diff --git a/.changelog/19268.txt b/.changelog/19268.txt new file mode 100644 index 00000000000..2bb8f489e34 --- /dev/null +++ b/.changelog/19268.txt @@ -0,0 +1,3 @@ +```release-note:bug +Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize. +``` diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index 2ca1d248a4f..cba036d2165 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -477,10 +477,13 @@ func (s *ResourceGenerator) makePeerServerClusters(cfgSnap *proxycfg.ConfigSnaps var cluster *envoy_cluster_v3.Cluster if servers.UseCDS { + // we use strict DNS here since multiple gateways with hostnames + // would result in an invalid cluster due to logical DNS requiring + // only a single host cluster = s.makeExternalHostnameCluster(cfgSnap, clusterOpts{ name: name, addresses: servers.Addresses, - }) + }, envoy_cluster_v3.Cluster_STRICT_DNS) } else { cluster = s.makeGatewayCluster(cfgSnap, clusterOpts{ name: name, @@ -699,7 +702,7 @@ func (s *ResourceGenerator) makeDestinationClusters(cfgSnap *proxycfg.ConfigSnap if structs.IsIP(address) { cluster = s.makeExternalIPCluster(cfgSnap, opts) } else { - cluster = s.makeExternalHostnameCluster(cfgSnap, opts) + cluster = s.makeExternalHostnameCluster(cfgSnap, opts, envoy_cluster_v3.Cluster_LOGICAL_DNS) } if err := s.injectGatewayDestinationAddons(cfgSnap, cluster, svcName); err != nil { return nil, err @@ -1727,8 +1730,8 @@ func (s *ResourceGenerator) makeExternalIPCluster(snap *proxycfg.ConfigSnapshot, } // makeExternalHostnameCluster creates an Envoy cluster for hostname endpoints that will be resolved with DNS -// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffice -func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts) *envoy_cluster_v3.Cluster { +// This is used by both terminating gateways for Destinations, and Mesh Gateways for peering control plane traffic +func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSnapshot, opts clusterOpts, discoveryType envoy_cluster_v3.Cluster_DiscoveryType) *envoy_cluster_v3.Cluster { cfg, err := ParseGatewayConfig(snap.Proxy.Config) if err != nil { // Don't hard fail on a config typo, just warn. The parse func returns @@ -1743,7 +1746,7 @@ func (s *ResourceGenerator) makeExternalHostnameCluster(snap *proxycfg.ConfigSna // Having an empty config enables outlier detection with default config. OutlierDetection: &envoy_cluster_v3.OutlierDetection{}, - ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_LOGICAL_DNS}, + ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: discoveryType}, DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY, } diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden index 8ab3fe5761a..86cac4c9b3f 100644 --- a/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden +++ b/agent/xds/testdata/clusters/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden @@ -1,48 +1,48 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "server.dc2.peering.6d942ff2-6a78-46f4-a52f-915e26c48797", - "type": "EDS", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "server.dc2.peering.6d942ff2-6a78-46f4-a52f-915e26c48797", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" } }, - "connectTimeout": "5s", - "outlierDetection": {} + "connectTimeout": "5s", + "outlierDetection": {} }, { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "server.dc2.peering.f3f41279-001d-42bb-912e-f6103fb036b8", - "type": "EDS", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "server.dc2.peering.f3f41279-001d-42bb-912e-f6103fb036b8", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" } }, - "connectTimeout": "5s", - "outlierDetection": {} + "connectTimeout": "5s", + "outlierDetection": {} }, { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5", - "type": "LOGICAL_DNS", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5", - "endpoints": [ + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5", + "type": "STRICT_DNS", + "connectTimeout": "5s", + "loadAssignment": { + "clusterName": "server.dc3.peering.f622dc37-7238-4485-ab58-0f53864a9ae5", + "endpoints": [ { - "lbEndpoints": [ + "lbEndpoints": [ { - "endpoint": { - "address": { - "socketAddress": { - "address": "my-load-balancer-1234567890abcdef.elb.us-east-2.amazonaws.com", - "portValue": 8080 + "endpoint": { + "address": { + "socketAddress": { + "address": "my-load-balancer-1234567890abcdef.elb.us-east-2.amazonaws.com", + "portValue": 8080 } } } @@ -51,11 +51,11 @@ } ] }, - "dnsRefreshRate": "10s", - "dnsLookupFamily": "V4_ONLY", - "outlierDetection": {} + "dnsRefreshRate": "10s", + "dnsLookupFamily": "V4_ONLY", + "outlierDetection": {} } ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" } \ No newline at end of file