diff --git a/src/proxy/outbound.rs b/src/proxy/outbound.rs index 7b42ac324d..b539954d29 100644 --- a/src/proxy/outbound.rs +++ b/src/proxy/outbound.rs @@ -458,8 +458,11 @@ impl OutboundConnection { .destination_service .as_ref() .expect("Workloads with network gateways must be service addressed."); - let hbone_target_destination = - Some(HboneAddress::SvcHostname(svc.hostname.clone(), us.port)); + // Use the service port + let hbone_target_destination = Some(HboneAddress::SvcHostname( + svc.hostname.clone(), + target.port(), + )); return Ok(Request { protocol: OutboundProtocol::DOUBLEHBONE, @@ -867,7 +870,7 @@ mod tests { ], Some(ExpectedRequest { protocol: OutboundProtocol::DOUBLEHBONE, - hbone_destination: "example.com:8080", + hbone_destination: "example.com:80", destination: "10.22.1.1:15009", }), ) @@ -944,7 +947,7 @@ mod tests { ], Some(ExpectedRequest { protocol: OutboundProtocol::DOUBLEHBONE, - hbone_destination: "example.com:8080", + hbone_destination: "example.com:80", destination: "127.0.0.5:15008", }), ) diff --git a/tests/keylog b/tests/keylog new file mode 100644 index 0000000000..e69de29bb2 diff --git a/tests/namespaced.rs b/tests/namespaced.rs index 04f5a13d1a..19237ee9ca 100644 --- a/tests/namespaced.rs +++ b/tests/namespaced.rs @@ -197,8 +197,9 @@ mod namespaced { Ok(()) } + /// Test having an IP address in the network gateway #[tokio::test] - async fn double_hbone1() -> anyhow::Result<()> { + async fn double_hbone_ip_addressed_network_gateway() -> anyhow::Result<()> { let mut manager = setup_netns_test!(Shared); let zt = manager.deploy_ztunnel(DEFAULT_NODE).await?; @@ -214,7 +215,7 @@ mod namespaced { address: TEST_VIP.parse::()?, }]) .subject_alt_names(vec!["spiffe://cluster.local/ns/default/sa/echo".into()]) - .ports(HashMap::from([(8080, 8080)])) + .ports(HashMap::from([(80, 8080)])) .register() .await?; @@ -231,7 +232,7 @@ mod namespaced { // represents workloads in the remote cluster. // Its a little weird because we do give it a namespaced/ip, // but that's because of how the tests infra works. - let _local_remote_workload = manager + let _split_horizon_workload = manager .workload_builder("local-remote-workload", "remote-node") .hbone() .network("remote".into()) @@ -247,7 +248,7 @@ mod namespaced { namespace: "default".into(), service_account: "actual-ew-gtw".into(), }) - .service("default/remote.default.svc.cluster.local", 8080, 8080) + .service("default/remote.default.svc.cluster.local", 80, 8080) .register() .await?; let echo = manager @@ -279,7 +280,7 @@ mod namespaced { run_tcp_to_hbone_client( client.clone(), manager.resolver(), - &format!("{TEST_VIP}:8080"), + &format!("{TEST_VIP}:80"), )?; let metrics = [ @@ -297,7 +298,7 @@ mod namespaced { ("scope", "access"), ("src.workload", "client"), ("dst.workload", "actual-ew-gtw"), - ("dst.hbone_addr", "remote.default.svc.cluster.local:8080"), + ("dst.hbone_addr", "remote.default.svc.cluster.local:80"), ("dst.addr", &dst_addr), ("bytes_sent", &sent), ("bytes_recv", &recv), @@ -317,7 +318,7 @@ mod namespaced { } #[tokio::test] - async fn double_hbone2() -> anyhow::Result<()> { + async fn double_hbone_hostname_addressed_network_gateway() -> anyhow::Result<()> { let mut manager = setup_netns_test!(Shared); let _zt = manager.deploy_ztunnel(DEFAULT_NODE).await?;