http: adding CONNECT example configs and improving docs #11066
Conversation
Signed-off-by: Alyssa Wilk <[email protected]>
configs/encapsulate_in_connect.yaml
Outdated
| @@ -0,0 +1,38 @@ | |||
| admin: | |||
There was a problem hiding this comment.
drive by: please make sure these new tests are added to the BUILD file so they get tested as part of config_test. Thank you!
configs/encapsulate_in_connect.yaml
Outdated
| - filters: | ||
| - name: tcp | ||
| typed_config: | ||
| "@type": type.googleapis.com/envoy.config.filter.network.tcp_proxy.v2.TcpProxy |
There was a problem hiding this comment.
Use v3? "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
configs/terminate_connect.yaml
Outdated
| transport_socket: | ||
| name: envoy.transport_sockets.tls | ||
| typed_config: | ||
| "@type": type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext |
There was a problem hiding this comment.
Use v3 config? "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext"
Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Alyssa Wilk <[email protected]>
| .. proxy multiplexed TCP over pre-warmed secure connections and amortize the cost of any TLS handshake. | ||
| .. An example set up proxying SMTP would look something like this | ||
| .. | ||
| .. [SMTP Upstream] --- raw STMP --- [L2 Envoy] --- SMTP tunneled over HTTP/2 --- [L1 Envoy] --- SMTP --- [Client] |
test/config_test/config_test.cc
Outdated
| @@ -168,6 +168,8 @@ uint32_t run(const std::string& directory) { | |||
| ENVOY_LOG_MISC(info, "testing {}.\n", filename); | |||
| OptionsImpl options( | |||
| Envoy::Server::createTestOptionsImpl(filename, "", Network::Address::IpVersion::v6)); | |||
| // Try to avoid conflicting with other tests. | |||
There was a problem hiding this comment.
should we just disable hot restart instead? or do some of the tests rely on that?
| @@ -0,0 +1,38 @@ | |||
| admin: | |||
There was a problem hiding this comment.
do we have docs explaining how this feature works as well?
There was a problem hiding this comment.
Just what's in this PR. I think folks will mainly only use this for TCP tunneling - while there is a desire to have Envoy generate CONNECT requests AFIK it's only for HTTP/1.1, where for HTTP/2 the only planned use is tunneling TCP (by Google and folks who asked for #1630)
Signed-off-by: Alyssa Wilk <[email protected]>
|
Any other requests? |
| // Avoid contention issues with other tests over the hot restart domain socket. | ||
| options.setHotRestartDisabled(true); |
There was a problem hiding this comment.
Hmm @zuercher is this the same issue you are trying to fix?
There was a problem hiding this comment.
See https://github.com/envoyproxy/envoy/pull/11016/files. I'm guessing this change can be reverted once the other PR lands.
Risk Level: n/a
Testing: n/a
Docs Changes: connect docs improved
Release Notes: n/a
Part of #1451 and #1630