multicluster: Use the proxy as an HTTP gateway

[olix0r]

This change introduces a new annotation,
config.linkerd.io/enable-gateway, that, when set, enables the proxy to
act as a gateway, routing all traffic targetting the inbound listener
through the outbound proxy.

This also removes the nginx default listener and gateway port of 4180,
instead using 4143 (the inbound port).

This includes an update to the proxy version v2.99.0.

The proxy can now operate as gateway, routing requests from its inbound
proxy to the outbound proxy, without passing the requests to a local
application. This supports Linkerd's multicluster feature by adding a
Forwarded header to propagate the original client identity and assist
in loop detection.

---

• Add loop detection to inbound & TCP forwarding (Add loop detection to inbound & TCP forwarding linkerd2-proxy#527)
• Test loop detection (Test loop detection linkerd2-proxy#532)
• fallback: Unwrap errors recursively (fallback: Unwrap errors recursively linkerd2-proxy#534)
• app: Split inbound/outbound constructors into components (app: Split inbound/outbound constructors into components linkerd2-proxy#533)
• Introduce a gateway between inbound and outbound (Introduce a gateway between inbound and outbound linkerd2-proxy#540)
• gateway: Add a Forwarded header (gateway: Add a Forwarded header linkerd2-proxy#544)
• gateway: Return errors instead of responses (gateway: Return errors instead of responses linkerd2-proxy#547)
• Fail requests that loop through the gateway (Fail requests that loop through the gateway linkerd2-proxy#545)

[zaharidichev]

I verified that works with the k3d script

[alpeb]

Note that the merge brought the "linkerd-gateway-probe": must be no more than 15 characters problem

[zaharidichev]

For anyone who wants to test this, I have verified it works with this branch olix0r/l2-k3d-multi#2

[zaharidichev]

LGTM

[adleong]

What are the semantics of this variable? When set, any requests to the inbound listener that match this suffix will be routed directly to the outbound proxy?

[olix0r]

Correct. (After DNS resolution)

[alpeb]

For some reason I can't get this to work with the l2-k3d-multi setup...

$ curl -v http://localhost:8080/api/list
*   Trying ::1:8080...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET /api/list HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json; charset=UTF-8
< Date: Tue, 02 Jun 2020 20:29:45 GMT
< Content-Length: 109
< 
{"error":"rpc error: code = Unknown desc = OK: HTTP status code 200; transport: missing content-type field"}

[olix0r]

OK. I've tested this with https://github.com/olix0r/l2-k3d-multi and it works as I'd expect with regard to loop detection and traffic split updating.