoryTest { hasOneDomain("*") hasOnlyRoutesInOrder( *adminRoutes, + { + matchingOnPrefix("/status/wrapper/") + .toCluster("wrapper") + .publicAccess() + + }, { ingressRoute() matchingOnMethod("GET") diff --git a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/CustomRouteTest.kt b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/CustomRouteTest.kt new file mode 100644 index 000000000..390628994 --- /dev/null +++ b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/CustomRouteTest.kt @@ -0,0 +1,66 @@ +package pl.allegro.tech.servicemesh.envoycontrol + +import okhttp3.Headers.Companion.toHeaders +import okhttp3.MediaType.Companion.toMediaType +import okhttp3.RequestBody +import okhttp3.Response +import org.assertj.core.api.Assertions.assertThat +import org.junit.jupiter.api.Test +import org.junit.jupiter.api.extension.RegisterExtension +import org.junit.jupiter.params.ParameterizedTest +import org.junit.jupiter.params.provider.Arguments +import org.junit.jupiter.params.provider.MethodSource +import pl.allegro.tech.servicemesh.envoycontrol.config.consul.ConsulExtension +import pl.allegro.tech.servicemesh.envoycontrol.config.envoy.EnvoyExtension +import pl.allegro.tech.servicemesh.envoycontrol.config.envoycontrol.EnvoyControlExtension +import pl.allegro.tech.servicemesh.envoycontrol.config.service.EchoServiceExtension +import pl.allegro.tech.servicemesh.envoycontrol.snapshot.CustomRuteProperties +import pl.allegro.tech.servicemesh.envoycontrol.snapshot.SecuredRoute +import pl.allegro.tech.servicemesh.envoycontrol.snapshot.StringMatcher +import pl.allegro.tech.servicemesh.envoycontrol.snapshot.StringMatcherType +import java.util.stream.Stream + +internal class CustomRouteTest { + companion object { + + private val properties = mapOf( + "envoy-control.envoy.snapshot.routes.customs" to listOf(CustomRuteProperties().apply { + enabled = true + cluster = "wrapper" + path = StringMatcher().apply { + type = StringMatcherType.PREFIX + value = "/status/wrapper/" + } + }), + ) + + @JvmField + @RegisterExtension + val consul = ConsulExtension() + + @JvmField + @RegisterExtension + val envoyControl = EnvoyControlExtension(consul, properties) + + @JvmField + @RegisterExtension + val service = EchoServiceExtension() + + @JvmField + @RegisterExtension + val wrapper = EchoServiceExtension() + + @JvmField + @RegisterExtension + val envoy = EnvoyExtension(envoyControl, service, wrapperService = wrapper) + } + @Test + fun `should redirect to wrapper`() { + // when + val response = envoy.ingressOperations.callLocalService( + endpoint = "/status/wrapper/prometheus" + ) + // then + assertThat(response.isSuccessful).isTrue() + } +} diff --git a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyContainer.kt b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyContainer.kt index 92466b0c5..a6e0e1c8c 100644 --- a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyContainer.kt +++ b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyContainer.kt @@ -16,7 +16,8 @@ class EnvoyContainer( private val envoyControl1XdsPort: Int, private val envoyControl2XdsPort: Int = envoyControl1XdsPort, private val logLevel: String = "info", - image: String = DEFAULT_IMAGE + image: String = DEFAULT_IMAGE, + private val wrapperServiceIp: () -> String = {"127.0.0.1"}, ) : SSLGenericContainer( dockerfileBuilder = DockerfileBuilder() .from(image) @@ -72,14 +73,15 @@ class EnvoyContainer( withCommand( "/bin/sh", "/usr/local/bin/launch_envoy.sh", - Integer.toString(envoyControl1XdsPort), - Integer.toString(envoyControl2XdsPort), + envoyControl1XdsPort.toString(), + envoyControl2XdsPort.toString(), CONFIG_DEST, localServiceIp(), config.trustedCa, config.certificateChain, config.privateKey, config.serviceName, + wrapperServiceIp(), "--config-yaml", config.configOverride, "-l", logLevel ) diff --git a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyExtension.kt b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyExtension.kt index f80f5e77a..75e8dd62f 100644 --- a/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyExtension.kt +++ b/envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/config/envoy/EnvoyExtension.kt @@ -21,7 +21,8 @@ import java.util.concurrent.TimeUnit class EnvoyExtension( private val envoyControl: EnvoyControlExtensionBase, private val localService: ServiceExtension<*>? = null, - config: EnvoyConfig = RandomConfigFile + config: EnvoyConfig = RandomConfigFile, + private val wrapperService: ServiceExtension<*>? = null ) : BeforeAllCallback, AfterAllCallback, AfterEachCallback { companion object { @@ -31,7 +32,8 @@ class EnvoyExtension( val container: EnvoyContainer = EnvoyContainer( config, { localService?.container()?.ipAddress() ?: "127.0.0.1" }, - envoyControl.app.grpcPort + envoyControl.app.grpcPort, + wrapperServiceIp = { wrapperService?.container()?.ipAddress() ?: "127.0.0.1" }, ).withNetwork(Network.SHARED) val ingressOperations: IngressOperations = IngressOperations(container) diff --git a/envoy-control-tests/src/main/resources/envoy/bad_config.yaml b/envoy-control-tests/src/main/resources/envoy/bad_config.yaml index 0c4356ed3..76739c2a7 100644 --- a/envoy-control-tests/src/main/resources/envoy/bad_config.yaml +++ b/envoy-control-tests/src/main/resources/envoy/bad_config.yaml @@ -75,6 +75,17 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 listeners: - name: default_listener address: diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads.yaml index 5eb15b086..39ab64c95 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads.yaml @@ -117,3 +117,14 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads_all_dependencies.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads_all_dependencies.yaml index b7e90b3b5..b7a93275c 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads_all_dependencies.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads_all_dependencies.yaml @@ -90,3 +90,14 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads_custom_health_check.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads_custom_health_check.yaml index 1372ec468..2c0902b49 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads_custom_health_check.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads_custom_health_check.yaml @@ -85,6 +85,17 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 listeners: - name: default_listener address: diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads_disabled_endpoint_permissions.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads_disabled_endpoint_permissions.yaml index ddee4bdbc..67f109b24 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads_disabled_endpoint_permissions.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads_disabled_endpoint_permissions.yaml @@ -89,3 +89,14 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads_dynamic_forward_proxy.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads_dynamic_forward_proxy.yaml index 21062f4cf..2b4d9d852 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads_dynamic_forward_proxy.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads_dynamic_forward_proxy.yaml @@ -90,3 +90,14 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads_no_dependencies.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads_no_dependencies.yaml index 3f34c2520..791cc468a 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads_no_dependencies.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads_no_dependencies.yaml @@ -83,3 +83,14 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 diff --git a/envoy-control-tests/src/main/resources/envoy/config_ads_static_listeners.yaml b/envoy-control-tests/src/main/resources/envoy/config_ads_static_listeners.yaml index 758984277..a40f13d64 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_ads_static_listeners.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_ads_static_listeners.yaml @@ -69,7 +69,17 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 - + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 listeners: - name: default_listener address: diff --git a/envoy-control-tests/src/main/resources/envoy/config_auth.yaml b/envoy-control-tests/src/main/resources/envoy/config_auth.yaml index b6c8c5ff8..d35f18253 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_auth.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_auth.yaml @@ -101,3 +101,14 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 diff --git a/envoy-control-tests/src/main/resources/envoy/config_oauth.yaml b/envoy-control-tests/src/main/resources/envoy/config_oauth.yaml index 70fea9b1f..92194cb8a 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_oauth.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_oauth.yaml @@ -101,3 +101,14 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 diff --git a/envoy-control-tests/src/main/resources/envoy/config_xds.yaml b/envoy-control-tests/src/main/resources/envoy/config_xds.yaml index 511b28e73..3d90e234a 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_xds.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_xds.yaml @@ -117,3 +117,14 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 diff --git a/envoy-control-tests/src/main/resources/envoy/config_xds_compression.yaml b/envoy-control-tests/src/main/resources/envoy/config_xds_compression.yaml index a3c842718..c0d194818 100644 --- a/envoy-control-tests/src/main/resources/envoy/config_xds_compression.yaml +++ b/envoy-control-tests/src/main/resources/envoy/config_xds_compression.yaml @@ -124,3 +124,14 @@ static_resources: port_value: 10000 connect_timeout: seconds: 1 + - name: wrapper + type: STATIC + load_assignment: + cluster_name: wrapper + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: WRAPPER_SERVICE_IP + port_value: 5678 diff --git a/envoy-control-tests/src/main/resources/envoy/launch_envoy.sh b/envoy-control-tests/src/main/resources/envoy/launch_envoy.sh index a2d442fa2..726a69143 100755 --- a/envoy-control-tests/src/main/resources/envoy/launch_envoy.sh +++ b/envoy-control-tests/src/main/resources/envoy/launch_envoy.sh @@ -20,6 +20,7 @@ TRUSTED_CA="$5" CERTIFICATE_CHAIN="$6" PRIVATE_KEY="$7" SERVICE_NAME="$8" +WRAPPER_SERVICE_IP="$9" echo "debug: " "$@" @@ -32,10 +33,11 @@ echo "${CONFIG}" | sed \ -e "s;CERTIFICATE_CHAIN;${CERTIFICATE_CHAIN};g" \ -e "s;PRIVATE_KEY;${PRIVATE_KEY};g" \ -e "s;SERVICE_NAME;${SERVICE_NAME};g" \ + -e "s;WRAPPER_SERVICE_IP;${WRAPPER_SERVICE_IP};g" \ > "${CONFIG_FILE}" cat "${CONFIG_FILE}" -shift 8 +shift 9 /usr/local/bin/envoy --drain-time-s 1 -c "${CONFIG_FILE}" "$@" rm -rf "${CONFIG_DIR}"