-
Notifications
You must be signed in to change notification settings - Fork 270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
outbound: Preserve opaqueness on unknown endpoints #1617
Conversation
The outbound stack only honors opaqueness when the profile response clearly indicates that the target is a known endpoint or logical service. This ignores the case when the target is unknown but the target port is in the default opaque ports list, in which case the profile response has no metadata except for the opaqueness setting. This change handles this case explicitly and adds a test for the `switch_logical` stack to ensure that these profile responses are honored. Fixes linkerd/linkerd2#8273 Signed-off-by: Oliver Gould <ver@buoyant.io>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this change looks good to me, makes sense. i left a handful of minor comments on the comments you added, but none of them are blockers.
// If there was a profile but it didn't include an | ||
// endpoint or logical address, create a bare | ||
// endpoint from the original destination address, | ||
// using the profile-provided opaqeuness. This |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
super unimportant nit, take it or leave it: this sentence is kind of long, i might break it up
// If there was a profile but it didn't include an | |
// endpoint or logical address, create a bare | |
// endpoint from the original destination address, | |
// using the profile-provided opaqeuness. This | |
// There was a profile but it didn't include an | |
// endpoint or logical address. Create a bare | |
// endpoint from the original destination address, | |
// using the profile-provided opaqueness. This |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Signed-off-by: Oliver Gould <ver@buoyant.io>
The outbound stack only honors opaqueness when the profile response clearly indicates that the target is a known endpoint or logical service. This ignores the case when the target is unknown but the target port is in the default opaque ports list, in which case the profile response has no metadata except for the opaqueness setting. This change handles this case explicitly and adds a test for the `switch_logical` stack to ensure that these profile responses are honored. Fixes linkerd/linkerd2#8273 Signed-off-by: Oliver Gould <ver@buoyant.io>
The outbound stack only honors opaqueness when the profile response clearly indicates that the target is a known endpoint or logical service. This ignores the case when the target is unknown but the target port is in the default opaque ports list, in which case the profile response has no metadata except for the opaqueness setting. This change handles this case explicitly and adds a test for the `switch_logical` stack to ensure that these profile responses are honored. Fixes linkerd/linkerd2#8273 Signed-off-by: Oliver Gould <ver@buoyant.io>
This release fixes an issue where proxies would not honor the cluster's opaqueness settings for non-pod/service addresses. This could cause protocol detection to be peformed, for instance, when using off-cluster databases. This release also disables the use of regexes in Linkerd log filters (i.e., as set by `LINKERD2_PROXY_LOG`). Malformed log directices could, in theory, cause a proxy to stop responding. --- * build(deps): bump redox_syscall from 0.2.11 to 0.2.12 (linkerd/linkerd2-proxy#1561) * build(deps): bump tokio-util from 0.7.0 to 0.7.1 (linkerd/linkerd2-proxy#1566) * build(deps): bump async-trait from 0.1.52 to 0.1.53 (linkerd/linkerd2-proxy#1562) * build(deps): bump quote from 1.0.16 to 1.0.17 (linkerd/linkerd2-proxy#1563) * build(deps): bump getrandom from 0.2.5 to 0.2.6 (linkerd/linkerd2-proxy#1564) * build(deps): bump syn from 1.0.89 to 1.0.90 (linkerd/linkerd2-proxy#1569) * build(deps): bump tj-actions/changed-files from 18.4 to 18.5 (linkerd/linkerd2-proxy#1571) * build(deps): bump indexmap from 1.8.0 to 1.8.1 (linkerd/linkerd2-proxy#1572) * build(deps): bump lock_api from 0.4.6 to 0.4.7 (linkerd/linkerd2-proxy#1576) * build(deps): bump parking_lot_core from 0.9.1 to 0.9.2 (linkerd/linkerd2-proxy#1575) * build(deps): bump h2 from 0.3.12 to 0.3.13 (linkerd/linkerd2-proxy#1579) * build(deps): bump trust-dns-resolver from 0.21.1 to 0.21.2 (linkerd/linkerd2-proxy#1577) * build(deps): bump tracing-subscriber from 0.3.9 to 0.3.10 (linkerd/linkerd2-proxy#1582) * build(deps): bump EmbarkStudios/cargo-deny-action from 1.2.12 to 1.2.15 (linkerd/linkerd2-proxy#1581) * build(deps): bump slab from 0.4.5 to 0.4.6 (linkerd/linkerd2-proxy#1583) * build(deps): bump tj-actions/changed-files from 18.5 to 18.7 (linkerd/linkerd2-proxy#1589) * build(deps): bump js-sys from 0.3.56 to 0.3.57 (linkerd/linkerd2-proxy#1585) * build(deps): bump proc-macro2 from 1.0.36 to 1.0.37 (linkerd/linkerd2-proxy#1588) * build(deps): bump web-sys from 0.3.56 to 0.3.57 (linkerd/linkerd2-proxy#1590) * build(deps): bump syn from 1.0.90 to 1.0.91 (linkerd/linkerd2-proxy#1586) * build(deps): bump redox_syscall from 0.2.12 to 0.2.13 (linkerd/linkerd2-proxy#1578) * build(deps): bump codecov/codecov-action from 2.1.0 to 3 (linkerd/linkerd2-proxy#1584) * build(deps): bump libc from 0.2.121 to 0.2.122 (linkerd/linkerd2-proxy#1591) * tracing: disable regular expression matching in log filters (linkerd/linkerd2-proxy#1580) * readme: Fix broken link to fuzzing report (linkerd/linkerd2-proxy#1573) * Fix inbound fuzzing build (linkerd/linkerd2-proxy#1594) * ci: Run the release workflow on changes (linkerd/linkerd2-proxy#1595) * ci: Only run the release workflow on PRs that touch the workflow (linkerd/linkerd2-proxy#1601) * ci: Fix check-each workflow(#1597) * build(deps): bump tracing-subscriber from 0.3.10 to 0.3.11 (linkerd/linkerd2-proxy#1600) * build(deps): bump tracing from 0.1.32 to 0.1.33 (linkerd/linkerd2-proxy#1599) * build(deps): bump quote from 1.0.17 to 1.0.18 (linkerd/linkerd2-proxy#1598) * Update to linkerd2-proxy-api v0.5 and tonic v0.7 (linkerd/linkerd2-proxy#1596) * build(deps): bump httparse from 1.6.0 to 1.7.0 (linkerd/linkerd2-proxy#1602) * build(deps): bump flate2 from 1.0.22 to 1.0.23 (linkerd/linkerd2-proxy#1603) * dev: Limit devcontainer memory usage to 8GB (linkerd/linkerd2-proxy#1604) * build(deps): bump libc from 0.2.122 to 0.2.123 (linkerd/linkerd2-proxy#1605) * build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (linkerd/linkerd2-proxy#1607) * build(deps): bump tracing from 0.1.33 to 0.1.34 (linkerd/linkerd2-proxy#1609) * tracing: record errors as `&dyn Error`s when possible (linkerd/linkerd2-proxy#1606) * build(deps): bump rustls-pemfile from 0.3.0 to 1.0.0 (linkerd/linkerd2-proxy#1611) * build(deps): bump ipnet from 2.4.0 to 2.5.0 (linkerd/linkerd2-proxy#1613) * outbound: Add logging for endpoint opaqueness (linkerd/linkerd2-proxy#1614) * outbound: Preserve opaqueness on unknown endpoints (linkerd/linkerd2-proxy#1617) * build(deps): bump libc from 0.2.123 to 0.2.124 (linkerd/linkerd2-proxy#1616) * Update Rust to v1.60 (linkerd/linkerd2-proxy#1615) Signed-off-by: Oliver Gould <ver@buoyant.io>
This release fixes opaqueness settings when communicating with non-pod/service addresses. --- d4c9fb2f outbound: Add logging for endpoint opaqueness (linkerd/linkerd2-proxy#1614) c6d79c9d outbound: Preserve opaqueness on unknown endpoints (linkerd/linkerd2-proxy#1617) 42c5d8a5 Merge branch 'ver/2.161/opaque' into release/v2.161
This release fixes an issue where proxies would not honor the cluster's opaqueness settings for non-pod/service addresses. This could cause protocol detection to be peformed, for instance, when using off-cluster databases. This release also disables the use of regexes in Linkerd log filters (i.e., as set by `LINKERD2_PROXY_LOG`). Malformed log directices could, in theory, cause a proxy to stop responding. --- * build(deps): bump redox_syscall from 0.2.11 to 0.2.12 (linkerd/linkerd2-proxy#1561) * build(deps): bump tokio-util from 0.7.0 to 0.7.1 (linkerd/linkerd2-proxy#1566) * build(deps): bump async-trait from 0.1.52 to 0.1.53 (linkerd/linkerd2-proxy#1562) * build(deps): bump quote from 1.0.16 to 1.0.17 (linkerd/linkerd2-proxy#1563) * build(deps): bump getrandom from 0.2.5 to 0.2.6 (linkerd/linkerd2-proxy#1564) * build(deps): bump syn from 1.0.89 to 1.0.90 (linkerd/linkerd2-proxy#1569) * build(deps): bump tj-actions/changed-files from 18.4 to 18.5 (linkerd/linkerd2-proxy#1571) * build(deps): bump indexmap from 1.8.0 to 1.8.1 (linkerd/linkerd2-proxy#1572) * build(deps): bump lock_api from 0.4.6 to 0.4.7 (linkerd/linkerd2-proxy#1576) * build(deps): bump parking_lot_core from 0.9.1 to 0.9.2 (linkerd/linkerd2-proxy#1575) * build(deps): bump h2 from 0.3.12 to 0.3.13 (linkerd/linkerd2-proxy#1579) * build(deps): bump trust-dns-resolver from 0.21.1 to 0.21.2 (linkerd/linkerd2-proxy#1577) * build(deps): bump tracing-subscriber from 0.3.9 to 0.3.10 (linkerd/linkerd2-proxy#1582) * build(deps): bump EmbarkStudios/cargo-deny-action from 1.2.12 to 1.2.15 (linkerd/linkerd2-proxy#1581) * build(deps): bump slab from 0.4.5 to 0.4.6 (linkerd/linkerd2-proxy#1583) * build(deps): bump tj-actions/changed-files from 18.5 to 18.7 (linkerd/linkerd2-proxy#1589) * build(deps): bump js-sys from 0.3.56 to 0.3.57 (linkerd/linkerd2-proxy#1585) * build(deps): bump proc-macro2 from 1.0.36 to 1.0.37 (linkerd/linkerd2-proxy#1588) * build(deps): bump web-sys from 0.3.56 to 0.3.57 (linkerd/linkerd2-proxy#1590) * build(deps): bump syn from 1.0.90 to 1.0.91 (linkerd/linkerd2-proxy#1586) * build(deps): bump redox_syscall from 0.2.12 to 0.2.13 (linkerd/linkerd2-proxy#1578) * build(deps): bump codecov/codecov-action from 2.1.0 to 3 (linkerd/linkerd2-proxy#1584) * build(deps): bump libc from 0.2.121 to 0.2.122 (linkerd/linkerd2-proxy#1591) * tracing: disable regular expression matching in log filters (linkerd/linkerd2-proxy#1580) * readme: Fix broken link to fuzzing report (linkerd/linkerd2-proxy#1573) * Fix inbound fuzzing build (linkerd/linkerd2-proxy#1594) * ci: Run the release workflow on changes (linkerd/linkerd2-proxy#1595) * ci: Only run the release workflow on PRs that touch the workflow (linkerd/linkerd2-proxy#1601) * ci: Fix check-each workflow(#1597) * build(deps): bump tracing-subscriber from 0.3.10 to 0.3.11 (linkerd/linkerd2-proxy#1600) * build(deps): bump tracing from 0.1.32 to 0.1.33 (linkerd/linkerd2-proxy#1599) * build(deps): bump quote from 1.0.17 to 1.0.18 (linkerd/linkerd2-proxy#1598) * Update to linkerd2-proxy-api v0.5 and tonic v0.7 (linkerd/linkerd2-proxy#1596) * build(deps): bump httparse from 1.6.0 to 1.7.0 (linkerd/linkerd2-proxy#1602) * build(deps): bump flate2 from 1.0.22 to 1.0.23 (linkerd/linkerd2-proxy#1603) * dev: Limit devcontainer memory usage to 8GB (linkerd/linkerd2-proxy#1604) * build(deps): bump libc from 0.2.122 to 0.2.123 (linkerd/linkerd2-proxy#1605) * build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (linkerd/linkerd2-proxy#1607) * build(deps): bump tracing from 0.1.33 to 0.1.34 (linkerd/linkerd2-proxy#1609) * tracing: record errors as `&dyn Error`s when possible (linkerd/linkerd2-proxy#1606) * build(deps): bump rustls-pemfile from 0.3.0 to 1.0.0 (linkerd/linkerd2-proxy#1611) * build(deps): bump ipnet from 2.4.0 to 2.5.0 (linkerd/linkerd2-proxy#1613) * outbound: Add logging for endpoint opaqueness (linkerd/linkerd2-proxy#1614) * outbound: Preserve opaqueness on unknown endpoints (linkerd/linkerd2-proxy#1617) * build(deps): bump libc from 0.2.123 to 0.2.124 (linkerd/linkerd2-proxy#1616) * Update Rust to v1.60 (linkerd/linkerd2-proxy#1615) Signed-off-by: Oliver Gould <ver@buoyant.io>
The outbound stack only honors opaqueness when the profile response
clearly indicates that the target is a known endpoint or logical
service. This ignores the case when the target is unknown but the target
port is in the default opaque ports list, in which case the profile
response has no metadata except for the opaqueness setting.
This change handles this case explicitly and adds a test for the
switch_logical
stack to ensure that these profile responses arehonored.
Fixes linkerd/linkerd2#8273
Signed-off-by: Oliver Gould ver@buoyant.io