d5e2ff2cb7
When the inbound proxy receives requests, these requests may have relative `:authority` values like _web:8080_. Because these requests can come from hosts with a variety of DNS configurations, the inbound proxy can't make a sufficient guess about the fully qualified name (e.g. _web.ns.svc.cluster.local._). In order for the inbound proxy to discover inbound service profiles, we need to establish some means for the inbound proxy to determine the "canonical" name of the service for each request. This change introduces a new `l5d-dst-canonical` header that is set by the outbound proxy and used by the remote inbound proxy to determine which profile should be used. The outbound proxy determines the canonical destination by performing DNS resolution as requests are routed and uses this name for profile and address discovery. This change removes the proxy's hardcoded Kubernetes dependency. The `LINKERD2_PROXY_DESTINATION_GET_SUFFIXES` and `LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES` environment variables control which domains may be discovered via the destination service. Finally, HTTP settings detection has been moved into a dedicated routing layer at the "bottom" of the stack. This is done do that canonicalization and discovery need not be done redundantly for each set of HTTP settings. Now, HTTP settings, only configure the HTTP client stack within an endpoint. Fixes linkerd/linkerd2#1798 |
||
|---|---|---|
| .. | ||
| client.rs | ||
| controller.rs | ||
| mod.rs | ||
| proxy.rs | ||
| server.rs | ||
| tcp.rs | ||