fix(xds): correct endpoint config generation for API gateway in peered setups#23370
Merged
LordAbhishek merged 2 commits intoApr 13, 2026
Conversation
…d setups - Previously, API gateway XDS endpoint generation incorrectly relied on cfgSnap.ConnectProxy config (instead of cgfSnap.APIGateway), which caused wrong/no endpoint configuration for peered environments. - Changes made: - Updated makeUpstreamLoadAssignmentForPeerService to fetch localGatewayEndpoint based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Updated endpointsFromDiscoveryChain to derive meshGatewayMode based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Recompiled golden test file to reflect fix.
This was referenced Mar 25, 2026
LordAbhishek
merged commit 5084015
into
propogate_meshGatewayConfig_to_APIGW_upstreams
58 of 60 checks passed
LordAbhishek
added a commit
that referenced
this pull request
Apr 13, 2026
#23369) * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway - Fixed handleRouteConfigUpdate to properly propagate meshGatewayConfig to API gateway upstreams, which is required during XDS endpoint and cluster config generation. - Added TestStateChangedAPIGateway test cases in state_test.go to validate API gateway update handling. - Added API gateway-specific logging prefix (similar to mesh gateway) to help in debugging. * fix(xds): correct endpoint config generation for API gateway in peered setups (#23370) * fix(xds): correct endpoint config generation for API gateway in peered setups - Previously, API gateway XDS endpoint generation incorrectly relied on cfgSnap.ConnectProxy config (instead of cgfSnap.APIGateway), which caused wrong/no endpoint configuration for peered environments. - Changes made: - Updated makeUpstreamLoadAssignmentForPeerService to fetch localGatewayEndpoint based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Updated endpointsFromDiscoveryChain to derive meshGatewayMode based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Recompiled golden test file to reflect fix. * removed comment * fix(xds): correct cluster config generation for API gateway in peered setups (#23371) * fix(xds): correct cluster config generation for API gateway in peered setups - Updated makeUpstreamClustersForDiscoveryChain to generate cluster config based on upstream endpoint type. Before this fix, it always generated cluster configs without endpoints, which is incorrect when the upstream endpoint type is hostname and mesh-gateway mode is remote; in such cases, endpoints must also be included in the cluster config. - Added recompiled golden test file to reflect the fix. * fix lint error
LordAbhishek
added a commit
that referenced
this pull request
Apr 13, 2026
* add unit test cases for api gateway supporting consul peering * add compiled xds config golden files after running api-gw golden testcases * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway (#23369) * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway - Fixed handleRouteConfigUpdate to properly propagate meshGatewayConfig to API gateway upstreams, which is required during XDS endpoint and cluster config generation. - Added TestStateChangedAPIGateway test cases in state_test.go to validate API gateway update handling. - Added API gateway-specific logging prefix (similar to mesh gateway) to help in debugging. * fix(xds): correct endpoint config generation for API gateway in peered setups (#23370) * fix(xds): correct endpoint config generation for API gateway in peered setups - Previously, API gateway XDS endpoint generation incorrectly relied on cfgSnap.ConnectProxy config (instead of cgfSnap.APIGateway), which caused wrong/no endpoint configuration for peered environments. - Changes made: - Updated makeUpstreamLoadAssignmentForPeerService to fetch localGatewayEndpoint based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Updated endpointsFromDiscoveryChain to derive meshGatewayMode based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Recompiled golden test file to reflect fix. * removed comment * fix(xds): correct cluster config generation for API gateway in peered setups (#23371) * fix(xds): correct cluster config generation for API gateway in peered setups - Updated makeUpstreamClustersForDiscoveryChain to generate cluster config based on upstream endpoint type. Before this fix, it always generated cluster configs without endpoints, which is incorrect when the upstream endpoint type is hostname and mesh-gateway mode is remote; in such cases, endpoints must also be included in the cluster config. - Added recompiled golden test file to reflect the fix. * fix lint error
LordAbhishek
added a commit
that referenced
this pull request
Apr 13, 2026
* add unit test cases for api gateway supporting consul peering * add compiled xds config golden files after running api-gw golden testcases * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway (#23369) * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway - Fixed handleRouteConfigUpdate to properly propagate meshGatewayConfig to API gateway upstreams, which is required during XDS endpoint and cluster config generation. - Added TestStateChangedAPIGateway test cases in state_test.go to validate API gateway update handling. - Added API gateway-specific logging prefix (similar to mesh gateway) to help in debugging. * fix(xds): correct endpoint config generation for API gateway in peered setups (#23370) * fix(xds): correct endpoint config generation for API gateway in peered setups - Previously, API gateway XDS endpoint generation incorrectly relied on cfgSnap.ConnectProxy config (instead of cgfSnap.APIGateway), which caused wrong/no endpoint configuration for peered environments. - Changes made: - Updated makeUpstreamLoadAssignmentForPeerService to fetch localGatewayEndpoint based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Updated endpointsFromDiscoveryChain to derive meshGatewayMode based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Recompiled golden test file to reflect fix. * removed comment * fix(xds): correct cluster config generation for API gateway in peered setups (#23371) * fix(xds): correct cluster config generation for API gateway in peered setups - Updated makeUpstreamClustersForDiscoveryChain to generate cluster config based on upstream endpoint type. Before this fix, it always generated cluster configs without endpoints, which is incorrect when the upstream endpoint type is hostname and mesh-gateway mode is remote; in such cases, endpoints must also be included in the cluster config. - Added recompiled golden test file to reflect the fix. * fix lint error
LordAbhishek
added a commit
that referenced
this pull request
Apr 13, 2026
* add unit test cases for api gateway supporting consul peering * add compiled xds config golden files after running api-gw golden testcases * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway (#23369) * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway - Fixed handleRouteConfigUpdate to properly propagate meshGatewayConfig to API gateway upstreams, which is required during XDS endpoint and cluster config generation. - Added TestStateChangedAPIGateway test cases in state_test.go to validate API gateway update handling. - Added API gateway-specific logging prefix (similar to mesh gateway) to help in debugging. * fix(xds): correct endpoint config generation for API gateway in peered setups (#23370) * fix(xds): correct endpoint config generation for API gateway in peered setups - Previously, API gateway XDS endpoint generation incorrectly relied on cfgSnap.ConnectProxy config (instead of cgfSnap.APIGateway), which caused wrong/no endpoint configuration for peered environments. - Changes made: - Updated makeUpstreamLoadAssignmentForPeerService to fetch localGatewayEndpoint based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Updated endpointsFromDiscoveryChain to derive meshGatewayMode based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Recompiled golden test file to reflect fix. * removed comment * fix(xds): correct cluster config generation for API gateway in peered setups (#23371) * fix(xds): correct cluster config generation for API gateway in peered setups - Updated makeUpstreamClustersForDiscoveryChain to generate cluster config based on upstream endpoint type. Before this fix, it always generated cluster configs without endpoints, which is incorrect when the upstream endpoint type is hostname and mesh-gateway mode is remote; in such cases, endpoints must also be included in the cluster config. - Added recompiled golden test file to reflect the fix. * fix lint error
LordAbhishek
added a commit
that referenced
this pull request
Apr 22, 2026
* add unit test cases for api gateway supporting consul peering * add compiled xds config golden files after running api-gw golden testcases * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway (#23369) * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway - Fixed handleRouteConfigUpdate to properly propagate meshGatewayConfig to API gateway upstreams, which is required during XDS endpoint and cluster config generation. - Added TestStateChangedAPIGateway test cases in state_test.go to validate API gateway update handling. - Added API gateway-specific logging prefix (similar to mesh gateway) to help in debugging. * fix(xds): correct endpoint config generation for API gateway in peered setups (#23370) * fix(xds): correct endpoint config generation for API gateway in peered setups - Previously, API gateway XDS endpoint generation incorrectly relied on cfgSnap.ConnectProxy config (instead of cgfSnap.APIGateway), which caused wrong/no endpoint configuration for peered environments. - Changes made: - Updated makeUpstreamLoadAssignmentForPeerService to fetch localGatewayEndpoint based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Updated endpointsFromDiscoveryChain to derive meshGatewayMode based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Recompiled golden test file to reflect fix. * removed comment * fix(xds): correct cluster config generation for API gateway in peered setups (#23371) * fix(xds): correct cluster config generation for API gateway in peered setups - Updated makeUpstreamClustersForDiscoveryChain to generate cluster config based on upstream endpoint type. Before this fix, it always generated cluster configs without endpoints, which is incorrect when the upstream endpoint type is hostname and mesh-gateway mode is remote; in such cases, endpoints must also be included in the cluster config. - Added recompiled golden test file to reflect the fix. * fix lint error
LordAbhishek
added a commit
that referenced
this pull request
Apr 22, 2026
* add unit test cases for api gateway supporting consul peering * add compiled xds config golden files after running api-gw golden testcases * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway (#23369) * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway - Fixed handleRouteConfigUpdate to properly propagate meshGatewayConfig to API gateway upstreams, which is required during XDS endpoint and cluster config generation. - Added TestStateChangedAPIGateway test cases in state_test.go to validate API gateway update handling. - Added API gateway-specific logging prefix (similar to mesh gateway) to help in debugging. * fix(xds): correct endpoint config generation for API gateway in peered setups (#23370) * fix(xds): correct endpoint config generation for API gateway in peered setups - Previously, API gateway XDS endpoint generation incorrectly relied on cfgSnap.ConnectProxy config (instead of cgfSnap.APIGateway), which caused wrong/no endpoint configuration for peered environments. - Changes made: - Updated makeUpstreamLoadAssignmentForPeerService to fetch localGatewayEndpoint based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Updated endpointsFromDiscoveryChain to derive meshGatewayMode based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Recompiled golden test file to reflect fix. * removed comment * fix(xds): correct cluster config generation for API gateway in peered setups (#23371) * fix(xds): correct cluster config generation for API gateway in peered setups - Updated makeUpstreamClustersForDiscoveryChain to generate cluster config based on upstream endpoint type. Before this fix, it always generated cluster configs without endpoints, which is incorrect when the upstream endpoint type is hostname and mesh-gateway mode is remote; in such cases, endpoints must also be included in the cluster config. - Added recompiled golden test file to reflect the fix. * fix lint error
LordAbhishek
added a commit
that referenced
this pull request
Apr 22, 2026
* add unit test cases for api gateway supporting consul peering * add compiled xds config golden files after running api-gw golden testcases * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway (#23369) * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway - Fixed handleRouteConfigUpdate to properly propagate meshGatewayConfig to API gateway upstreams, which is required during XDS endpoint and cluster config generation. - Added TestStateChangedAPIGateway test cases in state_test.go to validate API gateway update handling. - Added API gateway-specific logging prefix (similar to mesh gateway) to help in debugging. * fix(xds): correct endpoint config generation for API gateway in peered setups (#23370) * fix(xds): correct endpoint config generation for API gateway in peered setups - Previously, API gateway XDS endpoint generation incorrectly relied on cfgSnap.ConnectProxy config (instead of cgfSnap.APIGateway), which caused wrong/no endpoint configuration for peered environments. - Changes made: - Updated makeUpstreamLoadAssignmentForPeerService to fetch localGatewayEndpoint based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Updated endpointsFromDiscoveryChain to derive meshGatewayMode based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Recompiled golden test file to reflect fix. * removed comment * fix(xds): correct cluster config generation for API gateway in peered setups (#23371) * fix(xds): correct cluster config generation for API gateway in peered setups - Updated makeUpstreamClustersForDiscoveryChain to generate cluster config based on upstream endpoint type. Before this fix, it always generated cluster configs without endpoints, which is incorrect when the upstream endpoint type is hostname and mesh-gateway mode is remote; in such cases, endpoints must also be included in the cluster config. - Added recompiled golden test file to reflect the fix. * fix lint error
LordAbhishek
added a commit
that referenced
this pull request
Apr 22, 2026
…r API Gateways when peered and updated the API Gateway updateHandler to propagate mesh gateway config to its upstreams. (#23454) * Add api gateway peering unit test cases. (#23366) * add unit test cases for api gateway supporting consul peering * add compiled xds config golden files after running api-gw golden testcases * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway (#23369) * fix(proxyCfg): propogate meshGatewayConfig to upstreams of API gateway - Fixed handleRouteConfigUpdate to properly propagate meshGatewayConfig to API gateway upstreams, which is required during XDS endpoint and cluster config generation. - Added TestStateChangedAPIGateway test cases in state_test.go to validate API gateway update handling. - Added API gateway-specific logging prefix (similar to mesh gateway) to help in debugging. * fix(xds): correct endpoint config generation for API gateway in peered setups (#23370) * fix(xds): correct endpoint config generation for API gateway in peered setups - Previously, API gateway XDS endpoint generation incorrectly relied on cfgSnap.ConnectProxy config (instead of cgfSnap.APIGateway), which caused wrong/no endpoint configuration for peered environments. - Changes made: - Updated makeUpstreamLoadAssignmentForPeerService to fetch localGatewayEndpoint based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Updated endpointsFromDiscoveryChain to derive meshGatewayMode based on cfgSnap kind instead of always using cfgSnap.ConnectProxy. - Recompiled golden test file to reflect fix. * removed comment * fix(xds): correct cluster config generation for API gateway in peered setups (#23371) * fix(xds): correct cluster config generation for API gateway in peered setups - Updated makeUpstreamClustersForDiscoveryChain to generate cluster config based on upstream endpoint type. Before this fix, it always generated cluster configs without endpoints, which is incorrect when the upstream endpoint type is hostname and mesh-gateway mode is remote; in such cases, endpoints must also be included in the cluster config. - Added recompiled golden test file to reflect the fix. * fix lint error * add changelog * refresh golden file to remove regexRewrite from route configs
This was referenced Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fix(xds): correct endpoint config generation for API gateway in peered setups
Issue:
Fix (Changes made):
makeUpstreamLoadAssignmentForPeerServiceto fetchlocalGatewayEndpointbased oncfgSnapkind instead of always usingcfgSnap.ConnectProxy.If not updated, api-gw always never generates endpoint configs.
endpointsFromDiscoveryChainto derivemeshGatewayModebased oncfgSnapkind instead of always usingcfgSnap.ConnectProxy.If not updated, in case of peering, when api gw meshGateway.mode is confgured to local, it always fallback to remote mesh mode.. due to which it never routes to its upstream via local mesh gateway. It will be configured directly to talk with remote mesh gw.
Verification:
We can verify the golden file that are generated after the fix.
How the fix is tested:
Unit test cases: $ go test ./agent/xds -run 'TestAllResourcesFromSnapshot/.*/api-gateway-with-peers-mesh-mode-(local|remote)-and-upstream-is-(hostname|static)' -count=1 -update
ok github.com/hashicorp/consul/agent/xds 0.491s
$ go test ./agent/xds
ok github.com/hashicorp/consul/agent/xds 1.924s
$ go test ./agent/proxycfg
ok github.com/hashicorp/consul/agent/proxycfg 5.105s
Consul-k8s acceptance tests:
Built the consul-ent patch image with the same changes:
Ran the consul-k8s workflow with the patched consul-ent image.
All peering test ran fine on both EKS and Kind.
Kind test: https://github.com/hashicorp/consul-k8s-workflows/actions/runs/22376072101
EKS test: https://github.com/hashicorp/consul-k8s-workflows/actions/runs/22376066354