[docs] reimplement changes from PR #5505 (#5591)

This commit is contained in:
Judith Malnick 2019-04-01 13:34:48 -07:00 committed by GitHub
parent 8585a90b96
commit 96f9e65947
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 29 deletions

View File

@ -9,35 +9,31 @@ description: |-
# Using Connect with Envoy Proxy # Using Connect with Envoy Proxy
Consul Connect has first class support for using Consul Connect has first class support for using
[Envoy](https://www.envoyproxy.io) as a proxy. This guide will walk through a [Envoy](https://www.envoyproxy.io/) as a proxy. This guide will describe how to
working example on a local development machine that shows the moving parts. setup a development-mode Consul server and two services that use Envoy proxies
on a single machine with [Docker](https://www.docker.com/). The aim of this
guide is to demonstrate a minimal working setup and the moving parts involved,
it is not intended for production deployments.
For reference documentation on how the integration works and is configured, For reference documentation on how the integration works and is configured,
please see [Envoy](/docs/connect/proxies/envoy.html). please see our [Envoy documentation](/docs/connect/proxies/envoy.html).
## Setup Overview ## Setup Overview
This guide will describe how to setup a development-mode Consul server and two We'll start all containers using Docker's `host` network mode and will have a
Envoy proxies on a single machine using [Docker](https://www.docker.com/). The total of five containers running by the end of this guide.
aim is to demonstrate a minimal working setup and the moving parts involved.
1. A single Consul server
2. An example TCP `echo` service as a destination
3. An Envoy sidecar proxy for the `echo` service
4. An Envoy sidecar proxy for the `client` service
5. An example `client` service (netcat)
We choose to run in Docker since Envoy is only distributed as a Docker image so We choose to run in Docker since Envoy is only distributed as a Docker image so
it's the quickest way to get a demo running. The same commands used here will it's the quickest way to get a demo running. The same commands used here will
work in just the same way outside of Docker if you build an Envoy binary work in just the same way outside of Docker if you build an Envoy binary
yourself. yourself.
We'll start all containers using Docker's `host` network mode which is not a
realistic simulation of a production setup, but makes the following steps much
simpler.
We should end up with five containers running:
1. The Consul agent
2. An example TCP `echo` service as a destination
3. An Envoy sidecar proxy for the `echo` service
4. An Envoy sidecar proxy for the `client` service
5. An example `client` service (netcat)
## Building an Envoy Image ## Building an Envoy Image
Starting Envoy requires a bootstrap configuration file that points Envoy to the Starting Envoy requires a bootstrap configuration file that points Envoy to the
@ -75,9 +71,9 @@ docker build -t consul-envoy .
We will use the `consul-envoy` image we just made to configure and run Envoy We will use the `consul-envoy` image we just made to configure and run Envoy
processes later. processes later.
## Consul Agent Setup ## Deploying a Consul Server
Next we need a Consul agent. We'll work with a single Consul agent in `-dev` Next we need a Consul server. We'll work with a single Consul server in `-dev`
mode for simplicity. mode for simplicity.
-> **Note:** `-dev` mode enables the gRPC server on port 8502 by default. For a -> **Note:** `-dev` mode enables the gRPC server on port 8502 by default. For a
@ -85,12 +81,12 @@ production agent you'll need to [explicitly configure the gRPC
port](/docs/agent/options.html#grpc_port). port](/docs/agent/options.html#grpc_port).
In order to start a proxy instance, a [proxy service In order to start a proxy instance, a [proxy service
definition](/docs/connect/proxies.html) must exist on the local agent. We'll definition](/docs/connect/proxies.html) must exist on the local Consul agent.
create one using the [sidecar service We'll create one using the [sidecar service
registration](/docs/connect/proxies/sidecar-service.html) syntax. registration](/docs/connect/proxies/sidecar-service.html) syntax.
Create a config file called `envoy_demo.hcl` containing the following service Create a configuration file called `envoy_demo.hcl` containing the following
definitions. service definitions.
```hcl ```hcl
services { services {
@ -116,7 +112,7 @@ services {
} }
``` ```
The Consul agent container can now be started with that configuration. The Consul container can now be started with that configuration.
```sh ```sh
$ docker run --rm -d -v$(pwd)/envoy_demo.hcl:/etc/consul/envoy_demo.hcl \ $ docker run --rm -d -v$(pwd)/envoy_demo.hcl:/etc/consul/envoy_demo.hcl \
@ -132,13 +128,13 @@ continue in the same terminal. Log output can be seen using the name we gave.
docker logs -f consul-agent docker logs -f consul-agent
``` ```
Note that the Consul agent has registered two services `client` and `echo`, but Note that the Consul server has registered two services `client` and `echo`, but
also registered two proxies `client-sidecar-proxy` and `echo-sidecar-proxy`. also registered two proxies `client-sidecar-proxy` and `echo-sidecar-proxy`.
Next we'll need to run those services and proxies. Next we'll need to run those services and proxies.
## Running the Echo Service ## Running the Echo Service
Next we'll run the `echo` service. We can use an existing tcp echo utility image Next we'll run the `echo` service. We can use an existing TCP echo utility image
for this. for this.
Start the echo service on port 9090 as registered before. Start the echo service on port 9090 as registered before.
@ -182,7 +178,7 @@ listeners, TLS certificates, upstream service instances and so on. The xDS API
allows the Envoy instance to watch for any changes so certificate rotations or allows the Envoy instance to watch for any changes so certificate rotations or
changes to the upstream service instances are immediately sent to the proxy. changes to the upstream service instances are immediately sent to the proxy.
## Running the Client ## Running the Client Service
Finally, we can see the connectivity by running a dummy "client" service. Rather Finally, we can see the connectivity by running a dummy "client" service. Rather
than run a full service that itself can listen, we'll simulate the service with than run a full service that itself can listen, we'll simulate the service with