consul/agent/proxycfg/proxycfg.go

57 lines
3.1 KiB
Go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
// Package proxycfg contains components for sourcing the data required to
// configure Connect proxies. The Manager provides an API with which proxy
// services can be registered, and coordinates the fetching (and refreshing)
// of intentions, upstreams, discovery chain, certificates etc. Consumers
// such as the xDS server can then subscribe to receive snapshots of this
// data whenever it changes.
//
// Consul client agents support the configuration of proxies locally
// registered to them, whereas Consul servers support both this and proxies
// in the catalog.
//
// The following diagram depicts the component relationships on a server, as
// this is the more complex mode of operation:
//
// +-------+ 1. +------------+
// | Local | ◀------------▶ | Local |
// | State | | State Sync |
// +-------+ +-----+------+
// ▲ |
// +-------+ | +---------------+ | 2.
// | envoy | 4. | 4a. | Local | |
// +-------+ | +-▶ | Config Source +-+ |
// | stream | | +---------------+ | |
// ▼ | | ▼ ▼
// +--------+ 3. +-+-+-----------+ 6. +----------+ 2a. +----------+
// | xDS +---▶ | Catalog +-----▶ | proxycfg +----▶ | proxycfg |
// | Server | ◀---+ Config Source +-----▶ | Manager +--+ | State |
// +--------+ 8. +----+----------+ 7. +----------+ | +----------+
// 5. | |
// ▼ 7a. | +----------+
// +-------+ +-▶ | proxycfg |
// | State | | State |
// | Store | +----------+
// +-------+
//
// 1. local.Sync watches the agent's local state for changes.
// 2. If any sidecar proxy or gateway services are registered to the local agent
// they are sync'd to the proxycfg.Manager.
// 2a. proxycfg.Manager creates a state object for the service and begins
// pre-fetching data (go to 8).
// 3. Client (i.e., envoy) begins a stream and the xDS server calls Watch on its
// ConfigSource - on a client agent this would be a local config source, on a
// server it would be a catalog config source.
// 4. On server, the catalog config source will check if service is registered locally.
// 4a. If the service *is* registered locally it hands off the the local config
// source, which calls Watch on the proxycfg manager (and serves the pre-
// fetched data).
// 5. Otherwise, it fetches the service from the state store.
// 6. It calls Watch on the proxycfg manager.
// 7. It registers the service with the proxycfg manager.
// 7a. See: 2a.
// 8. xDS server receives snapshots of configuration data whenever it changes.
package proxycfg