mirror of https://github.com/hashicorp/consul
backport of commit 21263c8a00
(#17811)
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>pull/17812/head
parent
404bc0f091
commit
859baad5e5
|
@ -53,12 +53,30 @@ EnvoyExtensions = [
|
||||||
Path = "/upstream_connection_options/tcp_keepalive/keepalive_probes"
|
Path = "/upstream_connection_options/tcp_keepalive/keepalive_probes"
|
||||||
Value = 1234
|
Value = 1234
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
ResourceFilter = {
|
||||||
|
ResourceType = "cluster"
|
||||||
|
TrafficDirection = "outbound"
|
||||||
|
}
|
||||||
|
Op = "add"
|
||||||
|
Path = "/outlier_detection/max_ejection_time/seconds"
|
||||||
|
Value = 120
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ResourceFilter = {
|
||||||
|
ResourceType = "cluster"
|
||||||
|
TrafficDirection = "outbound"
|
||||||
|
}
|
||||||
|
Op = "add"
|
||||||
|
Path = "/outlier_detection/max_ejection_time_jitter/seconds"
|
||||||
|
Value = 1
|
||||||
|
},
|
||||||
{
|
{
|
||||||
ResourceFilter = {
|
ResourceFilter = {
|
||||||
ResourceType = "cluster"
|
ResourceType = "cluster"
|
||||||
TrafficDirection = "outbound"
|
TrafficDirection = "outbound"
|
||||||
Services = [{
|
Services = [{
|
||||||
Name = "s2"
|
Name = "s3"
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
Op = "remove"
|
Op = "remove"
|
||||||
|
|
|
@ -19,13 +19,14 @@ load helpers
|
||||||
[ "$status" == 0 ]
|
[ "$status" == 0 ]
|
||||||
|
|
||||||
[ "$(echo "$output" | jq -r '.upstream_connection_options.tcp_keepalive.keepalive_probes')" == "1234" ]
|
[ "$(echo "$output" | jq -r '.upstream_connection_options.tcp_keepalive.keepalive_probes')" == "1234" ]
|
||||||
[ "$(echo "$output" | jq -r '.outlier_detection')" == "null" ]
|
[ "$(echo "$output" | jq -r '.outlier_detection.max_ejection_time')" == "120s" ]
|
||||||
|
[ "$(echo "$output" | jq -r '.outlier_detection.max_ejection_time_jitter')" == "1s" ]
|
||||||
|
|
||||||
run get_envoy_cluster_config localhost:19000 s3
|
run get_envoy_cluster_config localhost:19000 s3
|
||||||
[ "$status" == 0 ]
|
[ "$status" == 0 ]
|
||||||
|
|
||||||
[ "$(echo "$output" | jq -r '.upstream_connection_options.tcp_keepalive.keepalive_probes')" == "1234" ]
|
[ "$(echo "$output" | jq -r '.upstream_connection_options.tcp_keepalive.keepalive_probes')" == "1234" ]
|
||||||
[ "$(echo "$output" | jq -r '.outlier_detection')" == "{}" ]
|
[ "$(echo "$output" | jq -r '.outlier_detection')" == "null" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "s2 proxy is configured with the expected envoy patches" {
|
@test "s2 proxy is configured with the expected envoy patches" {
|
||||||
|
|
|
@ -46,13 +46,14 @@ Patches = [
|
||||||
TrafficDirection = "<inbound or outbound>"
|
TrafficDirection = "<inbound or outbound>"
|
||||||
Services = [
|
Services = [
|
||||||
{
|
{
|
||||||
Name = "<name of service to filter for>",
|
Name = "<name of service to filter for>"
|
||||||
Namespace = "<Consul namespace containing the service>"
|
Namespace = "<Consul namespace containing the service>"
|
||||||
Partition = "<Consul partition containing the service>"
|
Partition = "<Consul partition containing the service>"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
Op = "<add or remove>",
|
}
|
||||||
Path = "<path/to/field>",
|
Op = "<add or remove>"
|
||||||
|
Path = "</path/to/field>"
|
||||||
Value = "<values or map of field-values>"
|
Value = "<values or map of field-values>"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
@ -160,9 +161,9 @@ If Envoy specifies a wrapper as the target field type, the extension automatical
|
||||||
|
|
||||||
The following examples demonstrate patterns that you may be able to model your configurations on.
|
The following examples demonstrate patterns that you may be able to model your configurations on.
|
||||||
|
|
||||||
### Enable `enforcing_consecutive_5xx` outlier detection
|
### Enable `respect_dns_ttl` in a cluster
|
||||||
|
|
||||||
In the following example, the `add` operation patches an outlier detection property into outbound cluster traffic. The `Path` specifies the `enforcing_consecutive_5xx` interface and sets a value of `1234`:
|
In the following example, the `add` operation patches the outbound cluster corresponding to the `other-svc` upstream service to enable `respect_dns_ttl`. The `Path` specifies the [Cluster `/respect_dns_ttl`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-respect-dns-ttl) top-level field and `Value` specifies a value of `true`:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
Kind = "service-defaults"
|
Kind = "service-defaults"
|
||||||
|
@ -183,8 +184,8 @@ EnvoyExtensions = [
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Op" = "add",
|
"Op" = "add",
|
||||||
"Path" = "/outlier_detection/enforcing_consecutive_5xx",
|
"Path" = "/respect_dns_ttl",
|
||||||
"Value" = 1234,
|
"Value" = true,
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -192,9 +193,9 @@ EnvoyExtensions = [
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
### Update multiple values in the default map
|
### Update multiple values in a message field
|
||||||
|
|
||||||
In the following example, two `ResourceFilter` blocks target outbound traffic to the `db` service and add `/outlier_detection/enforcing_consecutive_5xx` and `/outlier_detection/failure_percentage_request_volume` properties:
|
In the following example, both `ResourceFilter` blocks target the cluster corresponding to the `other-svc` upstream service and modify [Cluster `/outlier_detection`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/outlier_detection.proto) properties:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
Kind = "service-defaults"
|
Kind = "service-defaults"
|
||||||
|
@ -208,27 +209,27 @@ EnvoyExtensions = [
|
||||||
Patches = [
|
Patches = [
|
||||||
{
|
{
|
||||||
ResourceFilter = {
|
ResourceFilter = {
|
||||||
ResourceType = "cluster",
|
ResourceType = "cluster"
|
||||||
TrafficDirection = "outbound",
|
TrafficDirection = "outbound"
|
||||||
Services = [{
|
Services = [{
|
||||||
Name = "other-svc"
|
Name = "other-svc"
|
||||||
}],
|
}]
|
||||||
},
|
}
|
||||||
Op = "add",
|
Op = "add"
|
||||||
Path = "/outlier_detection/enforcing_consecutive_5xx",
|
Path = "/outlier_detection/max_ejection_time/seconds"
|
||||||
Value = 1234,
|
Value = 120
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
ResourceFilter = {
|
ResourceFilter = {
|
||||||
ResourceType = "cluster",
|
ResourceType = "cluster"
|
||||||
TrafficDirection = "outbound",
|
TrafficDirection = "outbound"
|
||||||
Services = [{
|
Services = [{
|
||||||
Name = "other-svc"
|
Name = "other-svc"
|
||||||
}],
|
}]
|
||||||
},
|
}
|
||||||
Op = "add",
|
Op = "add"
|
||||||
Path = "/outlier_detection/failure_percentage_request_volume",
|
Path = "/outlier_detection/max_ejection_time_jitter/seconds"
|
||||||
Value = 2345,
|
Value = 1
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -236,9 +237,13 @@ EnvoyExtensions = [
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
### Set multiple values that replace the map
|
The use of `/seconds` in these examples corresponds to the same field in the [google.protobuf.Duration](https://github.com/protocolbuffers/protobuf/blob/main/src/google/protobuf/duration.proto) proto definition, since the extension does not support JSON serialized string forms of common protobuf types (e.g. `120s`).
|
||||||
|
|
||||||
In the following example, a `ResourceFilter` targets outbound traffic to the `db` service and replaces the map of properties located at `/outlier_detection` with `enforcing_consecutive_5xx` and `failure_percentage_request_volume` and properties:
|
-> **Note:** Using separate patches per field preserves any existing configuration of other fields in `outlier_detection` that may be directly set by Consul, such as [`enforcing_consecutive_5xx`](https://developer.hashicorp.com/consul/docs/connect/proxies/envoy#enforcing_consecutive_5xx).
|
||||||
|
|
||||||
|
### Replace a message field
|
||||||
|
|
||||||
|
In the following example, a `ResourceFilter` targets the cluster corresponding to the `other-svc` upstream service and _replaces_ the entire map of properties located at `/outlier_detection`, including explicitly set `enforcing_success_rate` and `success_rate_minimum_hosts` properties:
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
Kind = "service-defaults"
|
Kind = "service-defaults"
|
||||||
|
@ -246,27 +251,29 @@ Name = "my-svc"
|
||||||
Protocol = "http"
|
Protocol = "http"
|
||||||
EnvoyExtensions = [
|
EnvoyExtensions = [
|
||||||
{
|
{
|
||||||
Name = "builtin/property-override",
|
Name = "builtin/property-override"
|
||||||
Arguments = {
|
Arguments = {
|
||||||
ProxyType = "connect-proxy",
|
ProxyType = "connect-proxy"
|
||||||
Patches = [
|
Patches = [
|
||||||
{
|
{
|
||||||
ResourceFilter = {
|
ResourceFilter = {
|
||||||
ResourceType = "cluster",
|
ResourceType = "cluster"
|
||||||
TrafficDirection = "outbound",
|
TrafficDirection = "outbound"
|
||||||
Services = [{
|
Services = [{
|
||||||
Name = "other-svc"
|
Name = "other-svc"
|
||||||
}],
|
}]
|
||||||
},
|
}
|
||||||
Op = "add",
|
Op = "add"
|
||||||
Path = "/outlier_detection",
|
Path = "/outlier_detection"
|
||||||
Value = {
|
Value = {
|
||||||
"enforcing_consecutive_5xx" = 1234,
|
"enforcing_success_rate" = 80
|
||||||
"failure_percentage_request_volume" = 2345,
|
"success_rate_minimum_hosts" = 2
|
||||||
},
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Unlike the previous example, other `/outlier_detection` values set by Consul will _not_ be retained unless they match Envoy's defaults, because the entire value of `/outlier_detection` will be replaced.
|
||||||
|
|
|
@ -25,7 +25,7 @@ Add Envoy extension configurations to a proxy defaults or service defaults confi
|
||||||
|
|
||||||
Consul applies Envoy extensions configured in proxy defaults before it applies extensions in service defaults. As a result, the Envoy extension configuration in service defaults may override configurations in proxy defaults.
|
Consul applies Envoy extensions configured in proxy defaults before it applies extensions in service defaults. As a result, the Envoy extension configuration in service defaults may override configurations in proxy defaults.
|
||||||
|
|
||||||
In the following service defaults configuration entry example, Consul adds a new `/upstream_connection_options/tcp_keepalive/keepalive_probes-5` field to each of the proxy's cluster configuration for the outbound `db`service upstream. The configuration applies to all `connect-proxy` proxies with services configured to communicate over HTTP:
|
In the following proxy defaults configuration entry example, Consul sets the `/respect_dns_ttl` field on the `api` service proxy's cluster configuration for the `other-svc` upstream service:
|
||||||
|
|
||||||
<Tabs>
|
<Tabs>
|
||||||
<Tab heading="HCL" group="hcl">
|
<Tab heading="HCL" group="hcl">
|
||||||
|
@ -33,7 +33,7 @@ In the following service defaults configuration entry example, Consul adds a new
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
Kind = "service-defaults"
|
Kind = "service-defaults"
|
||||||
Name = "global"
|
Name = "api"
|
||||||
Protocol = "http"
|
Protocol = "http"
|
||||||
EnvoyExtensions = [
|
EnvoyExtensions = [
|
||||||
{
|
{
|
||||||
|
@ -50,8 +50,8 @@ EnvoyExtensions = [
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
Op = "add"
|
Op = "add"
|
||||||
Path = "/upstream_connection_options/tcp_keepalive/keepalive_probes"
|
Path = "/respect_dns_ttl"
|
||||||
Value = 5
|
Value = true
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -66,9 +66,9 @@ EnvoyExtensions = [
|
||||||
|
|
||||||
```json
|
```json
|
||||||
"kind": "service-defaults",
|
"kind": "service-defaults",
|
||||||
"name": "global",
|
"name": "api",
|
||||||
"protocol": "http",
|
"protocol": "http",
|
||||||
"envoy_extensions": [{
|
"envoyExtensions": [{
|
||||||
"name": "builtin/property-override",
|
"name": "builtin/property-override",
|
||||||
"arguments": {
|
"arguments": {
|
||||||
"proxyType": "connect-proxy",
|
"proxyType": "connect-proxy",
|
||||||
|
@ -76,11 +76,11 @@ EnvoyExtensions = [
|
||||||
"resourceFilter": {
|
"resourceFilter": {
|
||||||
"resourceType": "cluster",
|
"resourceType": "cluster",
|
||||||
"trafficDirection": "outbound",
|
"trafficDirection": "outbound",
|
||||||
"services": [{ "name": "other-svc" }],
|
"services": [{ "name": "other-svc" }]
|
||||||
|
},
|
||||||
"op": "add",
|
"op": "add",
|
||||||
"path": "/upstream_connection_options/tcp_keepalive/keepalive_probes",
|
"path": "/respect_dns_ttl",
|
||||||
"value": 5
|
"value": true
|
||||||
}
|
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
}]
|
}]
|
||||||
|
@ -88,13 +88,13 @@ EnvoyExtensions = [
|
||||||
</CodeBlockConfig>
|
</CodeBlockConfig>
|
||||||
</Tab>
|
</Tab>
|
||||||
<Tab heading="Kubernetes" group="kubernetes">
|
<Tab heading="Kubernetes" group="kubernetes">
|
||||||
<CodeBlockConfig filename="property-override-extension-proxy-defaults.yaml">
|
<CodeBlockConfig filename="property-override-extension-service-defaults.yaml">
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
apiversion: consul.hashicorp.com/v1alpha1
|
apiversion: consul.hashicorp.com/v1alpha1
|
||||||
kind: ServiceDefaults
|
kind: ServiceDefaults
|
||||||
metadata:
|
metadata:
|
||||||
name: global
|
name: api
|
||||||
spec:
|
spec:
|
||||||
protocol: http
|
protocol: http
|
||||||
envoyExtensions:
|
envoyExtensions:
|
||||||
|
@ -108,8 +108,8 @@ spec:
|
||||||
services:
|
services:
|
||||||
- name: "other-svc"
|
- name: "other-svc"
|
||||||
op: "add"
|
op: "add"
|
||||||
path: "/upstream_connection_options/tcp_keepalive/keepalive_probes",
|
path: "/respect_dns_ttl",
|
||||||
value: 5
|
value: true
|
||||||
```
|
```
|
||||||
|
|
||||||
</CodeBlockConfig>
|
</CodeBlockConfig>
|
||||||
|
@ -136,6 +136,7 @@ EnvoyExtensions = [
|
||||||
{
|
{
|
||||||
Name = "builtin/property-override"
|
Name = "builtin/property-override"
|
||||||
Arguments = {
|
Arguments = {
|
||||||
|
Debug = true
|
||||||
ProxyType = "connect-proxy"
|
ProxyType = "connect-proxy"
|
||||||
Patches = [
|
Patches = [
|
||||||
{
|
{
|
||||||
|
@ -157,19 +158,23 @@ After applying the configuration entry, Consul prints a message that includes th
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ consul config write api.hcl
|
$ consul config write api.hcl
|
||||||
non-empty, non-root Path is required. available cluster fields:
|
non-empty, non-root Path is required;
|
||||||
/outlier_detection
|
available envoy.config.cluster.v3.Cluster fields:
|
||||||
/outlier_detection/enforcing_consecutive_5xx
|
transport_socket_matches
|
||||||
/outlier_detection/failure_percentage_request_volume
|
name
|
||||||
/round_robin_lb_config
|
alt_stat_name
|
||||||
/round_robin_lb_config/slow_start_config
|
type
|
||||||
|
cluster_type
|
||||||
|
eds_cluster_config
|
||||||
|
connect_timeout
|
||||||
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
You can use the output to help you construct the appropriate value for the `Path` field. For example:
|
You can use the output to help you construct the appropriate value for the `Path` field. For example:
|
||||||
|
|
||||||
```shell-session
|
```shell-session
|
||||||
$ consul config write api.hcl | grep round_robin
|
$ consul config write api.hcl 2>&1 | grep round_robin
|
||||||
/round_robin_lb_config
|
round_robin_lb_config
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue