original_dst_cluster: add override by filter state#22155
Merged
kyessenov merged 6 commits intoenvoyproxy:mainfrom Jul 19, 2022
Merged
original_dst_cluster: add override by filter state#22155kyessenov merged 6 commits intoenvoyproxy:mainfrom
kyessenov merged 6 commits intoenvoyproxy:mainfrom
Conversation
Signed-off-by: Kuat Yessenov <kuat@google.com>
Signed-off-by: Kuat Yessenov <kuat@google.com>
Contributor
Author
|
/retest |
|
Retrying Azure Pipelines: |
Contributor
|
/assign-from @envoyproxy/maintainers |
|
@envoyproxy/maintainers assignee is @None |
Contributor
|
/assign-from @envoyproxy/envoy-maintainers |
|
@envoyproxy/envoy-maintainers assignee is @mattklein123 |
mattklein123
requested changes
Jul 18, 2022
Member
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
Can you add some limited documentation about this to the original_dst filter docs and also a release note? Thank you.
/wait
Signed-off-by: Kuat Yessenov <kuat@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Commit Message: Add an override by filter state to ORIGINAL_DST cluster (which takes priority over header override and restored local address).
Additional Description: ORIGINAL_DST cluster is used as a generic tunnel upstream for an internal listener (e.g. encoding TCP streams into HTTP/2). When used this way, there are two actual destination addresses. The first address is the logical address for which, for example, an RBAC policy must be applied on the internal listener. The second address is the physical address of the tunnel host. This change allows us to set the destination address for ORIGINAL_DST at the very last step in processing while doing the host selection, so that everything before that can use the logical address. Prior art couples the same behavior with HTTP/1.1 CONNECT transport, which would be confusing to re-use for ORIGINAL_DST.
One internal limitation is that the filter state is only read from the connection filter state. That works fine for
tcp_proxy. There is no reason why it can't be done per-request, but that requires changingLoadBalancerContextthroughout.Risk Level: low (opt-in)
Testing: unit
Docs Changes: none (filter states are not documented in general, maybe they should be).
Release Notes: none