3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: migrate deprecated cluster DNS settings (#5690)

Browse source 
Address the deprecation warnings for `respect_dns_ttl` by migrating to
the newer CustomClusterType config proto.
This commit is contained in:
Kenneth Jenkins 2025-07-03 09:21:26 -07:00 committed by GitHub
parent 85ca4832cd
commit 94c0046d62
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 132 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

56
config/envoyconfig/clusters.go
View file

@ -12,6 +12,8 @@ import (
envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
envoy_extensions_clusters_common_dns_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/common/dns/v3"
envoy_extensions_clusters_dns_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/dns/v3"
envoy_extensions_transport_sockets_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" envoy_extensions_transport_sockets_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
"google.golang.org/protobuf/proto" "google.golang.org/protobuf/proto"
"google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/durationpb"
@ -137,7 +139,6 @@ func (b *Builder) buildInternalCluster(
keepalive Keepalive, keepalive Keepalive,
) (*envoy_config_cluster_v3.Cluster, error) { ) (*envoy_config_cluster_v3.Cluster, error) {
cluster := newDefaultEnvoyClusterConfig() cluster := newDefaultEnvoyClusterConfig()
cluster.DnsLookupFamily = config.GetEnvoyDNSLookupFamily(cfg.Options.DNSLookupFamily)
// Match the Go standard library default TCP keepalive settings. // Match the Go standard library default TCP keepalive settings.
cluster.UpstreamConnectionOptions = &envoy_config_cluster_v3.UpstreamConnectionOptions{ cluster.UpstreamConnectionOptions = &envoy_config_cluster_v3.UpstreamConnectionOptions{
TcpKeepalive: defaultTCPKeepalive, TcpKeepalive: defaultTCPKeepalive,
@ -150,7 +151,10 @@ func (b *Builder) buildInternalCluster(
} }
endpoints = append(endpoints, NewEndpoint(dst, ts, 1)) endpoints = append(endpoints, NewEndpoint(dst, ts, 1))
} }
if err := b.buildCluster(cluster, name, endpoints, upstreamProtocol, keepalive); err != nil { dnsLookupFamily := config.GetEnvoyDNSLookupFamily(cfg.Options.DNSLookupFamily)
if err := b.buildCluster(
cluster, name, endpoints, upstreamProtocol, dnsLookupFamily, keepalive,
); err != nil {
return nil, err return nil, err
} }
cluster.CircuitBreakers = buildInternalCircuitBreakers(cfg) cluster.CircuitBreakers = buildInternalCircuitBreakers(cfg)
@ -199,12 +203,14 @@ func (b *Builder) buildPolicyCluster(ctx context.Context, cfg *config.Config, po
return nil, err return nil, err
} }
cluster.DnsLookupFamily = config.GetEnvoyDNSLookupFamily(options.DNSLookupFamily) dnsLookupFamily := config.GetEnvoyDNSLookupFamily(options.DNSLookupFamily)
if policy.EnableGoogleCloudServerlessAuthentication { if policy.EnableGoogleCloudServerlessAuthentication {
cluster.DnsLookupFamily = envoy_config_cluster_v3.Cluster_V4_ONLY dnsLookupFamily = envoy_extensions_clusters_common_dns_v3.DnsLookupFamily_V4_ONLY
} }
if err := b.buildCluster(cluster, name, endpoints, upstreamProtocol, Keepalive(false)); err != nil { if err := b.buildCluster(
cluster, name, endpoints, upstreamProtocol, dnsLookupFamily, Keepalive(false),
); err != nil {
return nil, err return nil, err
} }
cluster.CircuitBreakers = buildRouteCircuitBreakers(cfg, policy) cluster.CircuitBreakers = buildRouteCircuitBreakers(cfg, policy)
@ -362,6 +368,7 @@ func (b *Builder) buildCluster(
name string, name string,
endpoints []Endpoint, endpoints []Endpoint,
upstreamProtocol upstreamProtocolConfig, upstreamProtocol upstreamProtocolConfig,
dnsLookupFamily envoy_extensions_clusters_common_dns_v3.DnsLookupFamily,
keepalive Keepalive, keepalive Keepalive,
) error { ) error {
if len(endpoints) == 0 { if len(endpoints) == 0 {
@ -371,7 +378,6 @@ func (b *Builder) buildCluster(
if cluster.ConnectTimeout == nil { if cluster.ConnectTimeout == nil {
cluster.ConnectTimeout = defaultConnectionTimeout cluster.ConnectTimeout = defaultConnectionTimeout
} }
cluster.RespectDnsTtl = true
lbEndpoints, err := b.buildLbEndpoints(endpoints) lbEndpoints, err := b.buildLbEndpoints(endpoints)
if err != nil { if err != nil {
return err return err
@ -394,7 +400,8 @@ func (b *Builder) buildCluster(
} }
cluster.TypedExtensionProtocolOptions = buildTypedExtensionProtocolOptions(endpoints, upstreamProtocol, keepalive) cluster.TypedExtensionProtocolOptions = buildTypedExtensionProtocolOptions(endpoints, upstreamProtocol, keepalive)
cluster.ClusterDiscoveryType = getClusterDiscoveryType(lbEndpoints)
cluster.ClusterDiscoveryType = getClusterDiscoveryType(lbEndpoints, dnsLookupFamily)
return cluster.Validate() return cluster.Validate()
} }
@ -528,16 +535,35 @@ func validateClusterNamesUnique(clusters []*envoy_config_cluster_v3.Cluster) err
return nil return nil
} }
func getClusterDiscoveryType(lbEndpoints []*envoy_config_endpoint_v3.LbEndpoint) *envoy_config_cluster_v3.Cluster_Type { func allIPAddresses(lbEndpoints []*envoy_config_endpoint_v3.LbEndpoint) bool {
// for IPs we use a static discovery type, otherwise we use DNS
allIP := true
for _, lbe := range lbEndpoints { for _, lbe := range lbEndpoints {
if net.ParseIP(urlutil.StripPort(lbe.GetEndpoint().GetAddress().GetSocketAddress().GetAddress())) == nil { if net.ParseIP(urlutil.StripPort(lbe.GetEndpoint().GetAddress().GetSocketAddress().GetAddress())) == nil {
allIP = false return false
} }
} }
if allIP { return true
return &envoy_config_cluster_v3.Cluster_Type{Type: envoy_config_cluster_v3.Cluster_STATIC} }
}
return &envoy_config_cluster_v3.Cluster_Type{Type: envoy_config_cluster_v3.Cluster_STRICT_DNS} func getClusterDiscoveryType(
lbEndpoints []*envoy_config_endpoint_v3.LbEndpoint,
dnsLookupFamily envoy_extensions_clusters_common_dns_v3.DnsLookupFamily,
) *envoy_config_cluster_v3.Cluster_ClusterType {
// for IPs we use a static discovery type, otherwise we use DNS
if allIPAddresses(lbEndpoints) {
return &envoy_config_cluster_v3.Cluster_ClusterType{
ClusterType: &envoy_config_cluster_v3.Cluster_CustomClusterType{
Name: "envoy.cluster.static",
},
}
}
return &envoy_config_cluster_v3.Cluster_ClusterType{
ClusterType: &envoy_config_cluster_v3.Cluster_CustomClusterType{
Name: "envoy.clusters.dns",
TypedConfig: marshalAny(&envoy_extensions_clusters_dns_v3.DnsCluster{
RespectDnsTtl: true,
DnsLookupFamily: dnsLookupFamily,
}),
},
}
} }

69
config/envoyconfig/clusters_test.go
View file

@ -9,6 +9,7 @@ import (
"time" "time"
envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
envoy_extensions_clusters_common_dns_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/common/dns/v3"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/volatiletech/null/v9" "github.com/volatiletech/null/v9"
@ -527,16 +528,21 @@ func Test_buildCluster(t *testing.T) {
}) })
require.NoError(t, err) require.NoError(t, err)
cluster := newDefaultEnvoyClusterConfig() cluster := newDefaultEnvoyClusterConfig()
cluster.DnsLookupFamily = envoy_config_cluster_v3.Cluster_V4_ONLY dnsLookupFamily := envoy_extensions_clusters_common_dns_v3.DnsLookupFamily_V4_ONLY
err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, Keepalive(false)) err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, dnsLookupFamily, Keepalive(false))
require.NoErrorf(t, err, "cluster %+v", cluster) require.NoErrorf(t, err, "cluster %+v", cluster)
testutil.AssertProtoJSONEqual(t, ` testutil.AssertProtoJSONEqual(t, `
{ {
"name": "example", "name": "example",
"type": "STRICT_DNS", "clusterType": {
"name": "envoy.clusters.dns",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.clusters.dns.v3.DnsCluster",
"dnsLookupFamily": "V4_ONLY",
"respectDnsTtl": true
}
},
"connectTimeout": "10s", "connectTimeout": "10s",
"respectDnsTtl": true,
"dnsLookupFamily": "V4_ONLY",
"perConnectionBufferLimitBytes": 32768, "perConnectionBufferLimitBytes": 32768,
"typedExtensionProtocolOptions": { "typedExtensionProtocolOptions": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
@ -589,14 +595,21 @@ func Test_buildCluster(t *testing.T) {
}) })
require.NoError(t, err) require.NoError(t, err)
cluster := newDefaultEnvoyClusterConfig() cluster := newDefaultEnvoyClusterConfig()
err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, Keepalive(true)) dnsLookupFamily := envoy_extensions_clusters_common_dns_v3.DnsLookupFamily_V4_PREFERRED
err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, dnsLookupFamily, Keepalive(true))
require.NoErrorf(t, err, "cluster %+v", cluster) require.NoErrorf(t, err, "cluster %+v", cluster)
testutil.AssertProtoJSONEqual(t, ` testutil.AssertProtoJSONEqual(t, `
{ {
"name": "example", "name": "example",
"type": "STRICT_DNS", "clusterType": {
"name": "envoy.clusters.dns",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.clusters.dns.v3.DnsCluster",
"dnsLookupFamily": "V4_PREFERRED",
"respectDnsTtl": true
}
},
"connectTimeout": "10s", "connectTimeout": "10s",
"respectDnsTtl": true,
"perConnectionBufferLimitBytes": 32768, "perConnectionBufferLimitBytes": 32768,
"transportSocketMatches": [{ "transportSocketMatches": [{
"name": "`+endpoints[0].TransportSocketName()+`", "name": "`+endpoints[0].TransportSocketName()+`",
@ -719,7 +732,6 @@ func Test_buildCluster(t *testing.T) {
} }
} }
}, },
"dnsLookupFamily": "V4_PREFERRED",
"loadAssignment": { "loadAssignment": {
"clusterName": "example", "clusterName": "example",
"endpoints": [{ "endpoints": [{
@ -769,14 +781,15 @@ func Test_buildCluster(t *testing.T) {
}) })
require.NoError(t, err) require.NoError(t, err)
cluster := newDefaultEnvoyClusterConfig() cluster := newDefaultEnvoyClusterConfig()
err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, Keepalive(false)) err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, 0, Keepalive(false))
require.NoErrorf(t, err, "cluster %+v", cluster) require.NoErrorf(t, err, "cluster %+v", cluster)
testutil.AssertProtoJSONEqual(t, ` testutil.AssertProtoJSONEqual(t, `
{ {
"name": "example", "name": "example",
"type": "STATIC", "clusterType": {
"name": "envoy.cluster.static"
},
"connectTimeout": "10s", "connectTimeout": "10s",
"respectDnsTtl": true,
"perConnectionBufferLimitBytes": 32768, "perConnectionBufferLimitBytes": 32768,
"typedExtensionProtocolOptions": { "typedExtensionProtocolOptions": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
@ -791,7 +804,6 @@ func Test_buildCluster(t *testing.T) {
} }
} }
}, },
"dnsLookupFamily": "V4_PREFERRED",
"loadAssignment": { "loadAssignment": {
"clusterName": "example", "clusterName": "example",
"endpoints": [{ "endpoints": [{
@ -827,14 +839,15 @@ func Test_buildCluster(t *testing.T) {
}) })
require.NoError(t, err) require.NoError(t, err)
cluster := newDefaultEnvoyClusterConfig() cluster := newDefaultEnvoyClusterConfig()
err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, Keepalive(false)) err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, 0, Keepalive(false))
require.NoErrorf(t, err, "cluster %+v", cluster) require.NoErrorf(t, err, "cluster %+v", cluster)
testutil.AssertProtoJSONEqual(t, ` testutil.AssertProtoJSONEqual(t, `
{ {
"name": "example", "name": "example",
"type": "STATIC", "clusterType": {
"name": "envoy.cluster.static"
},
"connectTimeout": "10s", "connectTimeout": "10s",
"respectDnsTtl": true,
"perConnectionBufferLimitBytes": 32768, "perConnectionBufferLimitBytes": 32768,
"typedExtensionProtocolOptions": { "typedExtensionProtocolOptions": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
@ -849,7 +862,6 @@ func Test_buildCluster(t *testing.T) {
} }
} }
}, },
"dnsLookupFamily": "V4_PREFERRED",
"loadAssignment": { "loadAssignment": {
"clusterName": "example", "clusterName": "example",
"endpoints": [{ "endpoints": [{
@ -887,14 +899,15 @@ func Test_buildCluster(t *testing.T) {
}) })
require.NoError(t, err) require.NoError(t, err)
cluster := newDefaultEnvoyClusterConfig() cluster := newDefaultEnvoyClusterConfig()
err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, Keepalive(false)) err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, 0, Keepalive(false))
require.NoErrorf(t, err, "cluster %+v", cluster) require.NoErrorf(t, err, "cluster %+v", cluster)
testutil.AssertProtoJSONEqual(t, ` testutil.AssertProtoJSONEqual(t, `
{ {
"name": "example", "name": "example",
"type": "STATIC", "clusterType": {
"name": "envoy.cluster.static"
},
"connectTimeout": "10s", "connectTimeout": "10s",
"respectDnsTtl": true,
"perConnectionBufferLimitBytes": 32768, "perConnectionBufferLimitBytes": 32768,
"typedExtensionProtocolOptions": { "typedExtensionProtocolOptions": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
@ -909,7 +922,6 @@ func Test_buildCluster(t *testing.T) {
} }
} }
}, },
"dnsLookupFamily": "V4_PREFERRED",
"loadAssignment": { "loadAssignment": {
"clusterName": "example", "clusterName": "example",
"endpoints": [{ "endpoints": [{
@ -935,19 +947,25 @@ func Test_buildCluster(t *testing.T) {
}) })
require.NoError(t, err) require.NoError(t, err)
cluster := newDefaultEnvoyClusterConfig() cluster := newDefaultEnvoyClusterConfig()
cluster.DnsLookupFamily = envoy_config_cluster_v3.Cluster_V4_ONLY
cluster.OutlierDetection = &envoy_config_cluster_v3.OutlierDetection{ cluster.OutlierDetection = &envoy_config_cluster_v3.OutlierDetection{
EnforcingConsecutive_5Xx: wrapperspb.UInt32(17), EnforcingConsecutive_5Xx: wrapperspb.UInt32(17),
SplitExternalLocalOriginErrors: true, SplitExternalLocalOriginErrors: true,
} }
err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, Keepalive(false)) dnsLookupFamily := envoy_extensions_clusters_common_dns_v3.DnsLookupFamily_V4_ONLY
err = b.buildCluster(cluster, "example", endpoints, upstreamProtocolHTTP2, dnsLookupFamily, Keepalive(false))
require.NoErrorf(t, err, "cluster %+v", cluster) require.NoErrorf(t, err, "cluster %+v", cluster)
testutil.AssertProtoJSONEqual(t, ` testutil.AssertProtoJSONEqual(t, `
{ {
"name": "example", "name": "example",
"type": "STRICT_DNS", "clusterType": {
"name": "envoy.clusters.dns",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.clusters.dns.v3.DnsCluster",
"dnsLookupFamily": "V4_ONLY",
"respectDnsTtl": true
}
},
"connectTimeout": "10s", "connectTimeout": "10s",
"respectDnsTtl": true,
"perConnectionBufferLimitBytes": 32768, "perConnectionBufferLimitBytes": 32768,
"typedExtensionProtocolOptions": { "typedExtensionProtocolOptions": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
@ -962,7 +980,6 @@ func Test_buildCluster(t *testing.T) {
} }
} }
}, },
"dnsLookupFamily": "V4_ONLY",
"outlierDetection": { "outlierDetection": {
"enforcingConsecutive5xx": 17, "enforcingConsecutive5xx": 17,
"splitExternalLocalOriginErrors": true "splitExternalLocalOriginErrors": true

2
config/envoyconfig/envoyconfig.go
View file

@ -66,8 +66,6 @@ func (e Endpoint) TransportSocketName() string {
func newDefaultEnvoyClusterConfig() *envoy_config_cluster_v3.Cluster { func newDefaultEnvoyClusterConfig() *envoy_config_cluster_v3.Cluster {
return &envoy_config_cluster_v3.Cluster{ return &envoy_config_cluster_v3.Cluster{
ConnectTimeout: defaultConnectionTimeout, ConnectTimeout: defaultConnectionTimeout,
RespectDnsTtl: true,
DnsLookupFamily: envoy_config_cluster_v3.Cluster_V4_PREFERRED,
PerConnectionBufferLimitBytes: wrapperspb.UInt32(connectionBufferLimit), PerConnectionBufferLimitBytes: wrapperspb.UInt32(connectionBufferLimit),
} }
} }

55
config/envoyconfig/testdata/clusters.json vendored
View file

@ -33,7 +33,14 @@
} }
] ]
}, },
"dnsLookupFamily": "V4_PREFERRED", "clusterType": {
"name": "envoy.clusters.dns",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.clusters.dns.v3.DnsCluster",
"dnsLookupFamily": "V4_PREFERRED",
"respectDnsTtl": true
}
},
"loadAssignment": { "loadAssignment": {
"clusterName": "pomerium-control-plane-grpc", "clusterName": "pomerium-control-plane-grpc",
"endpoints": [ "endpoints": [
@ -57,8 +64,6 @@
}, },
"name": "pomerium-control-plane-grpc", "name": "pomerium-control-plane-grpc",
"perConnectionBufferLimitBytes": 32768, "perConnectionBufferLimitBytes": 32768,
"respectDnsTtl": true,
"type": "STRICT_DNS",
"typedExtensionProtocolOptions": { "typedExtensionProtocolOptions": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
@ -81,6 +86,14 @@
}, },
{ {
"connectTimeout": "10s", "connectTimeout": "10s",
"clusterType": {
"name": "envoy.clusters.dns",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.clusters.dns.v3.DnsCluster",
"dnsLookupFamily": "V4_PREFERRED",
"respectDnsTtl": true
}
},
"circuitBreakers": { "circuitBreakers": {
"thresholds": [ "thresholds": [
{ {
@ -91,7 +104,6 @@
} }
] ]
}, },
"dnsLookupFamily": "V4_PREFERRED",
"loadAssignment": { "loadAssignment": {
"clusterName": "pomerium-control-plane-http", "clusterName": "pomerium-control-plane-http",
"endpoints": [ "endpoints": [
@ -115,8 +127,6 @@
}, },
"name": "pomerium-control-plane-http", "name": "pomerium-control-plane-http",
"perConnectionBufferLimitBytes": 32768, "perConnectionBufferLimitBytes": 32768,
"respectDnsTtl": true,
"type": "STRICT_DNS",
"typedExtensionProtocolOptions": { "typedExtensionProtocolOptions": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
@ -143,6 +153,14 @@
}, },
{ {
"connectTimeout": "10s", "connectTimeout": "10s",
"clusterType": {
"name": "envoy.clusters.dns",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.clusters.dns.v3.DnsCluster",
"dnsLookupFamily": "V4_PREFERRED",
"respectDnsTtl": true
}
},
"circuitBreakers": { "circuitBreakers": {
"thresholds": [ "thresholds": [
{ {
@ -153,7 +171,6 @@
} }
] ]
}, },
"dnsLookupFamily": "V4_PREFERRED",
"loadAssignment": { "loadAssignment": {
"clusterName": "pomerium-control-plane-metrics", "clusterName": "pomerium-control-plane-metrics",
"endpoints": [ "endpoints": [
@ -177,8 +194,6 @@
}, },
"name": "pomerium-control-plane-metrics", "name": "pomerium-control-plane-metrics",
"perConnectionBufferLimitBytes": 32768, "perConnectionBufferLimitBytes": 32768,
"respectDnsTtl": true,
"type": "STRICT_DNS",
"typedExtensionProtocolOptions": { "typedExtensionProtocolOptions": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
@ -205,6 +220,14 @@
}, },
{ {
"connectTimeout": "10s", "connectTimeout": "10s",
"clusterType": {
"name": "envoy.clusters.dns",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.clusters.dns.v3.DnsCluster",
"dnsLookupFamily": "V4_PREFERRED",
"respectDnsTtl": true
}
},
"circuitBreakers": { "circuitBreakers": {
"thresholds": [ "thresholds": [
{ {
@ -215,7 +238,6 @@
} }
] ]
}, },
"dnsLookupFamily": "V4_PREFERRED",
"loadAssignment": { "loadAssignment": {
"clusterName": "pomerium-authorize", "clusterName": "pomerium-authorize",
"endpoints": [ "endpoints": [
@ -239,8 +261,6 @@
}, },
"name": "pomerium-authorize", "name": "pomerium-authorize",
"perConnectionBufferLimitBytes": 32768, "perConnectionBufferLimitBytes": 32768,
"respectDnsTtl": true,
"type": "STRICT_DNS",
"typedExtensionProtocolOptions": { "typedExtensionProtocolOptions": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
@ -263,6 +283,14 @@
}, },
{ {
"connectTimeout": "10s", "connectTimeout": "10s",
"clusterType": {
"name": "envoy.clusters.dns",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.clusters.dns.v3.DnsCluster",
"dnsLookupFamily": "V4_PREFERRED",
"respectDnsTtl": true
}
},
"circuitBreakers": { "circuitBreakers": {
"thresholds": [ "thresholds": [
{ {
@ -273,7 +301,6 @@
} }
] ]
}, },
"dnsLookupFamily": "V4_PREFERRED",
"loadAssignment": { "loadAssignment": {
"clusterName": "pomerium-databroker", "clusterName": "pomerium-databroker",
"endpoints": [ "endpoints": [
@ -297,8 +324,6 @@
}, },
"name": "pomerium-databroker", "name": "pomerium-databroker",
"perConnectionBufferLimitBytes": 32768, "perConnectionBufferLimitBytes": 32768,
"respectDnsTtl": true,
"type": "STRICT_DNS",
"typedExtensionProtocolOptions": { "typedExtensionProtocolOptions": {
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",

16
config/validate.go
View file

@ -6,7 +6,7 @@ import (
"strconv" "strconv"
"strings" "strings"
envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_extensions_clusters_common_dns_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/common/dns/v3"
) )
// DNSLookupFamily values. // DNSLookupFamily values.
@ -53,22 +53,22 @@ func ValidateCookieSameSite(value string) error {
} }
// GetEnvoyDNSLookupFamily gets the envoy DNS lookup family. // GetEnvoyDNSLookupFamily gets the envoy DNS lookup family.
func GetEnvoyDNSLookupFamily(value string) envoy_config_cluster_v3.Cluster_DnsLookupFamily { func GetEnvoyDNSLookupFamily(value string) envoy_extensions_clusters_common_dns_v3.DnsLookupFamily {
switch value { switch value {
case DNSLookupFamilyAuto: case DNSLookupFamilyAuto:
return envoy_config_cluster_v3.Cluster_AUTO return envoy_extensions_clusters_common_dns_v3.DnsLookupFamily_AUTO
case DNSLookupFamilyV4Only: case DNSLookupFamilyV4Only:
return envoy_config_cluster_v3.Cluster_V4_ONLY return envoy_extensions_clusters_common_dns_v3.DnsLookupFamily_V4_ONLY
case DNSLookupFamilyV6Only: case DNSLookupFamilyV6Only:
return envoy_config_cluster_v3.Cluster_V6_ONLY return envoy_extensions_clusters_common_dns_v3.DnsLookupFamily_V6_ONLY
case DNSLookupFamilyV4Preferred: case DNSLookupFamilyV4Preferred:
return envoy_config_cluster_v3.Cluster_V4_PREFERRED return envoy_extensions_clusters_common_dns_v3.DnsLookupFamily_V4_PREFERRED
case DNSLookupFamilyAll: case DNSLookupFamilyAll:
return envoy_config_cluster_v3.Cluster_ALL return envoy_extensions_clusters_common_dns_v3.DnsLookupFamily_ALL
} }
// default // default
return envoy_config_cluster_v3.Cluster_V4_PREFERRED return envoy_extensions_clusters_common_dns_v3.DnsLookupFamily_V4_PREFERRED
} }
// ValidateMetricsAddress validates address for the metrics // ValidateMetricsAddress validates address for the metrics