linkerd
/
linkerd2-proxy
mirror of https://github.com/linkerd/linkerd2-proxy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove default controller URL from proxy. (#48) 

Previously there was a default controller URL in the proxy. This
default was never used for any proxy injected by `conduit inject` and
it was the wrong default when using the proxy outside of Kubernetes.
Also more generally this is such an important setting in terms of
correctness and security that it was dangerous to let it be implied in
any context.

Remove the default, requiring that it be set in order for the proxy to
start.
This commit is contained in:
Brian Smith 2018-01-02 08:44:27 -10:00 committed by GitHub
parent 20a6e18922
commit f1a4e98053
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
proxy/src/config.rs
View File

@ -157,7 +157,6 @@ const DEFAULT_PRIVATE_LISTENER: &str = "tcp://127.0.0.1:4140";
const DEFAULT_PUBLIC_LISTENER: &str = "tcp://0.0.0.0:4143";
const DEFAULT_CONTROL_LISTENER: &str = "tcp://0.0.0.0:4190";
const DEFAULT_PRIVATE_CONNECT_TIMEOUT_MS: u64 = 20;
const DEFAULT_CONTROL_URL: &str = "tcp://proxy-api.conduit.svc.cluster.local:8086";
const DEFAULT_RESOLV_CONF: &str = "/etc/resolv.conf";
// ===== impl Config =====
@ -176,7 +175,6 @@ impl<'a> TryFrom<&'a Strings> for Config {
let public_connect_timeout = parse(strings, ENV_PUBLIC_CONNECT_TIMEOUT, parse_number);
let private_connect_timeout = parse(strings, ENV_PRIVATE_CONNECT_TIMEOUT, parse_number);
let resolv_conf_path = strings.get(ENV_RESOLV_CONF);
let control_host_and_port = parse(strings, ENV_CONTROL_URL, parse_url);
let event_buffer_capacity = parse(strings, ENV_EVENT_BUFFER_CAPACITY, parse_number);
let metrics_flush_interval_secs =
parse(strings, ENV_METRICS_FLUSH_INTERVAL_SECS, parse_number);
@ -188,6 +186,17 @@ impl<'a> TryFrom<&'a Strings> for Config {
let destinations_autocomplete_fqdn =
parse(strings, ENV_DESTINATIONS_AUTOCOMPLETE_FQDN, parse_environment);
// There is no default controller URL because a default would make it
// too easy to connect to the wrong controller, which would be dangerous.
let control_host_and_port = match parse(strings, ENV_CONTROL_URL, parse_url) {
Ok(Some(x)) => Ok(x),
Ok(None) => {
error!("{} is not set", ENV_CONTROL_URL);
Err(Error::InvalidEnvVar)
},
Err(e) => Err(e),
};
Ok(Config {
private_listener: Listener {
addr: private_listener_addr?
@ -209,8 +218,7 @@ impl<'a> TryFrom<&'a Strings> for Config {
resolv_conf_path: resolv_conf_path?
.unwrap_or(DEFAULT_RESOLV_CONF.into())
.into(),
control_host_and_port: control_host_and_port?
.unwrap_or_else(|| parse_url(DEFAULT_CONTROL_URL).unwrap()),
control_host_and_port: control_host_and_port?,
event_buffer_capacity: event_buffer_capacity?.unwrap_or(DEFAULT_EVENT_BUFFER_CAPACITY),
metrics_flush_interval: