Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport of Allow connections through Terminating Gateways from peered clusters NET-3463 into release/1.15.x #19091

Conversation

hc-github-team-consul-core
Copy link
Collaborator

@hc-github-team-consul-core hc-github-team-consul-core commented Oct 5, 2023

Backport

This PR is auto-generated from #18959 to be assessed for backporting due to the inclusion of the label backport/1.15.

The below text is copied from the body of the original PR.


Description

This PR enables services in one datacenter to access resources through a terminating gateway in another datacenter over cluster peering.

In the diagram below, previously only backend could reach Google. Now frontend can also reach Google.

__ dc1 ________________          __ dc2 ________________
|  ____________       |          |  ___________        |
|  |          |       |          |  |         |        |
|  | frontend |       |          |  | backend |        |
|  |__________|       |          |  |_________|        |
|        |            |          |         |           |
|        |    ___________     ___________  |  _______________    __________
|        |    |         |     |         |  -->|             |    |        |
|        ---->|  Mesh   |---->|  Mesh   |---->| Terminating |--->| Google |
|             | Gateway |     | Gateway |     |   Gateway   |    |________|
|             |_________|     |_________|     |_____________|
|                     |          |                     |
|_____________________|          |_____________________|
  • Add InboundPeerTrustBundle maps to Terminating Gateway
  • Add notify and cancelation of watch for inbound peer trust bundles
  • Pass peer trust bundles to the RBAC creation function
  • Regenerate Golden Files

Testing & Reproduction steps

I tested this using Kubernetes with this set of configuration files.

Links

PR Checklist

  • updated test coverage
  • appropriate backport labels added
  • not a security concern

Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/termgw-httpfilters/blindly-busy-serval branch from 81a5d5d to 0da127b Compare October 5, 2023 21:54
@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/termgw-httpfilters/blindly-busy-serval branch 2 times, most recently from fa2e586 to 0da127b Compare October 5, 2023 21:54
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto approved Consul Bot automated PR

@vercel vercel bot temporarily deployed to Preview – consul October 5, 2023 22:01 Inactive
…ET-3463 (#18959)

* Add InboundPeerTrustBundle maps to Terminating Gateway

* Add notify and cancelation of watch for inbound peer trust bundles

* Pass peer trust bundles to the RBAC creation function

* Regenerate Golden Files

* add changelog, also adds another spot that needed peeredTrustBundles

* Add basic test for terminating gateway with peer trust bundle

* Add intention to cluster peered golden test

* rerun codegen

* update changelog

* really update the changelog

---------

Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com>
@nathancoleman nathancoleman force-pushed the backport/termgw-httpfilters/blindly-busy-serval branch from 0da127b to 1eb9b03 Compare October 5, 2023 22:14
@nathancoleman nathancoleman marked this pull request as ready for review October 5, 2023 22:18
@nathancoleman nathancoleman enabled auto-merge (squash) October 5, 2023 22:20
@nathancoleman nathancoleman merged commit 661f080 into release/1.15.x Oct 5, 2023
80 checks passed
@nathancoleman nathancoleman deleted the backport/termgw-httpfilters/blindly-busy-serval branch October 5, 2023 22:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants