3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-30 01:17:21 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/config
History
Kenneth Jenkins c7c2087483
envoy: enable TCP keepalive for internal clusters (#4902) 
In split service mode, and during periods of inactivity, the gRPC
connections to the databroker may fall idle. Some network firewalls may
eventually time out an idle TCP connection and even start dropping
subsequent packets once connection traffic resumes. Combined with Linux
default TCP retransmission settings, this could cause a broken
connection to persist for over 15 minutes.

In an attempt to avoid this scenario, enable TCP keepalive for outbound
gRPC connections, matching the Go standard library default settings for
time & interval: 15 seconds for both. (The probe count does not appear
to be set, so it will remain at the OS default.)

Add a test case exercising the BuildClusters() method with the default
configuration options, comparing the results with a reference "golden"
file in the testdata directory. Also add an '-update' flag to make it
easier to update the reference golden when needed:

  go test ./config/envoyconfig -update
2024-01-11 09:12:45 -08:00
..
envoyconfig envoy: enable TCP keepalive for internal clusters (#4902) 2024-01-11 09:12:45 -08:00
testdata config: additional kubernetes token source support (#1200) 2020-08-04 09:40:51 -04:00
autocert.go core/ci: update linting (#4844) 2023-12-14 09:07:54 -08:00
autocert_test.go config: update logic for checking overlapping certificates (#4216) 2023-06-01 09:30:46 -06:00
codec_type.go config: allow specifying auto codec type in all-in-one mode (#2846) 2021-12-22 12:34:58 -07:00
codec_type_test.go config: default to http2 (#3660) 2022-10-12 14:46:06 -06:00
config.go config: no longer stub out HPKE public key fetch (#4853) 2023-12-12 09:57:58 -08:00
config_source.go core/config: refactor file watcher (#4702) 2023-11-03 15:53:20 -06:00
config_source_test.go core/config: refactor file watcher (#4702) 2023-11-03 15:53:20 -06:00
constants.go core/config: add support for maps in environments (#4717) 2023-11-08 16:27:08 -07:00
crypt.go cryptutil: always use kek public id, add x509 support (#2066) 2021-04-07 09:44:36 -07:00
custom.go core/config: add support for maps in environments (#4717) 2023-11-08 16:27:08 -07:00
custom_test.go all: remove unused handler code (#2439) 2021-08-16 16:04:39 -04:00
doc.go *: remove import path comments (#545) 2020-03-16 10:13:47 -07:00
from.go config: add support for wildcard from addresses (#4131) 2023-04-25 13:34:38 -06:00
from_test.go config: add support for wildcard from addresses (#4131) 2023-04-25 13:34:38 -06:00
helpers.go core/redis: remove redis (#4768) 2023-11-28 13:14:36 -07:00
helpers_test.go databroker: rename cache service (#1790) 2021-01-21 08:41:22 -07:00
http.go use tlsClientConfig instead of custom dialer (#3830) 2022-12-27 09:55:36 -07:00
http_test.go httputil/reproxy: fix policy transport (#3322) 2022-05-04 18:32:36 -06:00
identity.go move directory providers (#3633) 2022-11-03 11:33:56 -06:00
layered.go core/ci: update linting (#4844) 2023-12-14 09:07:54 -08:00
layered_test.go core/config: refactor change dispatcher (#4657) 2023-11-01 13:52:23 -06:00
log.go core/config: remove debug option, always use json logs (#4857) 2023-12-15 11:29:05 -07:00
log_level.go config: validate log levels (#4367) 2023-07-17 16:41:48 -06:00
metrics.go config: remove source, remove deadcode, fix linting issues (#4118) 2023-04-21 17:25:11 -06:00
metrics_test.go config: remove source, remove deadcode, fix linting issues (#4118) 2023-04-21 17:25:11 -06:00
mtls.go config: support client certificate SAN match (#4453) 2023-08-11 13:27:12 -07:00
mtls_test.go core/ci: update linting (#4844) 2023-12-14 09:07:54 -08:00
options.go core/config: remove debug option, always use json logs (#4857) 2023-12-15 11:29:05 -07:00
options_check.go config: remove set_authorization_header option (#4489) 2023-08-29 09:02:08 -07:00
options_test.go chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#4861) 2023-12-27 16:16:38 -07:00
policy.go core/ci: update linting (#4844) 2023-12-14 09:07:54 -08:00
policy_ppl.go authorize: omit client cert rule when not needed (#4386) 2023-07-24 15:27:57 -07:00
policy_ppl_test.go authorize: omit client cert rule when not needed (#4386) 2023-07-24 15:27:57 -07:00
policy_test.go core/redis: remove redis (#4768) 2023-11-28 13:14:36 -07:00
session.go config: add cookie_same_site option (#4148) 2023-05-03 14:36:42 -06:00
session_test.go config: allow blank identity providers when loading sessions for service account support (#3709) 2022-10-27 08:32:06 -06:00
trace.go config: remove source, remove deadcode, fix linting issues (#4118) 2023-04-21 17:25:11 -06:00
trace_test.go log context (#2107) 2021-04-22 10:58:13 -04:00
validate.go config: add cookie_same_site option (#4148) 2023-05-03 14:36:42 -06:00