mirror of
https://github.com/status-im/consul.git
synced 2025-01-18 17:52:17 +00:00
Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc
config: rename `ports.grpc` to `ports.xds`
This commit is contained in:
commit
74fb650b6b
4
.changelog/10588.txt
Normal file
4
.changelog/10588.txt
Normal file
@ -0,0 +1,4 @@
|
||||
```release-note:deprecation
|
||||
config: the `ports.grpc` and `addresses.grpc` configuration settings have been renamed to `ports.xds` and `addresses.xds` to better match their function.
|
||||
```
|
||||
|
@ -617,8 +617,7 @@ func (a *Agent) Start(ctx context.Context) error {
|
||||
a.apiServers.Start(srv)
|
||||
}
|
||||
|
||||
// Start gRPC server.
|
||||
if err := a.listenAndServeGRPC(); err != nil {
|
||||
if err := a.listenAndServeXDS(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@ -661,8 +660,8 @@ func (a *Agent) Failed() <-chan struct{} {
|
||||
return a.apiServers.failed
|
||||
}
|
||||
|
||||
func (a *Agent) listenAndServeGRPC() error {
|
||||
if len(a.config.GRPCAddrs) < 1 {
|
||||
func (a *Agent) listenAndServeXDS() error {
|
||||
if len(a.config.XDSAddrs) < 1 {
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -682,13 +681,9 @@ func (a *Agent) listenAndServeGRPC() error {
|
||||
if a.config.HTTPSPort <= 0 {
|
||||
tlsConfig = nil
|
||||
}
|
||||
var err error
|
||||
a.grpcServer, err = xdsServer.GRPCServer(tlsConfig)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
a.grpcServer = xds.NewGRPCServer(xdsServer, tlsConfig)
|
||||
|
||||
ln, err := a.startListeners(a.config.GRPCAddrs)
|
||||
ln, err := a.startListeners(a.config.XDSAddrs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -38,11 +38,12 @@ type Self struct {
|
||||
Member serf.Member
|
||||
Stats map[string]map[string]string
|
||||
Meta map[string]string
|
||||
XDS *xdsSelf `json:"xDS,omitempty"`
|
||||
XDS *XDSSelf `json:"xDS,omitempty"`
|
||||
}
|
||||
|
||||
type xdsSelf struct {
|
||||
type XDSSelf struct {
|
||||
SupportedProxies map[string][]string
|
||||
Port int
|
||||
}
|
||||
|
||||
func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
||||
@ -65,12 +66,13 @@ func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (i
|
||||
}
|
||||
}
|
||||
|
||||
var xds *xdsSelf
|
||||
var xds *XDSSelf
|
||||
if s.agent.grpcServer != nil {
|
||||
xds = &xdsSelf{
|
||||
xds = &XDSSelf{
|
||||
SupportedProxies: map[string][]string{
|
||||
"envoy": proxysupport.EnvoyVersions,
|
||||
},
|
||||
Port: s.agent.config.XDSPort,
|
||||
}
|
||||
}
|
||||
|
||||
@ -91,9 +93,14 @@ func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (i
|
||||
Server: s.agent.config.ServerMode,
|
||||
Version: s.agent.config.Version,
|
||||
}
|
||||
debugConfig := s.agent.config.Sanitized()
|
||||
// Backwards compat for the envoy command. Never use DebugConfig for
|
||||
// programmatic access to data.
|
||||
debugConfig["GRPCPort"] = s.agent.config.XDSPort
|
||||
|
||||
return Self{
|
||||
Config: config,
|
||||
DebugConfig: s.agent.config.Sanitized(),
|
||||
DebugConfig: debugConfig,
|
||||
Coord: cs[s.agent.config.SegmentName],
|
||||
Member: s.agent.LocalMember(),
|
||||
Stats: s.agent.Stats(),
|
||||
|
@ -428,7 +428,10 @@ func (b *builder) Build() (rt RuntimeConfig, err error) {
|
||||
httpPort := b.portVal("ports.http", c.Ports.HTTP)
|
||||
httpsPort := b.portVal("ports.https", c.Ports.HTTPS)
|
||||
serverPort := b.portVal("ports.server", c.Ports.Server)
|
||||
grpcPort := b.portVal("ports.grpc", c.Ports.GRPC)
|
||||
if c.Ports.XDS == nil {
|
||||
c.Ports.XDS = c.Ports.GRPC
|
||||
}
|
||||
xdsPort := b.portVal("ports.xds", c.Ports.XDS)
|
||||
serfPortLAN := b.portVal("ports.serf_lan", c.Ports.SerfLAN)
|
||||
serfPortWAN := b.portVal("ports.serf_wan", c.Ports.SerfWAN)
|
||||
proxyMinPort := b.portVal("ports.proxy_min_port", c.Ports.ProxyMinPort)
|
||||
@ -555,7 +558,10 @@ func (b *builder) Build() (rt RuntimeConfig, err error) {
|
||||
dnsAddrs := b.makeAddrs(b.expandAddrs("addresses.dns", c.Addresses.DNS), clientAddrs, dnsPort)
|
||||
httpAddrs := b.makeAddrs(b.expandAddrs("addresses.http", c.Addresses.HTTP), clientAddrs, httpPort)
|
||||
httpsAddrs := b.makeAddrs(b.expandAddrs("addresses.https", c.Addresses.HTTPS), clientAddrs, httpsPort)
|
||||
grpcAddrs := b.makeAddrs(b.expandAddrs("addresses.grpc", c.Addresses.GRPC), clientAddrs, grpcPort)
|
||||
if c.Addresses.XDS == nil {
|
||||
c.Addresses.XDS = c.Addresses.GRPC
|
||||
}
|
||||
xdsAddrs := b.makeAddrs(b.expandAddrs("addresses.xds", c.Addresses.XDS), clientAddrs, xdsPort)
|
||||
|
||||
for _, a := range dnsAddrs {
|
||||
if x, ok := a.(*net.TCPAddr); ok {
|
||||
@ -1013,8 +1019,8 @@ func (b *builder) Build() (rt RuntimeConfig, err error) {
|
||||
EncryptKey: stringVal(c.EncryptKey),
|
||||
EncryptVerifyIncoming: boolVal(c.EncryptVerifyIncoming),
|
||||
EncryptVerifyOutgoing: boolVal(c.EncryptVerifyOutgoing),
|
||||
GRPCPort: grpcPort,
|
||||
GRPCAddrs: grpcAddrs,
|
||||
XDSPort: xdsPort,
|
||||
XDSAddrs: xdsAddrs,
|
||||
HTTPMaxConnsPerClient: intVal(c.Limits.HTTPMaxConnsPerClient),
|
||||
HTTPSHandshakeTimeout: b.durationVal("limits.https_handshake_timeout", c.Limits.HTTPSHandshakeTimeout),
|
||||
KeyFile: stringVal(c.KeyFile),
|
||||
|
@ -340,7 +340,10 @@ type Addresses struct {
|
||||
DNS *string `mapstructure:"dns"`
|
||||
HTTP *string `mapstructure:"http"`
|
||||
HTTPS *string `mapstructure:"https"`
|
||||
GRPC *string `mapstructure:"grpc"`
|
||||
XDS *string `mapstructure:"xds"`
|
||||
|
||||
// Deprecated: replaced by XDS
|
||||
GRPC *string `mapstructure:"grpc"`
|
||||
}
|
||||
|
||||
type AdvertiseAddrsConfig struct {
|
||||
@ -690,13 +693,16 @@ type Ports struct {
|
||||
SerfLAN *int `mapstructure:"serf_lan"`
|
||||
SerfWAN *int `mapstructure:"serf_wan"`
|
||||
Server *int `mapstructure:"server"`
|
||||
GRPC *int `mapstructure:"grpc"`
|
||||
XDS *int `mapstructure:"xds"`
|
||||
ProxyMinPort *int `mapstructure:"proxy_min_port"`
|
||||
ProxyMaxPort *int `mapstructure:"proxy_max_port"`
|
||||
SidecarMinPort *int `mapstructure:"sidecar_min_port"`
|
||||
SidecarMaxPort *int `mapstructure:"sidecar_max_port"`
|
||||
ExposeMinPort *int `mapstructure:"expose_min_port"`
|
||||
ExposeMaxPort *int `mapstructure:"expose_max_port"`
|
||||
|
||||
// Deprecated: replaced by XDS
|
||||
GRPC *int `mapstructure:"grpc"`
|
||||
}
|
||||
|
||||
type UnixSocket struct {
|
||||
|
@ -53,7 +53,8 @@ func AddFlags(fs *flag.FlagSet, f *LoadOpts) {
|
||||
add(&f.FlagValues.EnableLocalScriptChecks, "enable-local-script-checks", "Enables health check scripts from configuration file.")
|
||||
add(&f.FlagValues.HTTPConfig.AllowWriteHTTPFrom, "allow-write-http-from", "Only allow write endpoint calls from given network. CIDR format, can be specified multiple times.")
|
||||
add(&f.FlagValues.EncryptKey, "encrypt", "Provides the gossip encryption key.")
|
||||
add(&f.FlagValues.Ports.GRPC, "grpc-port", "Sets the gRPC API port to listen on (currently needed for Envoy xDS only).")
|
||||
add(&f.FlagValues.Ports.XDS, "grpc-port", "Deprecated, use xds-port")
|
||||
add(&f.FlagValues.Ports.XDS, "xds-port", "Sets the xDS gRPC port to listen on (used by Envoy proxies).")
|
||||
add(&f.FlagValues.Ports.HTTP, "http-port", "Sets the HTTP API port to listen on.")
|
||||
add(&f.FlagValues.Ports.HTTPS, "https-port", "Sets the HTTPS API port to listen on.")
|
||||
add(&f.FlagValues.StartJoinAddrsLAN, "join", "Address of an agent to join at start time. Can be specified multiple times.")
|
||||
|
@ -49,7 +49,7 @@ func TestAddFlags_WithParse(t *testing.T) {
|
||||
},
|
||||
{
|
||||
args: []string{`-grpc-port`, `1`},
|
||||
expected: LoadOpts{FlagValues: Config{Ports: Ports{GRPC: pInt(1)}}},
|
||||
expected: LoadOpts{FlagValues: Config{Ports: Ports{XDS: pInt(1)}}},
|
||||
},
|
||||
{
|
||||
args: []string{`-http-port`, `1`},
|
||||
|
@ -715,27 +715,27 @@ type RuntimeConfig struct {
|
||||
// hcl: encrypt_verify_outgoing = (true|false)
|
||||
EncryptVerifyOutgoing bool
|
||||
|
||||
// GRPCPort is the port the gRPC server listens on. Currently this only
|
||||
// XDSPort is the port the xDS gRPC server listens on. This port only
|
||||
// exposes the xDS and ext_authz APIs for Envoy and it is disabled by default.
|
||||
//
|
||||
// hcl: ports { grpc = int }
|
||||
// flags: -grpc-port int
|
||||
GRPCPort int
|
||||
// hcl: ports { xds = int }
|
||||
// flags: -xds-port int
|
||||
XDSPort int
|
||||
|
||||
// GRPCAddrs contains the list of TCP addresses and UNIX sockets the gRPC
|
||||
// server will bind to. If the gRPC endpoint is disabled (ports.grpc <= 0)
|
||||
// XDSAddrs contains the list of TCP addresses and UNIX sockets the xDS gRPC
|
||||
// server will bind to. If the xDS endpoint is disabled (ports.xds <= 0)
|
||||
// the list is empty.
|
||||
//
|
||||
// The addresses are taken from 'addresses.grpc' which should contain a
|
||||
// The addresses are taken from 'addresses.xds' which should contain a
|
||||
// space separated list of ip addresses, UNIX socket paths and/or
|
||||
// go-sockaddr templates. UNIX socket paths must be written as
|
||||
// 'unix://<full path>', e.g. 'unix:///var/run/consul-grpc.sock'.
|
||||
// 'unix://<full path>', e.g. 'unix:///var/run/consul-xds.sock'.
|
||||
//
|
||||
// If 'addresses.grpc' was not provided the 'client_addr' addresses are
|
||||
// If 'addresses.xds' was not provided the 'client_addr' addresses are
|
||||
// used.
|
||||
//
|
||||
// hcl: client_addr = string addresses { grpc = string } ports { grpc = int }
|
||||
GRPCAddrs []net.Addr
|
||||
// hcl: client_addr = string addresses { xds = string } ports { xds = int }
|
||||
XDSAddrs []net.Addr
|
||||
|
||||
// HTTPAddrs contains the list of TCP addresses and UNIX sockets the HTTP
|
||||
// server will bind to. If the HTTP endpoint is disabled (ports.http <= 0)
|
||||
|
@ -342,8 +342,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
|
||||
rt.GossipWANProbeTimeout = 100 * time.Millisecond
|
||||
rt.GossipWANSuspicionMult = 3
|
||||
rt.ConsulServerHealthInterval = 10 * time.Millisecond
|
||||
rt.GRPCPort = 8502
|
||||
rt.GRPCAddrs = []net.Addr{tcpAddr("127.0.0.1:8502")}
|
||||
rt.XDSPort = 8502
|
||||
rt.XDSAddrs = []net.Addr{tcpAddr("127.0.0.1:8502")}
|
||||
rt.RPCConfig.EnableStreaming = true
|
||||
},
|
||||
})
|
||||
@ -1056,8 +1056,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
|
||||
rt.HTTPAddrs = []net.Addr{tcpAddr("0.0.0.0:2")}
|
||||
rt.HTTPSPort = 3
|
||||
rt.HTTPSAddrs = []net.Addr{tcpAddr("0.0.0.0:3")}
|
||||
rt.GRPCPort = 4
|
||||
rt.GRPCAddrs = []net.Addr{tcpAddr("0.0.0.0:4")}
|
||||
rt.XDSPort = 4
|
||||
rt.XDSAddrs = []net.Addr{tcpAddr("0.0.0.0:4")}
|
||||
rt.DataDir = dataDir
|
||||
},
|
||||
})
|
||||
@ -1129,8 +1129,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
|
||||
rt.HTTPAddrs = []net.Addr{tcpAddr("2.2.2.2:2")}
|
||||
rt.HTTPSPort = 3
|
||||
rt.HTTPSAddrs = []net.Addr{tcpAddr("3.3.3.3:3")}
|
||||
rt.GRPCPort = 4
|
||||
rt.GRPCAddrs = []net.Addr{tcpAddr("4.4.4.4:4")}
|
||||
rt.XDSPort = 4
|
||||
rt.XDSAddrs = []net.Addr{tcpAddr("4.4.4.4:4")}
|
||||
rt.DataDir = dataDir
|
||||
},
|
||||
})
|
||||
@ -1153,8 +1153,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
|
||||
rt.HTTPAddrs = []net.Addr{tcpAddr("1.2.3.4:2"), tcpAddr("[2001:db8::1]:2")}
|
||||
rt.HTTPSPort = 3
|
||||
rt.HTTPSAddrs = []net.Addr{tcpAddr("1.2.3.4:3"), tcpAddr("[2001:db8::1]:3")}
|
||||
rt.GRPCPort = 4
|
||||
rt.GRPCAddrs = []net.Addr{tcpAddr("1.2.3.4:4"), tcpAddr("[2001:db8::1]:4")}
|
||||
rt.XDSPort = 4
|
||||
rt.XDSAddrs = []net.Addr{tcpAddr("1.2.3.4:4"), tcpAddr("[2001:db8::1]:4")}
|
||||
rt.DataDir = dataDir
|
||||
},
|
||||
})
|
||||
@ -1189,8 +1189,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
|
||||
rt.HTTPAddrs = []net.Addr{tcpAddr("2.2.2.2:2"), unixAddr("unix://http"), tcpAddr("[2001:db8::20]:2")}
|
||||
rt.HTTPSPort = 3
|
||||
rt.HTTPSAddrs = []net.Addr{tcpAddr("3.3.3.3:3"), unixAddr("unix://https"), tcpAddr("[2001:db8::30]:3")}
|
||||
rt.GRPCPort = 4
|
||||
rt.GRPCAddrs = []net.Addr{tcpAddr("4.4.4.4:4"), unixAddr("unix://grpc"), tcpAddr("[2001:db8::40]:4")}
|
||||
rt.XDSPort = 4
|
||||
rt.XDSAddrs = []net.Addr{tcpAddr("4.4.4.4:4"), unixAddr("unix://grpc"), tcpAddr("[2001:db8::40]:4")}
|
||||
rt.DataDir = dataDir
|
||||
},
|
||||
})
|
||||
@ -5458,8 +5458,8 @@ func TestLoad_FullConfig(t *testing.T) {
|
||||
EncryptKey: "A4wELWqH",
|
||||
EncryptVerifyIncoming: true,
|
||||
EncryptVerifyOutgoing: true,
|
||||
GRPCPort: 4881,
|
||||
GRPCAddrs: []net.Addr{tcpAddr("32.31.61.91:4881")},
|
||||
XDSPort: 4881,
|
||||
XDSAddrs: []net.Addr{tcpAddr("32.31.61.91:4881")},
|
||||
HTTPAddrs: []net.Addr{tcpAddr("83.39.91.39:7999")},
|
||||
HTTPBlockEndpoints: []string{"RBvAFcGD", "fWOWFznh"},
|
||||
AllowWriteHTTPFrom: []*net.IPNet{cidr("127.0.0.0/8"), cidr("22.33.44.55/32"), cidr("0.0.0.0/0")},
|
||||
|
@ -182,8 +182,6 @@
|
||||
"EnterpriseRuntimeConfig": {},
|
||||
"ExposeMaxPort": 0,
|
||||
"ExposeMinPort": 0,
|
||||
"GRPCAddrs": [],
|
||||
"GRPCPort": 0,
|
||||
"GossipLANGossipInterval": "0s",
|
||||
"GossipLANGossipNodes": 0,
|
||||
"GossipLANProbeInterval": "0s",
|
||||
@ -410,5 +408,7 @@
|
||||
"VerifyServerHostname": false,
|
||||
"Version": "",
|
||||
"VersionPrerelease": "",
|
||||
"Watches": []
|
||||
"Watches": [],
|
||||
"XDSAddrs": [],
|
||||
"XDSPort": 0
|
||||
}
|
@ -543,14 +543,15 @@ func tokenFromContext(ctx context.Context) string {
|
||||
return ""
|
||||
}
|
||||
|
||||
// GRPCServer returns a server instance that can handle xDS requests.
|
||||
func (s *Server) GRPCServer(tlsConfigurator *tlsutil.Configurator) (*grpc.Server, error) {
|
||||
// NewGRPCServer creates a grpc.Server, registers the Server, and then returns
|
||||
// the grpc.Server.
|
||||
func NewGRPCServer(s *Server, tlsConfigurator *tlsutil.Configurator) *grpc.Server {
|
||||
opts := []grpc.ServerOption{
|
||||
grpc.MaxConcurrentStreams(2048),
|
||||
}
|
||||
if tlsConfigurator != nil {
|
||||
if tlsConfigurator.Cert() != nil {
|
||||
creds := credentials.NewTLS(tlsConfigurator.IncomingGRPCConfig())
|
||||
creds := credentials.NewTLS(tlsConfigurator.IncomingXDSConfig())
|
||||
opts = append(opts, grpc.Creds(creds))
|
||||
}
|
||||
}
|
||||
@ -560,8 +561,7 @@ func (s *Server) GRPCServer(tlsConfigurator *tlsutil.Configurator) (*grpc.Server
|
||||
if !s.DisableV2Protocol {
|
||||
envoy_discovery_v2.RegisterAggregatedDiscoveryServiceServer(srv, &adsServerV2Shim{srv: s})
|
||||
}
|
||||
|
||||
return srv, nil
|
||||
return srv
|
||||
}
|
||||
|
||||
func (s *Server) checkStreamACLs(streamCtx context.Context, cfgSnap *proxycfg.ConfigSnapshot) error {
|
||||
|
@ -200,8 +200,8 @@ func (c *cmd) run(args []string) int {
|
||||
}
|
||||
ui.Info(fmt.Sprintf(" Datacenter: '%s' (Segment: '%s')", config.Datacenter, segment))
|
||||
ui.Info(fmt.Sprintf(" Server: %v (Bootstrap: %v)", config.ServerMode, config.Bootstrap))
|
||||
ui.Info(fmt.Sprintf(" Client Addr: %v (HTTP: %d, HTTPS: %d, gRPC: %d, DNS: %d)", config.ClientAddrs,
|
||||
config.HTTPPort, config.HTTPSPort, config.GRPCPort, config.DNSPort))
|
||||
ui.Info(fmt.Sprintf(" Client Addr: %v (HTTP: %d, HTTPS: %d, xDS: %d, DNS: %d)", config.ClientAddrs,
|
||||
config.HTTPPort, config.HTTPSPort, config.XDSPort, config.DNSPort))
|
||||
ui.Info(fmt.Sprintf(" Cluster Addr: %v (LAN: %d, WAN: %d)", config.AdvertiseAddrLAN,
|
||||
config.SerfPortLAN, config.SerfPortWAN))
|
||||
ui.Info(fmt.Sprintf(" Encrypt: Gossip: %v, TLS-Outgoing: %v, TLS-Incoming: %v, Auto-Encrypt-TLS: %t",
|
||||
|
@ -426,7 +426,7 @@ func (c *cmd) templateArgs() (*BootstrapTplArgs, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
grpcAddr, err := c.grpcAddress(httpCfg)
|
||||
xdsAddr, err := c.xdsAddress(httpCfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -471,7 +471,7 @@ func (c *cmd) templateArgs() (*BootstrapTplArgs, error) {
|
||||
caPEM = strings.Replace(strings.Join(pems, ""), "\n", "\\n", -1)
|
||||
|
||||
return &BootstrapTplArgs{
|
||||
GRPC: grpcAddr,
|
||||
GRPC: xdsAddr,
|
||||
ProxyCluster: cluster,
|
||||
ProxyID: c.proxyID,
|
||||
ProxySourceService: proxySourceService,
|
||||
@ -554,13 +554,12 @@ func (c *cmd) generateConfig() ([]byte, error) {
|
||||
}
|
||||
|
||||
// TODO: make method a function
|
||||
func (c *cmd) grpcAddress(httpCfg *api.Config) (GRPC, error) {
|
||||
func (c *cmd) xdsAddress(httpCfg *api.Config) (GRPC, error) {
|
||||
g := GRPC{}
|
||||
|
||||
addr := c.grpcAddr
|
||||
// See if we need to lookup grpcAddr
|
||||
if addr == "" {
|
||||
port, err := c.lookupGRPCPort()
|
||||
port, err := c.lookupXDSPort()
|
||||
if err != nil {
|
||||
c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))
|
||||
}
|
||||
@ -618,11 +617,25 @@ func (c *cmd) grpcAddress(httpCfg *api.Config) (GRPC, error) {
|
||||
return g, nil
|
||||
}
|
||||
|
||||
func (c *cmd) lookupGRPCPort() (int, error) {
|
||||
func (c *cmd) lookupXDSPort() (int, error) {
|
||||
self, err := c.client.Agent().Self()
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
||||
type response struct {
|
||||
XDS struct {
|
||||
Port int
|
||||
}
|
||||
}
|
||||
|
||||
var resp response
|
||||
if err := mapstructure.Decode(self, &resp); err == nil && resp.XDS.Port != 0 {
|
||||
return resp.XDS.Port, nil
|
||||
}
|
||||
|
||||
// Fallback to old API for the case where a new consul CLI is being used with
|
||||
// an older API version.
|
||||
cfg, ok := self["DebugConfig"]
|
||||
if !ok {
|
||||
return 0, fmt.Errorf("unexpected agent response: no debug config")
|
||||
|
@ -111,7 +111,8 @@ type generateConfigTestCase struct {
|
||||
Files map[string]string
|
||||
ProxyConfig map[string]interface{}
|
||||
NamespacesEnabled bool
|
||||
GRPCPort int // only used for testing custom-configured grpc port
|
||||
XDSPort int // only used for testing custom-configured grpc port
|
||||
AgentSelf110 bool // fake the agent API from versions v1.10 and earlier
|
||||
WantArgs BootstrapTplArgs
|
||||
WantErr string
|
||||
}
|
||||
@ -356,9 +357,35 @@ func TestGenerateConfig(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
Name: "grpc-addr-config",
|
||||
Flags: []string{"-proxy-id", "test-proxy"},
|
||||
GRPCPort: 9999,
|
||||
Name: "xds-addr-config",
|
||||
Flags: []string{"-proxy-id", "test-proxy"},
|
||||
XDSPort: 9999,
|
||||
WantArgs: BootstrapTplArgs{
|
||||
EnvoyVersion: defaultEnvoyVersion,
|
||||
ProxyCluster: "test-proxy",
|
||||
ProxyID: "test-proxy",
|
||||
// We don't know this til after the lookup so it will be empty in the
|
||||
// initial args call we are testing here.
|
||||
ProxySourceService: "",
|
||||
// Should resolve IP, note this might not resolve the same way
|
||||
// everywhere which might make this test brittle but not sure what else
|
||||
// to do.
|
||||
GRPC: GRPC{
|
||||
AgentAddress: "127.0.0.1",
|
||||
AgentPort: "9999",
|
||||
},
|
||||
AdminAccessLogPath: "/dev/null",
|
||||
AdminBindAddress: "127.0.0.1",
|
||||
AdminBindPort: "19000",
|
||||
LocalAgentClusterName: xds.LocalAgentClusterName,
|
||||
PrometheusScrapePath: "/metrics",
|
||||
},
|
||||
},
|
||||
{
|
||||
Name: "deprecated-grpc-addr-config",
|
||||
Flags: []string{"-proxy-id", "test-proxy"},
|
||||
XDSPort: 9999,
|
||||
AgentSelf110: true,
|
||||
WantArgs: BootstrapTplArgs{
|
||||
EnvoyVersion: defaultEnvoyVersion,
|
||||
ProxyCluster: "test-proxy",
|
||||
@ -860,7 +887,7 @@ func TestGenerateConfig(t *testing.T) {
|
||||
|
||||
// Run a mock agent API that just always returns the proxy config in the
|
||||
// test.
|
||||
srv := httptest.NewServer(testMockAgent(tc.ProxyConfig, tc.GRPCPort, tc.NamespacesEnabled))
|
||||
srv := httptest.NewServer(testMockAgent(tc))
|
||||
defer srv.Close()
|
||||
client, err := api.NewClient(&api.Config{Address: srv.URL})
|
||||
require.NoError(err)
|
||||
@ -1005,29 +1032,23 @@ func TestEnvoy_GatewayRegistration(t *testing.T) {
|
||||
// testMockAgent combines testMockAgentProxyConfig and testMockAgentSelf,
|
||||
// routing /agent/service/... requests to testMockAgentProxyConfig and
|
||||
// routing /agent/self requests to testMockAgentSelf.
|
||||
func testMockAgent(agentCfg map[string]interface{}, grpcPort int, namespacesEnabled bool) http.HandlerFunc {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if strings.Contains(r.URL.Path, "/agent/services") {
|
||||
testMockAgentGatewayConfig(namespacesEnabled)(w, r)
|
||||
return
|
||||
func testMockAgent(tc generateConfigTestCase) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
switch {
|
||||
case strings.Contains(r.URL.Path, "/agent/services"):
|
||||
testMockAgentGatewayConfig(tc.NamespacesEnabled)(w, r)
|
||||
case strings.Contains(r.URL.Path, "/agent/service"):
|
||||
testMockAgentProxyConfig(tc.ProxyConfig, tc.NamespacesEnabled)(w, r)
|
||||
case strings.Contains(r.URL.Path, "/agent/self"):
|
||||
testMockAgentSelf(tc.XDSPort, tc.AgentSelf110)(w, r)
|
||||
default:
|
||||
http.NotFound(w, r)
|
||||
}
|
||||
|
||||
if strings.Contains(r.URL.Path, "/agent/service") {
|
||||
testMockAgentProxyConfig(agentCfg, namespacesEnabled)(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
if strings.Contains(r.URL.Path, "/agent/self") {
|
||||
testMockAgentSelf(grpcPort)(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
http.NotFound(w, r)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func testMockAgentGatewayConfig(namespacesEnabled bool) http.HandlerFunc {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// Parse the proxy-id from the end of the URL (blindly assuming it's correct
|
||||
// format)
|
||||
params := r.URL.Query()
|
||||
@ -1061,7 +1082,7 @@ func testMockAgentGatewayConfig(namespacesEnabled bool) http.HandlerFunc {
|
||||
return
|
||||
}
|
||||
w.Write(cfgJSON)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func namespaceFromQuery(r *http.Request) string {
|
||||
@ -1074,7 +1095,7 @@ func namespaceFromQuery(r *http.Request) string {
|
||||
}
|
||||
|
||||
func testMockAgentProxyConfig(cfg map[string]interface{}, namespacesEnabled bool) http.HandlerFunc {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// Parse the proxy-id from the end of the URL (blindly assuming it's correct
|
||||
// format)
|
||||
proxyID := strings.TrimPrefix(r.URL.Path, "/v1/agent/service/")
|
||||
@ -1103,7 +1124,7 @@ func testMockAgentProxyConfig(cfg map[string]interface{}, namespacesEnabled bool
|
||||
return
|
||||
}
|
||||
w.Write(cfgJSON)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestEnvoyCommand_canBindInternal(t *testing.T) {
|
||||
@ -1203,16 +1224,21 @@ func TestEnvoyCommand_canBindInternal(t *testing.T) {
|
||||
}
|
||||
|
||||
// testMockAgentSelf returns an empty /v1/agent/self response except GRPC
|
||||
// port is filled in to match the given wantGRPCPort argument.
|
||||
func testMockAgentSelf(wantGRPCPort int) http.HandlerFunc {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
// port is filled in to match the given wantXDSPort argument.
|
||||
func testMockAgentSelf(wantXDSPort int, agentSelf110 bool) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
resp := agent.Self{
|
||||
Config: map[string]interface{}{
|
||||
"Datacenter": "dc1",
|
||||
},
|
||||
DebugConfig: map[string]interface{}{
|
||||
"GRPCPort": wantGRPCPort,
|
||||
},
|
||||
}
|
||||
|
||||
if agentSelf110 {
|
||||
resp.DebugConfig = map[string]interface{}{
|
||||
"GRPCPort": wantXDSPort,
|
||||
}
|
||||
} else {
|
||||
resp.XDS = &agent.XDSSelf{Port: wantXDSPort}
|
||||
}
|
||||
|
||||
selfJSON, err := json.Marshal(resp)
|
||||
@ -1222,5 +1248,5 @@ func testMockAgentSelf(wantGRPCPort int) http.HandlerFunc {
|
||||
return
|
||||
}
|
||||
w.Write(selfJSON)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
180
command/connect/envoy/testdata/xds-addr-config.golden
vendored
Normal file
180
command/connect/envoy/testdata/xds-addr-config.golden
vendored
Normal file
@ -0,0 +1,180 @@
|
||||
{
|
||||
"admin": {
|
||||
"access_log_path": "/dev/null",
|
||||
"address": {
|
||||
"socket_address": {
|
||||
"address": "127.0.0.1",
|
||||
"port_value": 19000
|
||||
}
|
||||
}
|
||||
},
|
||||
"node": {
|
||||
"cluster": "test-proxy",
|
||||
"id": "test-proxy",
|
||||
"metadata": {
|
||||
"namespace": "default",
|
||||
"envoy_version": "1.18.3"
|
||||
}
|
||||
},
|
||||
"static_resources": {
|
||||
"clusters": [
|
||||
{
|
||||
"name": "local_agent",
|
||||
"ignore_health_on_host_removal": false,
|
||||
"connect_timeout": "1s",
|
||||
"type": "STATIC",
|
||||
"http2_protocol_options": {},
|
||||
"loadAssignment": {
|
||||
"clusterName": "local_agent",
|
||||
"endpoints": [
|
||||
{
|
||||
"lbEndpoints": [
|
||||
{
|
||||
"endpoint": {
|
||||
"address": {
|
||||
"socket_address": {
|
||||
"address": "127.0.0.1",
|
||||
"port_value": 9999
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"stats_config": {
|
||||
"stats_tags": [
|
||||
{
|
||||
"regex": "^cluster\\.(?:passthrough~)?((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.destination.custom_hash"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.destination.service_subset"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.destination.service"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.destination.namespace"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.destination.datacenter"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.destination.routing_type"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)",
|
||||
"tag_name": "consul.destination.trust_domain"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.destination.target"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)",
|
||||
"tag_name": "consul.destination.full_target"
|
||||
},
|
||||
{
|
||||
"regex": "^(?:tcp|http)\\.upstream\\.(([^.]+)(?:\\.[^.]+)?\\.[^.]+\\.)",
|
||||
"tag_name": "consul.upstream.service"
|
||||
},
|
||||
{
|
||||
"regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.[^.]+)?\\.([^.]+)\\.)",
|
||||
"tag_name": "consul.upstream.datacenter"
|
||||
},
|
||||
{
|
||||
"regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.([^.]+))?\\.[^.]+\\.)",
|
||||
"tag_name": "consul.upstream.namespace"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.custom_hash"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.service_subset"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.service"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.namespace"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.datacenter"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.routing_type"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)",
|
||||
"tag_name": "consul.trust_domain"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
|
||||
"tag_name": "consul.target"
|
||||
},
|
||||
{
|
||||
"regex": "^cluster\\.(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)",
|
||||
"tag_name": "consul.full_target"
|
||||
},
|
||||
{
|
||||
"tag_name": "local_cluster",
|
||||
"fixed_value": "test-proxy"
|
||||
},
|
||||
{
|
||||
"tag_name": "consul.source.service",
|
||||
"fixed_value": "test-proxy"
|
||||
},
|
||||
{
|
||||
"tag_name": "consul.source.namespace",
|
||||
"fixed_value": "default"
|
||||
},
|
||||
{
|
||||
"tag_name": "consul.source.datacenter",
|
||||
"fixed_value": "dc1"
|
||||
}
|
||||
],
|
||||
"use_all_default_tags": true
|
||||
},
|
||||
"dynamic_resources": {
|
||||
"lds_config": {
|
||||
"ads": {},
|
||||
"resource_api_version": "V3"
|
||||
},
|
||||
"cds_config": {
|
||||
"ads": {},
|
||||
"resource_api_version": "V3"
|
||||
},
|
||||
"ads_config": {
|
||||
"api_type": "DELTA_GRPC",
|
||||
"transport_api_version": "V3",
|
||||
"grpc_services": {
|
||||
"initial_metadata": [
|
||||
{
|
||||
"key": "x-consul-token",
|
||||
"value": ""
|
||||
}
|
||||
],
|
||||
"envoy_grpc": {
|
||||
"cluster_name": "local_agent"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -604,9 +604,9 @@ func (c *Configurator) VerifyServerHostname() bool {
|
||||
return c.base.VerifyServerHostname || c.autoTLS.verifyServerHostname
|
||||
}
|
||||
|
||||
// IncomingGRPCConfig generates a *tls.Config for incoming GRPC connections.
|
||||
func (c *Configurator) IncomingGRPCConfig() *tls.Config {
|
||||
c.log("IncomingGRPCConfig")
|
||||
// IncomingXDSConfig generates a *tls.Config for incoming xDS connections.
|
||||
func (c *Configurator) IncomingXDSConfig() *tls.Config {
|
||||
c.log("IncomingXDSConfig")
|
||||
|
||||
// false has the effect that this config doesn't require a client cert
|
||||
// verification. This is because there is no verify_incoming_grpc
|
||||
@ -615,7 +615,7 @@ func (c *Configurator) IncomingGRPCConfig() *tls.Config {
|
||||
// effect on the grpc server.
|
||||
config := c.commonTLSConfig(false)
|
||||
config.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {
|
||||
return c.IncomingGRPCConfig(), nil
|
||||
return c.IncomingXDSConfig(), nil
|
||||
}
|
||||
return config
|
||||
}
|
||||
|
@ -242,8 +242,12 @@ The options below are all specified on the command-line.
|
||||
If it is provided after Consul has been initialized with an encryption key, then
|
||||
the provided key is ignored and a warning will be displayed.
|
||||
|
||||
- `-grpc-port` ((#\_grpc_port)) - the gRPC API port to listen on. Default
|
||||
-1 (gRPC disabled). See [ports](#ports) documentation for more detail.
|
||||
- `-xds-port` - the xDS gRPC port to listen on. Default
|
||||
-1 (disabled). See [ports](#ports) documentation for more detail.
|
||||
|
||||
- `-grpc-port` ((#\_grpc_port)) - Deprecated, use `-xds-port` instead.
|
||||
The xDS gRPC port to listen on. Default
|
||||
-1 (disabled). See [ports](#ports) documentation for more detail.
|
||||
|
||||
- `-hcl` ((#\_hcl)) - A HCL configuration fragment. This HCL configuration
|
||||
fragment is appended to the configuration and allows to specify the full range
|
||||
@ -776,7 +780,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
||||
bind addresses. In Consul 1.0 and later these can be set to a space-separated list
|
||||
of addresses to bind to, or a [go-sockaddr](https://godoc.org/github.com/hashicorp/go-sockaddr/template) template that can potentially resolve to multiple addresses.
|
||||
|
||||
`http`, `https` and `grpc` all support binding to a Unix domain socket. A
|
||||
`http`, `https` and `xds` all support binding to a Unix domain socket. A
|
||||
socket can be specified in the form `unix:///path/to/socket`. A new domain
|
||||
socket will be created at the given path. If the specified file path already
|
||||
exists, Consul will attempt to clear the file and create the domain socket
|
||||
@ -797,7 +801,8 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
||||
- `dns` - The DNS server. Defaults to `client_addr`
|
||||
- `http` - The HTTP API. Defaults to `client_addr`
|
||||
- `https` - The HTTPS API. Defaults to `client_addr`
|
||||
- `grpc` - The gRPC API. Defaults to `client_addr`
|
||||
- `xds` - The xDS gRPC API. Defaults to `client_addr`
|
||||
- `grpc` - Deprecated: use `xds` instead. The xDS gRPC API. Defaults to `client_addr`
|
||||
|
||||
- `advertise_addr` Equivalent to the [`-advertise` command-line flag](#_advertise).
|
||||
|
||||
@ -1671,10 +1676,16 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
|
||||
- `https` ((#https_port)) - The HTTPS API, -1 to disable. Default -1
|
||||
(disabled). **We recommend using `8501`** for `https` by convention as some tooling
|
||||
will work automatically with this.
|
||||
- `grpc` ((#grpc_port)) - The gRPC API, -1 to disable. Default -1 (disabled).
|
||||
**We recommend using `8502`** for `grpc` by convention as some tooling will work
|
||||
- `xds` - The xDS gRPC API, -1 to disable. Default -1 (disabled).
|
||||
**We recommend using `8502`** for `xds` by convention as some tooling will work
|
||||
automatically with this. This is set to `8502` by default when the agent runs
|
||||
in `-dev` mode. Currently gRPC is only used to expose Envoy xDS API to Envoy
|
||||
in `-dev` mode. Currently xDS is only used to expose Envoy xDS API to Envoy
|
||||
proxies.
|
||||
- `grpc` ((#grpc_port)) - Deprecated: use `xds` instead.
|
||||
The xDS gRPC API, -1 to disable. Default -1 (disabled).
|
||||
**We recommend using `8502`** for `xds` by convention as some tooling will work
|
||||
automatically with this. This is set to `8502` by default when the agent runs
|
||||
in `-dev` mode. Currently xDS is only used to expose Envoy xDS API to Envoy
|
||||
proxies.
|
||||
- `serf_lan` ((#serf_lan_port)) - The Serf LAN port. Default 8301. TCP
|
||||
and UDP. Equivalent to the [`-serf-lan-port` command line flag](#_serf_lan_port).
|
||||
|
Loading…
x
Reference in New Issue
Block a user