allow for services on nodes to conditionally use the builtin proxy

rboyer · Aug 7, 2019 · 36ed5aa · 36ed5aa
1 parent 018f7ac
commit 36ed5aa
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 18 deletions.
diff --git a/gen.go b/gen.go
@@ -194,18 +194,25 @@ func (t *Tool) generatePingPongYAML(podName string, node Node) (string, error) {
 		}
 
 		ppi := pingpongInfo{
-			PodName:       podName,
-			NodeName:      node.Name,
-			PingPong:      svc.Name,
-			EnvoyLogLevel: t.config.Envoy.LogLevel,
+			PodName:         podName,
+			NodeName:        node.Name,
+			PingPong:        svc.Name,
+			UseBuiltinProxy: node.UseBuiltinProxy,
+			EnvoyLogLevel:   t.config.Envoy.LogLevel,
 		}
 		if len(svc.Meta) > 0 {
 			ppi.MetaString = fmt.Sprintf("--%q", svc.Meta)
 		}
 
+		proxyType := "envoy"
+		if node.UseBuiltinProxy {
+			proxyType = "builtin"
+		}
+
 		if t.config.Kubernetes.Enabled {
 			ppi.SidecarBootArgs = []string{
 				"/secrets/ready.val",
+				proxyType,
 				"login",
 				"-t",
 				"/secrets/k8s/service_jwt_token." + svc.Name,
@@ -217,6 +224,7 @@ func (t *Tool) generatePingPongYAML(podName string, node Node) (string, error) {
 		} else {
 			ppi.SidecarBootArgs = []string{
 				"/secrets/ready.val",
+				proxyType,
 				"direct",
 				"-t",
 				"/secrets/service-token--" + svc.Name + ".val",
@@ -238,6 +246,7 @@ type pingpongInfo struct {
 	PingPong        string // ping or pong
 	MetaString      string
 	SidecarBootArgs []string
+	UseBuiltinProxy bool
 	EnvoyLogLevel   string
 }
 
@@ -276,12 +285,14 @@ var pingpongT = template.Must(template.New("pingpong").Parse(`  ################
       #################
       - '-sidecar-for'
       - '{{.PingPong}}'
+{{- if not .UseBuiltinProxy }}
       - '-admin-bind'
       # for demo purposes
       - '0.0.0.0:19000'
       - '--'
       - '-l'
       - '{{ .EnvoyLogLevel }}'
+{{- end }}
 `))
 
 func (t *Tool) generateMeshGatewayYAML(podName string, node Node) (string, error) {

diff --git a/sidecar-boot.sh b/sidecar-boot.sh
@@ -5,6 +5,11 @@ set -euo pipefail
 ready_file="${1:-}"
 shift
 
+proxy_type="${1:-}"
+shift
+
+echo "launching a '${proxy_type}' sidecar proxy"
+
 mode="${1:-}"
 shift
 
@@ -63,14 +68,22 @@ case "${mode}" in
         # whitespace in the middle so :shrug:
         token="${token//[[:space:]]}"
 
-        echo "Loaded token ${token} from ${token_file}"
-
         echo "Registering service..."
-        consul services register -token "${token}" "${service_register_file}"
+        consul services register -token-file "${token_file}" "${service_register_file}"
 
         echo "Launching proxy..."
-        consul connect envoy -bootstrap -token "${token}" "$@" > /tmp/envoy.config
-        exec consul connect envoy -token "${token}" "$@"
+        case "${proxy_type}" in
+            envoy)
+                consul connect envoy -bootstrap -token-file "${token_file}" "$@" > /tmp/envoy.config
+                exec consul connect envoy -token-file "${token_file}" "$@"
+                ;;
+            builtin)
+                exec consul connect proxy -token-file "${token_file}" "$@"
+                ;;
+            *)
+                echo "unknown proxy type: ${proxy_type}" >&2
+                exit 1
+        esac
         ;;
     login)
         bearer_token_file=""
@@ -124,8 +137,18 @@ case "${mode}" in
         consul services register -token-file "${token_sink_file}" "${service_register_file}"
 
         echo "Launching proxy..."
-        consul connect envoy -bootstrap -token-file "${token_sink_file}" "$@" > /tmp/envoy.config
-        exec consul connect envoy -token-file "${token_sink_file}" "$@"
+        case "${proxy_type}" in
+            envoy)
+                consul connect envoy -bootstrap -token-file "${token_sink_file}" "$@" > /tmp/envoy.config
+                exec consul connect envoy -token-file "${token_sink_file}" "$@"
+                ;;
+            builtin)
+                exec consul connect proxy -token-file "${token_sink_file}" "$@"
+                ;;
+            *)
+                echo "unknown proxy type: ${proxy_type}" >&2
+                exit 1
+        esac
         ;;
     *)
         echo "unknown mode: $mode" >&2

diff --git a/tool_config.go b/tool_config.go
@@ -65,6 +65,7 @@ type ConfigTopologyNodeConfig struct {
 	UpstreamDatacenter string            `hcl:"upstream_datacenter"`
 	ServiceMeta        map[string]string `hcl:"service_meta"` // key -> val
 	MeshGateway        bool              `hcl:"mesh_gateway"`
+	UseBuiltinProxy    bool              `hcl:"use_builtin_proxy"`
 }
 
 func (c *ConfigTopologyNodeConfig) Meta() map[string]string {

diff --git a/topology.go b/topology.go
@@ -58,6 +58,9 @@ func InferTopology(c *Config) (*Topology, error) {
 			if nodeConfig.MeshGateway {
 				node.MeshGateway = true
 			} else {
+				if nodeConfig.UseBuiltinProxy {
+					node.UseBuiltinProxy = true
+				}
 				svc := Service{
 					Port:              8080,
 					UpstreamLocalPort: 9090,
@@ -153,13 +156,14 @@ func (t *Topology) WalkSilent(f func(n Node)) {
 }
 
 type Node struct {
-	Datacenter  string    `hcl:"datacenter"`
-	Name        string    `hcl:"name,key"`
-	Server      bool      `hcl:"server"`
-	IPAddress   string    `hcl:"ip_address"`
-	Services    []Service `hcl:"service"`
-	MeshGateway bool      `hcl:"mesh_gateway"`
-	Index       int       `hcl:"-"`
+	Datacenter      string    `hcl:"datacenter"`
+	Name            string    `hcl:"name,key"`
+	Server          bool      `hcl:"server"`
+	IPAddress       string    `hcl:"ip_address"`
+	Services        []Service `hcl:"service"`
+	MeshGateway     bool      `hcl:"mesh_gateway"`
+	UseBuiltinProxy bool      `hcl:"use_builtin_proxy"`
+	Index           int       `hcl:"-"`
 }
 
 func (n *Node) TokenName() string { return "agent--" + n.Name }