Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc

config: rename `ports.grpc` to `ports.xds`
This commit is contained in:
Daniel Nephin 2021-07-13 13:11:38 -04:00 committed by GitHub
commit 74fb650b6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 356 additions and 107 deletions

4
.changelog/10588.txt Normal file
View File

@ -0,0 +1,4 @@
```release-note:deprecation
config: the `ports.grpc` and `addresses.grpc` configuration settings have been renamed to `ports.xds` and `addresses.xds` to better match their function.
```

View File

@ -617,8 +617,7 @@ func (a *Agent) Start(ctx context.Context) error {
a.apiServers.Start(srv) a.apiServers.Start(srv)
} }
// Start gRPC server. if err := a.listenAndServeXDS(); err != nil {
if err := a.listenAndServeGRPC(); err != nil {
return err return err
} }
@ -661,8 +660,8 @@ func (a *Agent) Failed() <-chan struct{} {
return a.apiServers.failed return a.apiServers.failed
} }
func (a *Agent) listenAndServeGRPC() error { func (a *Agent) listenAndServeXDS() error {
if len(a.config.GRPCAddrs) < 1 { if len(a.config.XDSAddrs) < 1 {
return nil return nil
} }
@ -682,13 +681,9 @@ func (a *Agent) listenAndServeGRPC() error {
if a.config.HTTPSPort <= 0 { if a.config.HTTPSPort <= 0 {
tlsConfig = nil tlsConfig = nil
} }
var err error a.grpcServer = xds.NewGRPCServer(xdsServer, tlsConfig)
a.grpcServer, err = xdsServer.GRPCServer(tlsConfig)
if err != nil {
return err
}
ln, err := a.startListeners(a.config.GRPCAddrs) ln, err := a.startListeners(a.config.XDSAddrs)
if err != nil { if err != nil {
return err return err
} }

View File

@ -38,11 +38,12 @@ type Self struct {
Member serf.Member Member serf.Member
Stats map[string]map[string]string Stats map[string]map[string]string
Meta map[string]string Meta map[string]string
XDS *xdsSelf `json:"xDS,omitempty"` XDS *XDSSelf `json:"xDS,omitempty"`
} }
type xdsSelf struct { type XDSSelf struct {
SupportedProxies map[string][]string SupportedProxies map[string][]string
Port int
} }
func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (interface{}, error) { func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
@ -65,12 +66,13 @@ func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (i
} }
} }
var xds *xdsSelf var xds *XDSSelf
if s.agent.grpcServer != nil { if s.agent.grpcServer != nil {
xds = &xdsSelf{ xds = &XDSSelf{
SupportedProxies: map[string][]string{ SupportedProxies: map[string][]string{
"envoy": proxysupport.EnvoyVersions, "envoy": proxysupport.EnvoyVersions,
}, },
Port: s.agent.config.XDSPort,
} }
} }
@ -91,9 +93,14 @@ func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (i
Server: s.agent.config.ServerMode, Server: s.agent.config.ServerMode,
Version: s.agent.config.Version, Version: s.agent.config.Version,
} }
debugConfig := s.agent.config.Sanitized()
// Backwards compat for the envoy command. Never use DebugConfig for
// programmatic access to data.
debugConfig["GRPCPort"] = s.agent.config.XDSPort
return Self{ return Self{
Config: config, Config: config,
DebugConfig: s.agent.config.Sanitized(), DebugConfig: debugConfig,
Coord: cs[s.agent.config.SegmentName], Coord: cs[s.agent.config.SegmentName],
Member: s.agent.LocalMember(), Member: s.agent.LocalMember(),
Stats: s.agent.Stats(), Stats: s.agent.Stats(),

View File

@ -428,7 +428,10 @@ func (b *builder) Build() (rt RuntimeConfig, err error) {
httpPort := b.portVal("ports.http", c.Ports.HTTP) httpPort := b.portVal("ports.http", c.Ports.HTTP)
httpsPort := b.portVal("ports.https", c.Ports.HTTPS) httpsPort := b.portVal("ports.https", c.Ports.HTTPS)
serverPort := b.portVal("ports.server", c.Ports.Server) serverPort := b.portVal("ports.server", c.Ports.Server)
grpcPort := b.portVal("ports.grpc", c.Ports.GRPC) if c.Ports.XDS == nil {
c.Ports.XDS = c.Ports.GRPC
}
xdsPort := b.portVal("ports.xds", c.Ports.XDS)
serfPortLAN := b.portVal("ports.serf_lan", c.Ports.SerfLAN) serfPortLAN := b.portVal("ports.serf_lan", c.Ports.SerfLAN)
serfPortWAN := b.portVal("ports.serf_wan", c.Ports.SerfWAN) serfPortWAN := b.portVal("ports.serf_wan", c.Ports.SerfWAN)
proxyMinPort := b.portVal("ports.proxy_min_port", c.Ports.ProxyMinPort) proxyMinPort := b.portVal("ports.proxy_min_port", c.Ports.ProxyMinPort)
@ -555,7 +558,10 @@ func (b *builder) Build() (rt RuntimeConfig, err error) {
dnsAddrs := b.makeAddrs(b.expandAddrs("addresses.dns", c.Addresses.DNS), clientAddrs, dnsPort) dnsAddrs := b.makeAddrs(b.expandAddrs("addresses.dns", c.Addresses.DNS), clientAddrs, dnsPort)
httpAddrs := b.makeAddrs(b.expandAddrs("addresses.http", c.Addresses.HTTP), clientAddrs, httpPort) httpAddrs := b.makeAddrs(b.expandAddrs("addresses.http", c.Addresses.HTTP), clientAddrs, httpPort)
httpsAddrs := b.makeAddrs(b.expandAddrs("addresses.https", c.Addresses.HTTPS), clientAddrs, httpsPort) httpsAddrs := b.makeAddrs(b.expandAddrs("addresses.https", c.Addresses.HTTPS), clientAddrs, httpsPort)
grpcAddrs := b.makeAddrs(b.expandAddrs("addresses.grpc", c.Addresses.GRPC), clientAddrs, grpcPort) if c.Addresses.XDS == nil {
c.Addresses.XDS = c.Addresses.GRPC
}
xdsAddrs := b.makeAddrs(b.expandAddrs("addresses.xds", c.Addresses.XDS), clientAddrs, xdsPort)
for _, a := range dnsAddrs { for _, a := range dnsAddrs {
if x, ok := a.(*net.TCPAddr); ok { if x, ok := a.(*net.TCPAddr); ok {
@ -1013,8 +1019,8 @@ func (b *builder) Build() (rt RuntimeConfig, err error) {
EncryptKey: stringVal(c.EncryptKey), EncryptKey: stringVal(c.EncryptKey),
EncryptVerifyIncoming: boolVal(c.EncryptVerifyIncoming), EncryptVerifyIncoming: boolVal(c.EncryptVerifyIncoming),
EncryptVerifyOutgoing: boolVal(c.EncryptVerifyOutgoing), EncryptVerifyOutgoing: boolVal(c.EncryptVerifyOutgoing),
GRPCPort: grpcPort, XDSPort: xdsPort,
GRPCAddrs: grpcAddrs, XDSAddrs: xdsAddrs,
HTTPMaxConnsPerClient: intVal(c.Limits.HTTPMaxConnsPerClient), HTTPMaxConnsPerClient: intVal(c.Limits.HTTPMaxConnsPerClient),
HTTPSHandshakeTimeout: b.durationVal("limits.https_handshake_timeout", c.Limits.HTTPSHandshakeTimeout), HTTPSHandshakeTimeout: b.durationVal("limits.https_handshake_timeout", c.Limits.HTTPSHandshakeTimeout),
KeyFile: stringVal(c.KeyFile), KeyFile: stringVal(c.KeyFile),

View File

@ -340,7 +340,10 @@ type Addresses struct {
DNS *string `mapstructure:"dns"` DNS *string `mapstructure:"dns"`
HTTP *string `mapstructure:"http"` HTTP *string `mapstructure:"http"`
HTTPS *string `mapstructure:"https"` HTTPS *string `mapstructure:"https"`
GRPC *string `mapstructure:"grpc"` XDS *string `mapstructure:"xds"`
// Deprecated: replaced by XDS
GRPC *string `mapstructure:"grpc"`
} }
type AdvertiseAddrsConfig struct { type AdvertiseAddrsConfig struct {
@ -690,13 +693,16 @@ type Ports struct {
SerfLAN *int `mapstructure:"serf_lan"` SerfLAN *int `mapstructure:"serf_lan"`
SerfWAN *int `mapstructure:"serf_wan"` SerfWAN *int `mapstructure:"serf_wan"`
Server *int `mapstructure:"server"` Server *int `mapstructure:"server"`
GRPC *int `mapstructure:"grpc"` XDS *int `mapstructure:"xds"`
ProxyMinPort *int `mapstructure:"proxy_min_port"` ProxyMinPort *int `mapstructure:"proxy_min_port"`
ProxyMaxPort *int `mapstructure:"proxy_max_port"` ProxyMaxPort *int `mapstructure:"proxy_max_port"`
SidecarMinPort *int `mapstructure:"sidecar_min_port"` SidecarMinPort *int `mapstructure:"sidecar_min_port"`
SidecarMaxPort *int `mapstructure:"sidecar_max_port"` SidecarMaxPort *int `mapstructure:"sidecar_max_port"`
ExposeMinPort *int `mapstructure:"expose_min_port"` ExposeMinPort *int `mapstructure:"expose_min_port"`
ExposeMaxPort *int `mapstructure:"expose_max_port"` ExposeMaxPort *int `mapstructure:"expose_max_port"`
// Deprecated: replaced by XDS
GRPC *int `mapstructure:"grpc"`
} }
type UnixSocket struct { type UnixSocket struct {

View File

@ -53,7 +53,8 @@ func AddFlags(fs *flag.FlagSet, f *LoadOpts) {
add(&f.FlagValues.EnableLocalScriptChecks, "enable-local-script-checks", "Enables health check scripts from configuration file.") add(&f.FlagValues.EnableLocalScriptChecks, "enable-local-script-checks", "Enables health check scripts from configuration file.")
add(&f.FlagValues.HTTPConfig.AllowWriteHTTPFrom, "allow-write-http-from", "Only allow write endpoint calls from given network. CIDR format, can be specified multiple times.") add(&f.FlagValues.HTTPConfig.AllowWriteHTTPFrom, "allow-write-http-from", "Only allow write endpoint calls from given network. CIDR format, can be specified multiple times.")
add(&f.FlagValues.EncryptKey, "encrypt", "Provides the gossip encryption key.") add(&f.FlagValues.EncryptKey, "encrypt", "Provides the gossip encryption key.")
add(&f.FlagValues.Ports.GRPC, "grpc-port", "Sets the gRPC API port to listen on (currently needed for Envoy xDS only).") add(&f.FlagValues.Ports.XDS, "grpc-port", "Deprecated, use xds-port")
add(&f.FlagValues.Ports.XDS, "xds-port", "Sets the xDS gRPC port to listen on (used by Envoy proxies).")
add(&f.FlagValues.Ports.HTTP, "http-port", "Sets the HTTP API port to listen on.") add(&f.FlagValues.Ports.HTTP, "http-port", "Sets the HTTP API port to listen on.")
add(&f.FlagValues.Ports.HTTPS, "https-port", "Sets the HTTPS API port to listen on.") add(&f.FlagValues.Ports.HTTPS, "https-port", "Sets the HTTPS API port to listen on.")
add(&f.FlagValues.StartJoinAddrsLAN, "join", "Address of an agent to join at start time. Can be specified multiple times.") add(&f.FlagValues.StartJoinAddrsLAN, "join", "Address of an agent to join at start time. Can be specified multiple times.")

View File

@ -49,7 +49,7 @@ func TestAddFlags_WithParse(t *testing.T) {
}, },
{ {
args: []string{`-grpc-port`, `1`}, args: []string{`-grpc-port`, `1`},
expected: LoadOpts{FlagValues: Config{Ports: Ports{GRPC: pInt(1)}}}, expected: LoadOpts{FlagValues: Config{Ports: Ports{XDS: pInt(1)}}},
}, },
{ {
args: []string{`-http-port`, `1`}, args: []string{`-http-port`, `1`},

View File

@ -715,27 +715,27 @@ type RuntimeConfig struct {
// hcl: encrypt_verify_outgoing = (true|false) // hcl: encrypt_verify_outgoing = (true|false)
EncryptVerifyOutgoing bool EncryptVerifyOutgoing bool
// GRPCPort is the port the gRPC server listens on. Currently this only // XDSPort is the port the xDS gRPC server listens on. This port only
// exposes the xDS and ext_authz APIs for Envoy and it is disabled by default. // exposes the xDS and ext_authz APIs for Envoy and it is disabled by default.
// //
// hcl: ports { grpc = int } // hcl: ports { xds = int }
// flags: -grpc-port int // flags: -xds-port int
GRPCPort int XDSPort int
// GRPCAddrs contains the list of TCP addresses and UNIX sockets the gRPC // XDSAddrs contains the list of TCP addresses and UNIX sockets the xDS gRPC
// server will bind to. If the gRPC endpoint is disabled (ports.grpc <= 0) // server will bind to. If the xDS endpoint is disabled (ports.xds <= 0)
// the list is empty. // the list is empty.
// //
// The addresses are taken from 'addresses.grpc' which should contain a // The addresses are taken from 'addresses.xds' which should contain a
// space separated list of ip addresses, UNIX socket paths and/or // space separated list of ip addresses, UNIX socket paths and/or
// go-sockaddr templates. UNIX socket paths must be written as // go-sockaddr templates. UNIX socket paths must be written as
// 'unix://<full path>', e.g. 'unix:///var/run/consul-grpc.sock'. // 'unix://<full path>', e.g. 'unix:///var/run/consul-xds.sock'.
// //
// If 'addresses.grpc' was not provided the 'client_addr' addresses are // If 'addresses.xds' was not provided the 'client_addr' addresses are
// used. // used.
// //
// hcl: client_addr = string addresses { grpc = string } ports { grpc = int } // hcl: client_addr = string addresses { xds = string } ports { xds = int }
GRPCAddrs []net.Addr XDSAddrs []net.Addr
// HTTPAddrs contains the list of TCP addresses and UNIX sockets the HTTP // HTTPAddrs contains the list of TCP addresses and UNIX sockets the HTTP
// server will bind to. If the HTTP endpoint is disabled (ports.http <= 0) // server will bind to. If the HTTP endpoint is disabled (ports.http <= 0)

View File

@ -342,8 +342,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
rt.GossipWANProbeTimeout = 100 * time.Millisecond rt.GossipWANProbeTimeout = 100 * time.Millisecond
rt.GossipWANSuspicionMult = 3 rt.GossipWANSuspicionMult = 3
rt.ConsulServerHealthInterval = 10 * time.Millisecond rt.ConsulServerHealthInterval = 10 * time.Millisecond
rt.GRPCPort = 8502 rt.XDSPort = 8502
rt.GRPCAddrs = []net.Addr{tcpAddr("127.0.0.1:8502")} rt.XDSAddrs = []net.Addr{tcpAddr("127.0.0.1:8502")}
rt.RPCConfig.EnableStreaming = true rt.RPCConfig.EnableStreaming = true
}, },
}) })
@ -1056,8 +1056,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
rt.HTTPAddrs = []net.Addr{tcpAddr("0.0.0.0:2")} rt.HTTPAddrs = []net.Addr{tcpAddr("0.0.0.0:2")}
rt.HTTPSPort = 3 rt.HTTPSPort = 3
rt.HTTPSAddrs = []net.Addr{tcpAddr("0.0.0.0:3")} rt.HTTPSAddrs = []net.Addr{tcpAddr("0.0.0.0:3")}
rt.GRPCPort = 4 rt.XDSPort = 4
rt.GRPCAddrs = []net.Addr{tcpAddr("0.0.0.0:4")} rt.XDSAddrs = []net.Addr{tcpAddr("0.0.0.0:4")}
rt.DataDir = dataDir rt.DataDir = dataDir
}, },
}) })
@ -1129,8 +1129,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
rt.HTTPAddrs = []net.Addr{tcpAddr("2.2.2.2:2")} rt.HTTPAddrs = []net.Addr{tcpAddr("2.2.2.2:2")}
rt.HTTPSPort = 3 rt.HTTPSPort = 3
rt.HTTPSAddrs = []net.Addr{tcpAddr("3.3.3.3:3")} rt.HTTPSAddrs = []net.Addr{tcpAddr("3.3.3.3:3")}
rt.GRPCPort = 4 rt.XDSPort = 4
rt.GRPCAddrs = []net.Addr{tcpAddr("4.4.4.4:4")} rt.XDSAddrs = []net.Addr{tcpAddr("4.4.4.4:4")}
rt.DataDir = dataDir rt.DataDir = dataDir
}, },
}) })
@ -1153,8 +1153,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
rt.HTTPAddrs = []net.Addr{tcpAddr("1.2.3.4:2"), tcpAddr("[2001:db8::1]:2")} rt.HTTPAddrs = []net.Addr{tcpAddr("1.2.3.4:2"), tcpAddr("[2001:db8::1]:2")}
rt.HTTPSPort = 3 rt.HTTPSPort = 3
rt.HTTPSAddrs = []net.Addr{tcpAddr("1.2.3.4:3"), tcpAddr("[2001:db8::1]:3")} rt.HTTPSAddrs = []net.Addr{tcpAddr("1.2.3.4:3"), tcpAddr("[2001:db8::1]:3")}
rt.GRPCPort = 4 rt.XDSPort = 4
rt.GRPCAddrs = []net.Addr{tcpAddr("1.2.3.4:4"), tcpAddr("[2001:db8::1]:4")} rt.XDSAddrs = []net.Addr{tcpAddr("1.2.3.4:4"), tcpAddr("[2001:db8::1]:4")}
rt.DataDir = dataDir rt.DataDir = dataDir
}, },
}) })
@ -1189,8 +1189,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
rt.HTTPAddrs = []net.Addr{tcpAddr("2.2.2.2:2"), unixAddr("unix://http"), tcpAddr("[2001:db8::20]:2")} rt.HTTPAddrs = []net.Addr{tcpAddr("2.2.2.2:2"), unixAddr("unix://http"), tcpAddr("[2001:db8::20]:2")}
rt.HTTPSPort = 3 rt.HTTPSPort = 3
rt.HTTPSAddrs = []net.Addr{tcpAddr("3.3.3.3:3"), unixAddr("unix://https"), tcpAddr("[2001:db8::30]:3")} rt.HTTPSAddrs = []net.Addr{tcpAddr("3.3.3.3:3"), unixAddr("unix://https"), tcpAddr("[2001:db8::30]:3")}
rt.GRPCPort = 4 rt.XDSPort = 4
rt.GRPCAddrs = []net.Addr{tcpAddr("4.4.4.4:4"), unixAddr("unix://grpc"), tcpAddr("[2001:db8::40]:4")} rt.XDSAddrs = []net.Addr{tcpAddr("4.4.4.4:4"), unixAddr("unix://grpc"), tcpAddr("[2001:db8::40]:4")}
rt.DataDir = dataDir rt.DataDir = dataDir
}, },
}) })
@ -5458,8 +5458,8 @@ func TestLoad_FullConfig(t *testing.T) {
EncryptKey: "A4wELWqH", EncryptKey: "A4wELWqH",
EncryptVerifyIncoming: true, EncryptVerifyIncoming: true,
EncryptVerifyOutgoing: true, EncryptVerifyOutgoing: true,
GRPCPort: 4881, XDSPort: 4881,
GRPCAddrs: []net.Addr{tcpAddr("32.31.61.91:4881")}, XDSAddrs: []net.Addr{tcpAddr("32.31.61.91:4881")},
HTTPAddrs: []net.Addr{tcpAddr("83.39.91.39:7999")}, HTTPAddrs: []net.Addr{tcpAddr("83.39.91.39:7999")},
HTTPBlockEndpoints: []string{"RBvAFcGD", "fWOWFznh"}, HTTPBlockEndpoints: []string{"RBvAFcGD", "fWOWFznh"},
AllowWriteHTTPFrom: []*net.IPNet{cidr("127.0.0.0/8"), cidr("22.33.44.55/32"), cidr("0.0.0.0/0")}, AllowWriteHTTPFrom: []*net.IPNet{cidr("127.0.0.0/8"), cidr("22.33.44.55/32"), cidr("0.0.0.0/0")},

View File

@ -182,8 +182,6 @@
"EnterpriseRuntimeConfig": {}, "EnterpriseRuntimeConfig": {},
"ExposeMaxPort": 0, "ExposeMaxPort": 0,
"ExposeMinPort": 0, "ExposeMinPort": 0,
"GRPCAddrs": [],
"GRPCPort": 0,
"GossipLANGossipInterval": "0s", "GossipLANGossipInterval": "0s",
"GossipLANGossipNodes": 0, "GossipLANGossipNodes": 0,
"GossipLANProbeInterval": "0s", "GossipLANProbeInterval": "0s",
@ -410,5 +408,7 @@
"VerifyServerHostname": false, "VerifyServerHostname": false,
"Version": "", "Version": "",
"VersionPrerelease": "", "VersionPrerelease": "",
"Watches": [] "Watches": [],
"XDSAddrs": [],
"XDSPort": 0
} }

View File

@ -543,14 +543,15 @@ func tokenFromContext(ctx context.Context) string {
return "" return ""
} }
// GRPCServer returns a server instance that can handle xDS requests. // NewGRPCServer creates a grpc.Server, registers the Server, and then returns
func (s *Server) GRPCServer(tlsConfigurator *tlsutil.Configurator) (*grpc.Server, error) { // the grpc.Server.
func NewGRPCServer(s *Server, tlsConfigurator *tlsutil.Configurator) *grpc.Server {
opts := []grpc.ServerOption{ opts := []grpc.ServerOption{
grpc.MaxConcurrentStreams(2048), grpc.MaxConcurrentStreams(2048),
} }
if tlsConfigurator != nil { if tlsConfigurator != nil {
if tlsConfigurator.Cert() != nil { if tlsConfigurator.Cert() != nil {
creds := credentials.NewTLS(tlsConfigurator.IncomingGRPCConfig()) creds := credentials.NewTLS(tlsConfigurator.IncomingXDSConfig())
opts = append(opts, grpc.Creds(creds)) opts = append(opts, grpc.Creds(creds))
} }
} }
@ -560,8 +561,7 @@ func (s *Server) GRPCServer(tlsConfigurator *tlsutil.Configurator) (*grpc.Server
if !s.DisableV2Protocol { if !s.DisableV2Protocol {
envoy_discovery_v2.RegisterAggregatedDiscoveryServiceServer(srv, &adsServerV2Shim{srv: s}) envoy_discovery_v2.RegisterAggregatedDiscoveryServiceServer(srv, &adsServerV2Shim{srv: s})
} }
return srv
return srv, nil
} }
func (s *Server) checkStreamACLs(streamCtx context.Context, cfgSnap *proxycfg.ConfigSnapshot) error { func (s *Server) checkStreamACLs(streamCtx context.Context, cfgSnap *proxycfg.ConfigSnapshot) error {

View File

@ -200,8 +200,8 @@ func (c *cmd) run(args []string) int {
} }
ui.Info(fmt.Sprintf(" Datacenter: '%s' (Segment: '%s')", config.Datacenter, segment)) ui.Info(fmt.Sprintf(" Datacenter: '%s' (Segment: '%s')", config.Datacenter, segment))
ui.Info(fmt.Sprintf(" Server: %v (Bootstrap: %v)", config.ServerMode, config.Bootstrap)) ui.Info(fmt.Sprintf(" Server: %v (Bootstrap: %v)", config.ServerMode, config.Bootstrap))
ui.Info(fmt.Sprintf(" Client Addr: %v (HTTP: %d, HTTPS: %d, gRPC: %d, DNS: %d)", config.ClientAddrs, ui.Info(fmt.Sprintf(" Client Addr: %v (HTTP: %d, HTTPS: %d, xDS: %d, DNS: %d)", config.ClientAddrs,
config.HTTPPort, config.HTTPSPort, config.GRPCPort, config.DNSPort)) config.HTTPPort, config.HTTPSPort, config.XDSPort, config.DNSPort))
ui.Info(fmt.Sprintf(" Cluster Addr: %v (LAN: %d, WAN: %d)", config.AdvertiseAddrLAN, ui.Info(fmt.Sprintf(" Cluster Addr: %v (LAN: %d, WAN: %d)", config.AdvertiseAddrLAN,
config.SerfPortLAN, config.SerfPortWAN)) config.SerfPortLAN, config.SerfPortWAN))
ui.Info(fmt.Sprintf(" Encrypt: Gossip: %v, TLS-Outgoing: %v, TLS-Incoming: %v, Auto-Encrypt-TLS: %t", ui.Info(fmt.Sprintf(" Encrypt: Gossip: %v, TLS-Outgoing: %v, TLS-Incoming: %v, Auto-Encrypt-TLS: %t",

View File

@ -426,7 +426,7 @@ func (c *cmd) templateArgs() (*BootstrapTplArgs, error) {
return nil, err return nil, err
} }
grpcAddr, err := c.grpcAddress(httpCfg) xdsAddr, err := c.xdsAddress(httpCfg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -471,7 +471,7 @@ func (c *cmd) templateArgs() (*BootstrapTplArgs, error) {
caPEM = strings.Replace(strings.Join(pems, ""), "\n", "\\n", -1) caPEM = strings.Replace(strings.Join(pems, ""), "\n", "\\n", -1)
return &BootstrapTplArgs{ return &BootstrapTplArgs{
GRPC: grpcAddr, GRPC: xdsAddr,
ProxyCluster: cluster, ProxyCluster: cluster,
ProxyID: c.proxyID, ProxyID: c.proxyID,
ProxySourceService: proxySourceService, ProxySourceService: proxySourceService,
@ -554,13 +554,12 @@ func (c *cmd) generateConfig() ([]byte, error) {
} }
// TODO: make method a function // TODO: make method a function
func (c *cmd) grpcAddress(httpCfg *api.Config) (GRPC, error) { func (c *cmd) xdsAddress(httpCfg *api.Config) (GRPC, error) {
g := GRPC{} g := GRPC{}
addr := c.grpcAddr addr := c.grpcAddr
// See if we need to lookup grpcAddr
if addr == "" { if addr == "" {
port, err := c.lookupGRPCPort() port, err := c.lookupXDSPort()
if err != nil { if err != nil {
c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err)) c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))
} }
@ -618,11 +617,25 @@ func (c *cmd) grpcAddress(httpCfg *api.Config) (GRPC, error) {
return g, nil return g, nil
} }
func (c *cmd) lookupGRPCPort() (int, error) { func (c *cmd) lookupXDSPort() (int, error) {
self, err := c.client.Agent().Self() self, err := c.client.Agent().Self()
if err != nil { if err != nil {
return 0, err return 0, err
} }
type response struct {
XDS struct {
Port int
}
}
var resp response
if err := mapstructure.Decode(self, &resp); err == nil && resp.XDS.Port != 0 {
return resp.XDS.Port, nil
}
// Fallback to old API for the case where a new consul CLI is being used with
// an older API version.
cfg, ok := self["DebugConfig"] cfg, ok := self["DebugConfig"]
if !ok { if !ok {
return 0, fmt.Errorf("unexpected agent response: no debug config") return 0, fmt.Errorf("unexpected agent response: no debug config")

View File

@ -111,7 +111,8 @@ type generateConfigTestCase struct {
Files map[string]string Files map[string]string
ProxyConfig map[string]interface{} ProxyConfig map[string]interface{}
NamespacesEnabled bool NamespacesEnabled bool
GRPCPort int // only used for testing custom-configured grpc port XDSPort int // only used for testing custom-configured grpc port
AgentSelf110 bool // fake the agent API from versions v1.10 and earlier
WantArgs BootstrapTplArgs WantArgs BootstrapTplArgs
WantErr string WantErr string
} }
@ -356,9 +357,35 @@ func TestGenerateConfig(t *testing.T) {
}, },
}, },
{ {
Name: "grpc-addr-config", Name: "xds-addr-config",
Flags: []string{"-proxy-id", "test-proxy"}, Flags: []string{"-proxy-id", "test-proxy"},
GRPCPort: 9999, XDSPort: 9999,
WantArgs: BootstrapTplArgs{
EnvoyVersion: defaultEnvoyVersion,
ProxyCluster: "test-proxy",
ProxyID: "test-proxy",
// We don't know this til after the lookup so it will be empty in the
// initial args call we are testing here.
ProxySourceService: "",
// Should resolve IP, note this might not resolve the same way
// everywhere which might make this test brittle but not sure what else
// to do.
GRPC: GRPC{
AgentAddress: "127.0.0.1",
AgentPort: "9999",
},
AdminAccessLogPath: "/dev/null",
AdminBindAddress: "127.0.0.1",
AdminBindPort: "19000",
LocalAgentClusterName: xds.LocalAgentClusterName,
PrometheusScrapePath: "/metrics",
},
},
{
Name: "deprecated-grpc-addr-config",
Flags: []string{"-proxy-id", "test-proxy"},
XDSPort: 9999,
AgentSelf110: true,
WantArgs: BootstrapTplArgs{ WantArgs: BootstrapTplArgs{
EnvoyVersion: defaultEnvoyVersion, EnvoyVersion: defaultEnvoyVersion,
ProxyCluster: "test-proxy", ProxyCluster: "test-proxy",
@ -860,7 +887,7 @@ func TestGenerateConfig(t *testing.T) {
// Run a mock agent API that just always returns the proxy config in the // Run a mock agent API that just always returns the proxy config in the
// test. // test.
srv := httptest.NewServer(testMockAgent(tc.ProxyConfig, tc.GRPCPort, tc.NamespacesEnabled)) srv := httptest.NewServer(testMockAgent(tc))
defer srv.Close() defer srv.Close()
client, err := api.NewClient(&api.Config{Address: srv.URL}) client, err := api.NewClient(&api.Config{Address: srv.URL})
require.NoError(err) require.NoError(err)
@ -1005,29 +1032,23 @@ func TestEnvoy_GatewayRegistration(t *testing.T) {
// testMockAgent combines testMockAgentProxyConfig and testMockAgentSelf, // testMockAgent combines testMockAgentProxyConfig and testMockAgentSelf,
// routing /agent/service/... requests to testMockAgentProxyConfig and // routing /agent/service/... requests to testMockAgentProxyConfig and
// routing /agent/self requests to testMockAgentSelf. // routing /agent/self requests to testMockAgentSelf.
func testMockAgent(agentCfg map[string]interface{}, grpcPort int, namespacesEnabled bool) http.HandlerFunc { func testMockAgent(tc generateConfigTestCase) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
if strings.Contains(r.URL.Path, "/agent/services") { switch {
testMockAgentGatewayConfig(namespacesEnabled)(w, r) case strings.Contains(r.URL.Path, "/agent/services"):
return testMockAgentGatewayConfig(tc.NamespacesEnabled)(w, r)
case strings.Contains(r.URL.Path, "/agent/service"):
testMockAgentProxyConfig(tc.ProxyConfig, tc.NamespacesEnabled)(w, r)
case strings.Contains(r.URL.Path, "/agent/self"):
testMockAgentSelf(tc.XDSPort, tc.AgentSelf110)(w, r)
default:
http.NotFound(w, r)
} }
}
if strings.Contains(r.URL.Path, "/agent/service") {
testMockAgentProxyConfig(agentCfg, namespacesEnabled)(w, r)
return
}
if strings.Contains(r.URL.Path, "/agent/self") {
testMockAgentSelf(grpcPort)(w, r)
return
}
http.NotFound(w, r)
})
} }
func testMockAgentGatewayConfig(namespacesEnabled bool) http.HandlerFunc { func testMockAgentGatewayConfig(namespacesEnabled bool) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
// Parse the proxy-id from the end of the URL (blindly assuming it's correct // Parse the proxy-id from the end of the URL (blindly assuming it's correct
// format) // format)
params := r.URL.Query() params := r.URL.Query()
@ -1061,7 +1082,7 @@ func testMockAgentGatewayConfig(namespacesEnabled bool) http.HandlerFunc {
return return
} }
w.Write(cfgJSON) w.Write(cfgJSON)
}) }
} }
func namespaceFromQuery(r *http.Request) string { func namespaceFromQuery(r *http.Request) string {
@ -1074,7 +1095,7 @@ func namespaceFromQuery(r *http.Request) string {
} }
func testMockAgentProxyConfig(cfg map[string]interface{}, namespacesEnabled bool) http.HandlerFunc { func testMockAgentProxyConfig(cfg map[string]interface{}, namespacesEnabled bool) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
// Parse the proxy-id from the end of the URL (blindly assuming it's correct // Parse the proxy-id from the end of the URL (blindly assuming it's correct
// format) // format)
proxyID := strings.TrimPrefix(r.URL.Path, "/v1/agent/service/") proxyID := strings.TrimPrefix(r.URL.Path, "/v1/agent/service/")
@ -1103,7 +1124,7 @@ func testMockAgentProxyConfig(cfg map[string]interface{}, namespacesEnabled bool
return return
} }
w.Write(cfgJSON) w.Write(cfgJSON)
}) }
} }
func TestEnvoyCommand_canBindInternal(t *testing.T) { func TestEnvoyCommand_canBindInternal(t *testing.T) {
@ -1203,16 +1224,21 @@ func TestEnvoyCommand_canBindInternal(t *testing.T) {
} }
// testMockAgentSelf returns an empty /v1/agent/self response except GRPC // testMockAgentSelf returns an empty /v1/agent/self response except GRPC
// port is filled in to match the given wantGRPCPort argument. // port is filled in to match the given wantXDSPort argument.
func testMockAgentSelf(wantGRPCPort int) http.HandlerFunc { func testMockAgentSelf(wantXDSPort int, agentSelf110 bool) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
resp := agent.Self{ resp := agent.Self{
Config: map[string]interface{}{ Config: map[string]interface{}{
"Datacenter": "dc1", "Datacenter": "dc1",
}, },
DebugConfig: map[string]interface{}{ }
"GRPCPort": wantGRPCPort,
}, if agentSelf110 {
resp.DebugConfig = map[string]interface{}{
"GRPCPort": wantXDSPort,
}
} else {
resp.XDS = &agent.XDSSelf{Port: wantXDSPort}
} }
selfJSON, err := json.Marshal(resp) selfJSON, err := json.Marshal(resp)
@ -1222,5 +1248,5 @@ func testMockAgentSelf(wantGRPCPort int) http.HandlerFunc {
return return
} }
w.Write(selfJSON) w.Write(selfJSON)
}) }
} }

View File

@ -0,0 +1,180 @@
{
"admin": {
"access_log_path": "/dev/null",
"address": {
"socket_address": {
"address": "127.0.0.1",
"port_value": 19000
}
}
},
"node": {
"cluster": "test-proxy",
"id": "test-proxy",
"metadata": {
"namespace": "default",
"envoy_version": "1.18.3"
}
},
"static_resources": {
"clusters": [
{
"name": "local_agent",
"ignore_health_on_host_removal": false,
"connect_timeout": "1s",
"type": "STATIC",
"http2_protocol_options": {},
"loadAssignment": {
"clusterName": "local_agent",
"endpoints": [
{
"lbEndpoints": [
{
"endpoint": {
"address": {
"socket_address": {
"address": "127.0.0.1",
"port_value": 9999
}
}
}
}
]
}
]
}
}
]
},
"stats_config": {
"stats_tags": [
{
"regex": "^cluster\\.(?:passthrough~)?((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.destination.custom_hash"
},
{
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.destination.service_subset"
},
{
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.destination.service"
},
{
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.destination.namespace"
},
{
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.destination.datacenter"
},
{
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)",
"tag_name": "consul.destination.routing_type"
},
{
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)",
"tag_name": "consul.destination.trust_domain"
},
{
"regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.destination.target"
},
{
"regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)",
"tag_name": "consul.destination.full_target"
},
{
"regex": "^(?:tcp|http)\\.upstream\\.(([^.]+)(?:\\.[^.]+)?\\.[^.]+\\.)",
"tag_name": "consul.upstream.service"
},
{
"regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.[^.]+)?\\.([^.]+)\\.)",
"tag_name": "consul.upstream.datacenter"
},
{
"regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.([^.]+))?\\.[^.]+\\.)",
"tag_name": "consul.upstream.namespace"
},
{
"regex": "^cluster\\.((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.custom_hash"
},
{
"regex": "^cluster\\.((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.service_subset"
},
{
"regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.service"
},
{
"regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.namespace"
},
{
"regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.datacenter"
},
{
"regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)",
"tag_name": "consul.routing_type"
},
{
"regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)",
"tag_name": "consul.trust_domain"
},
{
"regex": "^cluster\\.(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
"tag_name": "consul.target"
},
{
"regex": "^cluster\\.(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)",
"tag_name": "consul.full_target"
},
{
"tag_name": "local_cluster",
"fixed_value": "test-proxy"
},
{
"tag_name": "consul.source.service",
"fixed_value": "test-proxy"
},
{
"tag_name": "consul.source.namespace",
"fixed_value": "default"
},
{
"tag_name": "consul.source.datacenter",
"fixed_value": "dc1"
}
],
"use_all_default_tags": true
},
"dynamic_resources": {
"lds_config": {
"ads": {},
"resource_api_version": "V3"
},
"cds_config": {
"ads": {},
"resource_api_version": "V3"
},
"ads_config": {
"api_type": "DELTA_GRPC",
"transport_api_version": "V3",
"grpc_services": {
"initial_metadata": [
{
"key": "x-consul-token",
"value": ""
}
],
"envoy_grpc": {
"cluster_name": "local_agent"
}
}
}
}
}

View File

@ -604,9 +604,9 @@ func (c *Configurator) VerifyServerHostname() bool {
return c.base.VerifyServerHostname || c.autoTLS.verifyServerHostname return c.base.VerifyServerHostname || c.autoTLS.verifyServerHostname
} }
// IncomingGRPCConfig generates a *tls.Config for incoming GRPC connections. // IncomingXDSConfig generates a *tls.Config for incoming xDS connections.
func (c *Configurator) IncomingGRPCConfig() *tls.Config { func (c *Configurator) IncomingXDSConfig() *tls.Config {
c.log("IncomingGRPCConfig") c.log("IncomingXDSConfig")
// false has the effect that this config doesn't require a client cert // false has the effect that this config doesn't require a client cert
// verification. This is because there is no verify_incoming_grpc // verification. This is because there is no verify_incoming_grpc
@ -615,7 +615,7 @@ func (c *Configurator) IncomingGRPCConfig() *tls.Config {
// effect on the grpc server. // effect on the grpc server.
config := c.commonTLSConfig(false) config := c.commonTLSConfig(false)
config.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) { config.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {
return c.IncomingGRPCConfig(), nil return c.IncomingXDSConfig(), nil
} }
return config return config
} }

View File

@ -242,8 +242,12 @@ The options below are all specified on the command-line.
If it is provided after Consul has been initialized with an encryption key, then If it is provided after Consul has been initialized with an encryption key, then
the provided key is ignored and a warning will be displayed. the provided key is ignored and a warning will be displayed.
- `-grpc-port` ((#\_grpc_port)) - the gRPC API port to listen on. Default - `-xds-port` - the xDS gRPC port to listen on. Default
-1 (gRPC disabled). See [ports](#ports) documentation for more detail. -1 (disabled). See [ports](#ports) documentation for more detail.
- `-grpc-port` ((#\_grpc_port)) - Deprecated, use `-xds-port` instead.
The xDS gRPC port to listen on. Default
-1 (disabled). See [ports](#ports) documentation for more detail.
- `-hcl` ((#\_hcl)) - A HCL configuration fragment. This HCL configuration - `-hcl` ((#\_hcl)) - A HCL configuration fragment. This HCL configuration
fragment is appended to the configuration and allows to specify the full range fragment is appended to the configuration and allows to specify the full range
@ -776,7 +780,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
bind addresses. In Consul 1.0 and later these can be set to a space-separated list bind addresses. In Consul 1.0 and later these can be set to a space-separated list
of addresses to bind to, or a [go-sockaddr](https://godoc.org/github.com/hashicorp/go-sockaddr/template) template that can potentially resolve to multiple addresses. of addresses to bind to, or a [go-sockaddr](https://godoc.org/github.com/hashicorp/go-sockaddr/template) template that can potentially resolve to multiple addresses.
`http`, `https` and `grpc` all support binding to a Unix domain socket. A `http`, `https` and `xds` all support binding to a Unix domain socket. A
socket can be specified in the form `unix:///path/to/socket`. A new domain socket can be specified in the form `unix:///path/to/socket`. A new domain
socket will be created at the given path. If the specified file path already socket will be created at the given path. If the specified file path already
exists, Consul will attempt to clear the file and create the domain socket exists, Consul will attempt to clear the file and create the domain socket
@ -797,7 +801,8 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
- `dns` - The DNS server. Defaults to `client_addr` - `dns` - The DNS server. Defaults to `client_addr`
- `http` - The HTTP API. Defaults to `client_addr` - `http` - The HTTP API. Defaults to `client_addr`
- `https` - The HTTPS API. Defaults to `client_addr` - `https` - The HTTPS API. Defaults to `client_addr`
- `grpc` - The gRPC API. Defaults to `client_addr` - `xds` - The xDS gRPC API. Defaults to `client_addr`
- `grpc` - Deprecated: use `xds` instead. The xDS gRPC API. Defaults to `client_addr`
- `advertise_addr` Equivalent to the [`-advertise` command-line flag](#_advertise). - `advertise_addr` Equivalent to the [`-advertise` command-line flag](#_advertise).
@ -1671,10 +1676,16 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
- `https` ((#https_port)) - The HTTPS API, -1 to disable. Default -1 - `https` ((#https_port)) - The HTTPS API, -1 to disable. Default -1
(disabled). **We recommend using `8501`** for `https` by convention as some tooling (disabled). **We recommend using `8501`** for `https` by convention as some tooling
will work automatically with this. will work automatically with this.
- `grpc` ((#grpc_port)) - The gRPC API, -1 to disable. Default -1 (disabled). - `xds` - The xDS gRPC API, -1 to disable. Default -1 (disabled).
**We recommend using `8502`** for `grpc` by convention as some tooling will work **We recommend using `8502`** for `xds` by convention as some tooling will work
automatically with this. This is set to `8502` by default when the agent runs automatically with this. This is set to `8502` by default when the agent runs
in `-dev` mode. Currently gRPC is only used to expose Envoy xDS API to Envoy in `-dev` mode. Currently xDS is only used to expose Envoy xDS API to Envoy
proxies.
- `grpc` ((#grpc_port)) - Deprecated: use `xds` instead.
The xDS gRPC API, -1 to disable. Default -1 (disabled).
**We recommend using `8502`** for `xds` by convention as some tooling will work
automatically with this. This is set to `8502` by default when the agent runs
in `-dev` mode. Currently xDS is only used to expose Envoy xDS API to Envoy
proxies. proxies.
- `serf_lan` ((#serf_lan_port)) - The Serf LAN port. Default 8301. TCP - `serf_lan` ((#serf_lan_port)) - The Serf LAN port. Default 8301. TCP
and UDP. Equivalent to the [`-serf-lan-port` command line flag](#_serf_lan_port). and UDP. Equivalent to the [`-serf-lan-port` command line flag](#_serf_lan_port).