mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-30 10:56:28 +02:00
config: add additional dns lookup families, default to V4_PREFERRED (#3957)
This commit is contained in:
Caleb Doxsey
GitHub
parent
e66c26c9ad
commit
b50d5f3203
5 changed files with 34 additions and 12 deletions
|
|
@ -190,10 +190,7 @@ func (b *Builder) buildPolicyCluster(ctx context.Context, cfg *config.Config, po
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if cluster.DnsLookupFamily == envoy_config_cluster_v3.Cluster_AUTO {
|
cluster.DnsLookupFamily = config.GetEnvoyDNSLookupFamily(options.DNSLookupFamily)
|
||||||
cluster.DnsLookupFamily = config.GetEnvoyDNSLookupFamily(options.DNSLookupFamily)
|
|
||||||
}
|
|
||||||
|
|
||||||
if policy.EnableGoogleCloudServerlessAuthentication {
|
if policy.EnableGoogleCloudServerlessAuthentication {
|
||||||
cluster.DnsLookupFamily = envoy_config_cluster_v3.Cluster_V4_ONLY
|
cluster.DnsLookupFamily = envoy_config_cluster_v3.Cluster_V4_ONLY
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -676,6 +676,7 @@ func Test_buildCluster(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"dnsLookupFamily": "V4_PREFERRED",
|
||||||
"loadAssignment": {
|
"loadAssignment": {
|
||||||
"clusterName": "example",
|
"clusterName": "example",
|
||||||
"endpoints": [{
|
"endpoints": [{
|
||||||
|
|
@ -745,6 +746,7 @@ func Test_buildCluster(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"dnsLookupFamily": "V4_PREFERRED",
|
||||||
"loadAssignment": {
|
"loadAssignment": {
|
||||||
"clusterName": "example",
|
"clusterName": "example",
|
||||||
"endpoints": [{
|
"endpoints": [{
|
||||||
|
|
@ -800,6 +802,7 @@ func Test_buildCluster(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"dnsLookupFamily": "V4_PREFERRED",
|
||||||
"loadAssignment": {
|
"loadAssignment": {
|
||||||
"clusterName": "example",
|
"clusterName": "example",
|
||||||
"endpoints": [{
|
"endpoints": [{
|
||||||
|
|
@ -857,6 +860,7 @@ func Test_buildCluster(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"dnsLookupFamily": "V4_PREFERRED",
|
||||||
"loadAssignment": {
|
"loadAssignment": {
|
||||||
"clusterName": "example",
|
"clusterName": "example",
|
||||||
"endpoints": [{
|
"endpoints": [{
|
||||||
|
|
|
||||||
|
|
@ -71,7 +71,7 @@ func newDefaultEnvoyClusterConfig() *envoy_config_cluster_v3.Cluster {
|
||||||
return &envoy_config_cluster_v3.Cluster{
|
return &envoy_config_cluster_v3.Cluster{
|
||||||
ConnectTimeout: defaultConnectionTimeout,
|
ConnectTimeout: defaultConnectionTimeout,
|
||||||
RespectDnsTtl: true,
|
RespectDnsTtl: true,
|
||||||
DnsLookupFamily: envoy_config_cluster_v3.Cluster_AUTO,
|
DnsLookupFamily: envoy_config_cluster_v3.Cluster_V4_PREFERRED,
|
||||||
PerConnectionBufferLimitBytes: wrapperspb.UInt32(connectionBufferLimit),
|
PerConnectionBufferLimitBytes: wrapperspb.UInt32(connectionBufferLimit),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -83,7 +83,7 @@ type Options struct {
|
||||||
InsecureServer bool `mapstructure:"insecure_server" yaml:"insecure_server,omitempty"`
|
InsecureServer bool `mapstructure:"insecure_server" yaml:"insecure_server,omitempty"`
|
||||||
|
|
||||||
// DNSLookupFamily is the DNS IP address resolution policy.
|
// DNSLookupFamily is the DNS IP address resolution policy.
|
||||||
// If this setting is not specified, the value defaults to AUTO.
|
// If this setting is not specified, the value defaults to V4_PREFERRED.
|
||||||
DNSLookupFamily string `mapstructure:"dns_lookup_family" yaml:"dns_lookup_family,omitempty"`
|
DNSLookupFamily string `mapstructure:"dns_lookup_family" yaml:"dns_lookup_family,omitempty"`
|
||||||
|
|
||||||
CertificateFiles []certificateFilePair `mapstructure:"certificates" yaml:"certificates,omitempty"`
|
CertificateFiles []certificateFilePair `mapstructure:"certificates" yaml:"certificates,omitempty"`
|
||||||
|
|
|
||||||
|
|
@ -11,18 +11,31 @@ import (
|
||||||
|
|
||||||
// DNSLookupFamily values.
|
// DNSLookupFamily values.
|
||||||
const (
|
const (
|
||||||
DNSLookupFamilyAuto = "AUTO"
|
DNSLookupFamilyAuto = "AUTO"
|
||||||
DNSLookupFamilyV4Only = "V4_ONLY"
|
DNSLookupFamilyV4Only = "V4_ONLY"
|
||||||
DNSLookupFamilyV6Only = "V6_ONLY"
|
DNSLookupFamilyV6Only = "V6_ONLY"
|
||||||
|
DNSLookupFamilyV4Preferred = "V4_PREFERRED"
|
||||||
|
DNSLookupFamilyAll = "ALL"
|
||||||
)
|
)
|
||||||
|
|
||||||
// AllDNSLookupFamilies are all the available DNSLookupFamily values.
|
// AllDNSLookupFamilies are all the available DNSLookupFamily values.
|
||||||
var AllDNSLookupFamilies = []string{DNSLookupFamilyV6Only, DNSLookupFamilyV4Only, DNSLookupFamilyAuto}
|
var AllDNSLookupFamilies = []string{
|
||||||
|
DNSLookupFamilyAuto,
|
||||||
|
DNSLookupFamilyV4Only,
|
||||||
|
DNSLookupFamilyV6Only,
|
||||||
|
DNSLookupFamilyV4Preferred,
|
||||||
|
DNSLookupFamilyAll,
|
||||||
|
}
|
||||||
|
|
||||||
// ValidateDNSLookupFamily validates the value to confirm its one of the available DNS lookup families.
|
// ValidateDNSLookupFamily validates the value to confirm its one of the available DNS lookup families.
|
||||||
func ValidateDNSLookupFamily(value string) error {
|
func ValidateDNSLookupFamily(value string) error {
|
||||||
switch value {
|
switch value {
|
||||||
case "", DNSLookupFamilyAuto, DNSLookupFamilyV4Only, DNSLookupFamilyV6Only:
|
case "",
|
||||||
|
DNSLookupFamilyAuto,
|
||||||
|
DNSLookupFamilyV4Only,
|
||||||
|
DNSLookupFamilyV6Only,
|
||||||
|
DNSLookupFamilyV4Preferred,
|
||||||
|
DNSLookupFamilyAll:
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -32,12 +45,20 @@ func ValidateDNSLookupFamily(value string) error {
|
||||||
// GetEnvoyDNSLookupFamily gets the envoy DNS lookup family.
|
// GetEnvoyDNSLookupFamily gets the envoy DNS lookup family.
|
||||||
func GetEnvoyDNSLookupFamily(value string) envoy_config_cluster_v3.Cluster_DnsLookupFamily {
|
func GetEnvoyDNSLookupFamily(value string) envoy_config_cluster_v3.Cluster_DnsLookupFamily {
|
||||||
switch value {
|
switch value {
|
||||||
|
case DNSLookupFamilyAuto:
|
||||||
|
return envoy_config_cluster_v3.Cluster_AUTO
|
||||||
case DNSLookupFamilyV4Only:
|
case DNSLookupFamilyV4Only:
|
||||||
return envoy_config_cluster_v3.Cluster_V4_ONLY
|
return envoy_config_cluster_v3.Cluster_V4_ONLY
|
||||||
case DNSLookupFamilyV6Only:
|
case DNSLookupFamilyV6Only:
|
||||||
return envoy_config_cluster_v3.Cluster_V6_ONLY
|
return envoy_config_cluster_v3.Cluster_V6_ONLY
|
||||||
|
case DNSLookupFamilyV4Preferred:
|
||||||
|
return envoy_config_cluster_v3.Cluster_V4_PREFERRED
|
||||||
|
case DNSLookupFamilyAll:
|
||||||
|
return envoy_config_cluster_v3.Cluster_ALL
|
||||||
}
|
}
|
||||||
return envoy_config_cluster_v3.Cluster_AUTO
|
|
||||||
|
// default
|
||||||
|
return envoy_config_cluster_v3.Cluster_V4_PREFERRED
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidateMetricsAddress validates address for the metrics
|
// ValidateMetricsAddress validates address for the metrics
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue