gojek / consul-envoy-xds Goto Github PK

Envoy XDS backed by Consul

License: Apache License 2.0

Makefile 2.10% Go 97.18% Dockerfile 0.72%

consul-envoy-xds's Introduction

consul-envoy-xds

consul-envoy-xds is an implementation of an Envoy Control Plane/xDiscovery Service via the Envoy data plane API. It makes services registered with Consul available as upstreams through CDS, EDS and RDS.

xDS is the set of APIs that control the Envoy dynamic configuration. A longer explanation is available on the XDS Protocol page. Currently consul-envoy-xds implements CDS, EDS and RDS. In this implementation, the streaming version is available but the sync (Unary call) one is WIP.

If you are using Consul for service discovery and would like to use Envoy without manual configuration, consul-envoy-xds can be used. It uses Consul Watches and any changes to endpoints are streamed to Envoy via the Control Plane.

Building it

We use Dep for dependency management, instructions to install it can be found here.
Fetch dev dependencies and create dev config (application.yml) from sample.
```
make setup
```
Run make to fetch dependencies, run the tests and build.
```
make
```
Run it.
```
./out/consul-envoy-xds
```

Using it

Locally, the services can be configured by setting the environment variables in an application.yml file. When this file is unavailable, configuration is loaded from the environment variables. This is the recommended way to load configuration on production.

PORT: 8053
LOG_LEVEL: DEBUG
CONSUL_CLIENT_PORT: 8500
CONSUL_CLIENT_HOST: localhost
CONSUL_DC: dc1
CONSUL_TOKEN: ""
WATCHED_SERVICE: foo-service,bar_svc
FOO_SERVICE_WHITELISTED_ROUTES: /foo,/fuu
BAR_SVC_WHITELISTED_ROUTES: /bar

For above sample configuration, consul-envoy-xds will setup 2 clusters viz. foo-service and bar-svc. The foo-service cluster will have two routes in a virtual host i.e. /foo and /fuu. Similarly, bar_svc will have a route /bar into the same virtual host.

Currently xDS server implementation configures single virtual host with routes for all upstream clusters based on _WHITELISTED_ROUTES config. This implies no two services can have any whitelisted route with same prefix.

Example entry point on production environments.

env PORT=8053 LOG_LEVEL=INFO CONSUL_AGENT_PORT=8500 CONSUL_CLIENT_HOST=localhost CONSUL_DC=dc1 CONSUL_TOKEN="" WATCHED_SERVICE=foo-service,bar_svc BAR_SVC_WHITELISTED_ROUTES='/bar' FOO_SERVICE_WHITELISTED_ROUTES='/foo,/fuu' ./consul-envoy-xds

Configuring Regex Paths:

If you have url params in the routes that needs to be whitelisted, you can use use regex in the path. To specify regex path in the whitelisted routes, use this notion: %regex:some_route

Example:

Let's say you have REST endpoint for serving customer details with customer id in the path: /foo/{customer-id}/details. To whitelist this path, you can:

WATCHED_SERVICE: foo-service
FOO_SERVICE_WHITELISTED_ROUTES: %regex:/foo/customer/[0-9]*/details,/fuu

If you have more than one path which has regex:

WATCHED_SERVICE: foo-service
FOO_SERVICE_WHITELISTED_ROUTES: %regex:/foo/customer/[0-9]*/details,%regex:/fuu/[0-9A-Z]*/id

refer to Regex documentation for the regex pattern

Sample Config:

Replace $XDS\_IP and $XDS\_PORT with wherever you're running consul-envoy-xds. Refer to Envoy documentation for other options.

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 443 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          stat_prefix: ingress_http
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: foo-service }
          http_filters:
          - name: envoy.router
  clusters:
  - name: foo-service
    connect_timeout: 0.25s
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    type: EDS
    eds_cluster_config:
      eds_config:
        api_config_source:
          api_type: GRPC
          cluster_names: [xds_cluster]         
  - name: xds_cluster
    connect_timeout: 0.25s
    type: STATIC
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    hosts: [{ socket_address: { address: $XDS_IP, port_value: $XDS_PORT }}]
admin:
  access_log_path: /dev/null
  address:
    socket_address: { address: 127.0.0.1, port_value: 9901 }

Using it with Rate Limitter

Example config with HTTP Header Rate Limit:

HTTP_HEADER_RATE_LIMIT_ENABLED: true
HTTP_HEADER_RATE_LIMIT_DESCRIPTOR: "user_id"
HTTP_HEADER_RATE_LIMIT_NAME: "User-Id"

For above sample configuration, consul-envoy-xds will add ratelimit in returned routes configuration based on Http Header. Later you need to implement envoy global gRPC rate limiting service. Refer to Envoy Rate Limit.

Sample Config with Rate Limit:

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 443 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          stat_prefix: ingress_http
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: foo-service }
          http_filters:
          - name: envoy.router
  clusters:
  - name: foo-service
    connect_timeout: 0.25s
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    type: EDS
    eds_cluster_config:
      eds_config:
        api_config_source:
          api_type: GRPC
          cluster_names: [xds_cluster]

  - name: rate_limit_cluster
    connect_timeout: 0.250s
    http2_protocol_options: {}
    hosts:
    - socket_address:
      address: $RATE_LIMIT_IP
      port_value: $RATE_LIMIT_PORT
    dns_lookup_family: V4_ONLY
    health_checks:
    - timeout:
        seconds: 1
      interval:
        seconds: 1
      unhealthy_threshold: 3
      healthy_threshold: 3
      grpc_health_check:
        service_name: $RATE_LIMIT_SERVICE_NAME

  - name: xds_cluster
    connect_timeout: 0.25s
    type: STATIC
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    hosts: [{ socket_address: { address: $XDS_IP, port_value: $XDS_PORT }}]

rate_limit_service:
  grpc_service:
    envoy_grpc:
      cluster_name: rate_limit_cluster
    timeout: 0.25s

admin:
  access_log_path: /dev/null
  address:
    socket_address: { address: 127.0.0.1, port_value: 9901 }

Enable Health Check Filter

Example config to enable health check filter

ENABLE_HEALTH_CHECK_CATALOG_SVC: true

Only discover catalog service endpoints with health check status passed

consul-envoy-xds's People

Contributors

Stargazers

Watchers

consul-envoy-xds's Issues

CPU spikes on envoy restart

Issue

The CPU usage for the Consul-Envoy-XDS goes up to 99.9% whenever I restart the Envoy service.

Infrastructure topology

Envoy server: uses gRPC to connect to the two instance of the custom service;
3 Consul servers;
2 instances of the custom service;
Consul-Envoy-XDS server that discover services using Consul and pushes them to Envoy.

Step to reproduce

These are the step to reproduce in my environment:

Start Consul-Envoy-XDS service on machine 1;
Start Envoy service on machine 2;
Restart Envoy service on machine 2, at this point the CPU usage spikes.

Services configuration

Envoy config:

node:
  id: envoy-01
  cluster: envoy

dynamic_resources:
  ads_config:
    api_type: GRPC
    grpc_services:
      envoy_grpc:
        cluster_name: xds_cluster
  cds_config:
    ads: {}

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 443 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          stat_prefix: ingress_http
          codec_type: AUTO
          rds:
            route_config_name: local_route
            config_source:
              ads: {}
          http_filters:
          - name: envoy.router
      tls_context:
        common_tls_context:
          tls_certificates:
            certificate_chain:
              filename: "/opt/envoy/fullchain.pem"
            private_key:
              filename: "/opt/envoy/privkey.pem"
          validation_context:
            trusted_ca:
              filename: "/etc/ssl/certs/ca-certificates.crt"

  clusters:
  - name: xds_cluster
    connect_timeout: 0.25s
    type: STATIC
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    hosts: [{ socket_address: { address: <XDS_HOST>, port_value: <XDS_PORT> }}]
admin:
  access_log_path: /dev/null
  address:
    socket_address: { address: 0.0.0.0, port_value: 9901 }

Consul-Envoy-XDS config

PORT: 8053
LOG_LEVEL: info
CONSUL_CLIENT_PORT: 8500
CONSUL_CLIENT_HOST: localhost
CONSUL_DC: dc1
CONSUL_TOKEN: "mock"
WATCHED_SERVICE: my-service

Logs

After the first connection the Consul-Envoy-XDS logs are the following:

Dec 17 06:00:24 consul-envoy-xds-1 systemd[1]: Stopped systemd script for running consul-envoy-xds.
Dec 17 06:00:24 consul-envoy-xds-1 systemd[1]: Started systemd script for running consul-envoy-xds.
Dec 17 06:00:24 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:00:24 consul watch triggerred: map[my-service:[grpc] consul:[]]
Dec 17 06:00:24 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:00:24 discovered services from consul catalog for EDS: [[0xc0000fc540 0xc0000fc600]]
Dec 17 06:00:24 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:00:24 discovered services from consul catalog for CDS: [[0xc0000fc900 0xc0000fc9c0]]
Dec 17 06:00:24 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:00:24 discovered services from consul catalog for RDS: [[0xc0000fccc0 0xc0000fcd80]]
Dec 17 06:00:24 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:00:24 received event on hub
Dec 17 06:00:24 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:00:24 received ACK on stream: version_info:"1545024430568586111" node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > type_url:"type.googleapis.com/envoy.api.v2.Cluster" response_nonce:"1545024430568587076"
Dec 17 06:00:24 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:00:24 received ACK on stream: version_info:"1545024430893282922" node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > resource_names:"my-service" type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment" response_nonce:"1545024430893283892"
Dec 17 06:00:24 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:00:24 received ACK on stream: version_info:"1545024430893083551" node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > resource_names:"local_route" type_url:"type.googleapis.com/envoy.api.v2.RouteConfiguration" response_nonce:"1545024430893084501"

And this are the logs after I restart the service:

Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 stream context done
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 received discovery request on stream: node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > type_url:"type.googleapis.com/envoy.api.v2.Cluster"
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 discovered services from consul catalog for EDS: [[0xc0000fc000 0xc0000fc180]]
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 discovered services from consul catalog for CDS: [[0xc0000fc000 0xc0000fc180]]
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 discovered services from consul catalog for RDS: [[0xc0000fc000 0xc0000fc180]]
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 received event on hub
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 sent CDS on stream: version_info:"1545026792297155665" resources:<type_url:"type.googleapis.com/envoy.api.v2.Cluster" value:"\n\021my-service\020\003\032\004\n\002\032\000\"\002\010\001\320\001\001" > type_url:"type.googleapis.com/envoy.api.v2.Cluster" nonce:"1545026792297154903"
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 sent RDS on stream: version_info:"1545026792620979802" resources:<type_url:"type.googleapis.com/envoy.api.v2.RouteConfiguration" value:"\n\013local_route\022.\n\rlocal_service\022\001*\032\032\n\003\n\001/\022\023\n\021my-service" > type_url:"type.googleapis.com/envoy.api.v2.RouteConfiguration" nonce:"1545026792620980747"
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 sent EDS on stream: version_info:"1545026792621194419" resources:<type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment" value:"\n\021my-service\0229\n\005\n\003dc1\022\027\n\023\n\021\n\017\022\n<IP1>\030\360.\020\001\022\027\n\023\n\021\n\017\022\n<IP2>\030\360.\020\001\"\000" > type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment" nonce:"1545026792621195321"
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 received discovery request on stream: node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > resource_names:"my-service" type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment"
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 discovered services from consul catalog for EDS: [[0xc0000fc0c0 0xc0000fc300]]
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 discovered services from consul catalog for CDS: [[0xc0000fc0c0 0xc0000fc180]]
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 discovered services from consul catalog for RDS: [[0xc0000fc0c0 0xc0000fc180]]
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 received event on hub
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 received ACK on stream: version_info:"1545026792297155665" node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > type_url:"type.googleapis.com/envoy.api.v2.Cluster" response_nonce:"1545026792297154903"
Dec 17 06:06:32 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:32 received discovery request on stream: node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > resource_names:"local_route" type_url:"type.googleapis.com/envoy.api.v2.RouteConfiguration"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 sent CDS on stream: version_info:"1545026792621417525" resources:<type_url:"type.googleapis.com/envoy.api.v2.Cluster" value:"\n\021my-service\020\003\032\004\n\002\032\000\"\002\010\001\320\001\001" > type_url:"type.googleapis.com/envoy.api.v2.Cluster" nonce:"1545026792621418452"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 sent RDS on stream: version_info:"1545026793024713260" resources:<type_url:"type.googleapis.com/envoy.api.v2.RouteConfiguration" value:"\n\013local_route\022.\n\rlocal_service\022\001*\032\032\n\003\n\001/\022\023\n\021my-service" > type_url:"type.googleapis.com/envoy.api.v2.RouteConfiguration" nonce:"1545026793024714181"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 sent EDS on stream: version_info:"1545026793024936282" resources:<type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment" value:"\n\021my-service\0229\n\005\n\003dc1\022\027\n\023\n\021\n\017\022\n<IP1>\030\360.\020\001\022\027\n\023\n\021\n\017\022\n<IP2>\030\360.\020\001\"\000" > type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment" nonce:"1545026793024937146"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 discovered services from consul catalog for EDS: [[0xc0000fc000 0xc0000fc0c0]]
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 discovered services from consul catalog for CDS: [[0xc0000fc0c0 0xc0000fc180]]
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 discovered services from consul catalog for RDS: [[0xc0000fc0c0 0xc0000fc180]]
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 received event on hub
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 received ACK on stream: version_info:"1545026792621194419" node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > resource_names:"my-service" type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment" response_nonce:"1545026792621195321"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 received ACK on stream: version_info:"1545026792621417525" node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > type_url:"type.googleapis.com/envoy.api.v2.Cluster" response_nonce:"1545026792621418452"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 received ACK on stream: version_info:"1545026793024713260" node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > resource_names:"local_route" type_url:"type.googleapis.com/envoy.api.v2.RouteConfiguration" response_nonce:"1545026793024714181"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 received ACK on stream: version_info:"1545026793024936282" node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > resource_names:"my-service" type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment" response_nonce:"1545026793024937146"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 sent CDS on stream: version_info:"1545026793025169914" resources:<type_url:"type.googleapis.com/envoy.api.v2.Cluster" value:"\n\021my-service\020\003\032\004\n\002\032\000\"\002\010\001\320\001\001" > type_url:"type.googleapis.com/envoy.api.v2.Cluster" nonce:"1545026793025170817"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 sent RDS on stream: version_info:"1545026793349755572" resources:<type_url:"type.googleapis.com/envoy.api.v2.RouteConfiguration" value:"\n\013local_route\022.\n\rlocal_service\022\001*\032\032\n\003\n\001/\022\023\n\021my-service" > type_url:"type.googleapis.com/envoy.api.v2.RouteConfiguration" nonce:"1545026793349756509"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 sent EDS on stream: version_info:"1545026793349951748" resources:<type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment" value:"\n\021my-service\0229\n\005\n\003dc1\022\027\n\023\n\021\n\017\022\n<IP1>\030\360.\020\001\022\027\n\023\n\021\n\017\022\n<IP2>\030\360.\020\001\"\000" > type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment" nonce:"1545026793349952680"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 received ACK on stream: version_info:"1545026793025169914" node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > type_url:"type.googleapis.com/envoy.api.v2.Cluster" response_nonce:"1545026793025170817"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 received ACK on stream: version_info:"1545026793349755572" node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > resource_names:"local_route" type_url:"type.googleapis.com/envoy.api.v2.RouteConfiguration" response_nonce:"1545026793349756509"
Dec 17 06:06:33 consul-envoy-xds-1 consul-envoy-xds_bin.sh[442]: 2018/12/17 13:06:33 received ACK on stream: version_info:"1545026793349951748" node:<id:"envoy-01" cluster:"envoy" build_version:"5d25f466c3410c0dfa735d7d4358beb76b2da507/1.8.0/Clean/RELEASE" > resource_names:"my-service" type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment" response_nonce:"1545026793349952680"

Support Pipes in the LbEndpoint's Address

The address for an LbEndpoint may be a Pipe (Unix Domain Socket) instead of a SocketAddress. (See https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/core/address.proto.html). It would be very helpful to support Pipes.

How to use consul-envoy-xds. Are there any simple examples?

I installed consul and envoy environments, and I don't know how to use consul-envoy-xds to make it work.

a error

[root@localhost consul-envoy-xds-master]# ./out/consul-envoy-xds
panic: CONSUL_CLIENT_PORT key is not set

goroutine 1 [running]:
consul-envoy-xds-master/vendor/github.com/gojek-engineering/goconfig.checkKey(0xc22443, 0x12)
/usr/local/gopath/src/consul-envoy-xds-master/vendor/github.com/gojek-engineering/goconfig/utils.go:27 +0x128
consul-envoy-xds-master/vendor/github.com/gojek-engineering/goconfig.getIntOrPanic(0xc22443, 0x12, 0xc22443)
/usr/local/gopath/src/consul-envoy-xds-master/vendor/github.com/gojek-engineering/goconfig/utils.go:11 +0x39
consul-envoy-xds-master/vendor/github.com/gojek-engineering/goconfig.BaseConfig.GetIntValue(0xc22443, 0x12, 0xc000039030)
/usr/local/gopath/src/consul-envoy-xds-master/vendor/github.com/gojek-engineering/goconfig/config.go:88 +0xce
consul-envoy-xds-master/vendor/github.com/gojektech/consul-envoy-xds/config.(*Config).ConsulClientPost(...)
/usr/local/gopath/src/consul-envoy-xds-master/vendor/github.com/gojektech/consul-envoy-xds/config/config.go:41
consul-envoy-xds-master/vendor/github.com/gojektech/consul-envoy-xds/config.(*Config).ConsulAddress(0xc000165c98, 0x0, 0x0)
/usr/local/gopath/src/consul-envoy-xds-master/vendor/github.com/gojektech/consul-envoy-xds/config/config.go:49 +0x76
consul-envoy-xds-master/vendor/github.com/gojektech/consul-envoy-xds/app.Start()
/usr/local/gopath/src/consul-envoy-xds-master/vendor/github.com/gojektech/consul-envoy-xds/app/app.go:34 +0x338
main.main()
/usr/local/gopath/src/consul-envoy-xds-master/main.go:6 +0x20

Watched services list is hardcoded. This needs to be dynamic.

The initial list of watched services should be empty.
As requests come in it should add services to watch list.
The goal of resolving this issue should be to remove WATCHED_SERVICE entirely.

Thank you

Hello,
I have been looking at doing something similar. I see the approach you have is to watch a specific service, was this done for any particular reason?

I am thinking of doing something along the lines of on startup:

get all services using catalog.services
iterate over each using consul.service with the service name from the services call
publish them
create a refresh to receive new services, say call services on a 10s interval.

I would also limit my services to healthy ones.

The beauty of envoy is that it does health checks on it's own as well, so if this discovery is slightly dated it isn't the end of the world. Do you see any issues with this approach?

Discover CatalogService Endpoints with Health check status passed only

Few services somehow failed to deregister during deployment due consul server timeout, we need to get catalog service endpoints with health check status passed only

Exclude vendor from vet

Exclude vendor folder from make vet

panic: CONSUL_CLIENT_PORT key is not set

goroutine 1 [running]:
consul-envoy-xds/vendor/github.com/gojek-engineering/goconfig.checkKey(0xc21fe3, 0x12)
/opt/gopath/src/consul-envoy-xds/vendor/github.com/gojek-engineering/goconfig/utils.go:27 +0x128
consul-envoy-xds/vendor/github.com/gojek-engineering/goconfig.getIntOrPanic(0xc21fe3, 0x12, 0xc21fe3)
/opt/gopath/src/consul-envoy-xds/vendor/github.com/gojek-engineering/goconfig/utils.go:11 +0x39
consul-envoy-xds/vendor/github.com/gojek-engineering/goconfig.BaseConfig.GetIntValue(0xc21fe3, 0x12, 0xc000039060)
/opt/gopath/src/consul-envoy-xds/vendor/github.com/gojek-engineering/goconfig/config.go:88 +0xce
consul-envoy-xds/vendor/github.com/gojektech/consul-envoy-xds/config.(*Config).ConsulClientPost(...)
/opt/gopath/src/consul-envoy-xds/vendor/github.com/gojektech/consul-envoy-xds/config/config.go:41
consul-envoy-xds/vendor/github.com/gojektech/consul-envoy-xds/config.(*Config).ConsulAddress(0xc00013bc98, 0x0, 0x0)
/opt/gopath/src/consul-envoy-xds/vendor/github.com/gojektech/consul-envoy-xds/config/config.go:49 +0x76
consul-envoy-xds/vendor/github.com/gojektech/consul-envoy-xds/app.Start()
/opt/gopath/src/consul-envoy-xds/vendor/github.com/gojektech/consul-envoy-xds/app/app.go:34 +0x338
main.main()
/opt/gopath/src/consul-envoy-xds/main.go:6 +0x20

the version of go-control-plane is too old

could you please upgrade it?

GRPC and Envoy connection doesn't work correctly

Hi,
@irfn I configure your xds with bellow information's but it doesn't work. what is the problem?

docker-compose file:

version: '2'
services:

  consul:
    image: "consul"
    hostname: "consul"
    command: "agent -dev -client 0.0.0.0"
    ports:
      - "8400:8400"
      - "8500:8500"
      - "8600:53/udp"
  registrator:
    image: gliderlabs/registrator:latest
    command: "-ip=127.0.0.1 -cleanup=true -resync=120 -ttl=60 -ttl-refresh=10 consul://consul:8500"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock
    depends_on:
      - consul
  hello-world:
    image: containersol/hello-world
    hostname: "hello-world"
    container_name: hello-world
    depends_on:
    - registrator
    expose:
      - "80"
    ports:
      - "8001:80"
  consul-xds:
    image: gojektech/consul-envoy-xds:0.1.0-1389b6876cc82b55a1c78e86fa7304c332d61f50
    environment:
      - CONSUL_TOKEN=""
      - HELLO_WORLD_WHITELISTED_ROUTES=/
      - CONSUL_DC= dc1
      - WATCHED_SERVICE=hello-world
      - PORT= 8053
      - LOG_LEVEL= DEBUG
      - CONSUL_CLIENT_PORT= 8500
      - CONSUL_CLIENT_HOST= 172.17.246.74
    expose:
      - "8053"
    ports:
      - "8053:8053"
  hello-world-envoy:
    image: envoyproxy/envoy:v1.8.0
    command: "envoy -c /etc/envoy/envoy-xds.yaml -l debug"
    volumes:
      - ./envoy-config.yaml:/etc/envoy/envoy-xds.yaml
    expose:
      - "8443"
      - "9000"
    ports:
      - "8443:8443"
      - "9000:9000"

envoy config:

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 10000 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          stat_prefix: ingress_http
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: hello-world }
          http_filters:
          - name: envoy.router
  clusters:
  - name: hello-world
    connect_timeout: 0.25s
    lb_policy: ROUND_ROBIN
    type: EDS
    eds_cluster_config:
      eds_config:
        api_config_source:
          api_type: GRPC
          grpc_services:
            - envoy_grpc:
                cluster_name: xds_cluster     
  - name: xds_cluster
    connect_timeout: 0.25s
    type: STATIC
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    hosts: [{ socket_address: { address: 172.17.246.74, port_value: 8053 }}]
node:
  cluster: service_hello
  id: nodeID   
  
admin:
  access_log_path: /dev/null
  address:
    socket_address: { address: 127.0.0.1, port_value: 9100 }

Dockerfile

publish docker image to dockerhub

Is this repo still maintained ?

I've been trying to integrate this with my envoy proxy but seems like gRPC doesn't work dynamically, please correct me if I'm wrong.

Also what IP and Port should I use in the readme section description ?

hosts: [{ socket_address: { address: $XDS_IP, port_value: $XDS_PORT }}]

Is it my consul-envoy-xds IP PORT: 8053 ?

Oh and the title asks for itself ? Does this product still maintained or ?

Could you out few words in the readme on what is the problem this repository is trying to solve?

I am looking for grpc proxy less services with out envoy side-cars. I found that consul does not support xDS data plane API.
I would like to understand if this repo is solving this issue?

from the docker-compose.yml file I could see envoy proxy is being used along with gliderlabs/registrator:latest and I am confused what really happing in the docker-compose stack.

Could you out few words in the readme on what is the problem this repository is trying to solve?

setup travis for CI

invoke make test.

Move to using dep

moving away from glide to golang dep for dependency management

gojek-engineering/goconfig doesn't exist anymore

When trying to compile the project the following error is given

go mod download: github.com/gojek-engineering/[email protected]: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /home/ubuntu/go/pkg/mod/cache/vcs/68ade21c62e3a9f7290f34382f72a9436fd859bc1290a512d0d3a79aa0fd4a5c: exit status 128:
        remote: Repository not found.
        fatal: repository 'https://github.com/gojek-engineering/goconfig/' not found
make: *** [Makefile:27: build-deps] Error 1

Could you please make that available?

Using labels in consul for grouping endpoints for a dynamic RDS

RDS is described by Envoy via https://www.envoyproxy.io/docs/envoy/latest/configuration/http_conn_man/rds

RDS Proto https://github.com/envoyproxy/data-plane-api/blob/master/api/rds.proto
envoy Docs: https://www.envoyproxy.io/docs/envoy/latest/api-v2/rds.proto

Prefix rewriting in route configuration

I am using consul-envoy-xds to configure 2 upstream services ( e.g. service-a, service-b) who happen to have the same APIs ( e.g /info ) and I want to expose both of them. I have following configurations in consul-envoy-xds:

WATCHED_SERVICES=service-a,service-b,
SERVICE_A_WHITELISTED_ROUTES=/info,
SERVICE_B_WHITELISTED_ROUTES=/info

in the final generated config_dump, I am getting this:

   "routes": [
         {
          "match": {
           "prefix": "/info"
          },
          "route": {
           "cluster": "service-a"
          }
         },
         {
          "match": {
           "prefix": "/info"
          },
          "route": {
           "cluster": "service-b"
          }
         },
    ]

Is it possible to add a prefix with the name of service in every route configured via consul-envoy-xds and rewrite the url (nginx or haproxy style ) so that I don't have to change the URL names of my upstream APIs?

we can use prefix_rewrite in route configuration to achieve this.