2023-03-28 20:12:30 +01:00
// Copyright (c) HashiCorp, Inc.
2023-08-11 09:12:13 -04:00
// SPDX-License-Identifier: BUSL-1.1
2023-03-28 20:12:30 +01:00
2018-10-03 20:37:53 +01:00
package envoy
2019-04-29 17:27:57 +01:00
// BootstrapTplArgs is the set of arguments that may be interpolated into the
// Envoy bootstrap template.
type BootstrapTplArgs struct {
2020-04-07 16:33:22 -04:00
GRPC
2023-08-01 01:56:09 +08:00
// ProxyCluster is the cluster name for the Envoy `node` specification and
2019-04-29 17:27:57 +01:00
// is typically the same as the ProxyID.
ProxyCluster string
// ProxyID is the ID of the proxy service instance as registered with the
// local Consul agent. This must be used as the Envoy `node.id` in order for
// the agent to deliver the correct configuration.
ProxyID string
2022-06-06 09:23:08 -07:00
// NodeName is the name of the node on which the proxy service instance is registered.
NodeName string
2020-11-16 16:37:19 -07:00
// ProxySourceService is the Consul service name to report for this proxy
// instance's source service label. For sidecars it should be the
// Proxy.DestinationServiceName. For gateways and similar it is the service
// name of the proxy service itself.
ProxySourceService string
2019-12-13 17:44:48 +01:00
// AgentCAPEM is the CA to use to verify the local agent gRPC service if
2019-04-29 17:27:57 +01:00
// TLS is enabled.
2020-01-10 15:57:54 +01:00
AgentCAPEM string
2019-04-29 17:27:57 +01:00
2023-01-09 15:16:00 -05:00
// AdminAccessLogConfig string representations of Envoy access log
// configurations for the admin interface.
AdminAccessLogConfig [ ] string
2019-06-07 11:26:43 +02:00
// AdminAccessLogPath The path to write the access log for the
// administration server. If no access log is desired specify
2023-01-09 15:16:00 -05:00
// "/dev/null". By default it will use "/dev/null". Will be overriden by
// AdminAccessLogConfig.
// DEPRECATED: use AdminAccessLogConfig
2019-06-07 11:26:43 +02:00
AdminAccessLogPath string
2019-04-29 17:27:57 +01:00
// AdminBindAddress is the address the Envoy admin server should bind to.
AdminBindAddress string
// AdminBindPort is the port the Envoy admin server should bind to.
AdminBindPort string
// LocalAgentClusterName is the name reserved for the local Consul agent gRPC
// service and is expected to be used for that purpose.
2018-10-03 20:37:53 +01:00
LocalAgentClusterName string
2019-04-29 17:27:57 +01:00
// Token is the Consul ACL token provided which is required to make gRPC
// discovery requests. If non-empty, this must be configured as the gRPC
// service "initial_metadata" with the key "x-consul-token" in order to
// authorize the discovery streaming RPCs.
Token string
// StaticClustersJSON is JSON string, each is expected to be a valid Cluster
// definition. They are appended to the "static_resources.clusters" list. Note
// that cluster names should be chosen in such a way that they won't collide
// with service names since we use plain service names as cluster names in xDS
// to make metrics population simpler and cluster names mush be unique. See
// https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/api/v2/cds.proto.
StaticClustersJSON string
// StaticListenersJSON is a JSON string containing zero or more Listener
// definitions. They are appended to the "static_resources.listeners" list. A
// single listener should be given as a plain object, if more than one is to
// be added, they should be separated by a comma suitable for direct injection
// into a JSON array.
// See https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/api/v2/lds.proto.
StaticListenersJSON string
// StatsSinksJSON is a JSON string containing an array in the right format
// to be rendered as the body of the `stats_sinks` field at the top level of
// the bootstrap config. It's format may vary based on Envoy version used. See
// https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/config/metrics/v2/stats.proto#config-metrics-v2-statssink.
StatsSinksJSON string
// StatsConfigJSON is a JSON string containing an object in the right format
// to be rendered as the body of the `stats_config` field at the top level of
// the bootstrap config. It's format may vary based on Envoy version used. See
// https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/config/metrics/v2/stats.proto#envoy-api-msg-config-metrics-v2-statsconfig.
StatsConfigJSON string
2022-06-16 17:18:37 -07:00
// StaticSecretsJSON is a JSON string containing zero or more Secret definitions.
// See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/secret.proto#envoy-v3-api-msg-extensions-transport-sockets-tls-v3-secret
StaticSecretsJSON string
2019-04-29 17:27:57 +01:00
// StatsFlushInterval is the time duration between Envoy stats flushes. It is
// in proto3 "duration" string format for example "1.12s" See
// https://developers.google.com/protocol-buffers/docs/proto3#json and
// https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/config/bootstrap/v2/bootstrap.proto#bootstrap
StatsFlushInterval string
// TracingConfigJSON is a JSON string containing an object in the right format
// to be rendered as the body of the `tracing` field at the top level of
// the bootstrap config. It's format may vary based on Envoy version used.
// See https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/config/trace/v2/trace.proto.
TracingConfigJSON string
2020-01-24 10:04:58 -05:00
2020-11-16 16:37:19 -07:00
// Namespace is the Consul Enterprise Namespace of the proxy service instance
// as registered with the Consul agent.
2020-01-24 10:04:58 -05:00
Namespace string
2020-02-10 20:53:04 +01:00
2021-09-14 19:37:11 -06:00
// Partition is the Consul Enterprise Partition of the proxy service instance
// as registered with the Consul agent.
Partition string
2020-11-16 16:37:19 -07:00
// Datacenter is the datacenter where the proxy service instance is registered.
Datacenter string
2021-03-04 14:15:47 -08:00
// PrometheusBackendPort will configure a "prometheus_backend" cluster which
// envoy_prometheus_bind_addr will point to.
PrometheusBackendPort string
// PrometheusScrapePath will configure the path where metrics are exposed on
// the envoy_prometheus_bind_addr listener.
PrometheusScrapePath string
2022-06-16 17:18:37 -07:00
2022-10-19 15:44:19 -04:00
// PrometheusCAFile is the path to a CA file for Envoy to use when serving TLS on the Prometheius metrics
// endpoint. Only applicable when envoy_prometheus_bind_addr is set in the proxy config.
PrometheusCAFile string
// PrometheusCAPath is the path to a directory of CA certificates for Envoy to use when serving the Prometheus
// metrics endpoint. Only applicable when envoy_prometheus_bind_addr is set in the proxy config.
PrometheusCAPath string
// PrometheusCertFile is the path to a certificate file for Envoy to use when serving TLS on the Prometheus
// metrics endpoint. Only applicable when envoy_prometheus_bind_addr is set in the proxy config.
2022-06-16 17:18:37 -07:00
PrometheusCertFile string
2022-10-19 15:44:19 -04:00
2022-10-19 15:52:10 -04:00
// PrometheusKeyFile is the path to a private key file Envoy to use when serving TLS on the Prometheus metrics
2022-10-19 15:44:19 -04:00
// endpoint. Only applicable when envoy_prometheus_bind_addr is set in the proxy config.
PrometheusKeyFile string
2018-10-03 20:37:53 +01:00
}
2020-04-07 16:33:22 -04:00
// GRPC settings used in the bootstrap template.
type GRPC struct {
// AgentAddress is the IP address of the local agent where the proxy instance
// is registered.
AgentAddress string
// AgentPort is the gRPC port exposed on the local agent.
AgentPort string
// AgentTLS is true if the local agent gRPC service should be accessed over
// TLS.
AgentTLS bool
// AgentSocket is the path to a Unix Socket for communicating with the
// local agent's gRPC endpoint. Disabled if the empty (the default),
// but overrides AgentAddress and AgentPort if set.
AgentSocket string
}
2021-02-26 16:23:15 -06:00
// bootstrapTemplate sets '"ignore_health_on_host_removal": false' JUST to force this to be detected as a v3 bootstrap
// config.
2018-10-09 10:57:26 +01:00
const bootstrapTemplate = ` {
2018-10-05 15:08:01 -05:00
"admin" : {
2023-01-09 15:16:00 -05:00
{ { - if ( not . AdminAccessLogConfig ) } }
2019-06-07 11:26:43 +02:00
"access_log_path" : "{{ .AdminAccessLogPath }}" ,
2023-01-09 15:16:00 -05:00
{ { - end } }
{ { - if . AdminAccessLogConfig } }
"access_log" : [
{ { - range $ index , $ element := . AdminAccessLogConfig } }
{ { if $ index } } , { { end } }
{ { $ element } }
{ { end } } ] ,
{ { - end } }
2018-10-05 15:08:01 -05:00
"address" : {
"socket_address" : {
"address" : "{{ .AdminBindAddress }}" ,
"port_value" : { { . AdminBindPort } }
}
}
} ,
"node" : {
"cluster" : "{{ .ProxyCluster }}" ,
2020-01-24 10:04:58 -05:00
"id" : "{{ .ProxyID }}" ,
"metadata" : {
2022-06-06 09:23:08 -07:00
{ { - if . NodeName } }
"node_name" : "{{ .NodeName }}" ,
{ { - end } }
2020-02-10 20:53:04 +01:00
"namespace" : "{{if ne .Namespace " "}}{{ .Namespace }}{{else}}default{{end}}" ,
2021-10-11 21:18:56 -05:00
"partition" : "{{if ne .Partition " "}}{{ .Partition }}{{else}}default{{end}}"
2020-01-24 10:04:58 -05:00
}
2018-10-05 15:08:01 -05:00
} ,
2022-06-29 10:29:54 -05:00
"layered_runtime" : {
"layers" : [
{
"name" : "base" ,
"static_layer" : {
"re2.max_program_size.error_level" : 1048576
}
}
]
} ,
2018-10-05 15:08:01 -05:00
"static_resources" : {
"clusters" : [
{
"name" : "{{ .LocalAgentClusterName }}" ,
2021-02-26 16:23:15 -06:00
"ignore_health_on_host_removal" : false ,
2018-10-05 15:08:01 -05:00
"connect_timeout" : "1s" ,
"type" : "STATIC" ,
2018-10-09 10:57:26 +01:00
{ { - if . AgentTLS - } }
2021-02-22 15:00:15 -06:00
"transport_socket" : {
"name" : "tls" ,
"typed_config" : {
2021-02-26 16:23:15 -06:00
"@type" : "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext" ,
2021-02-22 15:00:15 -06:00
"common_tls_context" : {
"validation_context" : {
"trusted_ca" : {
"inline_string" : "{{ .AgentCAPEM }}"
}
2021-02-26 16:23:15 -06:00
}
}
2018-10-05 15:08:01 -05:00
}
} ,
{ { - end } }
"http2_protocol_options" : { } ,
2021-02-22 15:00:15 -06:00
"loadAssignment" : {
"clusterName" : "{{ .LocalAgentClusterName }}" ,
"endpoints" : [
{
"lbEndpoints" : [
{
"endpoint" : {
"address" : {
{ { - if . AgentSocket - } }
"pipe" : {
"path" : "{{ .AgentSocket }}"
}
{ { - else - } }
"socket_address" : {
"address" : "{{ .AgentAddress }}" ,
"port_value" : { { . AgentPort } }
}
{ { - end - } }
}
}
}
]
2021-02-26 16:23:15 -06:00
}
2021-02-22 15:00:15 -06:00
]
}
2018-10-05 15:08:01 -05:00
}
2019-04-29 17:27:57 +01:00
{ { - if . StaticClustersJSON - } }
,
{ { . StaticClustersJSON } }
{ { - end } }
] { { - if . StaticListenersJSON - } }
,
"listeners" : [
{ { . StaticListenersJSON } }
2018-10-05 15:08:01 -05:00
]
2019-04-29 17:27:57 +01:00
{ { - end } }
2022-06-16 17:18:37 -07:00
{ { - if . StaticSecretsJSON - } }
,
"secrets" : [
{ { . StaticSecretsJSON } }
]
{ { - end } }
2018-10-05 15:08:01 -05:00
} ,
2019-04-29 17:27:57 +01:00
{ { - if . StatsSinksJSON } }
2023-03-10 15:52:54 -05:00
"stats_sinks" : [
{ { . StatsSinksJSON } }
] ,
2019-04-29 17:27:57 +01:00
{ { - end } }
{ { - if . StatsConfigJSON } }
"stats_config" : { { . StatsConfigJSON } } ,
{ { - end } }
{ { - if . StatsFlushInterval } }
"stats_flush_interval" : "{{ .StatsFlushInterval }}" ,
{ { - end } }
{ { - if . TracingConfigJSON } }
"tracing" : { { . TracingConfigJSON } } ,
{ { - end } }
2018-10-05 15:08:01 -05:00
"dynamic_resources" : {
2021-02-26 16:23:15 -06:00
"lds_config" : {
"ads" : { } ,
2023-07-10 17:08:06 -04:00
"initial_fetch_timeout" : "0s" ,
2021-02-26 16:23:15 -06:00
"resource_api_version" : "V3"
} ,
"cds_config" : {
"ads" : { } ,
2023-07-10 17:08:06 -04:00
"initial_fetch_timeout" : "0s" ,
2021-02-26 16:23:15 -06:00
"resource_api_version" : "V3"
} ,
2018-10-05 15:08:01 -05:00
"ads_config" : {
2021-04-29 13:54:05 -05:00
"api_type" : "DELTA_GRPC" ,
2021-02-26 16:23:15 -06:00
"transport_api_version" : "V3" ,
2018-10-05 15:08:01 -05:00
"grpc_services" : {
"initial_metadata" : [
{
"key" : "x-consul-token" ,
"value" : "{{ .Token }}"
}
] ,
"envoy_grpc" : {
"cluster_name" : "{{ .LocalAgentClusterName }}"
}
}
}
}
}
2018-10-03 20:37:53 +01:00
`