Skip to content

Commit

Permalink
don't validate clusters
Browse files Browse the repository at this point in the history
  • Loading branch information
@ndhanushkodi
ndhanushkodi committed Aug 15, 2024
1 parent e2bb1b7 commit 12f4daf
Show file tree
Hide file tree
Showing 82 changed files with 27 additions and 180 deletions.
3 changes: 3 additions & 0 deletions .changelog/21587.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones.
```
29 changes: 2 additions & 27 deletions agent/xds/routes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,10 +76,6 @@ func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapsh
route := &envoy_route_v3.RouteConfiguration{
Name: uid.EnvoyID(),
VirtualHosts: []*envoy_route_v3.VirtualHost{virtualHost},
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}
resources = append(resources, route)
}
Expand Down Expand Up @@ -276,10 +272,6 @@ func (s *ResourceGenerator) routesForMeshGateway(cfgSnap *proxycfg.ConfigSnapsho
route := &envoy_route_v3.RouteConfiguration{
Name: uid.EnvoyID(),
VirtualHosts: []*envoy_route_v3.VirtualHost{virtualHost},
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}
resources = append(resources, route)
}
Expand Down Expand Up @@ -319,20 +311,12 @@ func makeNamedDefaultRouteWithLB(clusterName string, lb *structs.LoadBalancer, t
},
},
},
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}, nil
}

func makeNamedAddressesRoute(routeName string, addresses map[string]string) (*envoy_route_v3.RouteConfiguration, error) {
route := &envoy_route_v3.RouteConfiguration{
Name: routeName,
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}
for clusterName, address := range addresses {
action := makeRouteActionFromName(clusterName)
Expand Down Expand Up @@ -371,10 +355,6 @@ func (s *ResourceGenerator) routesForIngressGateway(cfgSnap *proxycfg.ConfigSnap
// don't have custom filter chains and routes to this.
defaultRoute := &envoy_route_v3.RouteConfiguration{
Name: listenerKey.RouteName(),
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}

for _, u := range upstreams {
Expand Down Expand Up @@ -422,9 +402,8 @@ func (s *ResourceGenerator) routesForIngressGateway(cfgSnap *proxycfg.ConfigSnap
defaultRoute.VirtualHosts = append(defaultRoute.VirtualHosts, virtualHost)
} else {
svcRoute := &envoy_route_v3.RouteConfiguration{
Name: svcRouteName,
ValidateClusters: response.MakeBoolValue(true),
VirtualHosts: []*envoy_route_v3.VirtualHost{virtualHost},
Name: svcRouteName,
VirtualHosts: []*envoy_route_v3.VirtualHost{virtualHost},
}
result = append(result, svcRoute)
}
Expand Down Expand Up @@ -460,10 +439,6 @@ func (s *ResourceGenerator) routesForAPIGateway(cfgSnap *proxycfg.ConfigSnapshot

listenerRoute := &envoy_route_v3.RouteConfiguration{
Name: readyListener.listenerKey.RouteName(),
// ValidateClusters defaults to true when defined statically and false
// when done via RDS. Re-set the reasonable value of true to prevent
// null-routing traffic.
ValidateClusters: response.MakeBoolValue(true),
}

// Consolidate all routes for this listener into the minimum possible set based on hostname matching.
Expand Down
3 changes: 0 additions & 3 deletions .../builtin_extension/routes/lambda-terminating-gateway-with-service-resolvers.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand All @@ -27,7 +26,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand All @@ -50,7 +48,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/builtin_extension/routes/lambda-terminating-gateway.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
2 changes: 0 additions & 2 deletions ...ata/builtin_extension/routes/lua-outbound-applies-to-local-upstreams-tproxy.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand All @@ -27,7 +26,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion ..._extension/routes/propertyoverride-patch-specific-upstream-service-splitter.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"mostSpecificHeaderMutationsWins": true,
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
3 changes: 1 addition & 2 deletions ...a/builtin_extension/routes/propertyoverride-patch-specific-upstream-service.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,7 @@
}
]
}
],
"validateClusters": true
]
}
],
"typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/api-gateway-http-listener-with-http-route.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/api-gateway-with-multiple-hostnames.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/connect-proxy-with-chain-and-overrides.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/connect-proxy-with-chain-and-router.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/connect-proxy-with-chain-and-splitter.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/connect-proxy-with-grpc-chain.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/connect-proxy-with-grpc-router.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/connect-proxy-with-http-chain.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/connect-proxy-with-http2-chain.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "db",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/ingress-grpc-multiple-services.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
2 changes: 0 additions & 2 deletions agent/xds/testdata/routes/ingress-http-multiple-services.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "443",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down Expand Up @@ -45,7 +44,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
2 changes: 0 additions & 2 deletions agent/xds/testdata/routes/ingress-multiple-listeners-duplicate-service.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "443",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand All @@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/ingress-splitter-with-resolver-redirect.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/ingress-with-chain-and-router.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/ingress-with-chain-and-splitter.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
1 change: 0 additions & 1 deletion agent/xds/testdata/routes/ingress-with-grpc-router.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
2 changes: 0 additions & 2 deletions agent/xds/testdata/routes/ingress-with-grpc-single-tls-listener.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand All @@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
2 changes: 0 additions & 2 deletions agent/xds/testdata/routes/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8080",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand All @@ -28,7 +27,6 @@
{
"@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration",
"name": "8081",
"validateClusters": true,
"virtualHosts": [
{
"domains": [
Expand Down
Loading

0 comments on commit 12f4daf

Please sign in to comment.