From 36ed5aa2951cbb98b0ac429938b30110858b1437 Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" Date: Wed, 7 Aug 2019 13:43:33 -0500 Subject: [PATCH] allow for services on nodes to conditionally use the builtin proxy --- gen.go | 19 +++++++++++++++---- sidecar-boot.sh | 37 ++++++++++++++++++++++++++++++------- tool_config.go | 1 + topology.go | 18 +++++++++++------- 4 files changed, 57 insertions(+), 18 deletions(-) diff --git a/gen.go b/gen.go index 94d3149..c88e2b0 100644 --- a/gen.go +++ b/gen.go @@ -194,18 +194,25 @@ func (t *Tool) generatePingPongYAML(podName string, node Node) (string, error) { } ppi := pingpongInfo{ - PodName: podName, - NodeName: node.Name, - PingPong: svc.Name, - EnvoyLogLevel: t.config.Envoy.LogLevel, + PodName: podName, + NodeName: node.Name, + PingPong: svc.Name, + UseBuiltinProxy: node.UseBuiltinProxy, + EnvoyLogLevel: t.config.Envoy.LogLevel, } if len(svc.Meta) > 0 { ppi.MetaString = fmt.Sprintf("--%q", svc.Meta) } + proxyType := "envoy" + if node.UseBuiltinProxy { + proxyType = "builtin" + } + if t.config.Kubernetes.Enabled { ppi.SidecarBootArgs = []string{ "/secrets/ready.val", + proxyType, "login", "-t", "/secrets/k8s/service_jwt_token." + svc.Name, @@ -217,6 +224,7 @@ func (t *Tool) generatePingPongYAML(podName string, node Node) (string, error) { } else { ppi.SidecarBootArgs = []string{ "/secrets/ready.val", + proxyType, "direct", "-t", "/secrets/service-token--" + svc.Name + ".val", @@ -238,6 +246,7 @@ type pingpongInfo struct { PingPong string // ping or pong MetaString string SidecarBootArgs []string + UseBuiltinProxy bool EnvoyLogLevel string } @@ -276,12 +285,14 @@ var pingpongT = template.Must(template.New("pingpong").Parse(` ################ ################# - '-sidecar-for' - '{{.PingPong}}' +{{- if not .UseBuiltinProxy }} - '-admin-bind' # for demo purposes - '0.0.0.0:19000' - '--' - '-l' - '{{ .EnvoyLogLevel }}' +{{- end }} `)) func (t *Tool) generateMeshGatewayYAML(podName string, node Node) (string, error) { diff --git a/sidecar-boot.sh b/sidecar-boot.sh index 4463433..6833d66 100755 --- a/sidecar-boot.sh +++ b/sidecar-boot.sh @@ -5,6 +5,11 @@ set -euo pipefail ready_file="${1:-}" shift +proxy_type="${1:-}" +shift + +echo "launching a '${proxy_type}' sidecar proxy" + mode="${1:-}" shift @@ -63,14 +68,22 @@ case "${mode}" in # whitespace in the middle so :shrug: token="${token//[[:space:]]}" - echo "Loaded token ${token} from ${token_file}" - echo "Registering service..." - consul services register -token "${token}" "${service_register_file}" + consul services register -token-file "${token_file}" "${service_register_file}" echo "Launching proxy..." - consul connect envoy -bootstrap -token "${token}" "$@" > /tmp/envoy.config - exec consul connect envoy -token "${token}" "$@" + case "${proxy_type}" in + envoy) + consul connect envoy -bootstrap -token-file "${token_file}" "$@" > /tmp/envoy.config + exec consul connect envoy -token-file "${token_file}" "$@" + ;; + builtin) + exec consul connect proxy -token-file "${token_file}" "$@" + ;; + *) + echo "unknown proxy type: ${proxy_type}" >&2 + exit 1 + esac ;; login) bearer_token_file="" @@ -124,8 +137,18 @@ case "${mode}" in consul services register -token-file "${token_sink_file}" "${service_register_file}" echo "Launching proxy..." - consul connect envoy -bootstrap -token-file "${token_sink_file}" "$@" > /tmp/envoy.config - exec consul connect envoy -token-file "${token_sink_file}" "$@" + case "${proxy_type}" in + envoy) + consul connect envoy -bootstrap -token-file "${token_sink_file}" "$@" > /tmp/envoy.config + exec consul connect envoy -token-file "${token_sink_file}" "$@" + ;; + builtin) + exec consul connect proxy -token-file "${token_sink_file}" "$@" + ;; + *) + echo "unknown proxy type: ${proxy_type}" >&2 + exit 1 + esac ;; *) echo "unknown mode: $mode" >&2 diff --git a/tool_config.go b/tool_config.go index 839b088..c2b1000 100644 --- a/tool_config.go +++ b/tool_config.go @@ -65,6 +65,7 @@ type ConfigTopologyNodeConfig struct { UpstreamDatacenter string `hcl:"upstream_datacenter"` ServiceMeta map[string]string `hcl:"service_meta"` // key -> val MeshGateway bool `hcl:"mesh_gateway"` + UseBuiltinProxy bool `hcl:"use_builtin_proxy"` } func (c *ConfigTopologyNodeConfig) Meta() map[string]string { diff --git a/topology.go b/topology.go index cd82d84..026bd8c 100644 --- a/topology.go +++ b/topology.go @@ -58,6 +58,9 @@ func InferTopology(c *Config) (*Topology, error) { if nodeConfig.MeshGateway { node.MeshGateway = true } else { + if nodeConfig.UseBuiltinProxy { + node.UseBuiltinProxy = true + } svc := Service{ Port: 8080, UpstreamLocalPort: 9090, @@ -153,13 +156,14 @@ func (t *Topology) WalkSilent(f func(n Node)) { } type Node struct { - Datacenter string `hcl:"datacenter"` - Name string `hcl:"name,key"` - Server bool `hcl:"server"` - IPAddress string `hcl:"ip_address"` - Services []Service `hcl:"service"` - MeshGateway bool `hcl:"mesh_gateway"` - Index int `hcl:"-"` + Datacenter string `hcl:"datacenter"` + Name string `hcl:"name,key"` + Server bool `hcl:"server"` + IPAddress string `hcl:"ip_address"` + Services []Service `hcl:"service"` + MeshGateway bool `hcl:"mesh_gateway"` + UseBuiltinProxy bool `hcl:"use_builtin_proxy"` + Index int `hcl:"-"` } func (n *Node) TokenName() string { return "agent--" + n.Name }