Skip to content

Added support for multiple TCP protocols in egress rules, including Mongo, rebased. #1913

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 30, 2017
Merged

Added support for multiple TCP protocols in egress rules, including Mongo, rebased. #1913

merged 5 commits into from
Nov 30, 2017

Conversation

vadimeisenbergibm
Copy link
Contributor

What this PR does / why we need it:
Adds support for multiple TCP protocols, with Mongo protocol being the first one to be added after TCP.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #1476

Special notes for your reviewer:
This is a rebased PR of #1892.

This PR enables multiple TCP protocols, with Mongo being the first case. Redis will be added in a separate PR, after I test it.

Release note:

Added support for Mongo protocol in egress rules

@istio-merge-robot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
We suggest the following additional approver: vadimeisenbergibm

Assign the PR to them by writing /assign @vadimeisenbergibm in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@vadimeisenbergibm vadimeisenbergibm mentioned this pull request Nov 29, 2017
Closed
@codecov
Copy link

codecov bot commented Nov 29, 2017
edited
Loading

Codecov Report

Merging #1913 into master will decrease coverage by 0.58%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1913      +/-   ##
==========================================
- Coverage   81.14%   80.56%   -0.59%     
==========================================
  Files         187      178       -9     
  Lines       18883    17284    -1599     
==========================================
- Hits        15322    13924    -1398     
+ Misses       3128     2971     -157     
+ Partials      433      389      -44
Flag Coverage Δ
#broker 45.51% <ø> (ø) ⬆️
#mixer 82.39% <ø> (+0.02%) ⬆️
#pilot 78.36% <100%> (-2.04%) ⬇️
#security 90.39% <ø> (ø) ⬆️
Impacted Files Coverage Δ
pilot/model/validation.go 92.16% <100%> (ø) ⬆️
pilot/model/egress_rules.go 100% <100%> (ø) ⬆️
pilot/proxy/envoy/discovery.go
pilot/proxy/envoy/resources.go
pilot/proxy/envoy/header.go
pilot/proxy/envoy/fault.go
pilot/tools/version/version.go
pilot/proxy/envoy/watcher.go
pilot/proxy/envoy/policy.go
pilot/proxy/envoy/infra_auth.go
... and 10 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fb8bff0...eaf04c8. Read the comment docs.

@rshriram rshriram merged commit 922ed82 into istio:master Nov 30, 2017
kyessenov pushed a commit to kyessenov/istio that referenced this pull request Aug 14, 2018
@trabetti @rshriram
fixed broken links to dev guide and contribution guide (istio#1913)
585abec
@PiotrSikora PiotrSikora mentioned this pull request Aug 15, 2018
Merged
PiotrSikora added a commit to PiotrSikora/istio that referenced this pull request Aug 21, 2018
@PiotrSikora
Update Envoy SHA to latest.
a0f2228 
Pulling the following changes from github.com/istio/proxy:

1fc6253 add debug logs for collecting rbac attributes (istio#1922)
c5282b6 Update Envoy SHA to latest with LcTrie optimizations. (istio#1918)
4ced9e7 Update clang to 6.0 and use it for release binaries. (istio#1914)
585abec fixed broken links to dev guide and contribution guide (istio#1913)
c63d841 Provide source version information in the binary. (istio#1915)
b49589a Install clang-format in the build image used by CircleCI. (istio#1917)
5d42471 Fix macOS build on CircleCI. (istio#1916)
b1f4e7e add rbac filter to istio http integration test. (istio#1907)

Pulling the following changes from github.com/envoyproxy/envoy:

73bd3d95c http_filter: add addEncodedTrailers and addDecodedTrailers (istio#3980)
c3652aad5 rbac/fuzz: fix build (istio#4150)
07bc27c05 fix flaky RBAC integration test. (istio#4147)
b150d61a9 header_map: copy constructor for HeaderMapImpl. (istio#4129)
f345c8b23 test: moving websocket tests to using HTTP codec. (istio#4143)
da500d20f upstream: init host hc value based on hc value from other priorities (istio#3959)
da6194b94 test: add tests for corner-cases around sending requests before run() starts or after run() ends. (istio#4114)
3527f7799 perf: reduce the memory usage of LC Trie construction (istio#4117)
b538e46d8 test: moving redundant code in websocket_integration_test to utilities (istio#4127)
a3c55bf7b test: make YamlLoadFromStringFail less picky about error msg. (istio#4141)
c283439b6 rbac: add rbac network filter. (istio#4083)
5a7152d21 fuzz: route lookup and header finalization fuzzer. (istio#4116)
589467360 Set content-type and content-length (istio#4113)
714ae130a fault: use FractionalPercent for percent (istio#3978)
fde378705 test: Fix inverted exact match logic in IntegrationTcpClient::waitForData() (istio#4134)
794a00126 Added cluster_name to load assignment config for static cluster (istio#4123)
19f51e5e1 ssl: refactor ContextConfig to use TlsCertificateConfig (istio#4115)
0a4bffc5a syscall: refactor OsSysCalls for deeper errno latching (istio#4111)
ec0d98e5e thrift_proxy: fix oneway bugs (istio#4025)
1381673ad Do not crash when converting YAML to JSON fails (istio#4110)
2662bf1f2 config: allow unknown fields flag (take 2) (istio#4096)
1ab839c1f Use a jittered backoff strategy for handling HdsDelegate stream/connection failures (istio#4108)
7309c14cf bazel: use GCS remote cache (istio#4050)
5fe4e14f0 Add thread local cache of overload action states (istio#4090)
3bb7fbc5f Added TCP healthcheck capabilities to the HdsDelegate (istio#4079)
98037ed37 secret: add secret provider interface and use it for TlsCertificates (istio#4086)
3e15c9490 upstream: allow custom extension protocol options (istio#4098)
9b33c49d1 Rename message types in hds.proto to improve readability (istio#4109)
bb70b42bb fuzz: router header formatter/parser fuzz test. (istio#4105)
fe57f6b33 fuzz: http parsing utility fuzzer. (istio#4107)
73dfedc95 ci: link ninja-buid to ninja for centos (istio#4106)
1cd509ef1 docs: add curl to Ubuntu deps (istio#4104)
45b900829 Handling updates from the management server on HDS (istio#4077)
510994c6a Don't use SIGTERM for admin /quitquitquit, just shut down directly. (istio#4099)
29b60291e fuzz: access log formatter fuzz test. (istio#4102)
765cac42f Destroy pending updates when updating a cluster (istio#4084)
aafdf6037 authz_client_fix: fixed ext_authz http client when request contains content-length greater than 0 (istio#3888)
22ae0ab93 HttpConnectionManager and upstream counters for total completed requests (istio#3995)
04616d676  tcp_proxy: convert TCP proxy to use TCP connection pool (istio#4067)
e759eab17 buffer: add prepend functions to Buffer::Instance (istio#4064)

Fixes istio#7710, fixes istio#7817, and hopefully fixes istio#7759.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
istio-testing pushed a commit that referenced this pull request Aug 22, 2018
@PiotrSikora @istio-testing
Update Envoy SHA to latest. (#7922)
c5d477f 
Pulling the following changes from github.com/istio/proxy:

1fc6253 add debug logs for collecting rbac attributes (#1922)
c5282b6 Update Envoy SHA to latest with LcTrie optimizations. (#1918)
4ced9e7 Update clang to 6.0 and use it for release binaries. (#1914)
585abec fixed broken links to dev guide and contribution guide (#1913)
c63d841 Provide source version information in the binary. (#1915)
b49589a Install clang-format in the build image used by CircleCI. (#1917)
5d42471 Fix macOS build on CircleCI. (#1916)
b1f4e7e add rbac filter to istio http integration test. (#1907)

Pulling the following changes from github.com/envoyproxy/envoy:

73bd3d95c http_filter: add addEncodedTrailers and addDecodedTrailers (#3980)
c3652aad5 rbac/fuzz: fix build (#4150)
07bc27c05 fix flaky RBAC integration test. (#4147)
b150d61a9 header_map: copy constructor for HeaderMapImpl. (#4129)
f345c8b23 test: moving websocket tests to using HTTP codec. (#4143)
da500d20f upstream: init host hc value based on hc value from other priorities (#3959)
da6194b94 test: add tests for corner-cases around sending requests before run() starts or after run() ends. (#4114)
3527f7799 perf: reduce the memory usage of LC Trie construction (#4117)
b538e46d8 test: moving redundant code in websocket_integration_test to utilities (#4127)
a3c55bf7b test: make YamlLoadFromStringFail less picky about error msg. (#4141)
c283439b6 rbac: add rbac network filter. (#4083)
5a7152d21 fuzz: route lookup and header finalization fuzzer. (#4116)
589467360 Set content-type and content-length (#4113)
714ae130a fault: use FractionalPercent for percent (#3978)
fde378705 test: Fix inverted exact match logic in IntegrationTcpClient::waitForData() (#4134)
794a00126 Added cluster_name to load assignment config for static cluster (#4123)
19f51e5e1 ssl: refactor ContextConfig to use TlsCertificateConfig (#4115)
0a4bffc5a syscall: refactor OsSysCalls for deeper errno latching (#4111)
ec0d98e5e thrift_proxy: fix oneway bugs (#4025)
1381673ad Do not crash when converting YAML to JSON fails (#4110)
2662bf1f2 config: allow unknown fields flag (take 2) (#4096)
1ab839c1f Use a jittered backoff strategy for handling HdsDelegate stream/connection failures (#4108)
7309c14cf bazel: use GCS remote cache (#4050)
5fe4e14f0 Add thread local cache of overload action states (#4090)
3bb7fbc5f Added TCP healthcheck capabilities to the HdsDelegate (#4079)
98037ed37 secret: add secret provider interface and use it for TlsCertificates (#4086)
3e15c9490 upstream: allow custom extension protocol options (#4098)
9b33c49d1 Rename message types in hds.proto to improve readability (#4109)
bb70b42bb fuzz: router header formatter/parser fuzz test. (#4105)
fe57f6b33 fuzz: http parsing utility fuzzer. (#4107)
73dfedc95 ci: link ninja-buid to ninja for centos (#4106)
1cd509ef1 docs: add curl to Ubuntu deps (#4104)
45b900829 Handling updates from the management server on HDS (#4077)
510994c6a Don't use SIGTERM for admin /quitquitquit, just shut down directly. (#4099)
29b60291e fuzz: access log formatter fuzz test. (#4102)
765cac42f Destroy pending updates when updating a cluster (#4084)
aafdf6037 authz_client_fix: fixed ext_authz http client when request contains content-length greater than 0 (#3888)
22ae0ab93 HttpConnectionManager and upstream counters for total completed requests (#3995)
04616d676  tcp_proxy: convert TCP proxy to use TCP connection pool (#4067)
e759eab17 buffer: add prepend functions to Buffer::Instance (#4064)

Fixes #7710, fixes #7817, and hopefully fixes #7759.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ijsnellf ijsnellf Awaiting requested review from ijsnellf

1 more reviewer

@rshriram rshriram rshriram approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
do-not-merge/post-submit
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Egress rule must support Mongo/Redis/TCP services
5 participants
@vadimeisenbergibm @istio-merge-robot @rshriram @googlebot @istio-testing