diff --git a/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/plugin_test.go b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/plugin_test.go index cb218cea0ab6..2c4e27b8ef32 100644 --- a/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/plugin_test.go +++ b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/plugin_test.go @@ -150,86 +150,6 @@ var _ = Describe("MeshPassthrough", func() { Port: pointer.To[uint32](8080), Protocol: api.ProtocolType("http"), }, - { - Type: api.MatchType("Domain"), - Value: "grpcdomain.com", - Port: pointer.To[uint32](19000), - Protocol: api.ProtocolType("grpc"), - }, - { - Type: api.MatchType("Domain"), - Value: "http2.com", - Port: pointer.To[uint32](8080), - Protocol: api.ProtocolType("http"), - }, - { - Type: api.MatchType("Domain"), - Value: "http2.com", - Port: pointer.To[uint32](8080), - Protocol: api.ProtocolType("http"), - }, - { - Type: api.MatchType("Domain"), - Value: "*.example.com", - Protocol: api.ProtocolType("tls"), - }, - { - Type: api.MatchType("IP"), - Value: "192.168.19.1", - Protocol: api.ProtocolType("tls"), - }, - { - Type: api.MatchType("IP"), - Value: "192.168.19.1", - Port: pointer.To[uint32](10000), - Protocol: api.ProtocolType("http"), - }, - { - Type: api.MatchType("IP"), - Value: "192.168.0.1", - Port: pointer.To[uint32](9091), - Protocol: api.ProtocolType("tcp"), - }, - { - Type: api.MatchType("CIDR"), - Value: "192.168.0.1/24", - Protocol: api.ProtocolType("tcp"), - }, - { - Type: api.MatchType("CIDR"), - Value: "192.168.0.1/30", - Protocol: api.ProtocolType("tcp"), - }, - { - Type: api.MatchType("Domain"), - Value: "trace-svc.datadog-agent.svc.cluster.local", - Protocol: api.ProtocolType("http"), - Port: pointer.To[uint32](8126), - }, - { - Type: api.MatchType("Domain"), - Value: "trace-svc.datadog-agent.svc", - Protocol: api.ProtocolType("http"), - Port: pointer.To[uint32](8126), - }, - { - Type: api.MatchType("CIDR"), - Value: "172.16.0.0/12", - Protocol: api.ProtocolType("http"), - Port: pointer.To[uint32](8126), - }, - { - Type: api.MatchType("Domain"), - Value: "cluster.test.local.dev", - Protocol: api.ProtocolType("http"), - Port: pointer.To[uint32](8005), - }, - { - Type: api.MatchType("Domain"), - Value: "cluster-telemetry.test.local.dev", - Protocol: api.ProtocolType("http"), - Port: pointer.To[uint32](8006), - }, { Type: api.MatchType("CIDR"), Value: "192.168.0.0/16", @@ -253,11 +173,6 @@ var _ = Describe("MeshPassthrough", func() { Value: "10.42.0.8", Protocol: api.ProtocolType("http"), }, - { - Type: api.MatchType("IP"), - Value: "10.42.0.9", - Protocol: api.ProtocolType("http"), - }, { Type: api.MatchType("IP"), Value: "b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6", @@ -269,16 +184,6 @@ var _ = Describe("MeshPassthrough", func() { Port: pointer.To[uint32](9091), Protocol: api.ProtocolType("tcp"), }, - { - Type: api.MatchType("CIDR"), - Value: "b0ce:f616:4e74:28f7:427c:b969:8016:6344/64", - Protocol: api.ProtocolType("tcp"), - }, - { - Type: api.MatchType("CIDR"), - Value: "b0ce:f616:4e74:28f7:427c:b969:8016:6344/96", - Protocol: api.ProtocolType("tcp"), - }, }, }, }, @@ -383,6 +288,118 @@ var _ = Describe("MeshPassthrough", func() { listenersGolden: "simple.listener.golden.yaml", clustersGolden: "simple.clusters.golden.yaml", }), + Entry("cidr and http policy", testCase{ + resources: []*core_xds.Resource{ + { + Name: "outbound:passthrough:ipv4", + Origin: generator.OriginTransparent, + Resource: NewListenerBuilder(envoy_common.APIV3, "outbound:passthrough:ipv4"). + Configure(OutboundListener("0.0.0.0", 15001, core_xds.SocketAddressProtocolTCP)). + Configure(FilterChain(NewFilterChainBuilder(envoy_common.APIV3, envoy_common.AnonymousResource). + Configure(TCPProxy("outbound_passthrough_ipv4", []envoy_common.Split{ + plugins_xds.NewSplitBuilder().WithClusterName("outbound:passthrough:ipv4").WithWeight(100).Build(), + }...)), + )).MustBuild(), + }, + { + Name: "outbound:passthrough:ipv6", + Origin: generator.OriginTransparent, + Resource: NewListenerBuilder(envoy_common.APIV3, "outbound:passthrough:ipv6"). + Configure(OutboundListener("::", 15001, core_xds.SocketAddressProtocolTCP)). + Configure(FilterChain(NewFilterChainBuilder(envoy_common.APIV3, envoy_common.AnonymousResource). + Configure(TCPProxy("outbound_passthrough_ipv6", []envoy_common.Split{ + plugins_xds.NewSplitBuilder().WithClusterName("outbound:passthrough:ipv6").WithWeight(100).Build(), + }...)), + )).MustBuild(), + }, + }, + singleItemRules: core_rules.SingleItemRules{ + Rules: []*core_rules.Rule{ + { + Subset: []core_rules.Tag{}, + Conf: api.Conf{ + AppendMatch: []api.Match{ + { + Type: api.MatchType("CIDR"), + Value: "10.10.0.0/16", + Port: pointer.To[uint32](80), + Protocol: api.ProtocolType("http"), + }, + { + Type: api.MatchType("CIDR"), + Value: "192.168.0.0/24", + Port: pointer.To[uint32](80), + Protocol: api.ProtocolType("http"), + }, + { + Type: api.MatchType("IP"), + Value: "192.168.0.0", + Protocol: api.ProtocolType("http"), + }, + }, + }, + }, + }, + }, + listenersGolden: "cidr-http.listener.golden.yaml", + clustersGolden: "cidr-http.clusters.golden.yaml", + }), + Entry("http domain aggregated policy", testCase{ + resources: []*core_xds.Resource{ + { + Name: "outbound:passthrough:ipv4", + Origin: generator.OriginTransparent, + Resource: NewListenerBuilder(envoy_common.APIV3, "outbound:passthrough:ipv4"). + Configure(OutboundListener("0.0.0.0", 15001, core_xds.SocketAddressProtocolTCP)). + Configure(FilterChain(NewFilterChainBuilder(envoy_common.APIV3, envoy_common.AnonymousResource). + Configure(TCPProxy("outbound_passthrough_ipv4", []envoy_common.Split{ + plugins_xds.NewSplitBuilder().WithClusterName("outbound:passthrough:ipv4").WithWeight(100).Build(), + }...)), + )).MustBuild(), + }, + { + Name: "outbound:passthrough:ipv6", + Origin: generator.OriginTransparent, + Resource: NewListenerBuilder(envoy_common.APIV3, "outbound:passthrough:ipv6"). + Configure(OutboundListener("::", 15001, core_xds.SocketAddressProtocolTCP)). + Configure(FilterChain(NewFilterChainBuilder(envoy_common.APIV3, envoy_common.AnonymousResource). + Configure(TCPProxy("outbound_passthrough_ipv6", []envoy_common.Split{ + plugins_xds.NewSplitBuilder().WithClusterName("outbound:passthrough:ipv6").WithWeight(100).Build(), + }...)), + )).MustBuild(), + }, + }, + singleItemRules: core_rules.SingleItemRules{ + Rules: []*core_rules.Rule{ + { + Subset: []core_rules.Tag{}, + Conf: api.Conf{ + AppendMatch: []api.Match{ + { + Type: api.MatchType("Domain"), + Value: "example1.com", + Port: pointer.To[uint32](80), + Protocol: api.ProtocolType("http"), + }, + { + Type: api.MatchType("Domain"), + Value: "example2.com", + Port: pointer.To[uint32](80), + Protocol: api.ProtocolType("http"), + }, + { + Type: api.MatchType("Domain"), + Value: "*.example.com", + Protocol: api.ProtocolType("http"), + }, + }, + }, + }, + }, + }, + listenersGolden: "http-domains-aggregated.listener.golden.yaml", + clustersGolden: "http-domains-aggregated.clusters.golden.yaml", + }), Entry("the same protocol but different type match", testCase{ resources: []*core_xds.Resource{ { diff --git a/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/basic.clusters.golden.yaml b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/basic.clusters.golden.yaml index 42731984c870..ad203c16bc92 100644 --- a/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/basic.clusters.golden.yaml +++ b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/basic.clusters.golden.yaml @@ -1,28 +1,4 @@ resources: -- name: meshpassthrough_*.example.com_* - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough___example_com__ - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_*.example.com_* - type: ORIGINAL_DST -- name: meshpassthrough_*.example.com_10000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough___example_com_10000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_*.example.com_10000 - type: ORIGINAL_DST -- name: meshpassthrough_*.example.com_19000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough___example_com_19000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_*.example.com_19000 - type: ORIGINAL_DST - name: meshpassthrough_*.example.com_443 resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster @@ -31,54 +7,6 @@ resources: lbPolicy: CLUSTER_PROVIDED name: meshpassthrough_*.example.com_443 type: ORIGINAL_DST -- name: meshpassthrough_*.example.com_80 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough___example_com_80 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_*.example.com_80 - type: ORIGINAL_DST -- name: meshpassthrough_*.example.com_8005 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough___example_com_8005 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_*.example.com_8005 - type: ORIGINAL_DST -- name: meshpassthrough_*.example.com_8006 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough___example_com_8006 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_*.example.com_8006 - type: ORIGINAL_DST -- name: meshpassthrough_*.example.com_8080 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough___example_com_8080 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_*.example.com_8080 - type: ORIGINAL_DST -- name: meshpassthrough_*.example.com_8126 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough___example_com_8126 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_*.example.com_8126 - type: ORIGINAL_DST -- name: meshpassthrough_*.example.com_9091 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough___example_com_9091 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_*.example.com_9091 - type: ORIGINAL_DST - name: meshpassthrough_10.42.0.8_* resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster @@ -87,22 +15,6 @@ resources: lbPolicy: CLUSTER_PROVIDED name: meshpassthrough_10.42.0.8_* type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.8_10000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_8_10000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.8_10000 - type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.8_19000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_8_19000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.8_19000 - type: ORIGINAL_DST - name: meshpassthrough_10.42.0.8_443 resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster @@ -119,22 +31,6 @@ resources: lbPolicy: CLUSTER_PROVIDED name: meshpassthrough_10.42.0.8_80 type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.8_8005 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_8_8005 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.8_8005 - type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.8_8006 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_8_8006 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.8_8006 - type: ORIGINAL_DST - name: meshpassthrough_10.42.0.8_8080 resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster @@ -159,94 +55,6 @@ resources: lbPolicy: CLUSTER_PROVIDED name: meshpassthrough_10.42.0.8_9091 type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.9_* - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_9__ - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.9_* - type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.9_10000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_9_10000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.9_10000 - type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.9_19000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_9_19000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.9_19000 - type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.9_443 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_9_443 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.9_443 - type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.9_80 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_9_80 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.9_80 - type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.9_8005 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_9_8005 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.9_8005 - type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.9_8006 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_9_8006 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.9_8006 - type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.9_8080 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_9_8080 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.9_8080 - type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.9_8126 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_9_8126 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.9_8126 - type: ORIGINAL_DST -- name: meshpassthrough_10.42.0.9_9091 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_10_42_0_9_9091 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_10.42.0.9_9091 - type: ORIGINAL_DST -- name: meshpassthrough_172.16.0.0/12_8126 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_172_16_0_0_12_8126 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_172.16.0.0/12_8126 - type: ORIGINAL_DST - name: meshpassthrough_192.168.0.0/16_8126 resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster @@ -255,254 +63,6 @@ resources: lbPolicy: CLUSTER_PROVIDED name: meshpassthrough_192.168.0.0/16_8126 type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/24_* - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_24__ - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/24_* - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/24_10000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_24_10000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/24_10000 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/24_19000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_24_19000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/24_19000 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/24_443 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_24_443 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/24_443 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/24_80 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_24_80 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/24_80 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/24_8005 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_24_8005 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/24_8005 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/24_8006 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_24_8006 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/24_8006 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/24_8080 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_24_8080 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/24_8080 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/24_8126 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_24_8126 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/24_8126 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/24_9091 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_24_9091 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/24_9091 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/30_* - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_30__ - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/30_* - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/30_10000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_30_10000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/30_10000 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/30_19000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_30_19000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/30_19000 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/30_443 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_30_443 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/30_443 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/30_80 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_30_80 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/30_80 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/30_8005 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_30_8005 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/30_8005 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/30_8006 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_30_8006 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/30_8006 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/30_8080 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_30_8080 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/30_8080 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/30_8126 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_30_8126 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/30_8126 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1/30_9091 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_30_9091 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1/30_9091 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.0.1_9091 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_0_1_9091 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.0.1_9091 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.19.1_* - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_19_1__ - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.19.1_* - type: ORIGINAL_DST -- name: meshpassthrough_192.168.19.1_10000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_19_1_10000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.19.1_10000 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.19.1_19000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_19_1_19000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.19.1_19000 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.19.1_443 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_19_1_443 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.19.1_443 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.19.1_80 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_19_1_80 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.19.1_80 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.19.1_8005 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_19_1_8005 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.19.1_8005 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.19.1_8006 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_19_1_8006 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.19.1_8006 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.19.1_8080 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_19_1_8080 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.19.1_8080 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.19.1_8126 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_19_1_8126 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.19.1_8126 - type: ORIGINAL_DST -- name: meshpassthrough_192.168.19.1_9091 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_192_168_19_1_9091 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_192.168.19.1_9091 - type: ORIGINAL_DST - name: meshpassthrough_240.0.0.0/4_8126 resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster @@ -527,166 +87,6 @@ resources: lbPolicy: CLUSTER_PROVIDED name: meshpassthrough_api.example.com_443 type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_* - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64__ - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_* - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_10000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_10000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_10000 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_19000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_19000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_19000 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_443 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_443 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_443 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_80 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_80 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_80 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8005 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_8005 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8005 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8006 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_8006 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8006 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8080 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_8080 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8080 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8126 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_8126 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8126 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_9091 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_9091 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_9091 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_* - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96__ - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_* - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_10000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_10000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_10000 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_19000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_19000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_19000 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_443 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_443 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_443 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_80 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_80 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_80 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8005 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_8005 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8005 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8006 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_8006 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8006 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8080 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_8080 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8080 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8126 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_8126 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8126 - type: ORIGINAL_DST -- name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_9091 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_9091 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_9091 - type: ORIGINAL_DST - name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_* resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster @@ -695,22 +95,6 @@ resources: lbPolicy: CLUSTER_PROVIDED name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_* type: ORIGINAL_DST -- name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_10000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_10000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_10000 - type: ORIGINAL_DST -- name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_19000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_19000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_19000 - type: ORIGINAL_DST - name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_443 resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster @@ -727,22 +111,6 @@ resources: lbPolicy: CLUSTER_PROVIDED name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_80 type: ORIGINAL_DST -- name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8005 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_8005 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8005 - type: ORIGINAL_DST -- name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8006 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_8006 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8006 - type: ORIGINAL_DST - name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8080 resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster @@ -767,22 +135,6 @@ resources: lbPolicy: CLUSTER_PROVIDED name: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_9091 type: ORIGINAL_DST -- name: meshpassthrough_cluster-telemetry.test.local.dev_8006 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_cluster-telemetry_test_local_dev_8006 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_cluster-telemetry.test.local.dev_8006 - type: ORIGINAL_DST -- name: meshpassthrough_cluster.test.local.dev_8005 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_cluster_test_local_dev_8005 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_cluster.test.local.dev_8005 - type: ORIGINAL_DST - name: meshpassthrough_example.com_443 resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster @@ -799,27 +151,6 @@ resources: lbPolicy: CLUSTER_PROVIDED name: meshpassthrough_example.com_8080 type: ORIGINAL_DST -- name: meshpassthrough_grpcdomain.com_19000 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_grpcdomain_com_19000 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_grpcdomain.com_19000 - type: ORIGINAL_DST - typedExtensionProtocolOptions: - envoy.extensions.upstreams.http.v3.HttpProtocolOptions: - '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions - explicitHttpConfig: - http2ProtocolOptions: {} -- name: meshpassthrough_http2.com_8080 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_http2_com_8080 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_http2.com_8080 - type: ORIGINAL_DST - name: meshpassthrough_other.com_8080 resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster @@ -828,22 +159,6 @@ resources: lbPolicy: CLUSTER_PROVIDED name: meshpassthrough_other.com_8080 type: ORIGINAL_DST -- name: meshpassthrough_trace-svc.datadog-agent.svc.cluster.local_8126 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_trace-svc_datadog-agent_svc_cluster_local_8126 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_trace-svc.datadog-agent.svc.cluster.local_8126 - type: ORIGINAL_DST -- name: meshpassthrough_trace-svc.datadog-agent.svc_8126 - resource: - '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster - altStatName: meshpassthrough_trace-svc_datadog-agent_svc_8126 - connectTimeout: 5s - lbPolicy: CLUSTER_PROVIDED - name: meshpassthrough_trace-svc.datadog-agent.svc_8126 - type: ORIGINAL_DST - name: meshpassthrough_www.google.com_80 resource: '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster diff --git a/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/basic.listener.golden.yaml b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/basic.listener.golden.yaml index d776a428720a..2b1d7f0afbc6 100644 --- a/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/basic.listener.golden.yaml +++ b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/basic.listener.golden.yaml @@ -7,135 +7,6 @@ resources: address: 0.0.0.0 portValue: 15001 filterChains: - - filterChainMatch: - destinationPort: 19000 - prefixRanges: - - addressPrefix: 192.168.19.1 - prefixLen: 32 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.19.1_19000 - statPrefix: meshpassthrough_192_168_19_1_19000 - name: meshpassthrough_tls_192.168.19.1_19000 - - filterChainMatch: - destinationPort: 10000 - prefixRanges: - - addressPrefix: 192.168.19.1 - prefixLen: 32 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.19.1_10000 - statPrefix: meshpassthrough_192_168_19_1_10000 - name: meshpassthrough_tls_192.168.19.1_10000 - - filterChainMatch: - destinationPort: 9091 - prefixRanges: - - addressPrefix: 192.168.19.1 - prefixLen: 32 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.19.1_9091 - statPrefix: meshpassthrough_192_168_19_1_9091 - name: meshpassthrough_tls_192.168.19.1_9091 - - filterChainMatch: - destinationPort: 8126 - prefixRanges: - - addressPrefix: 192.168.19.1 - prefixLen: 32 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.19.1_8126 - statPrefix: meshpassthrough_192_168_19_1_8126 - name: meshpassthrough_tls_192.168.19.1_8126 - - filterChainMatch: - destinationPort: 8080 - prefixRanges: - - addressPrefix: 192.168.19.1 - prefixLen: 32 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.19.1_8080 - statPrefix: meshpassthrough_192_168_19_1_8080 - name: meshpassthrough_tls_192.168.19.1_8080 - - filterChainMatch: - destinationPort: 8006 - prefixRanges: - - addressPrefix: 192.168.19.1 - prefixLen: 32 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.19.1_8006 - statPrefix: meshpassthrough_192_168_19_1_8006 - name: meshpassthrough_tls_192.168.19.1_8006 - - filterChainMatch: - destinationPort: 8005 - prefixRanges: - - addressPrefix: 192.168.19.1 - prefixLen: 32 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.19.1_8005 - statPrefix: meshpassthrough_192_168_19_1_8005 - name: meshpassthrough_tls_192.168.19.1_8005 - - filterChainMatch: - destinationPort: 443 - prefixRanges: - - addressPrefix: 192.168.19.1 - prefixLen: 32 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.19.1_443 - statPrefix: meshpassthrough_192_168_19_1_443 - name: meshpassthrough_tls_192.168.19.1_443 - - filterChainMatch: - destinationPort: 80 - prefixRanges: - - addressPrefix: 192.168.19.1 - prefixLen: 32 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.19.1_80 - statPrefix: meshpassthrough_192_168_19_1_80 - name: meshpassthrough_tls_192.168.19.1_80 - - filterChainMatch: - prefixRanges: - - addressPrefix: 192.168.19.1 - prefixLen: 32 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.19.1_* - statPrefix: meshpassthrough_192_168_19_1__ - name: meshpassthrough_tls_192.168.19.1_* - filterChainMatch: destinationPort: 443 serverNames: @@ -160,90 +31,6 @@ resources: cluster: meshpassthrough_example.com_443 statPrefix: meshpassthrough_example_com_443 name: meshpassthrough_tls_example.com_443 - - filterChainMatch: - destinationPort: 19000 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_19000 - statPrefix: meshpassthrough___example_com_19000 - name: meshpassthrough_tls_*.example.com_19000 - - filterChainMatch: - destinationPort: 10000 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_10000 - statPrefix: meshpassthrough___example_com_10000 - name: meshpassthrough_tls_*.example.com_10000 - - filterChainMatch: - destinationPort: 9091 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_9091 - statPrefix: meshpassthrough___example_com_9091 - name: meshpassthrough_tls_*.example.com_9091 - - filterChainMatch: - destinationPort: 8126 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_8126 - statPrefix: meshpassthrough___example_com_8126 - name: meshpassthrough_tls_*.example.com_8126 - - filterChainMatch: - destinationPort: 8080 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_8080 - statPrefix: meshpassthrough___example_com_8080 - name: meshpassthrough_tls_*.example.com_8080 - - filterChainMatch: - destinationPort: 8006 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_8006 - statPrefix: meshpassthrough___example_com_8006 - name: meshpassthrough_tls_*.example.com_8006 - - filterChainMatch: - destinationPort: 8005 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_8005 - statPrefix: meshpassthrough___example_com_8005 - name: meshpassthrough_tls_*.example.com_8005 - filterChainMatch: destinationPort: 443 serverNames: @@ -257,340 +44,106 @@ resources: statPrefix: meshpassthrough___example_com_443 name: meshpassthrough_tls_*.example.com_443 - filterChainMatch: - destinationPort: 80 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_80 - statPrefix: meshpassthrough___example_com_80 - name: meshpassthrough_tls_*.example.com_80 - - filterChainMatch: - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_* - statPrefix: meshpassthrough___example_com__ - name: meshpassthrough_tls_*.example.com_* - - filterChainMatch: + applicationProtocols: + - http/1.1 + - h2c destinationPort: 9091 prefixRanges: - - addressPrefix: 192.168.0.1 + - addressPrefix: 10.42.0.8 prefixLen: 32 transportProtocol: raw_buffer filters: - - name: envoy.filters.network.tcp_proxy + - name: envoy.filters.network.http_connection_manager typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1_9091 - statPrefix: meshpassthrough_192_168_0_1_9091 - name: meshpassthrough_tcp_192.168.0.1_9091 + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_10.42.0.8_9091 + virtualHosts: + - domains: + - '*' + name: 10.42.0.8 + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_10.42.0.8_9091 + statPrefix: meshpassthrough_http_10_42_0_8_9091 + name: meshpassthrough_http_10.42.0.8_9091 - filterChainMatch: - destinationPort: 19000 + applicationProtocols: + - http/1.1 + - h2c + destinationPort: 8126 prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 30 + - addressPrefix: 10.42.0.8 + prefixLen: 32 transportProtocol: raw_buffer filters: - - name: envoy.filters.network.tcp_proxy + - name: envoy.filters.network.http_connection_manager typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/30_19000 - statPrefix: meshpassthrough_192_168_0_1_30_19000 - name: meshpassthrough_tcp_192.168.0.1/30_19000 + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_10.42.0.8_8126 + virtualHosts: + - domains: + - '*' + name: 10.42.0.8 + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_10.42.0.8_8126 + statPrefix: meshpassthrough_http_10_42_0_8_8126 + name: meshpassthrough_http_10.42.0.8_8126 - filterChainMatch: - destinationPort: 19000 + applicationProtocols: + - http/1.1 + - h2c + destinationPort: 8080 prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 24 + - addressPrefix: 10.42.0.8 + prefixLen: 32 transportProtocol: raw_buffer filters: - - name: envoy.filters.network.tcp_proxy + - name: envoy.filters.network.http_connection_manager typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/24_19000 - statPrefix: meshpassthrough_192_168_0_1_24_19000 - name: meshpassthrough_tcp_192.168.0.1/24_19000 + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_10.42.0.8_8080 + virtualHosts: + - domains: + - '*' + name: 10.42.0.8 + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_10.42.0.8_8080 + statPrefix: meshpassthrough_http_10_42_0_8_8080 + name: meshpassthrough_http_10.42.0.8_8080 - filterChainMatch: - destinationPort: 10000 + applicationProtocols: + - http/1.1 + - h2c + destinationPort: 443 prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 30 + - addressPrefix: 10.42.0.8 + prefixLen: 32 transportProtocol: raw_buffer filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/30_10000 - statPrefix: meshpassthrough_192_168_0_1_30_10000 - name: meshpassthrough_tcp_192.168.0.1/30_10000 - - filterChainMatch: - destinationPort: 10000 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 24 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/24_10000 - statPrefix: meshpassthrough_192_168_0_1_24_10000 - name: meshpassthrough_tcp_192.168.0.1/24_10000 - - filterChainMatch: - destinationPort: 9091 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 30 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/30_9091 - statPrefix: meshpassthrough_192_168_0_1_30_9091 - name: meshpassthrough_tcp_192.168.0.1/30_9091 - - filterChainMatch: - destinationPort: 9091 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 24 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/24_9091 - statPrefix: meshpassthrough_192_168_0_1_24_9091 - name: meshpassthrough_tcp_192.168.0.1/24_9091 - - filterChainMatch: - destinationPort: 8126 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 30 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/30_8126 - statPrefix: meshpassthrough_192_168_0_1_30_8126 - name: meshpassthrough_tcp_192.168.0.1/30_8126 - - filterChainMatch: - destinationPort: 8126 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 24 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/24_8126 - statPrefix: meshpassthrough_192_168_0_1_24_8126 - name: meshpassthrough_tcp_192.168.0.1/24_8126 - - filterChainMatch: - destinationPort: 8080 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 30 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/30_8080 - statPrefix: meshpassthrough_192_168_0_1_30_8080 - name: meshpassthrough_tcp_192.168.0.1/30_8080 - - filterChainMatch: - destinationPort: 8080 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 24 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/24_8080 - statPrefix: meshpassthrough_192_168_0_1_24_8080 - name: meshpassthrough_tcp_192.168.0.1/24_8080 - - filterChainMatch: - destinationPort: 8006 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 30 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/30_8006 - statPrefix: meshpassthrough_192_168_0_1_30_8006 - name: meshpassthrough_tcp_192.168.0.1/30_8006 - - filterChainMatch: - destinationPort: 8006 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 24 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/24_8006 - statPrefix: meshpassthrough_192_168_0_1_24_8006 - name: meshpassthrough_tcp_192.168.0.1/24_8006 - - filterChainMatch: - destinationPort: 8005 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 30 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/30_8005 - statPrefix: meshpassthrough_192_168_0_1_30_8005 - name: meshpassthrough_tcp_192.168.0.1/30_8005 - - filterChainMatch: - destinationPort: 8005 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 24 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/24_8005 - statPrefix: meshpassthrough_192_168_0_1_24_8005 - name: meshpassthrough_tcp_192.168.0.1/24_8005 - - filterChainMatch: - destinationPort: 443 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 30 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/30_443 - statPrefix: meshpassthrough_192_168_0_1_30_443 - name: meshpassthrough_tcp_192.168.0.1/30_443 - - filterChainMatch: - destinationPort: 443 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 24 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/24_443 - statPrefix: meshpassthrough_192_168_0_1_24_443 - name: meshpassthrough_tcp_192.168.0.1/24_443 - - filterChainMatch: - destinationPort: 80 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 30 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/30_80 - statPrefix: meshpassthrough_192_168_0_1_30_80 - name: meshpassthrough_tcp_192.168.0.1/30_80 - - filterChainMatch: - destinationPort: 80 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 24 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/24_80 - statPrefix: meshpassthrough_192_168_0_1_24_80 - name: meshpassthrough_tcp_192.168.0.1/24_80 - - filterChainMatch: - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 30 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/30_* - statPrefix: meshpassthrough_192_168_0_1_30__ - name: meshpassthrough_tcp_192.168.0.1/30_* - - filterChainMatch: - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 24 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_192.168.0.1/24_* - statPrefix: meshpassthrough_192_168_0_1_24__ - name: meshpassthrough_tcp_192.168.0.1/24_* - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 19000 - prefixRanges: - - addressPrefix: 10.42.0.9 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.9_19000 - virtualHosts: - - domains: - - '*' - name: 10.42.0.9 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.9_19000 - statPrefix: meshpassthrough_http_10_42_0_9_19000 - name: meshpassthrough_http_10.42.0.9_19000 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 19000 - prefixRanges: - - addressPrefix: 10.42.0.8 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager + - name: envoy.filters.network.http_connection_manager typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager httpFilters: @@ -598,7 +151,7 @@ resources: typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router routeConfig: - name: meshpassthrough_http_10.42.0.8_19000 + name: meshpassthrough_http_10.42.0.8_443 virtualHosts: - domains: - '*' @@ -607,14 +160,14 @@ resources: - match: prefix: / route: - cluster: meshpassthrough_10.42.0.8_19000 - statPrefix: meshpassthrough_http_10_42_0_8_19000 - name: meshpassthrough_http_10.42.0.8_19000 + cluster: meshpassthrough_10.42.0.8_443 + statPrefix: meshpassthrough_http_10_42_0_8_443 + name: meshpassthrough_http_10.42.0.8_443 - filterChainMatch: applicationProtocols: - http/1.1 - h2c - destinationPort: 10000 + destinationPort: 80 prefixRanges: - addressPrefix: 10.42.0.8 prefixLen: 32 @@ -628,1511 +181,55 @@ resources: typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router routeConfig: - name: meshpassthrough_http_10.42.0.8_10000 - virtualHosts: - - domains: - - '*' - name: 10.42.0.8 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.8_10000 - statPrefix: meshpassthrough_http_10_42_0_8_10000 - name: meshpassthrough_http_10.42.0.8_10000 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 10000 - prefixRanges: - - addressPrefix: 10.42.0.9 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.9_10000 - virtualHosts: - - domains: - - '*' - name: 10.42.0.9 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.9_10000 - statPrefix: meshpassthrough_http_10_42_0_9_10000 - name: meshpassthrough_http_10.42.0.9_10000 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 10000 - prefixRanges: - - addressPrefix: 192.168.19.1 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_192.168.19.1_10000 - virtualHosts: - - domains: - - '*' - name: 192.168.19.1 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_192.168.19.1_10000 - statPrefix: meshpassthrough_http_192_168_19_1_10000 - name: meshpassthrough_http_192.168.19.1_10000 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 9091 - prefixRanges: - - addressPrefix: 10.42.0.9 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.9_9091 - virtualHosts: - - domains: - - '*' - name: 10.42.0.9 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.9_9091 - statPrefix: meshpassthrough_http_10_42_0_9_9091 - name: meshpassthrough_http_10.42.0.9_9091 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 9091 - prefixRanges: - - addressPrefix: 10.42.0.8 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.8_9091 - virtualHosts: - - domains: - - '*' - name: 10.42.0.8 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.8_9091 - statPrefix: meshpassthrough_http_10_42_0_8_9091 - name: meshpassthrough_http_10.42.0.8_9091 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8126 - prefixRanges: - - addressPrefix: 10.42.0.9 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.9_8126 - virtualHosts: - - domains: - - '*' - name: 10.42.0.9 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.9_8126 - statPrefix: meshpassthrough_http_10_42_0_9_8126 - name: meshpassthrough_http_10.42.0.9_8126 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8126 - prefixRanges: - - addressPrefix: 10.42.0.8 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.8_8126 - virtualHosts: - - domains: - - '*' - name: 10.42.0.8 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.8_8126 - statPrefix: meshpassthrough_http_10_42_0_8_8126 - name: meshpassthrough_http_10.42.0.8_8126 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8080 - prefixRanges: - - addressPrefix: 10.42.0.9 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.9_8080 - virtualHosts: - - domains: - - '*' - name: 10.42.0.9 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.9_8080 - statPrefix: meshpassthrough_http_10_42_0_9_8080 - name: meshpassthrough_http_10.42.0.9_8080 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8080 - prefixRanges: - - addressPrefix: 10.42.0.8 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.8_8080 - virtualHosts: - - domains: - - '*' - name: 10.42.0.8 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.8_8080 - statPrefix: meshpassthrough_http_10_42_0_8_8080 - name: meshpassthrough_http_10.42.0.8_8080 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8006 - prefixRanges: - - addressPrefix: 10.42.0.9 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.9_8006 - virtualHosts: - - domains: - - '*' - name: 10.42.0.9 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.9_8006 - statPrefix: meshpassthrough_http_10_42_0_9_8006 - name: meshpassthrough_http_10.42.0.9_8006 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8006 - prefixRanges: - - addressPrefix: 10.42.0.8 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.8_8006 - virtualHosts: - - domains: - - '*' - name: 10.42.0.8 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.8_8006 - statPrefix: meshpassthrough_http_10_42_0_8_8006 - name: meshpassthrough_http_10.42.0.8_8006 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8005 - prefixRanges: - - addressPrefix: 10.42.0.8 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.8_8005 - virtualHosts: - - domains: - - '*' - name: 10.42.0.8 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.8_8005 - statPrefix: meshpassthrough_http_10_42_0_8_8005 - name: meshpassthrough_http_10.42.0.8_8005 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8005 - prefixRanges: - - addressPrefix: 10.42.0.9 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.9_8005 - virtualHosts: - - domains: - - '*' - name: 10.42.0.9 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.9_8005 - statPrefix: meshpassthrough_http_10_42_0_9_8005 - name: meshpassthrough_http_10.42.0.9_8005 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 443 - prefixRanges: - - addressPrefix: 10.42.0.9 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.9_443 - virtualHosts: - - domains: - - '*' - name: 10.42.0.9 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.9_443 - statPrefix: meshpassthrough_http_10_42_0_9_443 - name: meshpassthrough_http_10.42.0.9_443 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 443 - prefixRanges: - - addressPrefix: 10.42.0.8 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.8_443 - virtualHosts: - - domains: - - '*' - name: 10.42.0.8 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.8_443 - statPrefix: meshpassthrough_http_10_42_0_8_443 - name: meshpassthrough_http_10.42.0.8_443 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 80 - prefixRanges: - - addressPrefix: 10.42.0.9 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.9_80 - virtualHosts: - - domains: - - '*' - name: 10.42.0.9 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.9_80 - statPrefix: meshpassthrough_http_10_42_0_9_80 - name: meshpassthrough_http_10.42.0.9_80 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 80 - prefixRanges: - - addressPrefix: 10.42.0.8 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.8_80 - virtualHosts: - - domains: - - '*' - name: 10.42.0.8 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.8_80 - statPrefix: meshpassthrough_http_10_42_0_8_80 - name: meshpassthrough_http_10.42.0.8_80 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - prefixRanges: - - addressPrefix: 10.42.0.9 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.9_* - virtualHosts: - - domains: - - '*' - name: 10.42.0.9 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.9_* - statPrefix: meshpassthrough_http_10_42_0_9__ - name: meshpassthrough_http_10.42.0.9_* - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - prefixRanges: - - addressPrefix: 10.42.0.8 - prefixLen: 32 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_10.42.0.8_* - virtualHosts: - - domains: - - '*' - name: 10.42.0.8 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_10.42.0.8_* - statPrefix: meshpassthrough_http_10_42_0_8__ - name: meshpassthrough_http_10.42.0.8_* - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8126 - prefixRanges: - - addressPrefix: 192.168.0.0 - prefixLen: 16 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_192.168.0.0/16_8126 - virtualHosts: - - domains: - - '*' - name: 192.168.0.0/16 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_192.168.0.0/16_8126 - statPrefix: meshpassthrough_http_192_168_0_0_16_8126 - name: meshpassthrough_http_192.168.0.0/16_8126 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8126 - prefixRanges: - - addressPrefix: 172.16.0.0 - prefixLen: 12 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_172.16.0.0/12_8126 - virtualHosts: - - domains: - - '*' - name: 172.16.0.0/12 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_172.16.0.0/12_8126 - statPrefix: meshpassthrough_http_172_16_0_0_12_8126 - name: meshpassthrough_http_172.16.0.0/12_8126 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8126 - prefixRanges: - - addressPrefix: 240.0.0.0 - prefixLen: 4 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_240.0.0.0/4_8126 - virtualHosts: - - domains: - - '*' - name: 240.0.0.0/4 - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_240.0.0.0/4_8126 - statPrefix: meshpassthrough_http_240_0_0_0_4_8126 - name: meshpassthrough_http_240.0.0.0/4_8126 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 19000 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_grpc_19000 - virtualHosts: - - domains: - - grpcdomain.com - - grpcdomain.com:19000 - name: grpcdomain.com - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_grpcdomain.com_19000 - - domains: - - '*' - name: no_match - routes: - - directResponse: - body: - inlineString: | - This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. - status: 503 - match: - prefix: / - statPrefix: meshpassthrough_grpc_19000 - name: meshpassthrough_grpc_19000 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8126 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_8126 - virtualHosts: - - domains: - - trace-svc.datadog-agent.svc.cluster.local - - trace-svc.datadog-agent.svc.cluster.local:8126 - name: trace-svc.datadog-agent.svc.cluster.local - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_trace-svc.datadog-agent.svc.cluster.local_8126 - - domains: - - trace-svc.datadog-agent.svc - - trace-svc.datadog-agent.svc:8126 - name: trace-svc.datadog-agent.svc - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_trace-svc.datadog-agent.svc_8126 - - domains: - - '*' - name: no_match - routes: - - directResponse: - body: - inlineString: | - This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. - status: 503 - match: - prefix: / - statPrefix: meshpassthrough_http_8126 - name: meshpassthrough_http_8126 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8080 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_8080 - virtualHosts: - - domains: - - example.com - - example.com:8080 - name: example.com - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_example.com_8080 - - domains: - - http2.com - - http2.com:8080 - name: http2.com - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_http2.com_8080 - - domains: - - other.com - - other.com:8080 - name: other.com - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_other.com_8080 - - domains: - - '*' - name: no_match - routes: - - directResponse: - body: - inlineString: | - This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. - status: 503 - match: - prefix: / - statPrefix: meshpassthrough_http_8080 - name: meshpassthrough_http_8080 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8006 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_8006 - virtualHosts: - - domains: - - cluster-telemetry.test.local.dev - - cluster-telemetry.test.local.dev:8006 - name: cluster-telemetry.test.local.dev - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_cluster-telemetry.test.local.dev_8006 - - domains: - - '*' - name: no_match - routes: - - directResponse: - body: - inlineString: | - This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. - status: 503 - match: - prefix: / - statPrefix: meshpassthrough_http_8006 - name: meshpassthrough_http_8006 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 8005 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_8005 - virtualHosts: - - domains: - - cluster.test.local.dev - - cluster.test.local.dev:8005 - name: cluster.test.local.dev - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_cluster.test.local.dev_8005 - - domains: - - '*' - name: no_match - routes: - - directResponse: - body: - inlineString: | - This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. - status: 503 - match: - prefix: / - statPrefix: meshpassthrough_http_8005 - name: meshpassthrough_http_8005 - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 80 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_http_80 - virtualHosts: - - domains: - - www.google.com - - www.google.com:80 - name: www.google.com - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_www.google.com_80 - - domains: - - '*' - name: no_match - routes: - - directResponse: - body: - inlineString: | - This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. - status: 503 - match: - prefix: / - statPrefix: meshpassthrough_http_80 - name: meshpassthrough_http_80 - listenerFilters: - - name: envoy.filters.listener.tls_inspector - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector - - name: envoy.filters.listener.http_inspector - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector - name: outbound:passthrough:ipv4 - trafficDirection: OUTBOUND -- name: outbound:passthrough:ipv6 - resource: - '@type': type.googleapis.com/envoy.config.listener.v3.Listener - address: - socketAddress: - address: '::' - portValue: 15001 - filterChains: - - filterChainMatch: - destinationPort: 19000 - prefixRanges: - - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 - prefixLen: 128 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_19000 - statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_19000 - name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_19000 - - filterChainMatch: - destinationPort: 10000 - prefixRanges: - - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 - prefixLen: 128 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_10000 - statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_10000 - name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_10000 - - filterChainMatch: - destinationPort: 9091 - prefixRanges: - - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 - prefixLen: 128 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_9091 - statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_9091 - name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_9091 - - filterChainMatch: - destinationPort: 8126 - prefixRanges: - - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 - prefixLen: 128 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8126 - statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_8126 - name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8126 - - filterChainMatch: - destinationPort: 8080 - prefixRanges: - - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 - prefixLen: 128 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8080 - statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_8080 - name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8080 - - filterChainMatch: - destinationPort: 8006 - prefixRanges: - - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 - prefixLen: 128 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8006 - statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_8006 - name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8006 - - filterChainMatch: - destinationPort: 8005 - prefixRanges: - - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 - prefixLen: 128 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8005 - statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_8005 - name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8005 - - filterChainMatch: - destinationPort: 443 - prefixRanges: - - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 - prefixLen: 128 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_443 - statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_443 - name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_443 - - filterChainMatch: - destinationPort: 80 - prefixRanges: - - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 - prefixLen: 128 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_80 - statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_80 - name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_80 - - filterChainMatch: - prefixRanges: - - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 - prefixLen: 128 - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_* - statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6__ - name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_* - - filterChainMatch: - destinationPort: 443 - serverNames: - - api.example.com - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_api.example.com_443 - statPrefix: meshpassthrough_api_example_com_443 - name: meshpassthrough_tls_api.example.com_443 - - filterChainMatch: - destinationPort: 443 - serverNames: - - example.com - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_example.com_443 - statPrefix: meshpassthrough_example_com_443 - name: meshpassthrough_tls_example.com_443 - - filterChainMatch: - destinationPort: 19000 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_19000 - statPrefix: meshpassthrough___example_com_19000 - name: meshpassthrough_tls_*.example.com_19000 - - filterChainMatch: - destinationPort: 10000 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_10000 - statPrefix: meshpassthrough___example_com_10000 - name: meshpassthrough_tls_*.example.com_10000 - - filterChainMatch: - destinationPort: 9091 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_9091 - statPrefix: meshpassthrough___example_com_9091 - name: meshpassthrough_tls_*.example.com_9091 - - filterChainMatch: - destinationPort: 8126 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_8126 - statPrefix: meshpassthrough___example_com_8126 - name: meshpassthrough_tls_*.example.com_8126 - - filterChainMatch: - destinationPort: 8080 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_8080 - statPrefix: meshpassthrough___example_com_8080 - name: meshpassthrough_tls_*.example.com_8080 - - filterChainMatch: - destinationPort: 8006 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_8006 - statPrefix: meshpassthrough___example_com_8006 - name: meshpassthrough_tls_*.example.com_8006 - - filterChainMatch: - destinationPort: 8005 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_8005 - statPrefix: meshpassthrough___example_com_8005 - name: meshpassthrough_tls_*.example.com_8005 - - filterChainMatch: - destinationPort: 443 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_443 - statPrefix: meshpassthrough___example_com_443 - name: meshpassthrough_tls_*.example.com_443 - - filterChainMatch: - destinationPort: 80 - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_80 - statPrefix: meshpassthrough___example_com_80 - name: meshpassthrough_tls_*.example.com_80 - - filterChainMatch: - serverNames: - - '*.example.com' - transportProtocol: tls - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_*.example.com_* - statPrefix: meshpassthrough___example_com__ - name: meshpassthrough_tls_*.example.com_* - - filterChainMatch: - destinationPort: 9091 - prefixRanges: - - addressPrefix: 9942:9abf:d0e0:f2da:2290:333b:e590:f497 - prefixLen: 128 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_9942:9abf:d0e0:f2da:2290:333b:e590:f497_9091 - statPrefix: meshpassthrough_9942_9abf_d0e0_f2da_2290_333b_e590_f497_9091 - name: meshpassthrough_tcp_9942:9abf:d0e0:f2da:2290:333b:e590:f497_9091 - - filterChainMatch: - destinationPort: 19000 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7:427c:b969::' - prefixLen: 96 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_19000 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_19000 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_19000 - - filterChainMatch: - destinationPort: 19000 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7::' - prefixLen: 64 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_19000 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_19000 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_19000 - - filterChainMatch: - destinationPort: 10000 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7:427c:b969::' - prefixLen: 96 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_10000 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_10000 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_10000 - - filterChainMatch: - destinationPort: 10000 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7::' - prefixLen: 64 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_10000 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_10000 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_10000 - - filterChainMatch: - destinationPort: 9091 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7:427c:b969::' - prefixLen: 96 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_9091 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_9091 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_9091 - - filterChainMatch: - destinationPort: 9091 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7::' - prefixLen: 64 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_9091 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_9091 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_9091 - - filterChainMatch: - destinationPort: 8126 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7:427c:b969::' - prefixLen: 96 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8126 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_8126 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8126 - - filterChainMatch: - destinationPort: 8126 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7::' - prefixLen: 64 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8126 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_8126 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8126 - - filterChainMatch: - destinationPort: 8080 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7:427c:b969::' - prefixLen: 96 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8080 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_8080 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8080 - - filterChainMatch: - destinationPort: 8080 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7::' - prefixLen: 64 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8080 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_8080 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8080 - - filterChainMatch: - destinationPort: 8006 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7:427c:b969::' - prefixLen: 96 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8006 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_8006 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8006 - - filterChainMatch: - destinationPort: 8006 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7::' - prefixLen: 64 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8006 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_8006 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8006 - - filterChainMatch: - destinationPort: 8005 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7:427c:b969::' - prefixLen: 96 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8005 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_8005 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_8005 - - filterChainMatch: - destinationPort: 8005 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7::' - prefixLen: 64 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8005 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_8005 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_8005 - - filterChainMatch: - destinationPort: 443 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7:427c:b969::' - prefixLen: 96 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_443 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_443 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_443 - - filterChainMatch: - destinationPort: 443 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7::' - prefixLen: 64 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_443 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_443 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_443 - - filterChainMatch: - destinationPort: 80 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7:427c:b969::' - prefixLen: 96 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_80 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96_80 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_80 - - filterChainMatch: - destinationPort: 80 - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7::' - prefixLen: 64 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_80 - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64_80 - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_80 - - filterChainMatch: - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7:427c:b969::' - prefixLen: 96 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_* - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_96__ - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/96_* - - filterChainMatch: - prefixRanges: - - addressPrefix: 'b0ce:f616:4e74:28f7::' - prefixLen: 64 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.tcp_proxy - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - cluster: meshpassthrough_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_* - statPrefix: meshpassthrough_b0ce_f616_4e74_28f7_427c_b969_8016_6344_64__ - name: meshpassthrough_tcp_b0ce:f616:4e74:28f7:427c:b969:8016:6344/64_* - - filterChainMatch: - applicationProtocols: - - http/1.1 - - h2c - destinationPort: 19000 - transportProtocol: raw_buffer - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - routeConfig: - name: meshpassthrough_grpc_19000 + name: meshpassthrough_http_10.42.0.8_80 virtualHosts: - domains: - - grpcdomain.com - - grpcdomain.com:19000 - name: grpcdomain.com + - '*' + name: 10.42.0.8 routes: - match: prefix: / route: - cluster: meshpassthrough_grpcdomain.com_19000 + cluster: meshpassthrough_10.42.0.8_80 + statPrefix: meshpassthrough_http_10_42_0_8_80 + name: meshpassthrough_http_10.42.0.8_80 + - filterChainMatch: + applicationProtocols: + - http/1.1 + - h2c + prefixRanges: + - addressPrefix: 10.42.0.8 + prefixLen: 32 + transportProtocol: raw_buffer + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_10.42.0.8_* + virtualHosts: - domains: - '*' - name: no_match + name: 10.42.0.8 routes: - - directResponse: - body: - inlineString: | - This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. - status: 503 - match: + - match: prefix: / - statPrefix: meshpassthrough_grpc_19000 - name: meshpassthrough_grpc_19000 + route: + cluster: meshpassthrough_10.42.0.8_* + statPrefix: meshpassthrough_http_10_42_0_8__ + name: meshpassthrough_http_10.42.0.8_* - filterChainMatch: applicationProtocols: - http/1.1 - h2c destinationPort: 8126 + prefixRanges: + - addressPrefix: 192.168.0.0 + prefixLen: 16 transportProtocol: raw_buffer filters: - name: envoy.filters.network.http_connection_manager @@ -2143,39 +240,48 @@ resources: typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router routeConfig: - name: meshpassthrough_http_8126 + name: meshpassthrough_http_192.168.0.0/16_8126 virtualHosts: - domains: - - trace-svc.datadog-agent.svc.cluster.local - - trace-svc.datadog-agent.svc.cluster.local:8126 - name: trace-svc.datadog-agent.svc.cluster.local + - '*' + name: 192.168.0.0/16 routes: - match: prefix: / route: - cluster: meshpassthrough_trace-svc.datadog-agent.svc.cluster.local_8126 + cluster: meshpassthrough_192.168.0.0/16_8126 + statPrefix: meshpassthrough_http_192_168_0_0_16_8126 + name: meshpassthrough_http_192.168.0.0/16_8126 + - filterChainMatch: + applicationProtocols: + - http/1.1 + - h2c + destinationPort: 8126 + prefixRanges: + - addressPrefix: 240.0.0.0 + prefixLen: 4 + transportProtocol: raw_buffer + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_240.0.0.0/4_8126 + virtualHosts: - domains: - - trace-svc.datadog-agent.svc - - trace-svc.datadog-agent.svc:8126 - name: trace-svc.datadog-agent.svc + - '*' + name: 240.0.0.0/4 routes: - match: prefix: / route: - cluster: meshpassthrough_trace-svc.datadog-agent.svc_8126 - - domains: - - '*' - name: no_match - routes: - - directResponse: - body: - inlineString: | - This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. - status: 503 - match: - prefix: / - statPrefix: meshpassthrough_http_8126 - name: meshpassthrough_http_8126 + cluster: meshpassthrough_240.0.0.0/4_8126 + statPrefix: meshpassthrough_http_240_0_0_0_4_8126 + name: meshpassthrough_http_240.0.0.0/4_8126 - filterChainMatch: applicationProtocols: - http/1.1 @@ -2202,15 +308,6 @@ resources: prefix: / route: cluster: meshpassthrough_example.com_8080 - - domains: - - http2.com - - http2.com:8080 - name: http2.com - routes: - - match: - prefix: / - route: - cluster: meshpassthrough_http2.com_8080 - domains: - other.com - other.com:8080 @@ -2237,7 +334,7 @@ resources: applicationProtocols: - http/1.1 - h2c - destinationPort: 8006 + destinationPort: 80 transportProtocol: raw_buffer filters: - name: envoy.filters.network.http_connection_manager @@ -2248,17 +345,17 @@ resources: typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router routeConfig: - name: meshpassthrough_http_8006 + name: meshpassthrough_http_80 virtualHosts: - domains: - - cluster-telemetry.test.local.dev - - cluster-telemetry.test.local.dev:8006 - name: cluster-telemetry.test.local.dev + - www.google.com + - www.google.com:80 + name: www.google.com routes: - match: prefix: / route: - cluster: meshpassthrough_cluster-telemetry.test.local.dev_8006 + cluster: meshpassthrough_www.google.com_80 - domains: - '*' name: no_match @@ -2270,13 +367,156 @@ resources: status: 503 match: prefix: / - statPrefix: meshpassthrough_http_8006 - name: meshpassthrough_http_8006 + statPrefix: meshpassthrough_http_80 + name: meshpassthrough_http_80 + listenerFilters: + - name: envoy.filters.listener.tls_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector + - name: envoy.filters.listener.http_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector + name: outbound:passthrough:ipv4 + trafficDirection: OUTBOUND +- name: outbound:passthrough:ipv6 + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: '::' + portValue: 15001 + filterChains: + - filterChainMatch: + destinationPort: 9091 + prefixRanges: + - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 + prefixLen: 128 + transportProtocol: tls + filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_9091 + statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_9091 + name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_9091 + - filterChainMatch: + destinationPort: 8126 + prefixRanges: + - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 + prefixLen: 128 + transportProtocol: tls + filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8126 + statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_8126 + name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8126 + - filterChainMatch: + destinationPort: 8080 + prefixRanges: + - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 + prefixLen: 128 + transportProtocol: tls + filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8080 + statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_8080 + name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_8080 + - filterChainMatch: + destinationPort: 443 + prefixRanges: + - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 + prefixLen: 128 + transportProtocol: tls + filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_443 + statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_443 + name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_443 + - filterChainMatch: + destinationPort: 80 + prefixRanges: + - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 + prefixLen: 128 + transportProtocol: tls + filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_80 + statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6_80 + name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_80 + - filterChainMatch: + prefixRanges: + - addressPrefix: b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6 + prefixLen: 128 + transportProtocol: tls + filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: meshpassthrough_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_* + statPrefix: meshpassthrough_b6e5_a45e_70ae_e77f_d24e_5023_375d_20a6__ + name: meshpassthrough_tls_b6e5:a45e:70ae:e77f:d24e:5023:375d:20a6_* + - filterChainMatch: + destinationPort: 443 + serverNames: + - api.example.com + transportProtocol: tls + filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: meshpassthrough_api.example.com_443 + statPrefix: meshpassthrough_api_example_com_443 + name: meshpassthrough_tls_api.example.com_443 + - filterChainMatch: + destinationPort: 443 + serverNames: + - example.com + transportProtocol: tls + filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: meshpassthrough_example.com_443 + statPrefix: meshpassthrough_example_com_443 + name: meshpassthrough_tls_example.com_443 + - filterChainMatch: + destinationPort: 443 + serverNames: + - '*.example.com' + transportProtocol: tls + filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: meshpassthrough_*.example.com_443 + statPrefix: meshpassthrough___example_com_443 + name: meshpassthrough_tls_*.example.com_443 + - filterChainMatch: + destinationPort: 9091 + prefixRanges: + - addressPrefix: 9942:9abf:d0e0:f2da:2290:333b:e590:f497 + prefixLen: 128 + transportProtocol: raw_buffer + filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: meshpassthrough_9942:9abf:d0e0:f2da:2290:333b:e590:f497_9091 + statPrefix: meshpassthrough_9942_9abf_d0e0_f2da_2290_333b_e590_f497_9091 + name: meshpassthrough_tcp_9942:9abf:d0e0:f2da:2290:333b:e590:f497_9091 - filterChainMatch: applicationProtocols: - http/1.1 - h2c - destinationPort: 8005 + destinationPort: 8080 transportProtocol: raw_buffer filters: - name: envoy.filters.network.http_connection_manager @@ -2287,17 +527,26 @@ resources: typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router routeConfig: - name: meshpassthrough_http_8005 + name: meshpassthrough_http_8080 virtualHosts: - domains: - - cluster.test.local.dev - - cluster.test.local.dev:8005 - name: cluster.test.local.dev + - example.com + - example.com:8080 + name: example.com + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_example.com_8080 + - domains: + - other.com + - other.com:8080 + name: other.com routes: - match: prefix: / route: - cluster: meshpassthrough_cluster.test.local.dev_8005 + cluster: meshpassthrough_other.com_8080 - domains: - '*' name: no_match @@ -2309,8 +558,8 @@ resources: status: 503 match: prefix: / - statPrefix: meshpassthrough_http_8005 - name: meshpassthrough_http_8005 + statPrefix: meshpassthrough_http_8080 + name: meshpassthrough_http_8080 - filterChainMatch: applicationProtocols: - http/1.1 diff --git a/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/cidr-http.clusters.golden.yaml b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/cidr-http.clusters.golden.yaml new file mode 100644 index 000000000000..459beed77fbb --- /dev/null +++ b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/cidr-http.clusters.golden.yaml @@ -0,0 +1,33 @@ +resources: +- name: meshpassthrough_10.10.0.0/16_80 + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: meshpassthrough_10_10_0_0_16_80 + connectTimeout: 5s + lbPolicy: CLUSTER_PROVIDED + name: meshpassthrough_10.10.0.0/16_80 + type: ORIGINAL_DST +- name: meshpassthrough_192.168.0.0/24_80 + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: meshpassthrough_192_168_0_0_24_80 + connectTimeout: 5s + lbPolicy: CLUSTER_PROVIDED + name: meshpassthrough_192.168.0.0/24_80 + type: ORIGINAL_DST +- name: meshpassthrough_192.168.0.0_* + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: meshpassthrough_192_168_0_0__ + connectTimeout: 5s + lbPolicy: CLUSTER_PROVIDED + name: meshpassthrough_192.168.0.0_* + type: ORIGINAL_DST +- name: meshpassthrough_192.168.0.0_80 + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: meshpassthrough_192_168_0_0_80 + connectTimeout: 5s + lbPolicy: CLUSTER_PROVIDED + name: meshpassthrough_192.168.0.0_80 + type: ORIGINAL_DST diff --git a/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/cidr-http.listener.golden.yaml b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/cidr-http.listener.golden.yaml new file mode 100644 index 000000000000..76ab6f324163 --- /dev/null +++ b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/cidr-http.listener.golden.yaml @@ -0,0 +1,153 @@ +resources: +- name: outbound:passthrough:ipv4 + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: 0.0.0.0 + portValue: 15001 + filterChains: + - filterChainMatch: + applicationProtocols: + - http/1.1 + - h2c + destinationPort: 80 + prefixRanges: + - addressPrefix: 192.168.0.0 + prefixLen: 32 + transportProtocol: raw_buffer + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_192.168.0.0_80 + virtualHosts: + - domains: + - '*' + name: 192.168.0.0 + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_192.168.0.0_80 + statPrefix: meshpassthrough_http_192_168_0_0_80 + name: meshpassthrough_http_192.168.0.0_80 + - filterChainMatch: + applicationProtocols: + - http/1.1 + - h2c + prefixRanges: + - addressPrefix: 192.168.0.0 + prefixLen: 32 + transportProtocol: raw_buffer + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_192.168.0.0_* + virtualHosts: + - domains: + - '*' + name: 192.168.0.0 + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_192.168.0.0_* + statPrefix: meshpassthrough_http_192_168_0_0__ + name: meshpassthrough_http_192.168.0.0_* + - filterChainMatch: + applicationProtocols: + - http/1.1 + - h2c + destinationPort: 80 + prefixRanges: + - addressPrefix: 192.168.0.0 + prefixLen: 24 + transportProtocol: raw_buffer + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_192.168.0.0/24_80 + virtualHosts: + - domains: + - '*' + name: 192.168.0.0/24 + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_192.168.0.0/24_80 + statPrefix: meshpassthrough_http_192_168_0_0_24_80 + name: meshpassthrough_http_192.168.0.0/24_80 + - filterChainMatch: + applicationProtocols: + - http/1.1 + - h2c + destinationPort: 80 + prefixRanges: + - addressPrefix: 10.10.0.0 + prefixLen: 16 + transportProtocol: raw_buffer + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_10.10.0.0/16_80 + virtualHosts: + - domains: + - '*' + name: 10.10.0.0/16 + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_10.10.0.0/16_80 + statPrefix: meshpassthrough_http_10_10_0_0_16_80 + name: meshpassthrough_http_10.10.0.0/16_80 + listenerFilters: + - name: envoy.filters.listener.tls_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector + - name: envoy.filters.listener.http_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector + name: outbound:passthrough:ipv4 + trafficDirection: OUTBOUND +- name: outbound:passthrough:ipv6 + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: '::' + portValue: 15001 + filterChains: + - filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: outbound:passthrough:ipv6 + statPrefix: outbound_passthrough_ipv6 + name: outbound:passthrough:ipv6 + trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/http-domains-aggregated.clusters.golden.yaml b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/http-domains-aggregated.clusters.golden.yaml new file mode 100644 index 000000000000..0dbfe9a515b9 --- /dev/null +++ b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/http-domains-aggregated.clusters.golden.yaml @@ -0,0 +1,25 @@ +resources: +- name: meshpassthrough_*.example.com_* + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: meshpassthrough___example_com__ + connectTimeout: 5s + lbPolicy: CLUSTER_PROVIDED + name: meshpassthrough_*.example.com_* + type: ORIGINAL_DST +- name: meshpassthrough_example1.com_80 + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: meshpassthrough_example1_com_80 + connectTimeout: 5s + lbPolicy: CLUSTER_PROVIDED + name: meshpassthrough_example1.com_80 + type: ORIGINAL_DST +- name: meshpassthrough_example2.com_80 + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: meshpassthrough_example2_com_80 + connectTimeout: 5s + lbPolicy: CLUSTER_PROVIDED + name: meshpassthrough_example2.com_80 + type: ORIGINAL_DST diff --git a/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/http-domains-aggregated.listener.golden.yaml b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/http-domains-aggregated.listener.golden.yaml new file mode 100644 index 000000000000..2695871900b8 --- /dev/null +++ b/pkg/plugins/policies/meshpassthrough/plugin/v1alpha1/testdata/http-domains-aggregated.listener.golden.yaml @@ -0,0 +1,205 @@ +resources: +- name: outbound:passthrough:ipv4 + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: 0.0.0.0 + portValue: 15001 + filterChains: + - filterChainMatch: + applicationProtocols: + - http/1.1 + - h2c + destinationPort: 80 + transportProtocol: raw_buffer + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_80 + virtualHosts: + - domains: + - example1.com + - example1.com:80 + name: example1.com + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_example1.com_80 + - domains: + - example2.com + - example2.com:80 + name: example2.com + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_example2.com_80 + - domains: + - '*' + name: no_match + routes: + - directResponse: + body: + inlineString: | + This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. + status: 503 + match: + prefix: / + statPrefix: meshpassthrough_http_80 + name: meshpassthrough_http_80 + - filterChainMatch: + applicationProtocols: + - http/1.1 + - h2c + transportProtocol: raw_buffer + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_* + virtualHosts: + - domains: + - '*.example.com' + name: '*.example.com' + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_*.example.com_* + - domains: + - '*' + name: no_match + routes: + - directResponse: + body: + inlineString: | + This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. + status: 503 + match: + prefix: / + statPrefix: meshpassthrough_http__ + name: meshpassthrough_http_* + listenerFilters: + - name: envoy.filters.listener.tls_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector + - name: envoy.filters.listener.http_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector + name: outbound:passthrough:ipv4 + trafficDirection: OUTBOUND +- name: outbound:passthrough:ipv6 + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: '::' + portValue: 15001 + filterChains: + - filterChainMatch: + applicationProtocols: + - http/1.1 + - h2c + destinationPort: 80 + transportProtocol: raw_buffer + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_80 + virtualHosts: + - domains: + - example1.com + - example1.com:80 + name: example1.com + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_example1.com_80 + - domains: + - example2.com + - example2.com:80 + name: example2.com + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_example2.com_80 + - domains: + - '*' + name: no_match + routes: + - directResponse: + body: + inlineString: | + This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. + status: 503 + match: + prefix: / + statPrefix: meshpassthrough_http_80 + name: meshpassthrough_http_80 + - filterChainMatch: + applicationProtocols: + - http/1.1 + - h2c + transportProtocol: raw_buffer + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + routeConfig: + name: meshpassthrough_http_* + virtualHosts: + - domains: + - '*.example.com' + name: '*.example.com' + routes: + - match: + prefix: / + route: + cluster: meshpassthrough_*.example.com_* + - domains: + - '*' + name: no_match + routes: + - directResponse: + body: + inlineString: | + This response comes from Kuma Sidecar. No routes matched this domain - check configuration of your MeshPassthrough policy. + status: 503 + match: + prefix: / + statPrefix: meshpassthrough_http__ + name: meshpassthrough_http_* + listenerFilters: + - name: envoy.filters.listener.tls_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector + - name: envoy.filters.listener.http_inspector + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector + name: outbound:passthrough:ipv6 + trafficDirection: OUTBOUND diff --git a/pkg/plugins/policies/meshpassthrough/plugin/xds/listeners_filter_chain.go b/pkg/plugins/policies/meshpassthrough/plugin/xds/listeners_filter_chain.go index 2f9febe398d5..45be3b0f9164 100644 --- a/pkg/plugins/policies/meshpassthrough/plugin/xds/listeners_filter_chain.go +++ b/pkg/plugins/policies/meshpassthrough/plugin/xds/listeners_filter_chain.go @@ -61,10 +61,10 @@ func (c FilterChainConfigurer) addFilterChainConfiguration(listener *envoy_liste case Domain, WildcardDomain, IP, IPV6: domains := []string{route.Value} // based on the RFC, the host header might include a port, so we add another entry with the port defined - if route.MatchType == IP || route.MatchType == Domain || route.MatchType == WildcardDomain { + if c.Port != 0 && (route.MatchType == IP || route.MatchType == Domain || route.MatchType == WildcardDomain) { domains = append(domains, fmt.Sprintf("%s:%d", route.Value, c.Port)) } - if route.MatchType == IPV6 { + if c.Port != 0 && route.MatchType == IPV6 { domains = append(domains, fmt.Sprintf("[%s]", route.Value), fmt.Sprintf("[%s]:%d", route.Value, c.Port)) } clusterName := ClusterName(route.Value, c.Protocol, c.Port) diff --git a/pkg/plugins/policies/meshpassthrough/plugin/xds/order.go b/pkg/plugins/policies/meshpassthrough/plugin/xds/order.go index 0f819d41f191..92ea4a63a79b 100644 --- a/pkg/plugins/policies/meshpassthrough/plugin/xds/order.go +++ b/pkg/plugins/policies/meshpassthrough/plugin/xds/order.go @@ -30,8 +30,8 @@ var protocolOrder = map[core_mesh.Protocol]int{ core_mesh.ProtocolTLS: 0, core_mesh.ProtocolTCP: 1, core_mesh.ProtocolHTTP: 2, - core_mesh.ProtocolHTTP2: 2, - core_mesh.ProtocolGRPC: 2, + core_mesh.ProtocolHTTP2: 3, + core_mesh.ProtocolGRPC: 4, } type Route struct { @@ -118,7 +118,13 @@ func GetOrderedMatchers(conf api.Conf) ([]FilterChainMatch, error) { MatchType: matcher.MatchType, Value: matcher.Value, } - matcherWithRoutesAndAdditionalPorts[additionalMatcher] = routes + if routes, found := matcherWithRoutesAndAdditionalPorts[additionalMatcher]; found { + for route := range routes { + matcherWithRoutesAndAdditionalPorts[additionalMatcher][route] = true + } + } else { + matcherWithRoutesAndAdditionalPorts[additionalMatcher] = routes + } } } } @@ -225,7 +231,7 @@ func orderMatchers(matchers []FilterChainMatch) { return prefixI > prefixJ } - return matchers[i].MatchType < matchers[j].MatchType + return len(matchers[i].Routes) > len(matchers[j].Routes) }) } diff --git a/pkg/plugins/policies/meshpassthrough/plugin/xds/testdata/ordered-diff-protocols.golden.yaml b/pkg/plugins/policies/meshpassthrough/plugin/xds/testdata/ordered-diff-protocols.golden.yaml index 528ef2662ccd..90d914cd7f8a 100644 --- a/pkg/plugins/policies/meshpassthrough/plugin/xds/testdata/ordered-diff-protocols.golden.yaml +++ b/pkg/plugins/policies/meshpassthrough/plugin/xds/testdata/ordered-diff-protocols.golden.yaml @@ -64,30 +64,30 @@ Routes: [] Value: 10.22.22.1 - MatchType: 2 - Port: 9091 - Protocol: grpc + Port: 443 + Protocol: http Routes: - MatchType: 2 Value: api.example.com Value: "" - MatchType: 2 - Port: 9090 - Protocol: http2 + Port: 80 + Protocol: http Routes: - MatchType: 2 - Value: api.example.com + Value: httpbin.com Value: "" - MatchType: 2 - Port: 443 - Protocol: http + Port: 9090 + Protocol: http2 Routes: - MatchType: 2 Value: api.example.com Value: "" - MatchType: 2 - Port: 80 - Protocol: http + Port: 9091 + Protocol: grpc Routes: - MatchType: 2 - Value: httpbin.com + Value: api.example.com Value: "" diff --git a/pkg/plugins/policies/meshpassthrough/plugin/xds/testdata/ordered.golden.yaml b/pkg/plugins/policies/meshpassthrough/plugin/xds/testdata/ordered.golden.yaml index 550d2e29e867..8210b05c0597 100644 --- a/pkg/plugins/policies/meshpassthrough/plugin/xds/testdata/ordered.golden.yaml +++ b/pkg/plugins/policies/meshpassthrough/plugin/xds/testdata/ordered.golden.yaml @@ -346,43 +346,17 @@ - MatchType: 2 Port: 9091 Protocol: http - Routes: - - MatchType: 2 - Value: otherexample.com - - MatchType: 1 - Value: '*.example.com' - Value: "" -- MatchType: 2 - Port: 9001 - Protocol: grpc - Routes: - - MatchType: 2 - Value: grpc.com + Routes: [] Value: "" - MatchType: 2 Port: 9001 Protocol: http - Routes: - - MatchType: 2 - Value: otherexample.com - - MatchType: 1 - Value: '*.example.com' + Routes: [] Value: "" - MatchType: 2 Port: 9000 Protocol: http - Routes: - - MatchType: 2 - Value: otherexample.com - - MatchType: 1 - Value: '*.example.com' - Value: "" -- MatchType: 2 - Port: 9000 - Protocol: http2 - Routes: - - MatchType: 2 - Value: http2.com + Routes: [] Value: "" - MatchType: 2 Port: 8080 @@ -398,11 +372,7 @@ - MatchType: 2 Port: 443 Protocol: http - Routes: - - MatchType: 2 - Value: otherexample.com - - MatchType: 1 - Value: '*.example.com' + Routes: [] Value: "" - MatchType: 2 Port: 0 @@ -413,3 +383,17 @@ - MatchType: 1 Value: '*.example.com' Value: "" +- MatchType: 2 + Port: 9000 + Protocol: http2 + Routes: + - MatchType: 2 + Value: http2.com + Value: "" +- MatchType: 2 + Port: 9001 + Protocol: grpc + Routes: + - MatchType: 2 + Value: grpc.com + Value: ""