From c1634815bafd704a86f117734e4e15a858a1cc6f Mon Sep 17 00:00:00 2001 From: Nitya Dhanushkodi Date: Thu, 5 Nov 2020 17:12:52 -0800 Subject: [PATCH] Support passing extra arguments to injected envoy binary When a user sets connectInject.envoyExtraArgs value, they can send arguments to the injected envoy sidecar binary. For example, in a development environment, we could consider enabling debug logs in all sidecars. Usage: ``` connectInject: enabled: true envoyExtraArgs: "--log-level debug --disable-hot-restart" ``` --- CHANGELOG.md | 12 ++++++++++++ templates/connect-inject-deployment.yaml | 3 +++ test/unit/connect-inject-deployment.bats | 25 ++++++++++++++++++++++++ values.yaml | 5 +++++ 4 files changed, 45 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e8f997b97..79a038f07 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ ## Unreleased +IMPROVEMENTS: + * Connect: support passing extra arguments to the injected envoy sidecar. [[GH-675](https://github.com/hashicorp/consul-helm/pull/675)] + + To pass extra arguments to envoy, set `connectInject.envoyExtraArgs` in your + Helm configuration: + + ```yaml + connectInject: + enabled: true + envoyExtraArgs: "--log-level debug --disable-hot-restart" + ``` + ## 0.25.0 (Oct 12, 2020) FEATURES: diff --git a/templates/connect-inject-deployment.yaml b/templates/connect-inject-deployment.yaml index d6d7f21a3..cfb44f51f 100644 --- a/templates/connect-inject-deployment.yaml +++ b/templates/connect-inject-deployment.yaml @@ -89,6 +89,9 @@ spec: -enable-health-checks-controller=true \ -health-checks-reconcile-period={{ .Values.connectInject.healthChecks.reconcilePeriod }} \ {{- end }} + {{- if .Values.connectInject.envoyExtraArgs }} + -envoy-extra-args="{{ .Values.connectInject.envoyExtraArgs }}" \ + {{- end }} {{- if .Values.connectInject.overrideAuthMethodName }} -acl-auth-method="{{ .Values.connectInject.overrideAuthMethodName }}" \ {{- else if .Values.global.acls.manageSystemACLs }} diff --git a/test/unit/connect-inject-deployment.bats b/test/unit/connect-inject-deployment.bats index 53c56044d..c84ceb7eb 100755 --- a/test/unit/connect-inject-deployment.bats +++ b/test/unit/connect-inject-deployment.bats @@ -223,6 +223,31 @@ load _helpers } +#-------------------------------------------------------------------- +# extra envoy args + +@test "connectInject/Deployment: extra envoy args can be set via connectInject" { + cd `chart_dir` + local actual=$(helm template \ + -s templates/connect-inject-deployment.yaml \ + --set 'connectInject.enabled=true' \ + --set 'connectInject.envoyExtraArgs=--foo bar --boo baz' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command | any(contains("-envoy-extra-args=\"--foo bar --boo baz\""))' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "connectInject/Deployment: extra envoy args are not set by default" { + cd `chart_dir` + local actual=$(helm template \ + -s templates/connect-inject-deployment.yaml \ + --set 'connectInject.enabled=true' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command | any(contains("-envoy-extra-args"))' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + + #-------------------------------------------------------------------- # cert secrets diff --git a/values.yaml b/values.yaml index 0ceac9a12..ec6e98006 100644 --- a/values.yaml +++ b/values.yaml @@ -821,6 +821,11 @@ connectInject: # at startup is completed. reconcilePeriod: "1m" + # envoyExtraArgs is used to pass arguments to the injected envoy sidecar. + # Valid arguments to pass to envoy can be found here: https://www.envoyproxy.io/docs/envoy/latest/operations/cli + # e.g "--log-level debug --disable-hot-restart" + envoyExtraArgs: null + # Optional priorityClassName. priorityClassName: ""