Add http2 and grpc support to ingress gateways (#8458)
This commit is contained in:
parent
f2b8bf109c
commit
145bcdc2bb
|
@ -0,0 +1,3 @@
|
|||
```release-note:improvement
|
||||
connect: Add support for http2 and grpc to ingress gateways
|
||||
```
|
|
@ -38,7 +38,7 @@ type IngressListener struct {
|
|||
// Protocol declares what type of traffic this listener is expected to
|
||||
// receive. Depending on the protocol, a listener might support multiplexing
|
||||
// services over a single port, or additional discovery chain features. The
|
||||
// current supported values are: (tcp | http).
|
||||
// current supported values are: (tcp | http | http2 | grpc).
|
||||
Protocol string
|
||||
|
||||
// Services declares the set of services to which the listener forwards
|
||||
|
@ -122,8 +122,10 @@ func (e *IngressGatewayConfigEntry) Normalize() error {
|
|||
|
||||
func (e *IngressGatewayConfigEntry) Validate() error {
|
||||
validProtocols := map[string]bool{
|
||||
"http": true,
|
||||
"tcp": true,
|
||||
"tcp": true,
|
||||
"http": true,
|
||||
"http2": true,
|
||||
"grpc": true,
|
||||
}
|
||||
declaredPorts := make(map[int]bool)
|
||||
|
||||
|
@ -134,7 +136,7 @@ func (e *IngressGatewayConfigEntry) Validate() error {
|
|||
declaredPorts[listener.Port] = true
|
||||
|
||||
if _, ok := validProtocols[listener.Protocol]; !ok {
|
||||
return fmt.Errorf("Protocol must be either 'http' or 'tcp', '%s' is an unsupported protocol.", listener.Protocol)
|
||||
return fmt.Errorf("protocol must be 'tcp', 'http', 'http2', or 'grpc'. '%s' is an unsupported protocol", listener.Protocol)
|
||||
}
|
||||
|
||||
if len(listener.Services) == 0 {
|
||||
|
|
|
@ -326,7 +326,7 @@ func TestIngressConfigEntry_Validate(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
expectErr: "Protocol must be either 'http' or 'tcp', 'asdf' is an unsupported protocol.",
|
||||
expectErr: "protocol must be 'tcp', 'http', 'http2', or 'grpc'. 'asdf' is an unsupported protocol",
|
||||
},
|
||||
{
|
||||
name: "hosts cannot be set on a tcp listener",
|
||||
|
|
|
@ -44,7 +44,7 @@ type IngressListener struct {
|
|||
// Protocol declares what type of traffic this listener is expected to
|
||||
// receive. Depending on the protocol, a listener might support multiplexing
|
||||
// services over a single port, or additional discovery chain features. The
|
||||
// current supported values are: (tcp | http).
|
||||
// current supported values are: (tcp | http | http2 | grpc).
|
||||
Protocol string
|
||||
|
||||
// Services declares the set of services to which the listener forwards
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
|
||||
snapshot_envoy_admin localhost:20000 ingress-gateway primary || true
|
|
@ -0,0 +1,26 @@
|
|||
enable_central_service_config = true
|
||||
|
||||
config_entries {
|
||||
bootstrap {
|
||||
kind = "service-defaults"
|
||||
name = "s1"
|
||||
protocol = "grpc"
|
||||
}
|
||||
bootstrap {
|
||||
kind = "ingress-gateway"
|
||||
name = "ingress-gateway"
|
||||
|
||||
listeners = [
|
||||
{
|
||||
port = 9999
|
||||
protocol = "grpc"
|
||||
services = [
|
||||
{
|
||||
name = "s1"
|
||||
hosts = ["localhost:9999"]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
services {
|
||||
name = "ingress-gateway"
|
||||
kind = "ingress-gateway"
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
services {
|
||||
name = "s1"
|
||||
port = 8079
|
||||
connect {
|
||||
sidecar_service {
|
||||
proxy {
|
||||
config {
|
||||
protocol = "grpc"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# wait for bootstrap to apply config entries
|
||||
wait_for_config_entry ingress-gateway ingress-gateway
|
||||
|
||||
gen_envoy_bootstrap ingress-gateway 20000 primary true
|
||||
gen_envoy_bootstrap s1 19000
|
||||
gen_envoy_bootstrap s2 19001
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
|
||||
export REQUIRED_SERVICES="$DEFAULT_REQUIRED_SERVICES ingress-gateway-primary"
|
|
@ -0,0 +1,32 @@
|
|||
#!/usr/bin/env bats
|
||||
|
||||
load helpers
|
||||
|
||||
@test "ingress proxy admin is up on :20000" {
|
||||
retry_default curl -f -s localhost:20000/stats -o /dev/null
|
||||
}
|
||||
|
||||
@test "s1 proxy admin is up on :19000" {
|
||||
retry_default curl -f -s localhost:19000/stats -o /dev/null
|
||||
}
|
||||
|
||||
@test "s2 proxy admin is up on :19001" {
|
||||
retry_default curl -f -s localhost:19001/stats -o /dev/null
|
||||
}
|
||||
|
||||
@test "s1 proxy listener should be up and have right cert" {
|
||||
assert_proxy_presents_cert_uri localhost:21000 s1
|
||||
}
|
||||
|
||||
@test "ingress-gateway should have healthy endpoints for s1" {
|
||||
assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1
|
||||
}
|
||||
|
||||
@test "ingress should be able to connect to s1 via grpc" {
|
||||
# This test also covers http2 since gRPC always uses http2
|
||||
run fortio grpcping localhost:9999
|
||||
|
||||
echo "OUTPUT: $output"
|
||||
|
||||
[ "$status" == 0 ]
|
||||
}
|
|
@ -33,6 +33,7 @@ func TestEnvoy(t *testing.T) {
|
|||
"case-http",
|
||||
"case-http-badauthz",
|
||||
"case-ingress-gateway-http",
|
||||
"case-ingress-gateway-grpc",
|
||||
"case-ingress-gateway-multiple-services",
|
||||
"case-ingress-gateway-simple",
|
||||
"case-ingress-gateway-tls",
|
||||
|
|
|
@ -343,7 +343,7 @@ Also make two services in the frontend namespace available over a custom port wi
|
|||
- `Port` `(int: 0)` - The port that the listener should receive traffic on.
|
||||
|
||||
- `Protocol` `(string: "tcp")` - The protocol associated with the listener.
|
||||
Either `tcp` or `http`.
|
||||
One of `tcp`, `http`, `http2`, or `grpc`.
|
||||
|
||||
- `Services` `(array<IngressService>: <optional>)` - A list of services to be
|
||||
exposed via this listener. For "tcp" listeners, only a single service is
|
||||
|
|
Loading…
Reference in New Issue