Merge pull request #10999 from hashicorp/dnephin/revert-config-xds-port

Revert config xds_port

.changelog/10588.txt

@@ -1,4 +0,0 @@
-```release-note:deprecation
-config: the `ports.grpc` and `addresses.grpc` configuration settings have been renamed to `ports.xds` and `addresses.xds` to better match their function.
-```
-

agent/agent.go

@@ -621,7 +621,8 @@ func (a *Agent) Start(ctx context.Context) error {
 		a.apiServers.Start(srv)
 	}
 
-	if err := a.listenAndServeXDS(); err != nil {
+	// Start gRPC server.
+	if err := a.listenAndServeGRPC(); err != nil {
 		return err
 	}
 
@@ -669,8 +670,8 @@ func (a *Agent) Failed() <-chan struct{} {
 	return a.apiServers.failed
 }
 
-func (a *Agent) listenAndServeXDS() error {
-	if len(a.config.XDSAddrs) < 1 {
+func (a *Agent) listenAndServeGRPC() error {
+	if len(a.config.GRPCAddrs) < 1 {
 		return nil
 	}
 
@@ -690,9 +691,10 @@ func (a *Agent) listenAndServeXDS() error {
 	if a.config.HTTPSPort <= 0 {
 		tlsConfig = nil
 	}
+	var err error
 	a.grpcServer = xds.NewGRPCServer(xdsServer, tlsConfig)
 
-	ln, err := a.startListeners(a.config.XDSAddrs)
+	ln, err := a.startListeners(a.config.GRPCAddrs)
 	if err != nil {
 		return err
 	}

agent/agent_endpoint.go

@@ -73,7 +73,7 @@ func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (i
 			SupportedProxies: map[string][]string{
 				"envoy": proxysupport.EnvoyVersions,
 			},
-			Port: s.agent.config.XDSPort,
+			Port: s.agent.config.GRPCPort,
 		}
 	}
 
@@ -96,14 +96,9 @@ func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (i
 		Server:            s.agent.config.ServerMode,
 		Version:           s.agent.config.Version,
 	}
-	debugConfig := s.agent.config.Sanitized()
-	// Backwards compat for the envoy command. Never use DebugConfig for
-	// programmatic access to data.
-	debugConfig["GRPCPort"] = s.agent.config.XDSPort
-
 	return Self{
 		Config:      config,
-		DebugConfig: debugConfig,
+		DebugConfig: s.agent.config.Sanitized(),
 		Coord:       cs[s.agent.config.SegmentName],
 		Member:      s.agent.LocalMember(),
 		Stats:       s.agent.Stats(),

agent/config/builder.go

@@ -428,10 +428,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 	httpPort := b.portVal("ports.http", c.Ports.HTTP)
 	httpsPort := b.portVal("ports.https", c.Ports.HTTPS)
 	serverPort := b.portVal("ports.server", c.Ports.Server)
-	if c.Ports.XDS == nil {
-		c.Ports.XDS = c.Ports.GRPC
-	}
-	xdsPort := b.portVal("ports.xds", c.Ports.XDS)
+	grpcPort := b.portVal("ports.grpc", c.Ports.GRPC)
 	serfPortLAN := b.portVal("ports.serf_lan", c.Ports.SerfLAN)
 	serfPortWAN := b.portVal("ports.serf_wan", c.Ports.SerfWAN)
 	proxyMinPort := b.portVal("ports.proxy_min_port", c.Ports.ProxyMinPort)
@@ -558,10 +555,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 	dnsAddrs := b.makeAddrs(b.expandAddrs("addresses.dns", c.Addresses.DNS), clientAddrs, dnsPort)
 	httpAddrs := b.makeAddrs(b.expandAddrs("addresses.http", c.Addresses.HTTP), clientAddrs, httpPort)
 	httpsAddrs := b.makeAddrs(b.expandAddrs("addresses.https", c.Addresses.HTTPS), clientAddrs, httpsPort)
-	if c.Addresses.XDS == nil {
-		c.Addresses.XDS = c.Addresses.GRPC
-	}
-	xdsAddrs := b.makeAddrs(b.expandAddrs("addresses.xds", c.Addresses.XDS), clientAddrs, xdsPort)
+	grpcAddrs := b.makeAddrs(b.expandAddrs("addresses.grpc", c.Addresses.GRPC), clientAddrs, grpcPort)
 
 	for _, a := range dnsAddrs {
 		if x, ok := a.(*net.TCPAddr); ok {
@@ -1008,8 +1002,8 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 		EncryptKey:                 stringVal(c.EncryptKey),
 		EncryptVerifyIncoming:      boolVal(c.EncryptVerifyIncoming),
 		EncryptVerifyOutgoing:      boolVal(c.EncryptVerifyOutgoing),
-		XDSPort:                    xdsPort,
-		XDSAddrs:                   xdsAddrs,
+		GRPCPort:                   grpcPort,
+		GRPCAddrs:                  grpcAddrs,
 		HTTPMaxConnsPerClient:      intVal(c.Limits.HTTPMaxConnsPerClient),
 		HTTPSHandshakeTimeout:      b.durationVal("limits.https_handshake_timeout", c.Limits.HTTPSHandshakeTimeout),
 		KeyFile:                    stringVal(c.KeyFile),

agent/config/config.go

@@ -337,10 +337,7 @@ type Addresses struct {
 	DNS   *string `mapstructure:"dns"`
 	HTTP  *string `mapstructure:"http"`
 	HTTPS *string `mapstructure:"https"`
-	XDS   *string `mapstructure:"xds"`
-
-	// Deprecated: replaced by XDS
-	GRPC *string `mapstructure:"grpc"`
+	GRPC  *string `mapstructure:"grpc"`
 }
 
 type AdvertiseAddrsConfig struct {
@@ -693,16 +690,13 @@ type Ports struct {
 	SerfLAN        *int `mapstructure:"serf_lan"`
 	SerfWAN        *int `mapstructure:"serf_wan"`
 	Server         *int `mapstructure:"server"`
-	XDS            *int `mapstructure:"xds"`
+	GRPC           *int `mapstructure:"grpc"`
 	ProxyMinPort   *int `mapstructure:"proxy_min_port"`
 	ProxyMaxPort   *int `mapstructure:"proxy_max_port"`
 	SidecarMinPort *int `mapstructure:"sidecar_min_port"`
 	SidecarMaxPort *int `mapstructure:"sidecar_max_port"`
 	ExposeMinPort  *int `mapstructure:"expose_min_port"`
 	ExposeMaxPort  *int `mapstructure:"expose_max_port"`
-
-	// Deprecated: replaced by XDS
-	GRPC *int `mapstructure:"grpc"`
 }
 
 type UnixSocket struct {

agent/config/flags.go

@@ -53,8 +53,7 @@ func AddFlags(fs *flag.FlagSet, f *LoadOpts) {
 	add(&f.FlagValues.EnableLocalScriptChecks, "enable-local-script-checks", "Enables health check scripts from configuration file.")
 	add(&f.FlagValues.HTTPConfig.AllowWriteHTTPFrom, "allow-write-http-from", "Only allow write endpoint calls from given network. CIDR format, can be specified multiple times.")
 	add(&f.FlagValues.EncryptKey, "encrypt", "Provides the gossip encryption key.")
-	add(&f.FlagValues.Ports.XDS, "grpc-port", "Deprecated, use xds-port")
-	add(&f.FlagValues.Ports.XDS, "xds-port", "Sets the xDS gRPC port to listen on (used by Envoy proxies).")
+	add(&f.FlagValues.Ports.GRPC, "grpc-port", "Sets the gRPC API port to listen on (currently needed for Envoy xDS only).")
 	add(&f.FlagValues.Ports.HTTP, "http-port", "Sets the HTTP API port to listen on.")
 	add(&f.FlagValues.Ports.HTTPS, "https-port", "Sets the HTTPS API port to listen on.")
 	add(&f.FlagValues.StartJoinAddrsLAN, "join", "Address of an agent to join at start time. Can be specified multiple times.")

agent/config/flags_test.go

@@ -49,7 +49,7 @@ func TestAddFlags_WithParse(t *testing.T) {
 		},
 		{
 			args:     []string{`-grpc-port`, `1`},
-			expected: LoadOpts{FlagValues: Config{Ports: Ports{XDS: pInt(1)}}},
+			expected: LoadOpts{FlagValues: Config{Ports: Ports{GRPC: pInt(1)}}},
 		},
 		{
 			args:     []string{`-http-port`, `1`},

agent/config/runtime.go

@@ -675,27 +675,27 @@ type RuntimeConfig struct {
 	// hcl: encrypt_verify_outgoing = (true|false)
 	EncryptVerifyOutgoing bool
 
-	// XDSPort is the port the xDS gRPC server listens on. This port only
+	// GRPCPort is the port the gRPC server listens on. Currently this only
 	// exposes the xDS and ext_authz APIs for Envoy and it is disabled by default.
 	//
-	// hcl: ports { xds = int }
-	// flags: -xds-port int
-	XDSPort int
+	// hcl: ports { grpc = int }
+	// flags: -grpc-port int
+	GRPCPort int
 
-	// XDSAddrs contains the list of TCP addresses and UNIX sockets the xDS gRPC
-	// server will bind to. If the xDS endpoint is disabled (ports.xds <= 0)
+	// GRPCAddrs contains the list of TCP addresses and UNIX sockets the gRPC
+	// server will bind to. If the gRPC endpoint is disabled (ports.grpc <= 0)
 	// the list is empty.
 	//
-	// The addresses are taken from 'addresses.xds' which should contain a
+	// The addresses are taken from 'addresses.grpc' which should contain a
 	// space separated list of ip addresses, UNIX socket paths and/or
 	// go-sockaddr templates. UNIX socket paths must be written as
-	// 'unix://<full path>', e.g. 'unix:///var/run/consul-xds.sock'.
+	// 'unix://<full path>', e.g. 'unix:///var/run/consul-grpc.sock'.
 	//
-	// If 'addresses.xds' was not provided the 'client_addr' addresses are
+	// If 'addresses.grpc' was not provided the 'client_addr' addresses are
 	// used.
 	//
-	// hcl: client_addr = string addresses { xds = string } ports { xds = int }
-	XDSAddrs []net.Addr
+	// hcl: client_addr = string addresses { grpc = string } ports { grpc = int }
+	GRPCAddrs []net.Addr
 
 	// HTTPAddrs contains the list of TCP addresses and UNIX sockets the HTTP
 	// server will bind to. If the HTTP endpoint is disabled (ports.http <= 0)

agent/config/runtime_test.go

@@ -338,8 +338,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.GossipWANProbeTimeout = 100 * time.Millisecond
 			rt.GossipWANSuspicionMult = 3
 			rt.ConsulServerHealthInterval = 10 * time.Millisecond
-			rt.XDSPort = 8502
-			rt.XDSAddrs = []net.Addr{tcpAddr("127.0.0.1:8502")}
+			rt.GRPCPort = 8502
+			rt.GRPCAddrs = []net.Addr{tcpAddr("127.0.0.1:8502")}
 			rt.RPCConfig.EnableStreaming = true
 		},
 	})
@@ -1048,8 +1048,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.HTTPAddrs = []net.Addr{tcpAddr("0.0.0.0:2")}
 			rt.HTTPSPort = 3
 			rt.HTTPSAddrs = []net.Addr{tcpAddr("0.0.0.0:3")}
-			rt.XDSPort = 4
-			rt.XDSAddrs = []net.Addr{tcpAddr("0.0.0.0:4")}
+			rt.GRPCPort = 4
+			rt.GRPCAddrs = []net.Addr{tcpAddr("0.0.0.0:4")}
 			rt.DataDir = dataDir
 		},
 	})
@@ -1121,8 +1121,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.HTTPAddrs = []net.Addr{tcpAddr("2.2.2.2:2")}
 			rt.HTTPSPort = 3
 			rt.HTTPSAddrs = []net.Addr{tcpAddr("3.3.3.3:3")}
-			rt.XDSPort = 4
-			rt.XDSAddrs = []net.Addr{tcpAddr("4.4.4.4:4")}
+			rt.GRPCPort = 4
+			rt.GRPCAddrs = []net.Addr{tcpAddr("4.4.4.4:4")}
 			rt.DataDir = dataDir
 		},
 	})
@@ -1145,8 +1145,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.HTTPAddrs = []net.Addr{tcpAddr("1.2.3.4:2"), tcpAddr("[2001:db8::1]:2")}
 			rt.HTTPSPort = 3
 			rt.HTTPSAddrs = []net.Addr{tcpAddr("1.2.3.4:3"), tcpAddr("[2001:db8::1]:3")}
-			rt.XDSPort = 4
-			rt.XDSAddrs = []net.Addr{tcpAddr("1.2.3.4:4"), tcpAddr("[2001:db8::1]:4")}
+			rt.GRPCPort = 4
+			rt.GRPCAddrs = []net.Addr{tcpAddr("1.2.3.4:4"), tcpAddr("[2001:db8::1]:4")}
 			rt.DataDir = dataDir
 		},
 	})
@@ -1181,8 +1181,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.HTTPAddrs = []net.Addr{tcpAddr("2.2.2.2:2"), unixAddr("unix://http"), tcpAddr("[2001:db8::20]:2")}
 			rt.HTTPSPort = 3
 			rt.HTTPSAddrs = []net.Addr{tcpAddr("3.3.3.3:3"), unixAddr("unix://https"), tcpAddr("[2001:db8::30]:3")}
-			rt.XDSPort = 4
-			rt.XDSAddrs = []net.Addr{tcpAddr("4.4.4.4:4"), unixAddr("unix://grpc"), tcpAddr("[2001:db8::40]:4")}
+			rt.GRPCPort = 4
+			rt.GRPCAddrs = []net.Addr{tcpAddr("4.4.4.4:4"), unixAddr("unix://grpc"), tcpAddr("[2001:db8::40]:4")}
 			rt.DataDir = dataDir
 		},
 	})
@@ -5477,8 +5477,8 @@ func TestLoad_FullConfig(t *testing.T) {
 		EncryptKey:                             "A4wELWqH",
 		EncryptVerifyIncoming:                  true,
 		EncryptVerifyOutgoing:                  true,
-		XDSPort:                                4881,
-		XDSAddrs:                               []net.Addr{tcpAddr("32.31.61.91:4881")},
+		GRPCPort:                               4881,
+		GRPCAddrs:                              []net.Addr{tcpAddr("32.31.61.91:4881")},
 		HTTPAddrs:                              []net.Addr{tcpAddr("83.39.91.39:7999")},
 		HTTPBlockEndpoints:                     []string{"RBvAFcGD", "fWOWFznh"},
 		AllowWriteHTTPFrom:                     []*net.IPNet{cidr("127.0.0.0/8"), cidr("22.33.44.55/32"), cidr("0.0.0.0/0")},

agent/config/testdata/TestRuntimeConfig_Sanitize.golden

@@ -94,8 +94,8 @@
             "DeregisterCriticalServiceAfter": "0s",
             "DockerContainerID": "",
             "EnterpriseMeta": {},
-            "FailuresBeforeWarning": 0,
             "FailuresBeforeCritical": 0,
+            "FailuresBeforeWarning": 0,
             "GRPC": "",
             "GRPCUseTLS": false,
             "H2PING": "",
@@ -188,6 +188,8 @@
     "EnterpriseRuntimeConfig": {},
     "ExposeMaxPort": 0,
     "ExposeMinPort": 0,
+    "GRPCAddrs": [],
+    "GRPCPort": 0,
     "GossipLANGossipInterval": "0s",
     "GossipLANGossipNodes": 0,
     "GossipLANProbeInterval": "0s",
@@ -296,8 +298,8 @@
                 "CheckID": "",
                 "DeregisterCriticalServiceAfter": "0s",
                 "DockerContainerID": "",
-                "FailuresBeforeWarning": 0,
                 "FailuresBeforeCritical": 0,
+                "FailuresBeforeWarning": 0,
                 "GRPC": "",
                 "GRPCUseTLS": false,
                 "H2PING": "",
@@ -415,7 +417,5 @@
     "VerifyServerHostname": false,
     "Version": "",
     "VersionPrerelease": "",
-    "Watches": [],
-    "XDSAddrs": [],
-    "XDSPort": 0
-}
+    "Watches": []
+}

agent/xds/server.go

@@ -556,7 +556,7 @@ func NewGRPCServer(s *Server, tlsConfigurator *tlsutil.Configurator) *grpc.Serve
 	}
 	if tlsConfigurator != nil {
 		if tlsConfigurator.Cert() != nil {
-			creds := credentials.NewTLS(tlsConfigurator.IncomingXDSConfig())
+			creds := credentials.NewTLS(tlsConfigurator.IncomingGRPCConfig())
 			opts = append(opts, grpc.Creds(creds))
 		}
 	}

command/agent/agent.go

@@ -200,8 +200,8 @@ func (c *cmd) run(args []string) int {
 	}
 	ui.Info(fmt.Sprintf("    Datacenter: '%s' (Segment: '%s')", config.Datacenter, segment))
 	ui.Info(fmt.Sprintf("        Server: %v (Bootstrap: %v)", config.ServerMode, config.Bootstrap))
-	ui.Info(fmt.Sprintf("   Client Addr: %v (HTTP: %d, HTTPS: %d, xDS: %d, DNS: %d)", config.ClientAddrs,
-		config.HTTPPort, config.HTTPSPort, config.XDSPort, config.DNSPort))
+	ui.Info(fmt.Sprintf("   Client Addr: %v (HTTP: %d, HTTPS: %d, gRPC: %d, DNS: %d)", config.ClientAddrs,
+		config.HTTPPort, config.HTTPSPort, config.GRPCPort, config.DNSPort))
 	ui.Info(fmt.Sprintf("  Cluster Addr: %v (LAN: %d, WAN: %d)", config.AdvertiseAddrLAN,
 		config.SerfPortLAN, config.SerfPortWAN))
 	ui.Info(fmt.Sprintf("       Encrypt: Gossip: %v, TLS-Outgoing: %v, TLS-Incoming: %v, Auto-Encrypt-TLS: %t",

tlsutil/config.go

@@ -613,9 +613,9 @@ func (c *Configurator) VerifyServerHostname() bool {
 	return c.base.VerifyServerHostname || c.autoTLS.verifyServerHostname
 }
 
-// IncomingXDSConfig generates a *tls.Config for incoming xDS connections.
-func (c *Configurator) IncomingXDSConfig() *tls.Config {
-	c.log("IncomingXDSConfig")
+// IncomingGRPCConfig generates a *tls.Config for incoming GRPC connections.
+func (c *Configurator) IncomingGRPCConfig() *tls.Config {
+	c.log("IncomingGRPCConfig")
 
 	// false has the effect that this config doesn't require a client cert
 	// verification. This is because there is no verify_incoming_grpc
@@ -624,7 +624,7 @@ func (c *Configurator) IncomingXDSConfig() *tls.Config {
 	// effect on the grpc server.
 	config := c.commonTLSConfig(false)
 	config.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {
-		return c.IncomingXDSConfig(), nil
+		return c.IncomingGRPCConfig(), nil
 	}
 	return config
 }

website/content/docs/agent/options.mdx

@@ -239,12 +239,8 @@ The options below are all specified on the command-line.
   If it is provided after Consul has been initialized with an encryption key, then
   the provided key is ignored and a warning will be displayed.
 
-- `-xds-port` - the xDS gRPC port to listen on. Default
-  -1 (disabled). See [ports](#ports) documentation for more detail.
-
-- `-grpc-port` ((#\_grpc_port)) - **Deprecated in Consul 1.11**.
-  Use `-xds-port` instead. The xDS gRPC port to listen on. Default
-  -1 (disabled). See [ports](#ports) documentation for more detail.
+- `-grpc-port` ((#\_grpc_port)) - the gRPC API port to listen on. Default
+  -1 (gRPC disabled). See [ports](#ports) documentation for more detail.
 
 - `-hcl` ((#\_hcl)) - A HCL configuration fragment. This HCL configuration
   fragment is appended to the configuration and allows to specify the full range
@@ -786,7 +782,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
   bind addresses. In Consul 1.0 and later these can be set to a space-separated list
   of addresses to bind to, or a [go-sockaddr] template that can potentially resolve to multiple addresses.
 
-  `http`, `https` and `xds` all support binding to a Unix domain socket. A
+  `http`, `https` and `grpc` all support binding to a Unix domain socket. A
   socket can be specified in the form `unix:///path/to/socket`. A new domain
   socket will be created at the given path. If the specified file path already
   exists, Consul will attempt to clear the file and create the domain socket
@@ -807,8 +803,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
   - `dns` - The DNS server. Defaults to `client_addr`
   - `http` - The HTTP API. Defaults to `client_addr`
   - `https` - The HTTPS API. Defaults to `client_addr`
-  - `xds` - The xDS gRPC API. Defaults to `client_addr`
-  - `grpc` - **Deprecated in Consul 1.11**. Use `xds` instead. The xDS gRPC API. Defaults to `client_addr`
+  - `grpc` - The gRPC API. Defaults to `client_addr`
 
 - `advertise_addr` Equivalent to the [`-advertise` command-line flag](#_advertise).
 
@@ -1703,16 +1698,10 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
   - `https` ((#https_port)) - The HTTPS API, -1 to disable. Default -1
     (disabled). **We recommend using `8501`** for `https` by convention as some tooling
     will work automatically with this.
-  - `xds` - The xDS gRPC API, -1 to disable. Default -1 (disabled).
-    **We recommend using `8502`** for `xds` by convention as some tooling will work
+  - `grpc` ((#grpc_port)) - The gRPC API, -1 to disable. Default -1 (disabled).
+    **We recommend using `8502`** for `grpc` by convention as some tooling will work
     automatically with this. This is set to `8502` by default when the agent runs
-    in `-dev` mode. Currently xDS is only used to expose Envoy xDS API to Envoy
-    proxies.
-  - `grpc` ((#grpc_port)) - **Deprecated in Consul 1.11**. Use `xds` instead.
-    The xDS gRPC API, -1 to disable. Default -1 (disabled).
-    **We recommend using `8502`** for `xds` by convention as some tooling will work
-    automatically with this. This is set to `8502` by default when the agent runs
-    in `-dev` mode. Currently xDS is only used to expose Envoy xDS API to Envoy
+    in `-dev` mode. Currently gRPC is only used to expose Envoy xDS API to Envoy
     proxies.
   - `serf_lan` ((#serf_lan_port)) - The Serf LAN port. Default 8301. TCP
     and UDP. Equivalent to the [`-serf-lan-port` command line flag](#_serf_lan_port).