Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fingerprint: add DNS address and port to Consul fingerprint #19969

Merged
merged 5 commits into from
Feb 14, 2024
Merged

fingerprint: add DNS address and port to Consul fingerprint #19969

merged 5 commits into from
Feb 14, 2024

Conversation

tgross
Copy link
Member

@tgross tgross commented Feb 13, 2024

In order to provide a DNS address and port to Connect tasks configured for transparent proxy, we need to fingerprint the Consul DNS address and port. The client will pass this address/port to the iptables configuration provided to the consul-cni plugin.

Ref: #10628

@tgross tgross requested a review from gulducat February 13, 2024 19:46
@tgross tgross marked this pull request as ready for review February 13, 2024 19:46
@tgross tgross added this to the 1.7.x milestone Feb 13, 2024
@tgross tgross force-pushed the fingerprint-consul-dns branch from 37c669d to 8f20afc Compare February 13, 2024 19:47
@tgross tgross mentioned this pull request Feb 13, 2024
Closed
gulducat
gulducat approved these changes Feb 13, 2024
View reviewed changes
Copy link
Member

@gulducat gulducat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm mainly looking for clarification around what exactly the bool return represents on a consulExtractor func, and whether we want to return early on any parse errors encountered along the way as happens here currently, or if we instead want to continue along down the line trying the other options.

other than that, lgtm!

client/fingerprint/consul.go Outdated Show resolved Hide resolved
client/fingerprint/consul.go Outdated Show resolved Hide resolved
client/fingerprint/consul.go Outdated Show resolved Hide resolved
@tgross tgross added the backport/1.7.x backport to 1.7.x release line label Feb 13, 2024
@tgross
fingerprint: add DNS address and port to Consul fingerprint
0725001 
In order to provide a DNS address and port to Connect tasks configured for
transparent proxy, we need to fingerprint the Consul DNS address and port. The
client will pass this address/port to the iptables configuration provided to the
`consul-cni` plugin.

Ref: #10628
@tgross
address comments from code review
17688c5
@tgross tgross force-pushed the fingerprint-consul-dns branch from 8f20afc to 17688c5 Compare February 14, 2024 15:09
@tgross
Copy link
Member Author

tgross commented Feb 14, 2024

@gulducat I've reworked the logic here a good bit, so that we're not using the bind_addr if we get 0.0.0.0 but instead are querying the private or public IP. If we get localhost, we're returning "", true gracefully.

@tgross tgross requested a review from gulducat February 14, 2024 15:11
gulducat
gulducat approved these changes Feb 14, 2024
View reviewed changes
Copy link
Member

@gulducat gulducat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The intent is way clearer now, nice work!

just a couple comments about test coverage which you can button up or not at your discretion.

client/fingerprint/consul.go Outdated Show resolved Hide resolved
client/fingerprint/consul.go Show resolved Hide resolved
client/fingerprint/consul.go Show resolved Hide resolved
@tgross tgross merged commit a747758 into main Feb 14, 2024
19 checks passed
@tgross tgross deleted the fingerprint-consul-dns branch February 14, 2024 17:15
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Feb 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gulducat gulducat gulducat approved these changes

@Juanadelacuesta Juanadelacuesta Awaiting requested review from Juanadelacuesta

Assignees
No one assigned
Labels
backport/1.7.x backport to 1.7.x release line theme/consul/connect Consul Connect integration theme/consul type/enhancement
Projects
None yet
Milestone
1.7.x
Development

Successfully merging this pull request may close these issues.
2 participants
@tgross @gulducat