mirror of
https://github.com/status-im/consul.git
synced 2025-01-27 05:57:03 +00:00
421ecd32fc
* Add support for HTTP proxy listeners * Add customizable bootstrap configuration options * Debug logging for xDS AuthZ * Add Envoy Integration test suite with basic test coverage * Add envoy command tests to cover new cases * Add tracing integration test * Add gRPC support WIP * Merged changes from master Docker. get CI integration to work with same Dockerfile now * Make docker build optional for integration * Enable integration tests again! * http2 and grpc integration tests and fixes * Fix up command config tests * Store all container logs as artifacts in circle on fail * Add retries to outer part of stats measurements as we keep missing them in CI * Only dump logs on failing cases * Fix typos from code review * Review tidying and make tests pass again * Add debug logs to exec test. * Fix legit test failure caused by upstream rename in envoy config * Attempt to reduce cases of bad TLS handshake in CI integration tests * bring up the right service * Add prometheus integration test * Add test for denied AuthZ both HTTP and TCP * Try ANSI term for Circle
171 lines
5.8 KiB
Go
171 lines
5.8 KiB
Go
package envoy
|
|
|
|
// BootstrapTplArgs is the set of arguments that may be interpolated into the
|
|
// Envoy bootstrap template.
|
|
type BootstrapTplArgs struct {
|
|
// ProxyCluster is the cluster name for the the Envoy `node` specification and
|
|
// is typically the same as the ProxyID.
|
|
ProxyCluster string
|
|
|
|
// ProxyID is the ID of the proxy service instance as registered with the
|
|
// local Consul agent. This must be used as the Envoy `node.id` in order for
|
|
// the agent to deliver the correct configuration.
|
|
ProxyID string
|
|
|
|
// AgentAddress is the IP address of the local agent where the proxy instance
|
|
// is registered.
|
|
AgentAddress string
|
|
|
|
// AgentPort is the gRPC port exposed on the local agent.
|
|
AgentPort string
|
|
|
|
// AgentTLS is true of the local agent gRPC service should be accessed over
|
|
// TLS.
|
|
AgentTLS bool
|
|
|
|
// AgentCAFile is the CA file to use to verify the local agent gRPC service if
|
|
// TLS is enabled.
|
|
AgentCAFile string
|
|
|
|
// AdminBindAddress is the address the Envoy admin server should bind to.
|
|
AdminBindAddress string
|
|
|
|
// AdminBindPort is the port the Envoy admin server should bind to.
|
|
AdminBindPort string
|
|
|
|
// LocalAgentClusterName is the name reserved for the local Consul agent gRPC
|
|
// service and is expected to be used for that purpose.
|
|
LocalAgentClusterName string
|
|
|
|
// Token is the Consul ACL token provided which is required to make gRPC
|
|
// discovery requests. If non-empty, this must be configured as the gRPC
|
|
// service "initial_metadata" with the key "x-consul-token" in order to
|
|
// authorize the discovery streaming RPCs.
|
|
Token string
|
|
|
|
// StaticClustersJSON is JSON string, each is expected to be a valid Cluster
|
|
// definition. They are appended to the "static_resources.clusters" list. Note
|
|
// that cluster names should be chosen in such a way that they won't collide
|
|
// with service names since we use plain service names as cluster names in xDS
|
|
// to make metrics population simpler and cluster names mush be unique. See
|
|
// https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/api/v2/cds.proto.
|
|
StaticClustersJSON string
|
|
|
|
// StaticListenersJSON is a JSON string containing zero or more Listener
|
|
// definitions. They are appended to the "static_resources.listeners" list. A
|
|
// single listener should be given as a plain object, if more than one is to
|
|
// be added, they should be separated by a comma suitable for direct injection
|
|
// into a JSON array.
|
|
// See https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/api/v2/lds.proto.
|
|
StaticListenersJSON string
|
|
|
|
// StatsSinksJSON is a JSON string containing an array in the right format
|
|
// to be rendered as the body of the `stats_sinks` field at the top level of
|
|
// the bootstrap config. It's format may vary based on Envoy version used. See
|
|
// https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/config/metrics/v2/stats.proto#config-metrics-v2-statssink.
|
|
StatsSinksJSON string
|
|
|
|
// StatsConfigJSON is a JSON string containing an object in the right format
|
|
// to be rendered as the body of the `stats_config` field at the top level of
|
|
// the bootstrap config. It's format may vary based on Envoy version used. See
|
|
// https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/config/metrics/v2/stats.proto#envoy-api-msg-config-metrics-v2-statsconfig.
|
|
StatsConfigJSON string
|
|
|
|
// StatsFlushInterval is the time duration between Envoy stats flushes. It is
|
|
// in proto3 "duration" string format for example "1.12s" See
|
|
// https://developers.google.com/protocol-buffers/docs/proto3#json and
|
|
// https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/config/bootstrap/v2/bootstrap.proto#bootstrap
|
|
StatsFlushInterval string
|
|
|
|
// TracingConfigJSON is a JSON string containing an object in the right format
|
|
// to be rendered as the body of the `tracing` field at the top level of
|
|
// the bootstrap config. It's format may vary based on Envoy version used.
|
|
// See https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/config/trace/v2/trace.proto.
|
|
TracingConfigJSON string
|
|
}
|
|
|
|
const bootstrapTemplate = `{
|
|
"admin": {
|
|
"access_log_path": "/dev/null",
|
|
"address": {
|
|
"socket_address": {
|
|
"address": "{{ .AdminBindAddress }}",
|
|
"port_value": {{ .AdminBindPort }}
|
|
}
|
|
}
|
|
},
|
|
"node": {
|
|
"cluster": "{{ .ProxyCluster }}",
|
|
"id": "{{ .ProxyID }}"
|
|
},
|
|
"static_resources": {
|
|
"clusters": [
|
|
{
|
|
"name": "{{ .LocalAgentClusterName }}",
|
|
"connect_timeout": "1s",
|
|
"type": "STATIC",
|
|
{{- if .AgentTLS -}}
|
|
"tls_context": {
|
|
"common_tls_context": {
|
|
"validation_context": {
|
|
"trusted_ca": {
|
|
"filename": "{{ .AgentCAFile }}"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{{- end }}
|
|
"http2_protocol_options": {},
|
|
"hosts": [
|
|
{
|
|
"socket_address": {
|
|
"address": "{{ .AgentAddress }}",
|
|
"port_value": {{ .AgentPort }}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
{{- if .StaticClustersJSON -}}
|
|
,
|
|
{{ .StaticClustersJSON }}
|
|
{{- end }}
|
|
]{{- if .StaticListenersJSON -}}
|
|
,
|
|
"listeners": [
|
|
{{ .StaticListenersJSON }}
|
|
]
|
|
{{- end }}
|
|
},
|
|
{{- if .StatsSinksJSON }}
|
|
"stats_sinks": {{ .StatsSinksJSON }},
|
|
{{- end }}
|
|
{{- if .StatsConfigJSON }}
|
|
"stats_config": {{ .StatsConfigJSON }},
|
|
{{- end }}
|
|
{{- if .StatsFlushInterval }}
|
|
"stats_flush_interval": "{{ .StatsFlushInterval }}",
|
|
{{- end }}
|
|
{{- if .TracingConfigJSON }}
|
|
"tracing": {{ .TracingConfigJSON }},
|
|
{{- end }}
|
|
"dynamic_resources": {
|
|
"lds_config": { "ads": {} },
|
|
"cds_config": { "ads": {} },
|
|
"ads_config": {
|
|
"api_type": "GRPC",
|
|
"grpc_services": {
|
|
"initial_metadata": [
|
|
{
|
|
"key": "x-consul-token",
|
|
"value": "{{ .Token }}"
|
|
}
|
|
],
|
|
"envoy_grpc": {
|
|
"cluster_name": "{{ .LocalAgentClusterName }}"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
`
|