Revert "Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc"

This reverts commit 74fb650b6b966588f8faeec26935a858af2b8bb5, reversing changes made to 58bd8173364effb98b9fd9f9b98d31dd887a9bac.
2021-09-08 11:48:41 -04:00 · 2021-09-08 11:48:41 -04:00 · 402d3792b6
parent 4410f8eee5
commit 402d3792b6
18 changed files with 109 additions and 363 deletions
--- a/.changelog/10588.txt
+++ b/.changelog/10588.txt
@ -1,4 +0,0 @@
-```release-note:deprecation
-config: the `ports.grpc` and `addresses.grpc` configuration settings have been renamed to `ports.xds` and `addresses.xds` to better match their function.
-```
-
--- a/agent/agent.go
+++ b/agent/agent.go
@ -621,7 +621,8 @@ func (a *Agent) Start(ctx context.Context) error {
 		a.apiServers.Start(srv)
 	}

-	if err := a.listenAndServeXDS(); err != nil {
+	// Start gRPC server.
+	if err := a.listenAndServeGRPC(); err != nil {
 		return err
 	}

@ -669,8 +670,8 @@ func (a *Agent) Failed() <-chan struct{} {
 	return a.apiServers.failed
 }

-func (a *Agent) listenAndServeXDS() error {
-	if len(a.config.XDSAddrs) < 1 {
+func (a *Agent) listenAndServeGRPC() error {
+	if len(a.config.GRPCAddrs) < 1 {
 		return nil
 	}

@ -690,9 +691,13 @@ func (a *Agent) listenAndServeXDS() error {
 	if a.config.HTTPSPort <= 0 {
 		tlsConfig = nil
 	}
-	a.grpcServer = xds.NewGRPCServer(xdsServer, tlsConfig)
+	var err error
+	a.grpcServer, err = xdsServer.GRPCServer(tlsConfig)
+	if err != nil {
+		return err
+	}

-	ln, err := a.startListeners(a.config.XDSAddrs)
+	ln, err := a.startListeners(a.config.GRPCAddrs)
 	if err != nil {
 		return err
 	}
--- a/agent/agent_endpoint.go
+++ b/agent/agent_endpoint.go
@ -39,12 +39,11 @@ type Self struct {
 	Member      serf.Member
 	Stats       map[string]map[string]string
 	Meta        map[string]string
-	XDS         *XDSSelf `json:"xDS,omitempty"`
+	XDS         *xdsSelf `json:"xDS,omitempty"`
 }

-type XDSSelf struct {
+type xdsSelf struct {
 	SupportedProxies map[string][]string
-	Port             int
 }

 func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
@ -67,13 +66,12 @@ func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (i
 		}
 	}

-	var xds *XDSSelf
+	var xds *xdsSelf
 	if s.agent.grpcServer != nil {
-		xds = &XDSSelf{
+		xds = &xdsSelf{
 			SupportedProxies: map[string][]string{
 				"envoy": proxysupport.EnvoyVersions,
 			},
-			Port: s.agent.config.XDSPort,
 		}
 	}

@ -96,14 +94,9 @@ func (s *HTTPHandlers) AgentSelf(resp http.ResponseWriter, req *http.Request) (i
 		Server:            s.agent.config.ServerMode,
 		Version:           s.agent.config.Version,
 	}
-	debugConfig := s.agent.config.Sanitized()
-	// Backwards compat for the envoy command. Never use DebugConfig for
-	// programmatic access to data.
-	debugConfig["GRPCPort"] = s.agent.config.XDSPort
-
 	return Self{
 		Config:      config,
-		DebugConfig: debugConfig,
+		DebugConfig: s.agent.config.Sanitized(),
 		Coord:       cs[s.agent.config.SegmentName],
 		Member:      s.agent.LocalMember(),
 		Stats:       s.agent.Stats(),
--- a/agent/config/builder.go
+++ b/agent/config/builder.go
@ -428,10 +428,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 	httpPort := b.portVal("ports.http", c.Ports.HTTP)
 	httpsPort := b.portVal("ports.https", c.Ports.HTTPS)
 	serverPort := b.portVal("ports.server", c.Ports.Server)
-	if c.Ports.XDS == nil {
-		c.Ports.XDS = c.Ports.GRPC
-	}
-	xdsPort := b.portVal("ports.xds", c.Ports.XDS)
+	grpcPort := b.portVal("ports.grpc", c.Ports.GRPC)
 	serfPortLAN := b.portVal("ports.serf_lan", c.Ports.SerfLAN)
 	serfPortWAN := b.portVal("ports.serf_wan", c.Ports.SerfWAN)
 	proxyMinPort := b.portVal("ports.proxy_min_port", c.Ports.ProxyMinPort)
@ -558,10 +555,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 	dnsAddrs := b.makeAddrs(b.expandAddrs("addresses.dns", c.Addresses.DNS), clientAddrs, dnsPort)
 	httpAddrs := b.makeAddrs(b.expandAddrs("addresses.http", c.Addresses.HTTP), clientAddrs, httpPort)
 	httpsAddrs := b.makeAddrs(b.expandAddrs("addresses.https", c.Addresses.HTTPS), clientAddrs, httpsPort)
-	if c.Addresses.XDS == nil {
-		c.Addresses.XDS = c.Addresses.GRPC
-	}
-	xdsAddrs := b.makeAddrs(b.expandAddrs("addresses.xds", c.Addresses.XDS), clientAddrs, xdsPort)
+	grpcAddrs := b.makeAddrs(b.expandAddrs("addresses.grpc", c.Addresses.GRPC), clientAddrs, grpcPort)

 	for _, a := range dnsAddrs {
 		if x, ok := a.(*net.TCPAddr); ok {
@ -1008,8 +1002,8 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
 		EncryptKey:                 stringVal(c.EncryptKey),
 		EncryptVerifyIncoming:      boolVal(c.EncryptVerifyIncoming),
 		EncryptVerifyOutgoing:      boolVal(c.EncryptVerifyOutgoing),
-		XDSPort:                    xdsPort,
-		XDSAddrs:                   xdsAddrs,
+		GRPCPort:                   grpcPort,
+		GRPCAddrs:                  grpcAddrs,
 		HTTPMaxConnsPerClient:      intVal(c.Limits.HTTPMaxConnsPerClient),
 		HTTPSHandshakeTimeout:      b.durationVal("limits.https_handshake_timeout", c.Limits.HTTPSHandshakeTimeout),
 		KeyFile:                    stringVal(c.KeyFile),
--- a/agent/config/config.go
+++ b/agent/config/config.go
@ -337,10 +337,7 @@ type Addresses struct {
 	DNS   *string `mapstructure:"dns"`
 	HTTP  *string `mapstructure:"http"`
 	HTTPS *string `mapstructure:"https"`
-	XDS   *string `mapstructure:"xds"`
-
-	// Deprecated: replaced by XDS
-	GRPC *string `mapstructure:"grpc"`
+	GRPC  *string `mapstructure:"grpc"`
 }

 type AdvertiseAddrsConfig struct {
@ -693,16 +690,13 @@ type Ports struct {
 	SerfLAN        *int `mapstructure:"serf_lan"`
 	SerfWAN        *int `mapstructure:"serf_wan"`
 	Server         *int `mapstructure:"server"`
-	XDS            *int `mapstructure:"xds"`
+	GRPC           *int `mapstructure:"grpc"`
 	ProxyMinPort   *int `mapstructure:"proxy_min_port"`
 	ProxyMaxPort   *int `mapstructure:"proxy_max_port"`
 	SidecarMinPort *int `mapstructure:"sidecar_min_port"`
 	SidecarMaxPort *int `mapstructure:"sidecar_max_port"`
 	ExposeMinPort  *int `mapstructure:"expose_min_port"`
 	ExposeMaxPort  *int `mapstructure:"expose_max_port"`
-
-	// Deprecated: replaced by XDS
-	GRPC *int `mapstructure:"grpc"`
 }

 type UnixSocket struct {
--- a/agent/config/flags.go
+++ b/agent/config/flags.go
@ -53,8 +53,7 @@ func AddFlags(fs *flag.FlagSet, f *LoadOpts) {
 	add(&f.FlagValues.EnableLocalScriptChecks, "enable-local-script-checks", "Enables health check scripts from configuration file.")
 	add(&f.FlagValues.HTTPConfig.AllowWriteHTTPFrom, "allow-write-http-from", "Only allow write endpoint calls from given network. CIDR format, can be specified multiple times.")
 	add(&f.FlagValues.EncryptKey, "encrypt", "Provides the gossip encryption key.")
-	add(&f.FlagValues.Ports.XDS, "grpc-port", "Deprecated, use xds-port")
-	add(&f.FlagValues.Ports.XDS, "xds-port", "Sets the xDS gRPC port to listen on (used by Envoy proxies).")
+	add(&f.FlagValues.Ports.GRPC, "grpc-port", "Sets the gRPC API port to listen on (currently needed for Envoy xDS only).")
 	add(&f.FlagValues.Ports.HTTP, "http-port", "Sets the HTTP API port to listen on.")
 	add(&f.FlagValues.Ports.HTTPS, "https-port", "Sets the HTTPS API port to listen on.")
 	add(&f.FlagValues.StartJoinAddrsLAN, "join", "Address of an agent to join at start time. Can be specified multiple times.")
--- a/agent/config/flags_test.go
+++ b/agent/config/flags_test.go
@ -49,7 +49,7 @@ func TestAddFlags_WithParse(t *testing.T) {
 		},
 		{
 			args:     []string{`-grpc-port`, `1`},
-			expected: LoadOpts{FlagValues: Config{Ports: Ports{XDS: pInt(1)}}},
+			expected: LoadOpts{FlagValues: Config{Ports: Ports{GRPC: pInt(1)}}},
 		},
 		{
 			args:     []string{`-http-port`, `1`},
--- a/agent/config/runtime.go
+++ b/agent/config/runtime.go
@ -675,27 +675,27 @@ type RuntimeConfig struct {
 	// hcl: encrypt_verify_outgoing = (true|false)
 	EncryptVerifyOutgoing bool

-	// XDSPort is the port the xDS gRPC server listens on. This port only
+	// GRPCPort is the port the gRPC server listens on. Currently this only
 	// exposes the xDS and ext_authz APIs for Envoy and it is disabled by default.
 	//
-	// hcl: ports { xds = int }
-	// flags: -xds-port int
-	XDSPort int
+	// hcl: ports { grpc = int }
+	// flags: -grpc-port int
+	GRPCPort int

-	// XDSAddrs contains the list of TCP addresses and UNIX sockets the xDS gRPC
-	// server will bind to. If the xDS endpoint is disabled (ports.xds <= 0)
+	// GRPCAddrs contains the list of TCP addresses and UNIX sockets the gRPC
+	// server will bind to. If the gRPC endpoint is disabled (ports.grpc <= 0)
 	// the list is empty.
 	//
-	// The addresses are taken from 'addresses.xds' which should contain a
+	// The addresses are taken from 'addresses.grpc' which should contain a
 	// space separated list of ip addresses, UNIX socket paths and/or
 	// go-sockaddr templates. UNIX socket paths must be written as
-	// 'unix://<full path>', e.g. 'unix:///var/run/consul-xds.sock'.
+	// 'unix://<full path>', e.g. 'unix:///var/run/consul-grpc.sock'.
 	//
-	// If 'addresses.xds' was not provided the 'client_addr' addresses are
+	// If 'addresses.grpc' was not provided the 'client_addr' addresses are
 	// used.
 	//
-	// hcl: client_addr = string addresses { xds = string } ports { xds = int }
-	XDSAddrs []net.Addr
+	// hcl: client_addr = string addresses { grpc = string } ports { grpc = int }
+	GRPCAddrs []net.Addr

 	// HTTPAddrs contains the list of TCP addresses and UNIX sockets the HTTP
 	// server will bind to. If the HTTP endpoint is disabled (ports.http <= 0)
--- a/agent/config/runtime_test.go
+++ b/agent/config/runtime_test.go
@ -338,8 +338,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.GossipWANProbeTimeout = 100 * time.Millisecond
 			rt.GossipWANSuspicionMult = 3
 			rt.ConsulServerHealthInterval = 10 * time.Millisecond
-			rt.XDSPort = 8502
-			rt.XDSAddrs = []net.Addr{tcpAddr("127.0.0.1:8502")}
+			rt.GRPCPort = 8502
+			rt.GRPCAddrs = []net.Addr{tcpAddr("127.0.0.1:8502")}
 			rt.RPCConfig.EnableStreaming = true
 		},
 	})
@ -1048,8 +1048,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.HTTPAddrs = []net.Addr{tcpAddr("0.0.0.0:2")}
 			rt.HTTPSPort = 3
 			rt.HTTPSAddrs = []net.Addr{tcpAddr("0.0.0.0:3")}
-			rt.XDSPort = 4
-			rt.XDSAddrs = []net.Addr{tcpAddr("0.0.0.0:4")}
+			rt.GRPCPort = 4
+			rt.GRPCAddrs = []net.Addr{tcpAddr("0.0.0.0:4")}
 			rt.DataDir = dataDir
 		},
 	})
@ -1121,8 +1121,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.HTTPAddrs = []net.Addr{tcpAddr("2.2.2.2:2")}
 			rt.HTTPSPort = 3
 			rt.HTTPSAddrs = []net.Addr{tcpAddr("3.3.3.3:3")}
-			rt.XDSPort = 4
-			rt.XDSAddrs = []net.Addr{tcpAddr("4.4.4.4:4")}
+			rt.GRPCPort = 4
+			rt.GRPCAddrs = []net.Addr{tcpAddr("4.4.4.4:4")}
 			rt.DataDir = dataDir
 		},
 	})
@ -1145,8 +1145,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.HTTPAddrs = []net.Addr{tcpAddr("1.2.3.4:2"), tcpAddr("[2001:db8::1]:2")}
 			rt.HTTPSPort = 3
 			rt.HTTPSAddrs = []net.Addr{tcpAddr("1.2.3.4:3"), tcpAddr("[2001:db8::1]:3")}
-			rt.XDSPort = 4
-			rt.XDSAddrs = []net.Addr{tcpAddr("1.2.3.4:4"), tcpAddr("[2001:db8::1]:4")}
+			rt.GRPCPort = 4
+			rt.GRPCAddrs = []net.Addr{tcpAddr("1.2.3.4:4"), tcpAddr("[2001:db8::1]:4")}
 			rt.DataDir = dataDir
 		},
 	})
@ -1181,8 +1181,8 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
 			rt.HTTPAddrs = []net.Addr{tcpAddr("2.2.2.2:2"), unixAddr("unix://http"), tcpAddr("[2001:db8::20]:2")}
 			rt.HTTPSPort = 3
 			rt.HTTPSAddrs = []net.Addr{tcpAddr("3.3.3.3:3"), unixAddr("unix://https"), tcpAddr("[2001:db8::30]:3")}
-			rt.XDSPort = 4
-			rt.XDSAddrs = []net.Addr{tcpAddr("4.4.4.4:4"), unixAddr("unix://grpc"), tcpAddr("[2001:db8::40]:4")}
+			rt.GRPCPort = 4
+			rt.GRPCAddrs = []net.Addr{tcpAddr("4.4.4.4:4"), unixAddr("unix://grpc"), tcpAddr("[2001:db8::40]:4")}
 			rt.DataDir = dataDir
 		},
 	})
@ -5477,8 +5477,8 @@ func TestLoad_FullConfig(t *testing.T) {
 		EncryptKey:                             "A4wELWqH",
 		EncryptVerifyIncoming:                  true,
 		EncryptVerifyOutgoing:                  true,
-		XDSPort:                                4881,
-		XDSAddrs:                               []net.Addr{tcpAddr("32.31.61.91:4881")},
+		GRPCPort:                               4881,
+		GRPCAddrs:                              []net.Addr{tcpAddr("32.31.61.91:4881")},
 		HTTPAddrs:                              []net.Addr{tcpAddr("83.39.91.39:7999")},
 		HTTPBlockEndpoints:                     []string{"RBvAFcGD", "fWOWFznh"},
 		AllowWriteHTTPFrom:                     []*net.IPNet{cidr("127.0.0.0/8"), cidr("22.33.44.55/32"), cidr("0.0.0.0/0")},
--- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden
+++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden
@ -94,8 +94,8 @@
            "DeregisterCriticalServiceAfter": "0s",
            "DockerContainerID": "",
            "EnterpriseMeta": {},
-            "FailuresBeforeWarning": 0,
            "FailuresBeforeCritical": 0,
+            "FailuresBeforeWarning": 0,
            "GRPC": "",
            "GRPCUseTLS": false,
            "H2PING": "",
@ -188,6 +188,8 @@
    "EnterpriseRuntimeConfig": {},
    "ExposeMaxPort": 0,
    "ExposeMinPort": 0,
+    "GRPCAddrs": [],
+    "GRPCPort": 0,
    "GossipLANGossipInterval": "0s",
    "GossipLANGossipNodes": 0,
    "GossipLANProbeInterval": "0s",
@ -296,8 +298,8 @@
                "CheckID": "",
                "DeregisterCriticalServiceAfter": "0s",
                "DockerContainerID": "",
-                "FailuresBeforeWarning": 0,
                "FailuresBeforeCritical": 0,
+                "FailuresBeforeWarning": 0,
                "GRPC": "",
                "GRPCUseTLS": false,
                "H2PING": "",
@ -415,7 +417,5 @@
    "VerifyServerHostname": false,
    "Version": "",
    "VersionPrerelease": "",
-    "Watches": [],
-    "XDSAddrs": [],
-    "XDSPort": 0
-}
+    "Watches": []
+}
--- a/agent/xds/server.go
+++ b/agent/xds/server.go
@ -548,15 +548,14 @@ func tokenFromContext(ctx context.Context) string {
 	return ""
 }

-// NewGRPCServer creates a grpc.Server, registers the Server, and then returns
-// the grpc.Server.
-func NewGRPCServer(s *Server, tlsConfigurator *tlsutil.Configurator) *grpc.Server {
+// GRPCServer returns a server instance that can handle xDS requests.
+func (s *Server) GRPCServer(tlsConfigurator *tlsutil.Configurator) (*grpc.Server, error) {
 	opts := []grpc.ServerOption{
 		grpc.MaxConcurrentStreams(2048),
 	}
 	if tlsConfigurator != nil {
 		if tlsConfigurator.Cert() != nil {
-			creds := credentials.NewTLS(tlsConfigurator.IncomingXDSConfig())
+			creds := credentials.NewTLS(tlsConfigurator.IncomingGRPCConfig())
 			opts = append(opts, grpc.Creds(creds))
 		}
 	}
@ -566,7 +565,8 @@ func NewGRPCServer(s *Server, tlsConfigurator *tlsutil.Configurator) *grpc.Serve
 	if !s.DisableV2Protocol {
 		envoy_discovery_v2.RegisterAggregatedDiscoveryServiceServer(srv, &adsServerV2Shim{srv: s})
 	}
-	return srv
+
+	return srv, nil
 }

 // authorize the xDS request using the token stored in ctx. This authorization is
--- a/command/agent/agent.go
+++ b/command/agent/agent.go
@ -200,8 +200,8 @@ func (c *cmd) run(args []string) int {
 	}
 	ui.Info(fmt.Sprintf("    Datacenter: '%s' (Segment: '%s')", config.Datacenter, segment))
 	ui.Info(fmt.Sprintf("        Server: %v (Bootstrap: %v)", config.ServerMode, config.Bootstrap))
-	ui.Info(fmt.Sprintf("   Client Addr: %v (HTTP: %d, HTTPS: %d, xDS: %d, DNS: %d)", config.ClientAddrs,
-		config.HTTPPort, config.HTTPSPort, config.XDSPort, config.DNSPort))
+	ui.Info(fmt.Sprintf("   Client Addr: %v (HTTP: %d, HTTPS: %d, gRPC: %d, DNS: %d)", config.ClientAddrs,
+		config.HTTPPort, config.HTTPSPort, config.GRPCPort, config.DNSPort))
 	ui.Info(fmt.Sprintf("  Cluster Addr: %v (LAN: %d, WAN: %d)", config.AdvertiseAddrLAN,
 		config.SerfPortLAN, config.SerfPortWAN))
 	ui.Info(fmt.Sprintf("       Encrypt: Gossip: %v, TLS-Outgoing: %v, TLS-Incoming: %v, Auto-Encrypt-TLS: %t",
--- a/command/connect/envoy/envoy.go
+++ b/command/connect/envoy/envoy.go
@ -426,7 +426,7 @@ func (c *cmd) templateArgs() (*BootstrapTplArgs, error) {
 		return nil, err
 	}

-	xdsAddr, err := c.xdsAddress(httpCfg)
+	grpcAddr, err := c.grpcAddress(httpCfg)
 	if err != nil {
 		return nil, err
 	}
@ -471,7 +471,7 @@ func (c *cmd) templateArgs() (*BootstrapTplArgs, error) {
 	caPEM = strings.Replace(strings.Join(pems, ""), "\n", "\\n", -1)

 	return &BootstrapTplArgs{
-		GRPC:                  xdsAddr,
+		GRPC:                  grpcAddr,
 		ProxyCluster:          cluster,
 		ProxyID:               c.proxyID,
 		ProxySourceService:    proxySourceService,
@ -557,12 +557,13 @@ func (c *cmd) generateConfig() ([]byte, error) {
 }

 // TODO: make method a function
-func (c *cmd) xdsAddress(httpCfg *api.Config) (GRPC, error) {
+func (c *cmd) grpcAddress(httpCfg *api.Config) (GRPC, error) {
 	g := GRPC{}

 	addr := c.grpcAddr
+	// See if we need to lookup grpcAddr
 	if addr == "" {
-		port, err := c.lookupXDSPort()
+		port, err := c.lookupGRPCPort()
 		if err != nil {
 			c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))
 		}
@ -620,25 +621,11 @@ func (c *cmd) xdsAddress(httpCfg *api.Config) (GRPC, error) {
 	return g, nil
 }

-func (c *cmd) lookupXDSPort() (int, error) {
+func (c *cmd) lookupGRPCPort() (int, error) {
 	self, err := c.client.Agent().Self()
 	if err != nil {
 		return 0, err
 	}
-
-	type response struct {
-		XDS struct {
-			Port int
-		}
-	}
-
-	var resp response
-	if err := mapstructure.Decode(self, &resp); err == nil && resp.XDS.Port != 0 {
-		return resp.XDS.Port, nil
-	}
-
-	// Fallback to old API for the case where a new consul CLI is being used with
-	// an older API version.
 	cfg, ok := self["DebugConfig"]
 	if !ok {
 		return 0, fmt.Errorf("unexpected agent response: no debug config")
--- a/command/connect/envoy/envoy_test.go
+++ b/command/connect/envoy/envoy_test.go
@ -112,8 +112,7 @@ type generateConfigTestCase struct {
 	Files             map[string]string
 	ProxyConfig       map[string]interface{}
 	NamespacesEnabled bool
-	XDSPort           int  // only used for testing custom-configured grpc port
-	AgentSelf110      bool // fake the agent API from versions v1.10 and earlier
+	GRPCPort          int // only used for testing custom-configured grpc port
 	WantArgs          BootstrapTplArgs
 	WantErr           string
 }
@ -358,35 +357,9 @@ func TestGenerateConfig(t *testing.T) {
 			},
 		},
 		{
-			Name:    "xds-addr-config",
-			Flags:   []string{"-proxy-id", "test-proxy"},
-			XDSPort: 9999,
-			WantArgs: BootstrapTplArgs{
-				EnvoyVersion: defaultEnvoyVersion,
-				ProxyCluster: "test-proxy",
-				ProxyID:      "test-proxy",
-				// We don't know this til after the lookup so it will be empty in the
-				// initial args call we are testing here.
-				ProxySourceService: "",
-				// Should resolve IP, note this might not resolve the same way
-				// everywhere which might make this test brittle but not sure what else
-				// to do.
-				GRPC: GRPC{
-					AgentAddress: "127.0.0.1",
-					AgentPort:    "9999",
-				},
-				AdminAccessLogPath:    "/dev/null",
-				AdminBindAddress:      "127.0.0.1",
-				AdminBindPort:         "19000",
-				LocalAgentClusterName: xds.LocalAgentClusterName,
-				PrometheusScrapePath:  "/metrics",
-			},
-		},
-		{
-			Name:         "deprecated-grpc-addr-config",
-			Flags:        []string{"-proxy-id", "test-proxy"},
-			XDSPort:      9999,
-			AgentSelf110: true,
+			Name:     "grpc-addr-config",
+			Flags:    []string{"-proxy-id", "test-proxy"},
+			GRPCPort: 9999,
 			WantArgs: BootstrapTplArgs{
 				EnvoyVersion: defaultEnvoyVersion,
 				ProxyCluster: "test-proxy",
@ -1041,23 +1014,29 @@ func TestEnvoy_GatewayRegistration(t *testing.T) {
 // testMockAgent combines testMockAgentProxyConfig and testMockAgentSelf,
 // routing /agent/service/... requests to testMockAgentProxyConfig and
 // routing /agent/self requests to testMockAgentSelf.
-func testMockAgent(tc generateConfigTestCase) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		switch {
-		case strings.Contains(r.URL.Path, "/agent/services"):
-			testMockAgentGatewayConfig(tc.NamespacesEnabled)(w, r)
-		case strings.Contains(r.URL.Path, "/agent/service"):
-			testMockAgentProxyConfig(tc.ProxyConfig, tc.NamespacesEnabled)(w, r)
-		case strings.Contains(r.URL.Path, "/agent/self"):
-			testMockAgentSelf(tc.XDSPort, tc.AgentSelf110)(w, r)
-		default:
-			http.NotFound(w, r)
+func testMockAgent(agentCfg map[string]interface{}, grpcPort int, namespacesEnabled bool) http.HandlerFunc {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if strings.Contains(r.URL.Path, "/agent/services") {
+			testMockAgentGatewayConfig(namespacesEnabled)(w, r)
+			return
 		}
-	}
+
+		if strings.Contains(r.URL.Path, "/agent/service") {
+			testMockAgentProxyConfig(agentCfg, namespacesEnabled)(w, r)
+			return
+		}
+
+		if strings.Contains(r.URL.Path, "/agent/self") {
+			testMockAgentSelf(grpcPort)(w, r)
+			return
+		}
+
+		http.NotFound(w, r)
+	})
 }

 func testMockAgentGatewayConfig(namespacesEnabled bool) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Parse the proxy-id from the end of the URL (blindly assuming it's correct
 		// format)
 		params := r.URL.Query()
@ -1092,7 +1071,7 @@ func testMockAgentGatewayConfig(namespacesEnabled bool) http.HandlerFunc {
 			return
 		}
 		w.Write(cfgJSON)
-	}
+	})
 }

 func namespaceFromQuery(r *http.Request) string {
@ -1114,7 +1093,7 @@ func partitionFromQuery(r *http.Request) string {
 }

 func testMockAgentProxyConfig(cfg map[string]interface{}, namespacesEnabled bool) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Parse the proxy-id from the end of the URL (blindly assuming it's correct
 		// format)
 		proxyID := strings.TrimPrefix(r.URL.Path, "/v1/agent/service/")
@ -1144,7 +1123,7 @@ func testMockAgentProxyConfig(cfg map[string]interface{}, namespacesEnabled bool
 			return
 		}
 		w.Write(cfgJSON)
-	}
+	})
 }

 func TestEnvoyCommand_canBindInternal(t *testing.T) {
@ -1244,21 +1223,16 @@ func TestEnvoyCommand_canBindInternal(t *testing.T) {
 }

 // testMockAgentSelf returns an empty /v1/agent/self response except GRPC
-// port is filled in to match the given wantXDSPort argument.
-func testMockAgentSelf(wantXDSPort int, agentSelf110 bool) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
+// port is filled in to match the given wantGRPCPort argument.
+func testMockAgentSelf(wantGRPCPort int) http.HandlerFunc {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		resp := agent.Self{
 			Config: map[string]interface{}{
 				"Datacenter": "dc1",
 			},
-		}
-
-		if agentSelf110 {
-			resp.DebugConfig = map[string]interface{}{
-				"GRPCPort": wantXDSPort,
-			}
-		} else {
-			resp.XDS = &agent.XDSSelf{Port: wantXDSPort}
+			DebugConfig: map[string]interface{}{
+				"GRPCPort": wantGRPCPort,
+			},
 		}

 		selfJSON, err := json.Marshal(resp)
@ -1268,5 +1242,5 @@ func testMockAgentSelf(wantXDSPort int, agentSelf110 bool) http.HandlerFunc {
 			return
 		}
 		w.Write(selfJSON)
-	}
+	})
 }
--- a/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden
+++ b/command/connect/envoy/testdata/deprecated-grpc-addr-config.golden
--- a/command/connect/envoy/testdata/xds-addr-config.golden
+++ b/command/connect/envoy/testdata/xds-addr-config.golden
@ -1,185 +0,0 @@
-{
-  "admin": {
-    "access_log_path": "/dev/null",
-    "address": {
-      "socket_address": {
-        "address": "127.0.0.1",
-        "port_value": 19000
-      }
-    }
-  },
-  "node": {
-    "cluster": "test-proxy",
-    "id": "test-proxy",
-    "metadata": {
-      "namespace": "default",
-      "partition": "default",
-      "envoy_version": "1.18.4"
-    }
-  },
-  "static_resources": {
-    "clusters": [
-      {
-        "name": "local_agent",
-        "ignore_health_on_host_removal": false,
-        "connect_timeout": "1s",
-        "type": "STATIC",
-        "http2_protocol_options": {},
-        "loadAssignment": {
-          "clusterName": "local_agent",
-          "endpoints": [
-            {
-              "lbEndpoints": [
-                {
-                  "endpoint": {
-                    "address": {
-                      "socket_address": {
-                        "address": "127.0.0.1",
-                        "port_value": 9999
-                      }
-                    }
-                  }
-                }
-              ]
-            }
-          ]
-        }
-      }
-    ]
-  },
-  "stats_config": {
-    "stats_tags": [
-      {
-        "regex": "^cluster\\.(?:passthrough~)?((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.destination.custom_hash"
-      },
-      {
-        "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.destination.service_subset"
-      },
-      {
-        "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.destination.service"
-      },
-      {
-        "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.destination.namespace"
-      },
-      {
-        "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.destination.datacenter"
-      },
-      {
-        "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.destination.routing_type"
-      },
-      {
-        "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)",
-        "tag_name": "consul.destination.trust_domain"
-      },
-      {
-        "regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.destination.target"
-      },
-      {
-        "regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)",
-        "tag_name": "consul.destination.full_target"
-      },
-      {
-        "regex": "^(?:tcp|http)\\.upstream\\.(([^.]+)(?:\\.[^.]+)?\\.[^.]+\\.)",
-        "tag_name": "consul.upstream.service"
-      },
-      {
-        "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.[^.]+)?\\.([^.]+)\\.)",
-        "tag_name": "consul.upstream.datacenter"
-      },
-      {
-        "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.([^.]+))?\\.[^.]+\\.)",
-        "tag_name": "consul.upstream.namespace"
-      },
-      {
-        "regex": "^cluster\\.((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.custom_hash"
-      },
-      {
-        "regex": "^cluster\\.((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.service_subset"
-      },
-      {
-        "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.service"
-      },
-      {
-        "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.namespace"
-      },
-      {
-        "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.datacenter"
-      },
-      {
-        "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.routing_type"
-      },
-      {
-        "regex": "^cluster\\.((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)",
-        "tag_name": "consul.trust_domain"
-      },
-      {
-        "regex": "^cluster\\.(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)",
-        "tag_name": "consul.target"
-      },
-      {
-        "regex": "^cluster\\.(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)",
-        "tag_name": "consul.full_target"
-      },
-      {
-        "tag_name": "local_cluster",
-        "fixed_value": "test-proxy"
-      },
-      {
-        "tag_name": "consul.source.service",
-        "fixed_value": "test-proxy"
-      },
-      {
-        "tag_name": "consul.source.namespace",
-        "fixed_value": "default"
-      },
-      {
-        "tag_name": "consul.source.partition",
-        "fixed_value": "default"
-      },
-      {
-        "tag_name": "consul.source.datacenter",
-        "fixed_value": "dc1"
-      }
-    ],
-    "use_all_default_tags": true
-  },
-  "dynamic_resources": {
-    "lds_config": {
-      "ads": {},
-      "resource_api_version": "V3"
-    },
-    "cds_config": {
-      "ads": {},
-      "resource_api_version": "V3"
-    },
-    "ads_config": {
-      "api_type": "DELTA_GRPC",
-      "transport_api_version": "V3",
-      "grpc_services": {
-        "initial_metadata": [
-          {
-            "key": "x-consul-token",
-            "value": ""
-          }
-        ],
-        "envoy_grpc": {
-          "cluster_name": "local_agent"
-        }
-      }
-    }
-  }
-}
-
--- a/tlsutil/config.go
+++ b/tlsutil/config.go
@ -613,9 +613,9 @@ func (c *Configurator) VerifyServerHostname() bool {
 	return c.base.VerifyServerHostname || c.autoTLS.verifyServerHostname
 }

-// IncomingXDSConfig generates a *tls.Config for incoming xDS connections.
-func (c *Configurator) IncomingXDSConfig() *tls.Config {
-	c.log("IncomingXDSConfig")
+// IncomingGRPCConfig generates a *tls.Config for incoming GRPC connections.
+func (c *Configurator) IncomingGRPCConfig() *tls.Config {
+	c.log("IncomingGRPCConfig")

 	// false has the effect that this config doesn't require a client cert
 	// verification. This is because there is no verify_incoming_grpc
@ -624,7 +624,7 @@ func (c *Configurator) IncomingXDSConfig() *tls.Config {
 	// effect on the grpc server.
 	config := c.commonTLSConfig(false)
 	config.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {
-		return c.IncomingXDSConfig(), nil
+		return c.IncomingGRPCConfig(), nil
 	}
 	return config
 }
--- a/website/content/docs/agent/options.mdx
+++ b/website/content/docs/agent/options.mdx
@ -239,12 +239,8 @@ The options below are all specified on the command-line.
  If it is provided after Consul has been initialized with an encryption key, then
  the provided key is ignored and a warning will be displayed.

- `-xds-port` - the xDS gRPC port to listen on. Default
-  -1 (disabled). See [ports](#ports) documentation for more detail.
-
- `-grpc-port` ((#\_grpc_port)) - Deprecated, use `-xds-port` instead.
-  The xDS gRPC port to listen on. Default
-  -1 (disabled). See [ports](#ports) documentation for more detail.
+- `-grpc-port` ((#\_grpc_port)) - the gRPC API port to listen on. Default
+  -1 (gRPC disabled). See [ports](#ports) documentation for more detail.

 - `-hcl` ((#\_hcl)) - A HCL configuration fragment. This HCL configuration
  fragment is appended to the configuration and allows to specify the full range
@ -786,7 +782,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
  bind addresses. In Consul 1.0 and later these can be set to a space-separated list
  of addresses to bind to, or a [go-sockaddr] template that can potentially resolve to multiple addresses.

-  `http`, `https` and `xds` all support binding to a Unix domain socket. A
+  `http`, `https` and `grpc` all support binding to a Unix domain socket. A
  socket can be specified in the form `unix:///path/to/socket`. A new domain
  socket will be created at the given path. If the specified file path already
  exists, Consul will attempt to clear the file and create the domain socket
@ -807,8 +803,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
  - `dns` - The DNS server. Defaults to `client_addr`
  - `http` - The HTTP API. Defaults to `client_addr`
  - `https` - The HTTPS API. Defaults to `client_addr`
-  - `xds` - The xDS gRPC API. Defaults to `client_addr`
-  - `grpc` - Deprecated: use `xds` instead. The xDS gRPC API. Defaults to `client_addr`
+  - `grpc` - The gRPC API. Defaults to `client_addr`

 - `advertise_addr` Equivalent to the [`-advertise` command-line flag](#_advertise).

@ -1703,16 +1698,10 @@ bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.0.0/8\" | attr
  - `https` ((#https_port)) - The HTTPS API, -1 to disable. Default -1
    (disabled). **We recommend using `8501`** for `https` by convention as some tooling
    will work automatically with this.
-  - `xds` - The xDS gRPC API, -1 to disable. Default -1 (disabled).
-    **We recommend using `8502`** for `xds` by convention as some tooling will work
+  - `grpc` ((#grpc_port)) - The gRPC API, -1 to disable. Default -1 (disabled).
+    **We recommend using `8502`** for `grpc` by convention as some tooling will work
    automatically with this. This is set to `8502` by default when the agent runs
-    in `-dev` mode. Currently xDS is only used to expose Envoy xDS API to Envoy
-    proxies.
-  - `grpc` ((#grpc_port)) - Deprecated: use `xds` instead.
-    The xDS gRPC API, -1 to disable. Default -1 (disabled).
-    **We recommend using `8502`** for `xds` by convention as some tooling will work
-    automatically with this. This is set to `8502` by default when the agent runs
-    in `-dev` mode. Currently xDS is only used to expose Envoy xDS API to Envoy
+    in `-dev` mode. Currently gRPC is only used to expose Envoy xDS API to Envoy
    proxies.
  - `serf_lan` ((#serf_lan_port)) - The Serf LAN port. Default 8301. TCP
    and UDP. Equivalent to the [`-serf-lan-port` command line flag](#_serf_lan_port).