These 15 commits are when the Protocol Buffers files have changed:
| Commit: | 9e09c13 | |
|---|---|---|
| Author: | Zahari Dichev | |
| Committer: | GitHub | |
fix(spiffe-proto): generate proto bindings without embedding package definition (#4324) Our workload.proto package has a package definition in it. We rely on that package definition for naming our generated protobuf file. We however do not want the package details being part of the service/method names of the generated client code. For that purpose we have used the `disable_package_emission` method successfully in the past in order to generate code that does not have the package details in the service/method names. When we moved to tonic_prost_build however in [this PR](https://github.com/linkerd/linkerd2-proxy/commit/bdf10e47#diff-4a9729833e19e5f140e358c372e53f7ccf5e23de7c23062e4282127512dd621f), we have lost this functionality as the `emit_package` method does not seem to be honored. In order to fix that and revert back to generating code with the correct service definitions while still preserving the name of the generated rust file, this PR: * removes the package definition from the protobuf file * adds a post processing step that renames the generated `_.rs` file to what it is supposed to be --- * fix(spiffe-proto): generate proto bindings without embedding package definition Signed-off-by: Zahari Dichev <zaharidichev@gmail.com> * fmt Signed-off-by: Zahari Dichev <zaharidichev@gmail.com> * set default package name instead of renaming file --------- Signed-off-by: Zahari Dichev <zaharidichev@gmail.com> Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io>
| Commit: | 672d3cf | |
|---|---|---|
| Author: | Scott Fleener | |
| Committer: | Scott Fleener | |
chore(tracing)!: Remove OpenCensus trace protocol OpenCensus as a protocol has been sunset for some time now. Additionally, we have supported its replacement, OpenTelemetry, for a long time now, and we don't even expose the OpenCensus configuration from the linkerd control plane chart. This removes OpenCensus from the proxy. There's some cleanup that will have to be done in follow-ups, but this attempts to keep the diff as minimal as possible. Signed-off-by: Scott Fleener <scott@buoyant.io>
The documentation is generated from this commit.
| Commit: | 16434eb | |
|---|---|---|
| Author: | Scott Fleener | |
| Committer: | GitHub | |
fix(tracing): Remove opentelemetry vendoring (#4025) * fix(tracing): Remove opentelemetry vendoring We used to vendor the opentelemetry protobufs because we relied on a version of tonic that `opentelemetry-sdk` didn't support. Now that we've upgraded tonic, we can remove the vendoring and use the official APIs. Signed-off-by: Scott Fleener <scott@buoyant.io> * chore(deps): Update opentelemetry deps to 0.30 Signed-off-by: Scott Fleener <scott@buoyant.io> * chore(otel): Remove opentelemetry proto generation OpenTelemetry protos are no longer vendored, so we no longer need to generate them. Signed-off-by: Scott Fleener <scott@buoyant.io> --------- Signed-off-by: Scott Fleener <scott@buoyant.io>
| Commit: | 930da0d | |
|---|---|---|
| Author: | Scott Fleener | |
| Committer: | Scott Fleener | |
fix(tracing): Remove opentelemetry vendoring We used to vendor the opentelemetry protobufs because we relied on a version of tonic that `opentelemetry-sdk` didn't support. Now that we've upgraded tonic, we can remove the vendoring and use the official APIs. Signed-off-by: Scott Fleener <scott@buoyant.io>
| Commit: | 38ca37e | |
|---|---|---|
| Author: | Scott Fleener | |
| Committer: | Scott Fleener | |
Vendor OpenTelemetry protocol In preparation for supporting the OpenTelemetry protocol for the proxy's traces, this vendors the relevant protobufs as well as some convenience helpers here. This works around the fact that the existing `opentelemetry` crates do not support the version of tonic that we currently use (0.10), and this vendoring can be removed once we update. [#10111](https://github.com/linkerd/linkerd2/issues/10111) Signed-off-by: Scott Fleener <scott@buoyant.io>
| Commit: | e5392af | |
|---|---|---|
| Author: | Zahari Dichev | |
| Committer: | GitHub | |
identity: add spire identity client (#2580) This PR adds gRPC client that allows us to connect to the SPIRE workload API and stream new certificates through the `identity::Credentials` API. The configuration part of this functionality will come in a later subsequent change. Signed-off-by: Zahari Dichev <zaharidichev@gmail.com
| Commit: | d1665b3 | |
|---|---|---|
| Author: | Zahari Dichev | |
move grpc client to app/src Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>
| Commit: | c156aa2 | |
|---|---|---|
| Author: | Zahari Dichev | |
| Committer: | Zahari Dichev | |
identity: add spire identity client Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>
| Commit: | 122d263 | |
|---|---|---|
| Author: | Oliver Gould | |
| Committer: | GitHub | |
transport-header: Encode session protocol (#877) In order to transport both opaque and non-opaque protocols with the transport header, especially for multicluster gateways, the inbound proxy needs to be able to discover whether the session protocol is known by the client. This change adds a field and enum type to the transport header protobuf message and wires it through so the outbound proxy parameterizes its target type on the session protocol.a Inbound handling of this field is not yet implemented and will be added in a followup change.
| Commit: | af1110c | |
|---|---|---|
| Author: | Oliver Gould | |
| Committer: | GitHub | |
Rename opaque-transport to transport-header (#825) Transport headers may be used for non-opaque traffic, i.e., for multicluster. This change renames the module and changes the transport preface to reflect this.
| Commit: | f1be3a6 | |
|---|---|---|
| Author: | Oliver Gould | |
| Committer: | GitHub | |
Transport opaque connections over mTLS (#785) The proxy supports transporting "opaque" TCP streams, but it cannot do so with mTLS. Because we cannot perform protocol detection (including mTLS discovery) on server-first or otherwise idle TCP streams, we have no reliable way to instrument mTLS on these connections. This change leverages a new discovery API that annotates an `OpaqueTransport` hint for targets that are marked opaque but have a Linkerd proxy. This hint includes the inbound port of the target proxy and, when specified, configures the outbound proxy to: 1. Connect directly to the inbound port (instead of the original target port). 2. Write an "opaque transport header"--a special protocol marker and a length-delimited protobuf message including the original target port. This allows the inbound proxy to perform TLS discovery for these streams; and then the inbound proxy is able to route the connection to the proper application port as informed by the connection header. This change, effectively, wraps arbitrary, opaque TCP streams in a client-first TCP protocol so that inbound proxies can perform mTLS detection. This change does **not** extend the proxy's gateway mode to transport these connections. This change will be done in a followup.
| Commit: | d213c13 | |
|---|---|---|
| Author: | Oliver Gould | |
| Committer: | GitHub | |
internal: Spilt app from linkerd2-proxy (#375) * internal: internal: Spilt app from linkerd2-proxy The `linkerd2-proxy crate currently comprises the entirety of the application logic for the proxy. This unfortunately leads to exceedingly high compile times (35+ minutes to compile the application with tests). Specifically: * Any change to the inbound or outbound proxy configuration necessitated recompiling the other; and this compilation could not be parallelized. * Integration tests depended on the `linkerd2-proxy` executable, adding about 10 minutes to every build. * The tests/support module (which is also extremely costly to build) was compiled _for each integration test_. This change restructures the crates in this repository to allow `cargo` to cache intermediate code that was otherwise being compiled redundantly or serially: * The `linkerd2-proxy` crate now contains _only_ the executable and need not be built during tests. * The `linkerd2-app` crate exposes the app's `Main`, but uses `linkerd2-app-inbound` and `linkerd2-app-outbound` subcrates to improve parellization/cacheability. * The rest of the top-level application code * The `linkerd2-app-integration` crate now contains all of the integration test support code (as well as the tests themselves), so that the tests only need to compile the support library once. All in all, this reduces compile time to under 20 minutes.
| Commit: | 626cf5e | |
|---|---|---|
| Author: | Alex Leong | |
| Committer: | GitHub | |
Add opencensus exporter (#338) Adds a SpanExporter for sending Spans to an OpenCensus agent or collector in the OpenCensus agent gRPC format as a streaming request. Signed-off-by: Alex Leong <alex@buoyant.io>
| Commit: | b56cc88 | |
|---|---|---|
| Author: | Eliza Weisman | |
| Committer: | Oliver Gould | |
Adopt external tower-grpc and tower-h2 deps #225) The conduit repo includes several library projects that have since been moved into external repos, including `tower-grpc` and `tower-h2`. This change removes these vendored libraries in favor of using the new external crates.
This commit does not contain any .proto files.
| Commit: | d2c54b6 | |
|---|---|---|
| Author: | Oliver Gould | |
| Committer: | Oliver Gould | |
Introducing Conduit, the ultralight service mesh We’ve built Conduit from the ground up to be the fastest, lightest, simplest, and most secure service mesh in the world. It features an incredibly fast and safe data plane written in Rust, a simple yet powerful control plane written in Go, and a design that’s focused on performance, security, and usability. Most importantly, Conduit incorporates the many lessons we’ve learned from over 18 months of production service mesh experience with Linkerd. This repository contains a few tightly-related components: - `proxy` -- an HTTP/2 proxy written in Rust; - `controller` -- a control plane written in Go with gRPC; - `web` -- a UI written in React, served by Go.