Add flag for transparent proxies to dial individual instances

agent/config/builder.go

@@ -1766,6 +1766,7 @@ func (b *builder) transparentProxyConfVal(tproxyConf *TransparentProxyConfig) st
 	}
 
 	out.OutboundListenerPort = intVal(tproxyConf.OutboundListenerPort)
+	out.DialedDirectly = boolVal(tproxyConf.DialedDirectly)
 	return out
 }
 

agent/config/config.go

@@ -545,8 +545,13 @@ type MeshGatewayConfig struct {
 }
 
 type TransparentProxyConfig struct {
-	// Mesh Gateway Mode
+	// The port of the listener where outbound application traffic is being redirected to.
 	OutboundListenerPort *int `mapstructure:"outbound_listener_port"`
+
+	// DialedDirectly indicates whether transparent proxies can dial this proxy instance directly.
+	// The discovery chain is not considered when dialing a service instance directly.
+	// This setting is useful when addressing stateful services, such as a database cluster with a leader node.
+	DialedDirectly *bool `mapstructure:"dialed_directly"`
 }
 
 // ExposeConfig describes HTTP paths to expose through Envoy outside of Connect.

agent/config/runtime_test.go

@@ -2584,7 +2584,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 									},
 									"mode": "transparent",
 									"transparent_proxy": {
-										"outbound_listener_port": 10101
+										"outbound_listener_port": 10101,
+										"dialed_directly": true
 									},
 									"upstreams": [
 										{
@@ -2630,6 +2631,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 								mode = "transparent"
 								transparent_proxy = {
 									outbound_listener_port = 10101
+									dialed_directly = true
 								}
 								upstreams = [
 									{
@@ -2678,6 +2680,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 								Mode: structs.ProxyModeTransparent,
 								TransparentProxy: structs.TransparentProxyConfig{
 									OutboundListenerPort: 10101,
+									DialedDirectly:       true,
 								},
 								Upstreams: structs.Upstreams{
 									structs.Upstream{
@@ -2741,7 +2744,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 									},
 									"mode": "transparent",
 									"transparent_proxy": {
-										"outbound_listener_port": 10101
+										"outbound_listener_port": 10101,
+										"dialed_directly": true
 									},
 									"upstreams": [
 										{
@@ -2782,6 +2786,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 								mode = "transparent"
 								transparent_proxy = {
 									outbound_listener_port = 10101
+									dialed_directly = true
 								}
 								upstreams = [
 									{
@@ -2825,6 +2830,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 								Mode: structs.ProxyModeTransparent,
 								TransparentProxy: structs.TransparentProxyConfig{
 									OutboundListenerPort: 10101,
+									DialedDirectly:       true,
 								},
 								Upstreams: structs.Upstreams{
 									structs.Upstream{
@@ -3471,7 +3477,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 							},
 							"mode": "transparent",
 							"transparent_proxy": {
-								"outbound_listener_port": 10101
+								"outbound_listener_port": 10101,
+								"dialed_directly": true
 							}
 						}
 					]
@@ -3494,6 +3501,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 						mode = "transparent"
 						transparent_proxy = {
 							outbound_listener_port = 10101
+							dialed_directly = true
 						}
 					}
 				}`},
@@ -3516,6 +3524,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 					Mode: structs.ProxyModeTransparent,
 					TransparentProxy: structs.TransparentProxyConfig{
 						OutboundListenerPort: 10101,
+						DialedDirectly:       true,
 					},
 				},
 			}
@@ -3541,7 +3550,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 							},
 							"Mode": "transparent",
 							"TransparentProxy": {
-								"OutboundListenerPort": 10101
+								"OutboundListenerPort": 10101,
+								"DialedDirectly": true
 							}
 						}
 					]
@@ -3564,6 +3574,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 						Mode = "transparent"
 						TransparentProxy = {
 							OutboundListenerPort = 10101
+							DialedDirectly = true
 						}
 					}
 				}`},
@@ -3586,6 +3597,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 					Mode: structs.ProxyModeTransparent,
 					TransparentProxy: structs.TransparentProxyConfig{
 						OutboundListenerPort: 10101,
+						DialedDirectly:       true,
 					},
 				},
 			}
@@ -3611,7 +3623,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 							},
 							"mode": "transparent",
 							"transparent_proxy": {
-								"outbound_listener_port": 10101
+								"outbound_listener_port": 10101,
+								"dialed_directly": true
 							}
 						}
 					]
@@ -3634,6 +3647,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 						mode = "transparent"
 						transparent_proxy = {
 							outbound_listener_port = 10101
+							dialed_directly = true
 						}
 					}
 				}`},
@@ -3656,6 +3670,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 					Mode: structs.ProxyModeTransparent,
 					TransparentProxy: structs.TransparentProxyConfig{
 						OutboundListenerPort: 10101,
+						DialedDirectly:       true,
 					},
 				},
 			}
@@ -3681,7 +3696,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 							},
 							"Mode": "transparent",
 							"TransparentProxy": {
-								"OutboundListenerPort": 10101
+								"OutboundListenerPort": 10101,
+								"DialedDirectly": true
 							}
 						}
 					]
@@ -3704,6 +3720,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 						Mode = "transparent"
 						TransparentProxy = {
 							OutboundListenerPort = 10101
+							DialedDirectly = true
 						}
 					}
 				}`},
@@ -3726,6 +3743,7 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 					Mode: structs.ProxyModeTransparent,
 					TransparentProxy: structs.TransparentProxyConfig{
 						OutboundListenerPort: 10101,
+						DialedDirectly:       true,
 					},
 				},
 			}
@@ -5670,6 +5688,7 @@ func TestLoad_FullConfig(t *testing.T) {
 					Mode: structs.ProxyModeTransparent,
 					TransparentProxy: structs.TransparentProxyConfig{
 						OutboundListenerPort: 10101,
+						DialedDirectly:       true,
 					},
 				},
 				Weights: &structs.Weights{

agent/config/testdata/full-config.hcl

@@ -602,6 +602,7 @@ services = [
             mode = "transparent"
             transparent_proxy = {
                 outbound_listener_port = 10101
+                dialed_directly = true
             }
         }
     },

agent/config/testdata/full-config.json

@@ -575,7 +575,8 @@
         },
         "mode": "transparent",
         "transparent_proxy": {
-          "outbound_listener_port": 10101
+          "outbound_listener_port": 10101,
+          "dialed_directly": true
         },
         "upstreams": [
           {

agent/consul/config_endpoint.go

@@ -396,6 +396,9 @@ func (c *ConfigEntry) ResolveServiceConfig(args *structs.ServiceConfigRequest, r
 				if serviceConf.TransparentProxy.OutboundListenerPort != 0 {
 					thisReply.TransparentProxy.OutboundListenerPort = serviceConf.TransparentProxy.OutboundListenerPort
 				}
+				if serviceConf.TransparentProxy.DialedDirectly {
+					thisReply.TransparentProxy.DialedDirectly = serviceConf.TransparentProxy.DialedDirectly
+				}
 				if serviceConf.Mode != structs.ProxyModeDefault {
 					thisReply.Mode = serviceConf.Mode
 				}

agent/consul/config_endpoint_test.go

@@ -911,19 +911,25 @@ func TestConfigEntry_ResolveServiceConfig_TransparentProxy(t *testing.T) {
 			name: "from proxy-defaults",
 			entries: []structs.ConfigEntry{
 				&structs.ProxyConfigEntry{
-					Kind:             structs.ProxyDefaults,
-					Name:             structs.ProxyConfigGlobal,
-					Mode:             structs.ProxyModeTransparent,
-					TransparentProxy: structs.TransparentProxyConfig{OutboundListenerPort: 10101},
+					Kind: structs.ProxyDefaults,
+					Name: structs.ProxyConfigGlobal,
+					Mode: structs.ProxyModeTransparent,
+					TransparentProxy: structs.TransparentProxyConfig{
+						OutboundListenerPort: 10101,
+						DialedDirectly:       true,
+					},
 				},
 			},
 			request: structs.ServiceConfigRequest{
 				Name:       "foo",
 				Datacenter: "dc1",
 			},
 			expect: structs.ServiceConfigResponse{
-				Mode:             structs.ProxyModeTransparent,
-				TransparentProxy: structs.TransparentProxyConfig{OutboundListenerPort: 10101},
+				Mode: structs.ProxyModeTransparent,
+				TransparentProxy: structs.TransparentProxyConfig{
+					OutboundListenerPort: 10101,
+					DialedDirectly:       true,
+				},
 			},
 		},
 		{
@@ -949,25 +955,34 @@ func TestConfigEntry_ResolveServiceConfig_TransparentProxy(t *testing.T) {
 			name: "service-defaults overrides proxy-defaults",
 			entries: []structs.ConfigEntry{
 				&structs.ProxyConfigEntry{
-					Kind:             structs.ProxyDefaults,
-					Name:             structs.ProxyConfigGlobal,
-					Mode:             structs.ProxyModeDirect,
-					TransparentProxy: structs.TransparentProxyConfig{OutboundListenerPort: 10101},
+					Kind: structs.ProxyDefaults,
+					Name: structs.ProxyConfigGlobal,
+					Mode: structs.ProxyModeDirect,
+					TransparentProxy: structs.TransparentProxyConfig{
+						OutboundListenerPort: 10101,
+						DialedDirectly:       false,
+					},
 				},
 				&structs.ServiceConfigEntry{
-					Kind:             structs.ServiceDefaults,
-					Name:             "foo",
-					Mode:             structs.ProxyModeTransparent,
-					TransparentProxy: structs.TransparentProxyConfig{OutboundListenerPort: 808},
+					Kind: structs.ServiceDefaults,
+					Name: "foo",
+					Mode: structs.ProxyModeTransparent,
+					TransparentProxy: structs.TransparentProxyConfig{
+						OutboundListenerPort: 808,
+						DialedDirectly:       true,
+					},
 				},
 			},
 			request: structs.ServiceConfigRequest{
 				Name:       "foo",
 				Datacenter: "dc1",
 			},
 			expect: structs.ServiceConfigResponse{
-				Mode:             structs.ProxyModeTransparent,
-				TransparentProxy: structs.TransparentProxyConfig{OutboundListenerPort: 808},
+				Mode: structs.ProxyModeTransparent,
+				TransparentProxy: structs.TransparentProxyConfig{
+					OutboundListenerPort: 808,
+					DialedDirectly:       true,
+				},
 			},
 		},
 	}
@@ -1303,8 +1318,11 @@ func TestConfigEntry_ResolveServiceConfig_Upstreams(t *testing.T) {
 					},
 
 					// TransparentProxy on the config entry but not the config request
-					Mode:             structs.ProxyModeTransparent,
-					TransparentProxy: structs.TransparentProxyConfig{OutboundListenerPort: 10101},
+					Mode: structs.ProxyModeTransparent,
+					TransparentProxy: structs.TransparentProxyConfig{
+						OutboundListenerPort: 10101,
+						DialedDirectly:       true,
+					},
 				},
 			},
 			request: structs.ServiceConfigRequest{
@@ -1314,8 +1332,11 @@ func TestConfigEntry_ResolveServiceConfig_Upstreams(t *testing.T) {
 				// Empty Upstreams/UpstreamIDs
 			},
 			expect: structs.ServiceConfigResponse{
-				Mode:             structs.ProxyModeTransparent,
-				TransparentProxy: structs.TransparentProxyConfig{OutboundListenerPort: 10101},
+				Mode: structs.ProxyModeTransparent,
+				TransparentProxy: structs.TransparentProxyConfig{
+					OutboundListenerPort: 10101,
+					DialedDirectly:       true,
+				},
 				UpstreamIDConfigs: structs.OpaqueUpstreamConfigs{
 					{
 						Upstream: wildcard,

agent/service_manager.go

@@ -383,6 +383,9 @@ func mergeServiceConfig(defaults *structs.ServiceConfigResponse, service *struct
 	if ns.Proxy.TransparentProxy.OutboundListenerPort == 0 {
 		ns.Proxy.TransparentProxy.OutboundListenerPort = defaults.TransparentProxy.OutboundListenerPort
 	}
+	if !ns.Proxy.TransparentProxy.DialedDirectly {
+		ns.Proxy.TransparentProxy.DialedDirectly = defaults.TransparentProxy.DialedDirectly
+	}
 
 	// remoteUpstreams contains synthetic Upstreams generated from central config (service-defaults.UpstreamConfigs).
 	remoteUpstreams := make(map[structs.ServiceID]structs.Upstream)