From 096c72a2f48707f2fa1e98d4d06be17f4a801828 Mon Sep 17 00:00:00 2001 From: Ryan R Sundberg Date: Tue, 4 Jun 2024 05:46:24 -0700 Subject: [PATCH] Consul Connect: Fix validation with multiple local_bind_socket_paths (#22312) When a consul connect sidecar service is defined with multiple local_bind_socket_path upstreams, validation would fail due to duplicate socket address bindings on `:0` being detected. Validate local_bind_socket_path sockets separately from IP address sockets. --- .changelog/22312.txt | 3 +++ nomad/job_endpoint_hook_connect.go | 9 +++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 .changelog/22312.txt diff --git a/.changelog/22312.txt b/.changelog/22312.txt new file mode 100644 index 000000000..b742299c2 --- /dev/null +++ b/.changelog/22312.txt @@ -0,0 +1,3 @@ +```release-note:bug +connect: fix validation with multiple socket paths +``` diff --git a/nomad/job_endpoint_hook_connect.go b/nomad/job_endpoint_hook_connect.go index fd42cb03c..14917b5cd 100644 --- a/nomad/job_endpoint_hook_connect.go +++ b/nomad/job_endpoint_hook_connect.go @@ -569,7 +569,7 @@ func groupConnectValidate(g *structs.TaskGroup) error { } func groupConnectUpstreamsValidate(g *structs.TaskGroup, services []*structs.Service) error { - listeners := make(map[string]string) // address -> service + listeners := make(map[string]string) // address or path-> service var connectBlockCount int var hasTproxy bool @@ -580,7 +580,12 @@ func groupConnectUpstreamsValidate(g *structs.TaskGroup, services []*structs.Ser } if service.Connect.HasSidecar() && service.Connect.SidecarService.Proxy != nil { for _, up := range service.Connect.SidecarService.Proxy.Upstreams { - listener := net.JoinHostPort(up.LocalBindAddress, strconv.Itoa(up.LocalBindPort)) + var listener string + if up.LocalBindSocketPath == "" { + listener = net.JoinHostPort(up.LocalBindAddress, strconv.Itoa(up.LocalBindPort)) + } else { + listener = up.LocalBindSocketPath + } if s, exists := listeners[listener]; exists { return fmt.Errorf( "Consul Connect services %q and %q in group %q using same address for upstreams (%s)",