luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Update go-discover to support ECS discovery (#13782) 

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
This commit is contained in:
Frank DiRocco 2023-01-12 13:06:29 -05:00 committed by GitHub
parent d224744f6a
commit 9420fd229b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/13782.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
deps: update to latest go-discover to provide ECS auto-discover capabilities.
```

2
go.mod
View File

@ -40,7 +40,7 @@ require (
github.com/hashicorp/go-checkpoint v0.5.0 github.com/hashicorp/go-checkpoint v0.5.0
github.com/hashicorp/go-cleanhttp v0.5.1 github.com/hashicorp/go-cleanhttp v0.5.1
github.com/hashicorp/go-connlimit v0.3.0 github.com/hashicorp/go-connlimit v0.3.0
github.com/hashicorp/go-discover v0.0.0-20220411141802-20db45f7f0f9 github.com/hashicorp/go-discover v0.0.0-20220714221025-1c234a67149a
github.com/hashicorp/go-hclog v1.2.1 github.com/hashicorp/go-hclog v1.2.1
github.com/hashicorp/go-immutable-radix v1.3.0 github.com/hashicorp/go-immutable-radix v1.3.0
github.com/hashicorp/go-memdb v1.3.4 github.com/hashicorp/go-memdb v1.3.4

4
go.sum
View File

@ -469,8 +469,8 @@ github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVo
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-connlimit v0.3.0 h1:oAojHGjFxUTTTA8c5XXnDqWJ2HLuWbDiBPTpWvNzvqM= github.com/hashicorp/go-connlimit v0.3.0 h1:oAojHGjFxUTTTA8c5XXnDqWJ2HLuWbDiBPTpWvNzvqM=
github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0= github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0=
github.com/hashicorp/go-discover v0.0.0-20220411141802-20db45f7f0f9 h1:2GsEkBZf1q4LKZjtd4cO+V0xd85xGCMolX3ebC2+xd4= github.com/hashicorp/go-discover v0.0.0-20220714221025-1c234a67149a h1:xeDSq/xo0CfnSZnPUkNH/00Qy8Q8ySJW0Ij2u/pH680=
github.com/hashicorp/go-discover v0.0.0-20220411141802-20db45f7f0f9/go.mod h1:1xfdKvc3pe5WKxfUUHHOGaKMk7NLGhHY1jkyhKo6098= github.com/hashicorp/go-discover v0.0.0-20220714221025-1c234a67149a/go.mod h1:1xfdKvc3pe5WKxfUUHHOGaKMk7NLGhHY1jkyhKo6098=
github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=

21
website/content/docs/install/cloud-auto-join.mdx
View File

@ -106,7 +106,7 @@ In order to use discovery behind a proxy, you will need to set
The following sections give the options specific to each supported cloud The following sections give the options specific to each supported cloud
provider. provider.
### Amazon EC2 ### Amazon EC2 and ECS
This returns the first private IP address of all servers in the given This returns the first private IP address of all servers in the given
region which have the given `tag_key` and `tag_value`. region which have the given `tag_key` and `tag_value`.
@ -128,6 +128,10 @@ $ consul agent -retry-join "provider=aws tag_key=... tag_value=..."
- `addr_type` (optional) - the type of address to discover: `private_v4`, `public_v4`, `public_v6`. Default is `private_v4`. (>= 1.0) - `addr_type` (optional) - the type of address to discover: `private_v4`, `public_v4`, `public_v6`. Default is `private_v4`. (>= 1.0)
- `access_key_id` (optional) - the AWS access key for authentication (see below for more information about authenticating). - `access_key_id` (optional) - the AWS access key for authentication (see below for more information about authenticating).
- `secret_access_key` (optional) - the AWS secret access key for authentication (see below for more information about authenticating). - `secret_access_key` (optional) - the AWS secret access key for authentication (see below for more information about authenticating).
- `service` (optional) - String value that specifies which AWS service to filter. You can specify either `ec2` or `ecs`. Default is `ec2`.
- `ecs_cluster` (optional) - String value that limits searches to a specific AWS ECS cluster name or full ARN. By default, Consul searches all clusters with the specified tag values.
- `ecs_family` (optional) - String value limits searches to a AWS ECS task definition family. By default, Consul searches all task definition families with the specified tags.
- `endpoint` (optional) - String value that specifies the endpoint URL of the AWS service to use. If not set, the AWS client sets the value, which defaults to the public DNS name for the service in the specified region.
#### Authentication & Precedence #### Authentication & Precedence
@ -137,12 +141,19 @@ $ consul agent -retry-join "provider=aws tag_key=... tag_value=..."
- ECS task role metadata (container-specific). - ECS task role metadata (container-specific).
- EC2 instance role metadata. - EC2 instance role metadata.
The only required IAM permission is `ec2:DescribeInstances`, and it is The only IAM permission required for discovering EC2 consul-servers is `ec2:DescribeInstances`.
recommended that you make a dedicated key used only to auto-join the datacenter. If the We recommend that you make a dedicated key used only to auto-join the datacenter.
region is omitted it will be discovered through the local instance's [EC2 If the region is omitted it will be discovered through the local instance's [EC2 metadata
metadata
endpoint](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html). endpoint](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html).
The AWS ECS task role associated with the service attempting to discover the `consul-server` must have the following IAM permissions:
- `ecs:ListClusters` (only used when `ecs_cluster` is not provided)
- `ecs:ListServices` (only used when `ecs_cluster` is not provided)
- `ecs:DescribeServices` (only used when `ecs_cluster` is not provided)
- `ecs:ListTasks`
- `ecs:DescribeTasks`
If the region is omitted from the configuration, Consul obtains it from the local instance's [ECS V4 metadata endpoint](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint-v4.html).
### Microsoft Azure ### Microsoft Azure
This returns the first private IP address of all servers in the given region This returns the first private IP address of all servers in the given region