mirror of https://github.com/linkerd/linkerd2.git
03762cc526
Fixes #3444 Fixes #3443 ## Background and Behavior This change adds support for the destination service to resolve Get requests which contain a service clusterIP or pod ip as the `Path` parameter. It returns the stream of endpoints, just as if `Get` had been called with the service's authority. This lays the groundwork for allowing the proxy to TLS TCP connections by allowing the proxy to do destination lookups for the SO_ORIG_DST of tcp connections. When that ip address corresponds to a service cluster ip or pod ip, the destination service will return the endpoints stream, including the pod metadata required to establish identity. Prior to this change, attempting to look up an ip address in the destination service would result in a `InvalidArgument` error. Updating the `GetProfile` method to support ip address lookups is out of scope and attempts to look up an ip address with the `GetProfile` method will result in `InvalidArgument`. ## Implementation We do this by creating a `IPWatcher` which wraps the `EndpointsWatcher` and supports lookups by ip. `IPWatcher` maintains a mapping up clusterIPs to service ids and translates subscriptions to an IP address into a subscription to the service id using the underlying `EndpointsWatcher`. Since the service name is no longer always infer-able directly from the input parameters, we restructure `EndpointTranslator` and `PodSet` so that we propagate the service name from the endpoints API response. ## Testing This can be tested by running the destination service locally, using the current kube context to connect to a Kubernetes cluster: ``` go run controller/cmd/main.go destination -kubeconfig ~/.kube/config ``` Then lookups can be issued using the destination client: ``` go run controller/script/destination-client/main.go -path 192.168.54.78:80 -method get -addr localhost:8086 ``` Service cluster ips and pod ips can be used as the `path` argument. Signed-off-by: Alex Leong <alex@buoyant.io> |
||
|---|---|---|
| .. | ||
| destination | ||
| heartbeat | ||
| identity | ||
| proxy-injector | ||
| public-api | ||
| sp-validator | ||
| tap | ||
| main.go | ||