Remove the `connect.enable_serverless_plugin` agent configuration option (#15710)
This commit is contained in:
Eric Haberkorn
GitHub
parent
b459d58e8d
commit
5dd131fee8
|
|
@ -0,0 +1,4 @@
|
|||
```release-note:breaking-change
|
||||
xds: Remove the `connect.enable_serverless_plugin` agent configuration option. Now
|
||||
Lambda integration is enabled by default.
|
||||
```
|
||||
|
|
@ -848,7 +848,6 @@ func (a *Agent) listenAndServeGRPC() error {
|
|||
a.xdsServer = xds.NewServer(
|
||||
a.config.NodeName,
|
||||
a.logger.Named(logging.Envoy),
|
||||
a.config.ConnectServerlessPluginEnabled,
|
||||
cfg,
|
||||
func(id string) (acl.Authorizer, error) {
|
||||
return a.delegate.ResolveTokenAndDefaultMeta(id, nil, nil)
|
||||
|
|
|
|||
|
|
@ -666,7 +666,6 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
|
|||
connectEnabled := boolVal(c.Connect.Enabled)
|
||||
connectCAProvider := stringVal(c.Connect.CAProvider)
|
||||
connectCAConfig := c.Connect.CAConfig
|
||||
serverlessPluginEnabled := boolVal(c.Connect.EnableServerlessPlugin)
|
||||
|
||||
// autoEncrypt and autoConfig implicitly turns on connect which is why
|
||||
// they need to be above other settings that rely on connect.
|
||||
|
|
@ -969,7 +968,6 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
|
|||
ConnectCAProvider: connectCAProvider,
|
||||
ConnectCAConfig: connectCAConfig,
|
||||
ConnectMeshGatewayWANFederationEnabled: connectMeshGatewayWANFederationEnabled,
|
||||
ConnectServerlessPluginEnabled: serverlessPluginEnabled,
|
||||
ConnectSidecarMinPort: sidecarMinPort,
|
||||
ConnectSidecarMaxPort: sidecarMaxPort,
|
||||
ConnectTestCALeafRootChangeSpread: b.durationVal("connect.test_ca_leaf_root_change_spread", c.Connect.TestCALeafRootChangeSpread),
|
||||
|
|
|
|||
|
|
@ -613,7 +613,6 @@ type Connect struct {
|
|||
CAProvider *string `mapstructure:"ca_provider" json:"ca_provider,omitempty"`
|
||||
CAConfig map[string]interface{} `mapstructure:"ca_config" json:"ca_config,omitempty"`
|
||||
MeshGatewayWANFederationEnabled *bool `mapstructure:"enable_mesh_gateway_wan_federation" json:"enable_mesh_gateway_wan_federation,omitempty"`
|
||||
EnableServerlessPlugin *bool `mapstructure:"enable_serverless_plugin" json:"enable_serverless_plugin,omitempty"`
|
||||
|
||||
// TestCALeafRootChangeSpread controls how long after a CA roots change before new leaf certs will be generated.
|
||||
// This is only tuned in tests, generally set to 1ns to make tests deterministic with when to expect updated leaf
|
||||
|
|
|
|||
|
|
@ -494,12 +494,6 @@ type RuntimeConfig struct {
|
|||
// and servers in a cluster for correct connect operation.
|
||||
ConnectEnabled bool
|
||||
|
||||
// ConnectServerlessPluginEnabled opts the agent into the serverless plugin.
|
||||
// This plugin allows services to be configured as AWS Lambdas. After the
|
||||
// Lambda service is configured, Connect services can invoke the Lambda
|
||||
// service like any other upstream.
|
||||
ConnectServerlessPluginEnabled bool
|
||||
|
||||
// ConnectSidecarMinPort is the inclusive start of the range of ports
|
||||
// allocated to the agent for asigning to sidecar services where no port is
|
||||
// specified.
|
||||
|
|
|
|||
|
|
@ -6064,7 +6064,6 @@ func TestLoad_FullConfig(t *testing.T) {
|
|||
"CSRMaxConcurrent": float64(2),
|
||||
},
|
||||
ConnectMeshGatewayWANFederationEnabled: false,
|
||||
ConnectServerlessPluginEnabled: true,
|
||||
Cloud: hcpconfig.CloudConfig{
|
||||
ResourceID: "N43DsscE",
|
||||
ClientID: "6WvsDZCP",
|
||||
|
|
|
|||
|
|
@ -110,9 +110,9 @@
|
|||
"Method": "",
|
||||
"Name": "zoo",
|
||||
"Notes": "",
|
||||
"OSService": "",
|
||||
"OutputMaxSize": 4096,
|
||||
"ScriptArgs": [],
|
||||
"OSService": "",
|
||||
"ServiceID": "",
|
||||
"Shell": "",
|
||||
"Status": "",
|
||||
|
|
@ -140,7 +140,6 @@
|
|||
"ConnectCAProvider": "",
|
||||
"ConnectEnabled": false,
|
||||
"ConnectMeshGatewayWANFederationEnabled": false,
|
||||
"ConnectServerlessPluginEnabled": false,
|
||||
"ConnectSidecarMaxPort": 0,
|
||||
"ConnectSidecarMinPort": 0,
|
||||
"ConnectTestCALeafRootChangeSpread": "0s",
|
||||
|
|
@ -258,6 +257,7 @@
|
|||
"PrimaryGatewaysInterval": "0s",
|
||||
"RPCAdvertiseAddr": "",
|
||||
"RPCBindAddr": "",
|
||||
"RPCClientTimeout": "0s",
|
||||
"RPCConfig": {
|
||||
"EnableStreaming": false
|
||||
},
|
||||
|
|
@ -267,7 +267,6 @@
|
|||
"RPCMaxConnsPerClient": 0,
|
||||
"RPCProtocol": 0,
|
||||
"RPCRateLimit": 0,
|
||||
"RPCClientTimeout": "0s",
|
||||
"RaftBoltDBConfig": {
|
||||
"NoFreelistSync": false
|
||||
},
|
||||
|
|
@ -331,6 +330,7 @@
|
|||
"Method": "",
|
||||
"Name": "blurb",
|
||||
"Notes": "",
|
||||
"OSService": "",
|
||||
"OutputMaxSize": 4096,
|
||||
"ProxyGRPC": "",
|
||||
"ProxyHTTP": "",
|
||||
|
|
@ -338,7 +338,6 @@
|
|||
"Shell": "",
|
||||
"Status": "",
|
||||
"SuccessBeforePassing": 0,
|
||||
"OSService": "",
|
||||
"TCP": "",
|
||||
"TLSServerName": "",
|
||||
"TLSSkipVerify": false,
|
||||
|
|
|
|||
|
|
@ -225,7 +225,6 @@ connect {
|
|||
}
|
||||
enable_mesh_gateway_wan_federation = false
|
||||
enabled = true
|
||||
enable_serverless_plugin = true
|
||||
}
|
||||
gossip_lan {
|
||||
gossip_nodes = 6
|
||||
|
|
|
|||
|
|
@ -224,8 +224,7 @@
|
|||
"csr_max_concurrent": 2
|
||||
},
|
||||
"enable_mesh_gateway_wan_federation": false,
|
||||
"enabled": true,
|
||||
"enable_serverless_plugin": true
|
||||
"enabled": true
|
||||
},
|
||||
"gossip_lan" : {
|
||||
"gossip_nodes": 6,
|
||||
|
|
|
|||
|
|
@ -251,12 +251,10 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
|
|||
s.ResourceMapMutateFn(newResourceMap)
|
||||
}
|
||||
|
||||
if s.serverlessPluginEnabled {
|
||||
newResourceMap, err = serverlessplugin.MutateIndexedResources(newResourceMap, xdscommon.MakePluginConfiguration(cfgSnap))
|
||||
if err != nil {
|
||||
return status.Errorf(codes.Unavailable, "failed to patch xDS resources in the serverless plugin: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
if err := populateChildIndexMap(newResourceMap); err != nil {
|
||||
return status.Errorf(codes.Unavailable, "failed to index xDS resource versions: %v", err)
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@ package xds
|
|||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
"sync/atomic"
|
||||
"testing"
|
||||
|
|
@ -30,14 +29,11 @@ import (
|
|||
// Stick to very straightforward stuff in xds_protocol_helpers_test.go.
|
||||
|
||||
func TestServer_DeltaAggregatedResources_v3_BasicProtocol_TCP(t *testing.T) {
|
||||
for _, serverlessPluginEnabled := range []bool{false, true} {
|
||||
t.Run(fmt.Sprintf("serverless patcher: %t", serverlessPluginEnabled), func(t *testing.T) {
|
||||
|
||||
aclResolve := func(id string) (acl.Authorizer, error) {
|
||||
// Allow all
|
||||
return acl.RootAuthorizer("manage"), nil
|
||||
}
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, serverlessPluginEnabled, nil)
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, nil)
|
||||
mgr, errCh, envoy := scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
||||
sid := structs.NewServiceID("web-sidecar-proxy", nil)
|
||||
|
|
@ -229,8 +225,6 @@ func TestServer_DeltaAggregatedResources_v3_BasicProtocol_TCP(t *testing.T) {
|
|||
case <-time.After(50 * time.Millisecond):
|
||||
t.Fatalf("timed out waiting for handler to finish")
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestServer_DeltaAggregatedResources_v3_NackLoop(t *testing.T) {
|
||||
|
|
@ -238,7 +232,7 @@ func TestServer_DeltaAggregatedResources_v3_NackLoop(t *testing.T) {
|
|||
// Allow all
|
||||
return acl.RootAuthorizer("manage"), nil
|
||||
}
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, false, nil)
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, nil)
|
||||
mgr, errCh, envoy := scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
||||
sid := structs.NewServiceID("web-sidecar-proxy", nil)
|
||||
|
|
@ -370,7 +364,7 @@ func TestServer_DeltaAggregatedResources_v3_BasicProtocol_HTTP2(t *testing.T) {
|
|||
// Allow all
|
||||
return acl.RootAuthorizer("manage"), nil
|
||||
}
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, false, nil)
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, nil)
|
||||
mgr, errCh, envoy := scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
||||
sid := structs.NewServiceID("web-sidecar-proxy", nil)
|
||||
|
|
@ -522,7 +516,7 @@ func TestServer_DeltaAggregatedResources_v3_SlowEndpointPopulation(t *testing.T)
|
|||
// Allow all
|
||||
return acl.RootAuthorizer("manage"), nil
|
||||
}
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, false, nil)
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, nil)
|
||||
server, mgr, errCh, envoy := scenario.server, scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
||||
// This mutateFn causes any endpoint with a name containing "geo-cache" to be
|
||||
|
|
@ -667,7 +661,7 @@ func TestServer_DeltaAggregatedResources_v3_BasicProtocol_TCP_clusterChangesImpa
|
|||
// Allow all
|
||||
return acl.RootAuthorizer("manage"), nil
|
||||
}
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, false, nil)
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, nil)
|
||||
mgr, errCh, envoy := scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
||||
sid := structs.NewServiceID("web-sidecar-proxy", nil)
|
||||
|
|
@ -804,7 +798,7 @@ func TestServer_DeltaAggregatedResources_v3_BasicProtocol_HTTP2_RDS_listenerChan
|
|||
// Allow all
|
||||
return acl.RootAuthorizer("manage"), nil
|
||||
}
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, false, nil)
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, nil)
|
||||
mgr, errCh, envoy := scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
||||
sid := structs.NewServiceID("web-sidecar-proxy", nil)
|
||||
|
|
@ -1062,7 +1056,7 @@ func TestServer_DeltaAggregatedResources_v3_ACLEnforcement(t *testing.T) {
|
|||
return acl.NewPolicyAuthorizerWithDefaults(acl.RootAuthorizer("deny"), []*acl.Policy{policy}, nil)
|
||||
}
|
||||
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", tt.token, 0, false, nil)
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", tt.token, 0, nil)
|
||||
mgr, errCh, envoy := scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
||||
sid := structs.NewServiceID("web-sidecar-proxy", nil)
|
||||
|
|
@ -1139,7 +1133,6 @@ func TestServer_DeltaAggregatedResources_v3_ACLTokenDeleted_StreamTerminatedDuri
|
|||
}
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", token,
|
||||
100*time.Millisecond, // Make this short.
|
||||
false,
|
||||
nil,
|
||||
)
|
||||
mgr, errCh, envoy := scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
|
@ -1239,7 +1232,6 @@ func TestServer_DeltaAggregatedResources_v3_ACLTokenDeleted_StreamTerminatedInBa
|
|||
}
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", token,
|
||||
100*time.Millisecond, // Make this short.
|
||||
false,
|
||||
nil,
|
||||
)
|
||||
mgr, errCh, envoy := scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
|
@ -1321,7 +1313,7 @@ func TestServer_DeltaAggregatedResources_v3_IngressEmptyResponse(t *testing.T) {
|
|||
// Allow all
|
||||
return acl.RootAuthorizer("manage"), nil
|
||||
}
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "ingress-gateway", "", 0, false, nil)
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "ingress-gateway", "", 0, nil)
|
||||
mgr, errCh, envoy := scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
||||
sid := structs.NewServiceID("ingress-gateway", nil)
|
||||
|
|
@ -1376,7 +1368,7 @@ func TestServer_DeltaAggregatedResources_v3_IngressEmptyResponse(t *testing.T) {
|
|||
func TestServer_DeltaAggregatedResources_v3_CapacityReached(t *testing.T) {
|
||||
aclResolve := func(id string) (acl.Authorizer, error) { return acl.ManageAll(), nil }
|
||||
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, false, capacityReachedLimiter{})
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, capacityReachedLimiter{})
|
||||
mgr, errCh, envoy := scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
||||
sid := structs.NewServiceID("web-sidecar-proxy", nil)
|
||||
|
|
@ -1410,7 +1402,7 @@ func TestServer_DeltaAggregatedResources_v3_StreamDrained(t *testing.T) {
|
|||
limiter := &testLimiter{}
|
||||
|
||||
aclResolve := func(id string) (acl.Authorizer, error) { return acl.ManageAll(), nil }
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, false, limiter)
|
||||
scenario := newTestServerDeltaScenario(t, aclResolve, "web-sidecar-proxy", "", 0, limiter)
|
||||
mgr, errCh, envoy := scenario.mgr, scenario.errCh, scenario.envoy
|
||||
|
||||
sid := structs.NewServiceID("web-sidecar-proxy", nil)
|
||||
|
|
|
|||
|
|
@ -141,7 +141,6 @@ type Server struct {
|
|||
ResourceMapMutateFn func(resourceMap *xdscommon.IndexedResources)
|
||||
|
||||
activeStreams *activeStreamCounters
|
||||
serverlessPluginEnabled bool
|
||||
}
|
||||
|
||||
// activeStreamCounters simply encapsulates two counters accessed atomically to
|
||||
|
|
@ -177,7 +176,6 @@ func (c *activeStreamCounters) Increment(xdsVersion string) func() {
|
|||
func NewServer(
|
||||
nodeName string,
|
||||
logger hclog.Logger,
|
||||
serverlessPluginEnabled bool,
|
||||
cfgMgr ProxyConfigSource,
|
||||
resolveToken ACLResolverFunc,
|
||||
cfgFetcher ConfigFetcher,
|
||||
|
|
@ -192,7 +190,6 @@ func NewServer(
|
|||
SessionLimiter: limiter,
|
||||
AuthCheckFrequency: DefaultAuthCheckFrequency,
|
||||
activeStreams: &activeStreamCounters{},
|
||||
serverlessPluginEnabled: serverlessPluginEnabled,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -136,7 +136,6 @@ func newTestServerDeltaScenario(
|
|||
proxyID string,
|
||||
token string,
|
||||
authCheckFrequency time.Duration,
|
||||
serverlessPluginEnabled bool,
|
||||
sessionLimiter SessionLimiter,
|
||||
) *testServerScenario {
|
||||
mgr := newTestManager(t)
|
||||
|
|
@ -163,7 +162,6 @@ func newTestServerDeltaScenario(
|
|||
s := NewServer(
|
||||
"node-123",
|
||||
testutil.Logger(t),
|
||||
serverlessPluginEnabled,
|
||||
mgr,
|
||||
resolveToken,
|
||||
nil, /*cfgFetcher ConfigFetcher*/
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
connect {
|
||||
enable_serverless_plugin = true
|
||||
}
|
||||
|
|
@ -1068,11 +1068,6 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
|||
- `enable_mesh_gateway_wan_federation` ((#connect_enable_mesh_gateway_wan_federation)) (Defaults to `false`) Controls whether cross-datacenter federation traffic between servers is funneled
|
||||
through mesh gateways. This was added in Consul 1.8.0.
|
||||
|
||||
- `enable_serverless_plugin` ((#connect_enable_serverless_plugin)) (Defaults to `false`) Determines whether the serverless plugin
|
||||
is enabled. The serverless plugin supports [AWS
|
||||
Lambda](https://aws.amazon.com/lambda/). For additional information on invoking Lambda functions
|
||||
from mesh services, refer to the [Lambda documentation](/docs/lambda).
|
||||
|
||||
- `ca_provider` ((#connect_ca_provider)) Controls which CA provider to
|
||||
use for Connect's CA. Currently only the `aws-pca`, `consul`, and `vault` providers are supported.
|
||||
This is only used when initially bootstrapping the cluster. For an existing cluster,
|
||||
|
|
|
|||
|
|
@ -20,14 +20,6 @@ Consul v1.12.1 and later
|
|||
|
||||
Complete the following prerequisites prior to registering your Lambda functions. You only need to perform these steps once.
|
||||
|
||||
### Enable the Serverless Plugin
|
||||
|
||||
Add the following configuration to all Consul clients:
|
||||
|
||||
`connect { enable_serverless_plugin = true, connect = true }`
|
||||
|
||||
Refer to the [`enable_serverless_plugin`](/docs/agent/config/config-files#connect_enable_serverless_plugin) configuration documentation for additional information.
|
||||
|
||||
### Configure IAM Permissions for Envoy
|
||||
|
||||
The Envoy proxy that invokes Lambda must have the `lambda:InvokeFunction` AWS IAM
|
||||
|
|
|
|||
|
|
@ -14,6 +14,12 @@ provided for their upgrades as a result of new features or changed behavior.
|
|||
This page is used to document those details separately from the standard
|
||||
upgrade flow.
|
||||
|
||||
## Consul 1.15.x
|
||||
|
||||
#### Removing configuration options
|
||||
|
||||
The `connect.enable_serverless_plugin` configuration option was removed. Lambda integration is now enabled by default.
|
||||
|
||||
## Consul 1.14.x
|
||||
|
||||
### Service Mesh Compatibility
|
||||
|
|
|
|||
Loading…
Reference in New Issue