consul/agent/xds
Ashvitha f95ffe0355
Allow HCP metrics collection for Envoy proxies
Co-authored-by: Ashvitha Sridharan <ashvitha.sridharan@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>

Add a new envoy flag: "envoy_hcp_metrics_bind_socket_dir", a directory
where a unix socket will be created with the name
`<namespace>_<proxy_id>.sock` to forward Envoy metrics.

If set, this will configure:
- In bootstrap configuration a local stats_sink and static cluster.
  These will forward metrics to a loopback listener sent over xDS.

- A dynamic listener listening at the socket path that the previously
  defined static cluster is sending metrics to.

- A dynamic cluster that will forward traffic received at this listener
  to the hcp-metrics-collector service.


Reasons for having a static cluster pointing at a dynamic listener:
- We want to secure the metrics stream using TLS, but the stats sink can
  only be defined in bootstrap config. With dynamic listeners/clusters
  we can use the proxy's leaf certificate issued by the Connect CA,
  which isn't available at bootstrap time.

- We want to intelligently route to the HCP collector. Configuring its
  addreess at bootstrap time limits our flexibility routing-wise. More
  on this below.

Reasons for defining the collector as an upstream in `proxycfg`:
- The HCP collector will be deployed as a mesh service.

- Certificate management is taken care of, as mentioned above.

- Service discovery and routing logic is automatically taken care of,
  meaning that no code changes are required in the xds package.

- Custom routing rules can be added for the collector using discovery
  chain config entries. Initially the collector is expected to be
  deployed to each admin partition, but in the future could be deployed
  centrally in the default partition. These config entries could even be
  managed by HCP itself.
2023-03-10 13:52:54 -07:00
..
accesslogs [OSS] feat: access logs for listeners and listener filters (#15864) 2022-12-22 15:18:15 -05:00
extensionruntime refactor: remove troubleshoot module dependency on consul top level module (#16162) 2023-02-06 09:14:35 -08:00
testcommon Inline API Gateway TLS cert code (#16295) 2023-02-17 12:46:03 -05:00
testdata Allow HCP metrics collection for Envoy proxies 2023-03-10 13:52:54 -07:00
validateupstream-test troubleshoot: fixes and updated messages (#16294) 2023-02-17 07:43:05 -08:00
clusters.go Refactor the disco chain -> xds logic (#16392) 2023-02-23 11:32:32 -05:00
clusters_test.go refactor: remove troubleshoot module dependency on consul top level module (#16162) 2023-02-06 09:14:35 -08:00
config.go Protobuf Modernization (#15949) 2023-01-11 09:39:10 -05:00
config_test.go Add support for configuring Envoys route idle_timeout (#14340) 2022-11-29 17:43:15 -05:00
delta.go Inline API Gateway TLS cert code (#16295) 2023-02-17 12:46:03 -05:00
delta_envoy_extender_oss_test.go feat: envoy extension - http local rate limit (#16196) 2023-02-07 21:56:15 -05:00
delta_test.go Fix attempt for test fail panics in xDS (#16319) 2023-02-24 17:00:31 -05:00
endpoints.go Refactor the disco chain -> xds logic (#16392) 2023-02-23 11:32:32 -05:00
endpoints_test.go refactor: remove troubleshoot module dependency on consul top level module (#16162) 2023-02-06 09:14:35 -08:00
failover_math.go xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
failover_math_test.go Cluster peering failover disco chain changes (#14296) 2022-08-23 09:13:43 -04:00
golden_test.go Refactor the disco chain -> xds logic (#16392) 2023-02-23 11:32:32 -05:00
listeners.go Refactor the disco chain -> xds logic (#16392) 2023-02-23 11:32:32 -05:00
listeners_ingress.go Inline API Gateway TLS cert code (#16295) 2023-02-17 12:46:03 -05:00
listeners_test.go Inline API Gateway TLS cert code (#16295) 2023-02-17 12:46:03 -05:00
naming.go
net_fallback.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
net_linux.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
protocol_trace.go Protobuf Modernization (#15949) 2023-01-11 09:39:10 -05:00
rbac.go Protobuf Refactoring for Multi-Module Cleanliness (#16302) 2023-02-17 16:14:46 -05:00
rbac_test.go Protobuf Refactoring for Multi-Module Cleanliness (#16302) 2023-02-17 16:14:46 -05:00
resources.go Inline API Gateway TLS cert code (#16295) 2023-02-17 12:46:03 -05:00
resources_oss_test.go xds: begin refactor to always pass test snapshots through all xDS types (#13461) 2022-06-15 14:58:28 -05:00
resources_test.go Allow HCP metrics collection for Envoy proxies 2023-03-10 13:52:54 -07:00
response.go Protobuf Modernization (#15949) 2023-01-11 09:39:10 -05:00
routes.go NET-2904 Fixes API Gateway Route Service Weight Division Error 2023-03-06 08:41:57 -05:00
routes_test.go refactor: remove troubleshoot module dependency on consul top level module (#16162) 2023-02-06 09:14:35 -08:00
secrets.go Inline API Gateway TLS cert code (#16295) 2023-02-17 12:46:03 -05:00
server.go Implement APIGateway proxycfg snapshot (#16194) 2023-02-08 15:52:12 -06:00
server_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
testing.go Fix panicky xDS test flakes (#16305) 2023-02-17 14:07:49 -05:00
xds.go
xds_protocol_helpers_test.go Fix various flaky tests (#16396) 2023-02-23 14:52:18 -05:00
z_xds_packages.go Add connection limit setting to service defaults 2022-05-24 10:13:38 -07:00
z_xds_packages_test.go Protobuf Modernization (#15949) 2023-01-11 09:39:10 -05:00