backport of commit 18821f652e (#16720)

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
pull/16724/head
hc-github-team-consul-core 2023-03-21 10:46:43 -07:00 committed by GitHub
parent 2b07d8010b
commit 1d2e48bae6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 92 additions and 15 deletions

View File

@ -57,6 +57,10 @@ The following outline shows how to format the service splitter configuration ent
- [`TransparentProxy`](#transparentproxy): map | no default
- [`OutboundListenerPort`](#transparentproxy): integer | `15001`
- [`DialedDirectly`](#transparentproxy ): boolean | `false`
- [`EnvoyExtensions`](#envoyextensions): list | no default
- [`Name`](#envoyextensions): string | `""`
- [`Required`](#envoyextensions): string | `""`
- [`Arguments`](#envoyextensions): map | `nil`
- [`Destination`](#destination): map | no default
- [`Addresses`](#destination): list | no default
- [`Port`](#destination): integer | `0`
@ -120,6 +124,10 @@ The following outline shows how to format the service splitter configuration ent
- [`transparentProxy`](#transparentproxy): map | no default
- [`outboundListenerPort`](#transparentproxy): integer | `15001`
- [`dialedDirectly`](#transparentproxy): boolean | `false`
- [`envoyExtensions`](#envoyextensions): list | no default
- [`name`](#envoyextensions): string | `""`
- [`required`](#envoyextensions): string | `""`
- [`arguments`](#envoyextensions): map | `nil`
- [`destination`](#destination): map | no default
- [`addresses`](#destination): list | no default
- [`port`](#destination): integer | `0`
@ -128,7 +136,7 @@ The following outline shows how to format the service splitter configuration ent
- [`localRequestTiimeoutMs`](#localrequesttimeoutms): integer | `0`
- [`meshGateway`](#meshgateway): map | no default
- [`mode`](#meshgateway): string | no default
- [`externalSNI`](#externalsni): string | no defaiult
- [`externalSNI`](#externalsni): string | no default
- [`expose`](#expose): map | no default
- [`checks`](#expose-checks): boolean | `false`
- [`paths`](#expose-paths): list | no default
@ -666,7 +674,7 @@ Map that specifies a set of rules that enable Consul to remove hosts from the up
### `TransparentProxy`
Controls configurations specific to proxies in transparent mode. Refer to [Transparent Proxy](/consul/docs/connect/transparent-proxy) for additional information.
Controls configurations specific to proxies in transparent mode. Refer to [Transparent Proxy](/consul/docs/connect/transparent-proxy) for additional information.
You can configure the following parameters in the `TransparentProxy` block:
@ -675,6 +683,18 @@ You can configure the following parameters in the `TransparentProxy` block:
| `OutboundListenerPort` | Specifies the port that the proxy listens on for outbound traffic. This must be the same port number where outbound application traffic is redirected. | integer | `15001` |
| `DialedDirectly` | Enables transparent proxies to dial the proxy instance's IP address directly when set to `true`. Transparent proxies commonly dial upstreams at the `"virtual"` tagged address, which load balances across instances. Dialing individual instances can be helpful for stateful services, such as a database cluster with a leader. | boolean | `false` |
### `EnvoyExtensions`
List of extensions to modify Envoy proxy configuration. Refer to [Envoy Extensions](/consul/docs/connect/proxies/envoy-extensions) for additional information.
You can configure the following parameters in the `EnvoyExtensions` block:
| Parameter | Description | Data type | Default |
| --- | --- | --- | --- |
| `Name` | Name of the extension. | string | `""` |
| `Required` | When Required is true and the extension does not update any Envoy resources, an error is returned. Use this parameter to ensure that extensions required for secure communication are not unintentionally bypassed. | string | `""` |
| `Arguments` | Arguments to pass to the extension executable. | map | `nil` |
### `Destination[]`
Configures the destination for service traffic through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/terminating-gateway) for additional information.
@ -1046,6 +1066,20 @@ You can configure the following parameters in the `TransparentProxy` block:
| `outboundListenerPort` | Specifies the port that the proxy listens on for outbound traffic. This must be the same port number where outbound application traffic is redirected. | integer | `15001` |
| `dialedDirectly` | Enables transparent proxies to dial the proxy instance's IP address directly when set to `true`. Transparent proxies commonly dial upstreams at the `"virtual"` tagged address, which load balances across instances. Dialing individual instances can be helpful for stateful services, such as a database cluster with a leader. | boolean | `false` |
### `spec.envoyExtensions`
List of extensions to modify Envoy proxy configuration. Refer to [Envoy Extensions](/consul/docs/connect/proxies/envoy-extensions) for additional information.
#### Values
You can configure the following parameters in the `EnvoyExtensions` block:
| Parameter | Description | Data type | Default |
| --- | --- | --- | --- |
| `name` | Name of the extension. | string | `""` |
| `required` | When Required is true and the extension does not update any Envoy resources, an error is returned. Use this parameter to ensure that extensions required for secure communication are not unintentionally bypassed. | string | `""` |
| `arguments` | Arguments to pass to the extension executable. | map | `nil` |
### `spec.destination`
Map of configurations that specify one or more destinations for service traffic routed through terminating gateways. Refer to [Terminating Gateway](/consul/docs/connect/terminating-gateway) for additional information.

View File

@ -164,22 +164,65 @@ In the following example, the `service-defaults` configure the Lua Envoy extensi
```hcl
Kind = "service-defaults"
Name = "myservice"
EnvoyExtensions {
Name = "builtin/lua"
Arguments = {
ProxyType = "connect-proxy"
Listener = "inbound"
Script = <<EOF
function envoy_on_request(request_handle)
local service = request_handle:streamInfo():dynamicMetadata():get("consul")["service"]
request_handle:headers():add("x-consul-service", service)
end
EOF
EnvoyExtensions = [
{
Name = "builtin/lua"
Arguments = {
ProxyType = "connect-proxy"
Listener = "inbound"
Script = <<EOF
function envoy_on_request(request_handle)
local service = request_handle:streamInfo():dynamicMetadata():get("consul")["service"]
request_handle:headers():add("x-consul-service", service)
end
EOF
}
}
}
]
```
</CodeBlockConfig>
Alternatively, you can apply the same extension configuration to [`proxy-defaults`](/consul/docs/connect/config-entries/proxy-defaults#envoyextensions) configuration entries.
You can also specify multiple Lua filters through the Envoy extensions. They will not override each other.
<CodeBlockConfig filename="lua-envoy-extension.json">
```hcl
Kind = "service-defaults"
Name = "myservice"
EnvoyExtensions = [
{
Name = "builtin/lua",
Arguments = {
ProxyType = "connect-proxy"
Listener = "inbound"
Script = <<-EOF
function envoy_on_request(request_handle)
meta = request_handle:streamInfo():dynamicMetadata()
m = meta:get("consul")
request_handle:headers():add("x-consul-datacenter", m["datacenter1"])
end
EOF
}
},
{
Name = "builtin/lua",
Arguments = {
ProxyType = "connect-proxy"
Listener = "inbound"
Script = <<-EOF
function envoy_on_request(request_handle)
meta = request_handle:streamInfo():dynamicMetadata()
m = meta:get("consul")
request_handle:headers():add("x-consul-datacenter", m["datacenter2"])
end
EOF
}
}
]
```
</CodeBlockConfig>