54a12ab3c9
This change builds on #19043 and #19067 and updates the sidecar controller to use those computed resources. This achieves several benefits: * The cache is now simplified which helps us solve for previous bugs (such as multiple Upstreams/Destinations targeting the same service would overwrite each other) * We no longer need proxy config cache * We no longer need to do merging of proxy configs as part of the controller logic * Controller watches are simplified because we no longer need to have complex mapping using cache and can instead use the simple ReplaceType mapper. It also makes several other improvements/refactors: * Unifies all caches into one. This is because originally the caches were more independent, however, now that they need to interact with each other it made sense to unify them where sidecar proxy controller uses one cache with 3 bimappers * Unifies cache and mappers. Mapper already needed all caches anyway and so it made sense to make the cache do the mapping also now that the cache is unified. * Gets rid of service endpoints watches. This was needed to get updates in a case when service's identities have changed and we need to update proxy state template's spiffe IDs for those destinations. This will however generate a lot of reconcile requests for this controller as service endpoints objects can change a lot because they contain workload's health status. This is solved by adding a status to the service object tracking "bound identities" and have service endpoints controller update it. Having service's status updated allows us to get updates in the sidecar proxy controller because it's already watching service objects * Add a watch for workloads. We need it so that we get updates if workload's ports change. This also ensures that we update cached identities in case workload's identity changes. |
||
|---|---|---|
| .changelog | ||
| .github | ||
| .release | ||
| acl | ||
| agent | ||
| api | ||
| bench | ||
| build-support | ||
| command | ||
| connect | ||
| contributing | ||
| docs | ||
| envoyextensions | ||
| grafana | ||
| internal | ||
| ipaddr | ||
| lib | ||
| logging | ||
| proto | ||
| proto-public | ||
| sdk | ||
| sentinel | ||
| service_os | ||
| snapshot | ||
| test | ||
| test-integ | ||
| testing/deployer | ||
| testrpc | ||
| tlsutil | ||
| tools/internal-grpc-proxy | ||
| troubleshoot | ||
| types | ||
| ui | ||
| version | ||
| website | ||
| .copywrite.hcl | ||
| .dockerignore | ||
| .gitignore | ||
| .golangci.yml | ||
| CHANGELOG.md | ||
| Dockerfile | ||
| Dockerfile-windows | ||
| LICENSE | ||
| Makefile | ||
| NOTICE.md | ||
| README.md | ||
| buf.work.yaml | ||
| fixup_acl_move.sh | ||
| go.mod | ||
| go.sum | ||
| main.go | ||
README.md
Consul
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
- Website: https://www.consul.io
- Tutorials: HashiCorp Learn
- Forum: Discuss
Consul provides several key features:
-
Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.
-
Service Mesh - Consul Service Mesh enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections with Transparent Proxy.
-
Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.
-
Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.
-
Dynamic App Configuration - An HTTP API that allows users to store indexed objects within Consul, for storing configuration parameters and application metadata.
Consul runs on Linux, macOS, FreeBSD, Solaris, and Windows and includes an optional browser based UI. A commercial version called Consul Enterprise is also available.
Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.
Quick Start
A few quick start guides are available on the Consul website:
- Standalone binary install: https://learn.hashicorp.com/collections/consul/get-started-vms
- Minikube install: https://learn.hashicorp.com/tutorials/consul/kubernetes-minikube
- Kind install: https://learn.hashicorp.com/tutorials/consul/kubernetes-kind
- Kubernetes install: https://learn.hashicorp.com/tutorials/consul/kubernetes-deployment-guide
- Deploy HCP Consul: https://learn.hashicorp.com/tutorials/consul/hcp-gs-deploy
Documentation
Full, comprehensive documentation is available on the Consul website: https://consul.io/docs
Contributing
Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance. For contributions specifically to the browser based UI, please refer to the UI's README.md for guidance.