Add http2 and grpc support to ingress gateways (#8458)

This commit is contained in:
Jack 2020-08-27 15:34:08 -06:00 committed by GitHub
parent 74d5df7c7a
commit 9e1c6727f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 104 additions and 7 deletions

3
.changelog/8458.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
connect: Add support for http2 and grpc to ingress gateways
```

View File

@ -38,7 +38,7 @@ type IngressListener struct {
// Protocol declares what type of traffic this listener is expected to
// receive. Depending on the protocol, a listener might support multiplexing
// services over a single port, or additional discovery chain features. The
// current supported values are: (tcp | http).
// current supported values are: (tcp | http | http2 | grpc).
Protocol string
// Services declares the set of services to which the listener forwards
@ -122,8 +122,10 @@ func (e *IngressGatewayConfigEntry) Normalize() error {
func (e *IngressGatewayConfigEntry) Validate() error {
validProtocols := map[string]bool{
"http": true,
"tcp": true,
"http": true,
"http2": true,
"grpc": true,
}
declaredPorts := make(map[int]bool)
@ -134,7 +136,7 @@ func (e *IngressGatewayConfigEntry) Validate() error {
declaredPorts[listener.Port] = true
if _, ok := validProtocols[listener.Protocol]; !ok {
return fmt.Errorf("Protocol must be either 'http' or 'tcp', '%s' is an unsupported protocol.", listener.Protocol)
return fmt.Errorf("protocol must be 'tcp', 'http', 'http2', or 'grpc'. '%s' is an unsupported protocol", listener.Protocol)
}
if len(listener.Services) == 0 {

View File

@ -326,7 +326,7 @@ func TestIngressConfigEntry_Validate(t *testing.T) {
},
},
},
expectErr: "Protocol must be either 'http' or 'tcp', 'asdf' is an unsupported protocol.",
expectErr: "protocol must be 'tcp', 'http', 'http2', or 'grpc'. 'asdf' is an unsupported protocol",
},
{
name: "hosts cannot be set on a tcp listener",

View File

@ -44,7 +44,7 @@ type IngressListener struct {
// Protocol declares what type of traffic this listener is expected to
// receive. Depending on the protocol, a listener might support multiplexing
// services over a single port, or additional discovery chain features. The
// current supported values are: (tcp | http).
// current supported values are: (tcp | http | http2 | grpc).
Protocol string
// Services declares the set of services to which the listener forwards

View File

@ -0,0 +1,3 @@
#!/bin/bash
snapshot_envoy_admin localhost:20000 ingress-gateway primary || true

View File

@ -0,0 +1,26 @@
enable_central_service_config = true
config_entries {
bootstrap {
kind = "service-defaults"
name = "s1"
protocol = "grpc"
}
bootstrap {
kind = "ingress-gateway"
name = "ingress-gateway"
listeners = [
{
port = 9999
protocol = "grpc"
services = [
{
name = "s1"
hosts = ["localhost:9999"]
}
]
}
]
}
}

View File

@ -0,0 +1,4 @@
services {
name = "ingress-gateway"
kind = "ingress-gateway"
}

View File

@ -0,0 +1,13 @@
services {
name = "s1"
port = 8079
connect {
sidecar_service {
proxy {
config {
protocol = "grpc"
}
}
}
}
}

View File

@ -0,0 +1,10 @@
#!/bin/bash
set -euo pipefail
# wait for bootstrap to apply config entries
wait_for_config_entry ingress-gateway ingress-gateway
gen_envoy_bootstrap ingress-gateway 20000 primary true
gen_envoy_bootstrap s1 19000
gen_envoy_bootstrap s2 19001

View File

@ -0,0 +1,3 @@
#!/bin/bash
export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"

View File

@ -0,0 +1,32 @@
#!/usr/bin/env bats
load helpers
@test "ingress proxy admin is up on :20000" {
retry_default curl -f -s localhost:20000/stats -o /dev/null
}
@test "s1 proxy admin is up on :19000" {
retry_default curl -f -s localhost:19000/stats -o /dev/null
}
@test "s2 proxy admin is up on :19001" {
retry_default curl -f -s localhost:19001/stats -o /dev/null
}
@test "s1 proxy listener should be up and have right cert" {
assert_proxy_presents_cert_uri localhost:21000 s1
}
@test "ingress-gateway should have healthy endpoints for s1" {
assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1
}
@test "ingress should be able to connect to s1 via grpc" {
# This test also covers http2 since gRPC always uses http2
run fortio grpcping localhost:9999
echo "OUTPUT: $output"
[ "$status" == 0 ]
}

View File

@ -33,6 +33,7 @@ func TestEnvoy(t *testing.T) {
"case-http",
"case-http-badauthz",
"case-ingress-gateway-http",
"case-ingress-gateway-grpc",
"case-ingress-gateway-multiple-services",
"case-ingress-gateway-simple",
"case-ingress-gateway-tls",

View File

@ -343,7 +343,7 @@ Also make two services in the frontend namespace available over a custom port wi
- `Port` `(int: 0)` - The port that the listener should receive traffic on.
- `Protocol` `(string: "tcp")` - The protocol associated with the listener.
Either `tcp` or `http`.
One of `tcp`, `http`, `http2`, or `grpc`.
- `Services` `(array<IngressService>: <optional>)` - A list of services to be
exposed via this listener. For "tcp" listeners, only a single service is