fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) (#5090

) * fix(kuma-cp): deep copy tags when gen. outbounds (#5070) It fixes potential data race (iterating and writing to tags map) Signed-off-by: Bart Smykla <[email protected]> Signed-off-by: Bart Smykla <[email protected]> (cherry picked from commit 81ccca0) # Conflicts: # pkg/xds/sync/proxy_builder_test.go # pkg/xds/topology/outbound.go * fix: conflicts Signed-off-by: Bart Smykla <[email protected]> * chore: bump ubuntu ver. (22.04) for kuma-universal Signed-off-by: Bart Smykla <[email protected]> * chore: change apt to abt-get Signed-off-by: Bart Smykla <[email protected]> * chore: remove failing apt-get dist-upgrade Signed-off-by: Bart Smykla <[email protected]> * chore: remove specifying docker ver. in ci/build Signed-off-by: Bart Smykla <[email protected]> * chore: revert setup_remote_docker + bump 20.10.14 Signed-off-by: Bart Smykla <[email protected]> Signed-off-by: Bart Smykla <[email protected]> Co-authored-by: Bart Smykla <[email protected]>
kumahq · Oct 4, 2022 · 3073060 · 3073060
1 parent 1eceb83
commit 3073060
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 9 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -339,7 +339,7 @@ jobs:
         name: Build all Kuma binaries (such as, kumactl, kuma-cp, kuma-dp, kuma-prometheus-sd)
         command: make build
     - setup_remote_docker:
-        version: 20.10.7
+        version: 20.10.14
     - run:
         name: Build Docker images
         command: |

diff --git a/pkg/xds/topology/outbound.go b/pkg/xds/topology/outbound.go
@@ -135,7 +135,7 @@ func fillDataplaneOutbounds(
 		dpNetworking := dpSpec.GetNetworking()
 
 		for _, inbound := range dpNetworking.GetHealthyInbounds() {
-			inboundTags := inbound.GetTags()
+			inboundTags := cloneTags(inbound.GetTags())
 			serviceName := inboundTags[mesh_proto.ServiceTag]
 			inboundInterface := dpNetworking.ToInboundInterface(inbound)
 			inboundAddress := inboundInterface.DataplaneAdvertisedIP
@@ -210,7 +210,9 @@ func fillIngressOutbounds(
 			if service.Mesh != mesh.GetMeta().GetName() {
 				continue
 			}
-			serviceTags := service.GetTags()
+
+			// deep copy map to not modify tags in BuildRemoteEndpointMap
+			serviceTags := cloneTags(service.GetTags())
 			serviceName := serviceTags[mesh_proto.ServiceTag]
 			serviceInstances := service.GetInstances()
 			locality := localityFromTags(mesh, priorityRemote, serviceTags)
@@ -237,7 +239,7 @@ func fillIngressOutbounds(
 					}
 					// this is necessary for correct spiffe generation for dp when
 					// traffic is routed: egress -> ingress -> egress
-					if mesh.ZoneEgressEnabled() && service.ExternalService {
+					if service.ExternalService {
 						endpoint.ExternalService = &core_xds.ExternalService{}
 					}
 
@@ -312,7 +314,8 @@ func fillExternalServicesOutboundsThroughEgress(
 	mesh *core_mesh.MeshResource,
 ) {
 	for _, externalService := range externalServices {
-		serviceTags := externalService.Spec.GetTags()
+		// deep copy map to not modify tags in ExternalService.
+		serviceTags := cloneTags(externalService.Spec.GetTags())
 		serviceName := serviceTags[mesh_proto.ServiceTag]
 		locality := localityFromTags(mesh, priorityRemote, serviceTags)
 
@@ -347,7 +350,8 @@ func NewExternalServiceEndpoint(
 	spec := externalService.Spec
 	tls := spec.GetNetworking().GetTls()
 	meshName := mesh.GetMeta().GetName()
-	tags := spec.GetTags()
+	// deep copy map to not modify tags in ExternalService.
+	tags := cloneTags(spec.GetTags())
 
 	es := &core_xds.ExternalService{
 		TLSEnabled:         tls.GetEnabled(),
@@ -380,6 +384,14 @@ func NewExternalServiceEndpoint(
 	}, nil
 }
 
+func cloneTags(tags map[string]string) map[string]string {
+	result := map[string]string{}
+	for tag, value := range tags {
+		result[tag] = value
+	}
+	return result
+}
+
 func convertToEnvoy(ds *v1alpha1.DataSource, mesh string, loader datasource.Loader) []byte {
 	if ds == nil {
 		return nil

diff --git a/test/dockerfiles/Dockerfile.universal b/test/dockerfiles/Dockerfile.universal
@@ -1,11 +1,11 @@
-FROM ubuntu:21.04
+FROM ubuntu:22.04
 
 RUN mkdir /kuma
 RUN echo "# use this file to override default configuration of \`kuma-cp\`" > /kuma/kuma-cp.conf \
     && chmod a+rw /kuma/kuma-cp.conf
 
-RUN apt update \
-  && apt dist-upgrade -y \
+RUN apt-get update \
+  && apt-get dist-upgrade -y \
   && DEBIAN_FRONTEND=noninteractive apt-get install -y \
     curl \
     dnsutils \