From 01787e88df219363291553c081dd569089f10da7 Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Fri, 30 Jul 2021 07:54:46 -0600 Subject: [PATCH] internal/dag: support TLSRoute weighted ForwardTos Add support for weighted ForwardTos in TLSRoute rules. Per spec, weights default to 1 if unspecified, and weights of 0 mean no traffic is forwarded to the backend. Updates #3440. Signed-off-by: Steve Kriss --- internal/dag/builder_test.go | 237 ++++++++++++++++--- internal/dag/gatewayapi_processor.go | 29 ++- internal/featuretests/v3/routeweight_test.go | 206 ++++++++++++++++ 3 files changed, 437 insertions(+), 35 deletions(-) diff --git a/internal/dag/builder_test.go b/internal/dag/builder_test.go index 3b60fe1fd07..fb969339b04 100644 --- a/internal/dag/builder_test.go +++ b/internal/dag/builder_test.go @@ -1120,7 +1120,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "test.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -1135,7 +1135,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { ListenerName: "ingress_https", }, TCPProxy: &TCPProxy{ - Clusters: clusters(service(kuardServiceCustomNs)), + Clusters: clustersWeight(service(kuardServiceCustomNs)), }, }, ), @@ -1187,7 +1187,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "test.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -1223,7 +1223,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "test.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -1267,7 +1267,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "test.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -1319,7 +1319,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "test.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -1355,7 +1355,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "test.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -1393,7 +1393,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "test.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -1408,7 +1408,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { ListenerName: "ingress_https", }, TCPProxy: &TCPProxy{ - Clusters: clusters(service(kuardServiceCustomNs)), + Clusters: clustersWeight(service(kuardServiceCustomNs)), }, }, ), @@ -1446,7 +1446,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "test.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -1475,7 +1475,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "test.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -1490,7 +1490,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { ListenerName: "ingress_https", }, TCPProxy: &TCPProxy{ - Clusters: clusters(service(kuardService)), + Clusters: clustersWeight(service(kuardService)), }, }, ), @@ -1532,7 +1532,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "test.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -1547,7 +1547,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { ListenerName: "ingress_https", }, TCPProxy: &TCPProxy{ - Clusters: clusters(service(kuardServiceCustomNs)), + Clusters: clustersWeight(service(kuardServiceCustomNs)), }, }, ), @@ -1589,7 +1589,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "test.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -3112,7 +3112,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "tcp.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -3127,7 +3127,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { ListenerName: "ingress_https", }, TCPProxy: &TCPProxy{ - Clusters: clusters(service(kuardService)), + Clusters: clustersWeight(service(kuardService)), }, }, ), @@ -3157,7 +3157,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "thing.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -3172,7 +3172,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { ListenerName: "ingress_https", }, TCPProxy: &TCPProxy{ - Clusters: clusters(service(kuardService)), + Clusters: clustersWeight(service(kuardService)), }, }, &SecureVirtualHost{ @@ -3181,7 +3181,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { ListenerName: "ingress_https", }, TCPProxy: &TCPProxy{ - Clusters: clusters(service(kuardService)), + Clusters: clustersWeight(service(kuardService)), }, }, &SecureVirtualHost{ @@ -3190,7 +3190,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { ListenerName: "ingress_https", }, TCPProxy: &TCPProxy{ - Clusters: clusters(service(kuardService)), + Clusters: clustersWeight(service(kuardService)), }, }, ), @@ -3220,7 +3220,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "thing.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -3235,7 +3235,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { ListenerName: "ingress_https", }, TCPProxy: &TCPProxy{ - Clusters: clusters(service(kuardService)), + Clusters: clustersWeight(service(kuardService)), }, }, &SecureVirtualHost{ @@ -3244,7 +3244,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { ListenerName: "ingress_https", }, TCPProxy: &TCPProxy{ - Clusters: clusters(service(kuardService)), + Clusters: clustersWeight(service(kuardService)), }, }, ), @@ -3274,7 +3274,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "!!thing.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -3298,7 +3298,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Spec: gatewayapi_v1alpha1.TLSRouteSpec{ Rules: []gatewayapi_v1alpha1.TLSRouteRule{{ Matches: []gatewayapi_v1alpha1.TLSRouteMatch{{}}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, @@ -3313,7 +3313,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { ListenerName: "ingress_https", }, TCPProxy: &TCPProxy{ - Clusters: clusters(service(kuardService)), + Clusters: clustersWeight(service(kuardService)), }, }, ), @@ -3340,13 +3340,175 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "tcp.projectcontour.io", }, }}, - ForwardTo: tcpRouteForwardTo("kuard", 8080, 0), + ForwardTo: tcpRouteForwardTo("kuard", 8080, nil), }}, }, }, }, want: listeners(), }, + "TLSRoute with multiple weighted ForwardTos": { + gatewayclass: validClass, + gateway: gatewayWithTLSRouteSelector, + objs: []interface{}{ + kuardService, + kuardService2, + kuardService3, + &gatewayapi_v1alpha1.TLSRoute{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + Labels: map[string]string{ + "app": "contour", + "type": "controller", + }, + }, + Spec: gatewayapi_v1alpha1.TLSRouteSpec{ + Rules: []gatewayapi_v1alpha1.TLSRouteRule{{ + Matches: []gatewayapi_v1alpha1.TLSRouteMatch{{ + SNIs: []gatewayapi_v1alpha1.Hostname{ + "tcp.projectcontour.io", + }, + }}, + ForwardTo: tcpRouteForwards( + tcpRouteForwardTo("kuard", 8080, pointer.Int32Ptr(1)), + tcpRouteForwardTo("kuard2", 8080, pointer.Int32Ptr(2)), + tcpRouteForwardTo("kuard3", 8080, pointer.Int32Ptr(3)), + ), + }}, + }, + }, + }, + want: listeners( + &Listener{ + Port: 443, + VirtualHosts: virtualhosts( + &SecureVirtualHost{ + VirtualHost: VirtualHost{ + Name: "tcp.projectcontour.io", + ListenerName: "ingress_https", + }, + TCPProxy: &TCPProxy{ + + Clusters: clustersWeight( + weightedService(kuardService, 1), + weightedService(kuardService2, 2), + weightedService(kuardService3, 3), + ), + }, + }, + ), + }, + ), + }, + "TLSRoute with multiple weighted ForwardTos and one zero weight": { + gatewayclass: validClass, + gateway: gatewayWithTLSRouteSelector, + objs: []interface{}{ + kuardService, + kuardService2, + kuardService3, + &gatewayapi_v1alpha1.TLSRoute{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + Labels: map[string]string{ + "app": "contour", + "type": "controller", + }, + }, + Spec: gatewayapi_v1alpha1.TLSRouteSpec{ + Rules: []gatewayapi_v1alpha1.TLSRouteRule{{ + Matches: []gatewayapi_v1alpha1.TLSRouteMatch{{ + SNIs: []gatewayapi_v1alpha1.Hostname{ + "tcp.projectcontour.io", + }, + }}, + ForwardTo: tcpRouteForwards( + tcpRouteForwardTo("kuard", 8080, pointer.Int32Ptr(1)), + tcpRouteForwardTo("kuard2", 8080, pointer.Int32Ptr(0)), + tcpRouteForwardTo("kuard3", 8080, pointer.Int32Ptr(3)), + ), + }}, + }, + }, + }, + want: listeners( + &Listener{ + Port: 443, + VirtualHosts: virtualhosts( + &SecureVirtualHost{ + VirtualHost: VirtualHost{ + Name: "tcp.projectcontour.io", + ListenerName: "ingress_https", + }, + TCPProxy: &TCPProxy{ + + Clusters: clustersWeight( + weightedService(kuardService, 1), + weightedService(kuardService2, 0), + weightedService(kuardService3, 3), + ), + }, + }, + ), + }, + ), + }, + "TLSRoute with multiple unweighted ForwardTos all default to 1": { + gatewayclass: validClass, + gateway: gatewayWithTLSRouteSelector, + objs: []interface{}{ + kuardService, + kuardService2, + kuardService3, + &gatewayapi_v1alpha1.TLSRoute{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + Labels: map[string]string{ + "app": "contour", + "type": "controller", + }, + }, + Spec: gatewayapi_v1alpha1.TLSRouteSpec{ + Rules: []gatewayapi_v1alpha1.TLSRouteRule{{ + Matches: []gatewayapi_v1alpha1.TLSRouteMatch{{ + SNIs: []gatewayapi_v1alpha1.Hostname{ + "tcp.projectcontour.io", + }, + }}, + ForwardTo: tcpRouteForwards( + tcpRouteForwardTo("kuard", 8080, nil), + tcpRouteForwardTo("kuard2", 8080, nil), + tcpRouteForwardTo("kuard3", 8080, nil), + ), + }}, + }, + }, + }, + want: listeners( + &Listener{ + Port: 443, + VirtualHosts: virtualhosts( + &SecureVirtualHost{ + VirtualHost: VirtualHost{ + Name: "tcp.projectcontour.io", + ListenerName: "ingress_https", + }, + TCPProxy: &TCPProxy{ + + Clusters: clustersWeight( + weightedService(kuardService, 1), + weightedService(kuardService2, 1), + weightedService(kuardService3, 1), + ), + }, + }, + ), + }, + ), + }, "insert gateway listener with host": { gatewayclass: validClass, gateway: gatewayWithHostname, @@ -10609,11 +10771,20 @@ func httpRouteForwardTo(serviceName string, port int, weight int32) []gatewayapi }} } -func tcpRouteForwardTo(serviceName string, port int, weight int32) []gatewayapi_v1alpha1.RouteForwardTo { +func tcpRouteForwards(forwards ...[]gatewayapi_v1alpha1.RouteForwardTo) []gatewayapi_v1alpha1.RouteForwardTo { + var fwds []gatewayapi_v1alpha1.RouteForwardTo + + for _, f := range forwards { + fwds = append(fwds, f...) + } + return fwds +} + +func tcpRouteForwardTo(serviceName string, port int, weight *int32) []gatewayapi_v1alpha1.RouteForwardTo { return []gatewayapi_v1alpha1.RouteForwardTo{{ ServiceName: pointer.StringPtr(serviceName), Port: gatewayPort(port), - Weight: pointer.Int32Ptr(weight), + Weight: weight, }} } @@ -10725,9 +10896,13 @@ func clustersWeight(services ...*Service) (c []*Cluster) { } func service(s *v1.Service) *Service { + return weightedService(s, 1) +} + +func weightedService(s *v1.Service, weight uint32) *Service { return &Service{ Weighted: WeightedService{ - Weight: 1, + Weight: weight, ServiceName: s.Name, ServiceNamespace: s.Namespace, ServicePort: s.Spec.Ports[0], diff --git a/internal/dag/gatewayapi_processor.go b/internal/dag/gatewayapi_processor.go index 625a77eb084..e2405039892 100644 --- a/internal/dag/gatewayapi_processor.go +++ b/internal/dag/gatewayapi_processor.go @@ -536,7 +536,12 @@ func (p *GatewayAPIProcessor) computeTLSRoute(route *gatewayapi_v1alpha1.TLSRout continue } - var proxy TCPProxy + var ( + proxy TCPProxy + totalWeight uint32 + clusters []*Cluster + ) + for _, forward := range rule.ForwardTo { service, err := p.validateForwardTo(forward.ServiceName, forward.Port, route.Namespace) @@ -545,17 +550,33 @@ func (p *GatewayAPIProcessor) computeTLSRoute(route *gatewayapi_v1alpha1.TLSRout continue } - proxy.Clusters = append(proxy.Clusters, &Cluster{ + // Route defaults to a weight of "1" unless otherwise specified. + routeWeight := uint32(1) + if forward.Weight != nil { + routeWeight = uint32(*forward.Weight) + } + + // Keep track of all the weights for this set of forwardTos. This will be + // used later to understand if all the weights are set to zero. + totalWeight += routeWeight + + // https://github.com/projectcontour/contour/issues/3593 + service.Weighted.Weight = routeWeight + clusters = append(clusters, &Cluster{ Upstream: service, SNI: service.ExternalName, + Weight: routeWeight, }) } - if len(proxy.Clusters) == 0 { - // No valid clusters so the route should get rejected. + // No valid clusters or all forwardTos have a weight of 0 + // so the route should get rejected. + if len(clusters) == 0 || totalWeight == 0 { continue } + proxy.Clusters = clusters + for _, host := range hosts { secure := p.dag.EnsureSecureVirtualHost(ListenerName{Name: host, ListenerName: "ingress_https"}) diff --git a/internal/featuretests/v3/routeweight_test.go b/internal/featuretests/v3/routeweight_test.go index 485dd9c4fd7..a2051b3410a 100644 --- a/internal/featuretests/v3/routeweight_test.go +++ b/internal/featuretests/v3/routeweight_test.go @@ -16,8 +16,13 @@ package v3 import ( "testing" + "time" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + "github.com/envoyproxy/go-control-plane/pkg/wellknown" contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" @@ -246,6 +251,207 @@ func TestHTTPRoute_RouteWithAServiceWeight(t *testing.T) { ), nil) } +func TestTLSRoute_RouteWithAServiceWeight(t *testing.T) { + rh, c, done := setup(t) + defer done() + + rh.OnAdd(fixture.NewService("svc1"). + WithPorts(v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) + + rh.OnAdd(fixture.NewService("svc2"). + WithPorts(v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) + + rh.OnAdd(&gatewayapi_v1alpha1.GatewayClass{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "test-gc", + }, + Spec: gatewayapi_v1alpha1.GatewayClassSpec{ + Controller: "projectcontour.io/contour", + }, + Status: gatewayapi_v1alpha1.GatewayClassStatus{ + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha1.GatewayClassConditionStatusAdmitted), + Status: metav1.ConditionTrue, + }, + }, + }, + }) + + tlsMode := gatewayapi_v1alpha1.TLSModePassthrough + + rh.OnAdd(&gatewayapi_v1alpha1.Gateway{ + ObjectMeta: metav1.ObjectMeta{ + Name: "contour", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1alpha1.GatewaySpec{ + Listeners: []gatewayapi_v1alpha1.Listener{{ + Port: 443, + Protocol: "TLS", + TLS: &gatewayapi_v1alpha1.GatewayTLSConfig{ + Mode: &tlsMode, + }, + Routes: gatewayapi_v1alpha1.RouteBindingSelector{ + Namespaces: &gatewayapi_v1alpha1.RouteNamespaces{ + From: routeSelectTypePtr(gatewayapi_v1alpha1.RouteSelectAll), + }, + Kind: dag.KindTLSRoute, + }, + }}, + }, + }) + + // TLSRoute with a single service/weight. + route1 := &gatewayapi_v1alpha1.TLSRoute{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "default", + Labels: map[string]string{ + "app": "contour", + "type": "controller", + }, + }, + Spec: gatewayapi_v1alpha1.TLSRouteSpec{ + Gateways: &gatewayapi_v1alpha1.RouteGateways{ + Allow: gatewayAllowTypePtr(gatewayapi_v1alpha1.GatewayAllowAll), + }, + Rules: []gatewayapi_v1alpha1.TLSRouteRule{{ + Matches: []gatewayapi_v1alpha1.TLSRouteMatch{ + { + SNIs: []gatewayapi_v1alpha1.Hostname{"test.projectcontour.io"}, + }, + }, + ForwardTo: []gatewayapi_v1alpha1.RouteForwardTo{{ + ServiceName: pointer.StringPtr("svc1"), + Port: gatewayPort(443), + Weight: pointer.Int32Ptr(1), + }}, + }}, + }, + } + + rh.OnAdd(route1) + + c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + Resources: resources(t, + &envoy_listener_v3.Listener{ + Name: "ingress_https", + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_listener_v3.FilterChain{{ + Filters: envoy_v3.Filters( + tcpproxy("ingress_https", "default/svc1/443/da39a3ee5e"), + ), + FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + ServerNames: []string{"test.projectcontour.io"}, + }, + }}, + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), + ), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, + staticListener(), + ), + TypeUrl: listenerType, + }) + + // check that ingress_http is empty + c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + Resources: resources(t, + envoy_v3.RouteConfiguration("ingress_http"), + ), + TypeUrl: routeType, + }) + + // TLSRoute with multiple weighted services. + route2 := &gatewayapi_v1alpha1.TLSRoute{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "default", + Labels: map[string]string{ + "app": "contour", + "type": "controller", + }, + }, + Spec: gatewayapi_v1alpha1.TLSRouteSpec{ + Gateways: &gatewayapi_v1alpha1.RouteGateways{ + Allow: gatewayAllowTypePtr(gatewayapi_v1alpha1.GatewayAllowAll), + }, + Rules: []gatewayapi_v1alpha1.TLSRouteRule{{ + Matches: []gatewayapi_v1alpha1.TLSRouteMatch{ + { + SNIs: []gatewayapi_v1alpha1.Hostname{"test.projectcontour.io"}, + }, + }, + ForwardTo: []gatewayapi_v1alpha1.RouteForwardTo{ + { + ServiceName: pointer.StringPtr("svc1"), + Port: gatewayPort(443), + Weight: pointer.Int32Ptr(1), + }, + { + ServiceName: pointer.StringPtr("svc2"), + Port: gatewayPort(443), + Weight: pointer.Int32Ptr(7), + }, + }, + }}, + }, + } + + rh.OnUpdate(route1, route2) + + c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + Resources: resources(t, + &envoy_listener_v3.Listener{ + Name: "ingress_https", + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_listener_v3.FilterChain{{ + Filters: envoy_v3.Filters( + &envoy_listener_v3.Filter{ + Name: wellknown.TCPProxy, + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_tcp_proxy_v3.TcpProxy{ + StatPrefix: "ingress_https", + ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_WeightedClusters{ + WeightedClusters: &envoy_tcp_proxy_v3.TcpProxy_WeightedCluster{ + Clusters: []*envoy_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{ + {Name: "default/svc1/443/da39a3ee5e", Weight: 1}, + {Name: "default/svc2/443/da39a3ee5e", Weight: 7}, + }, + }, + }, + AccessLog: envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil), + IdleTimeout: protobuf.Duration(9001 * time.Second), + }), + }, + }, + ), + FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + ServerNames: []string{"test.projectcontour.io"}, + }, + }}, + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), + ), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, + staticListener(), + ), + TypeUrl: listenerType, + }) + + // check that ingress_http is empty + c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + Resources: resources(t, + envoy_v3.RouteConfiguration("ingress_http"), + ), + TypeUrl: routeType, + }) +} + func routeweightedcluster(clusters ...weightedcluster) *envoy_route_v3.Route_Route { return &envoy_route_v3.Route_Route{ Route: &envoy_route_v3.RouteAction{