luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

backport of commit 21263c8a004dffe7e8fcefc234d80abfa3ec66d5 (#17811) 

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
This commit is contained in:
hc-github-team-consul-core 2023-06-20 10:17:28 -04:00 committed by GitHub
parent f9e48dc4a6
commit bd85965844
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 95 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
test/integration/connect/envoy/case-property-override/setup.sh
View File

@ -53,12 +53,30 @@ EnvoyExtensions = [
Path = "/upstream_connection_options/tcp_keepalive/keepalive_probes" Path = "/upstream_connection_options/tcp_keepalive/keepalive_probes"
Value = 1234 Value = 1234
}, },
{
ResourceFilter = {
ResourceType = "cluster"
TrafficDirection = "outbound"
}
Op = "add"
Path = "/outlier_detection/max_ejection_time/seconds"
Value = 120
},
{
ResourceFilter = {
ResourceType = "cluster"
TrafficDirection = "outbound"
}
Op = "add"
Path = "/outlier_detection/max_ejection_time_jitter/seconds"
Value = 1
},
{ {
ResourceFilter = { ResourceFilter = {
ResourceType = "cluster" ResourceType = "cluster"
TrafficDirection = "outbound" TrafficDirection = "outbound"
Services = [{ Services = [{
Name = "s2" Name = "s3"
}] }]
} }
Op = "remove" Op = "remove"

5
test/integration/connect/envoy/case-property-override/verify.bats
View File

@ -19,13 +19,14 @@ load helpers
[ "$status" == 0 ] [ "$status" == 0 ]
[ "$(echo "$output" | jq -r '.upstream_connection_options.tcp_keepalive.keepalive_probes')" == "1234" ] [ "$(echo "$output" | jq -r '.upstream_connection_options.tcp_keepalive.keepalive_probes')" == "1234" ]
[ "$(echo "$output" | jq -r '.outlier_detection')" == "null" ] [ "$(echo "$output" | jq -r '.outlier_detection.max_ejection_time')" == "120s" ]
[ "$(echo "$output" | jq -r '.outlier_detection.max_ejection_time_jitter')" == "1s" ]
run get_envoy_cluster_config localhost:19000 s3 run get_envoy_cluster_config localhost:19000 s3
[ "$status" == 0 ] [ "$status" == 0 ]
[ "$(echo "$output" | jq -r '.upstream_connection_options.tcp_keepalive.keepalive_probes')" == "1234" ] [ "$(echo "$output" | jq -r '.upstream_connection_options.tcp_keepalive.keepalive_probes')" == "1234" ]
[ "$(echo "$output" | jq -r '.outlier_detection')" == "{}" ] [ "$(echo "$output" | jq -r '.outlier_detection')" == "null" ]
} }
@test "s2 proxy is configured with the expected envoy patches" { @test "s2 proxy is configured with the expected envoy patches" {

79
website/content/docs/connect/proxies/envoy-extensions/configuration/property-override.mdx
View File

@ -46,13 +46,14 @@ Patches = [
TrafficDirection = "<inbound or outbound>" TrafficDirection = "<inbound or outbound>"
Services = [ Services = [
{ {
Name = "<name of service to filter for>", Name = "<name of service to filter for>"
Namespace = "<Consul namespace containing the service>" Namespace = "<Consul namespace containing the service>"
Partition = "<Consul partition containing the service>" Partition = "<Consul partition containing the service>"
} }
] ]
Op = "<add or remove>", }
Path = "<path/to/field>", Op = "<add or remove>"
Path = "</path/to/field>"
Value = "<values or map of field-values>" Value = "<values or map of field-values>"
} }
] ]
@ -160,9 +161,9 @@ If Envoy specifies a wrapper as the target field type, the extension automatical
The following examples demonstrate patterns that you may be able to model your configurations on. The following examples demonstrate patterns that you may be able to model your configurations on.
### Enable `enforcing_consecutive_5xx` outlier detection ### Enable `respect_dns_ttl` in a cluster
In the following example, the `add` operation patches an outlier detection property into outbound cluster traffic. The `Path` specifies the `enforcing_consecutive_5xx` interface and sets a value of `1234`: In the following example, the `add` operation patches the outbound cluster corresponding to the `other-svc` upstream service to enable `respect_dns_ttl`. The `Path` specifies the [Cluster `/respect_dns_ttl`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-respect-dns-ttl) top-level field and `Value` specifies a value of `true`:
```hcl ```hcl
Kind = "service-defaults" Kind = "service-defaults"
@ -183,8 +184,8 @@ EnvoyExtensions = [
}, },
}, },
"Op" = "add", "Op" = "add",
"Path" = "/outlier_detection/enforcing_consecutive_5xx", "Path" = "/respect_dns_ttl",
"Value" = 1234, "Value" = true,
} }
] ]
} }
@ -192,9 +193,9 @@ EnvoyExtensions = [
] ]
``` ```
### Update multiple values in the default map ### Update multiple values in a message field
In the following example, two `ResourceFilter` blocks target outbound traffic to the `db` service and add `/outlier_detection/enforcing_consecutive_5xx` and `/outlier_detection/failure_percentage_request_volume` properties: In the following example, both `ResourceFilter` blocks target the cluster corresponding to the `other-svc` upstream service and modify [Cluster `/outlier_detection`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/outlier_detection.proto) properties:
```hcl ```hcl
Kind = "service-defaults" Kind = "service-defaults"
@ -208,27 +209,27 @@ EnvoyExtensions = [
Patches = [ Patches = [
{ {
ResourceFilter = { ResourceFilter = {
ResourceType = "cluster", ResourceType = "cluster"
TrafficDirection = "outbound", TrafficDirection = "outbound"
Services = [{ Services = [{
Name = "other-svc" Name = "other-svc"
}], }]
}, }
Op = "add", Op = "add"
Path = "/outlier_detection/enforcing_consecutive_5xx", Path = "/outlier_detection/max_ejection_time/seconds"
Value = 1234, Value = 120
}, },
{ {
ResourceFilter = { ResourceFilter = {
ResourceType = "cluster", ResourceType = "cluster"
TrafficDirection = "outbound", TrafficDirection = "outbound"
Services = [{ Services = [{
Name = "other-svc" Name = "other-svc"
}], }]
}, }
Op = "add", Op = "add"
Path = "/outlier_detection/failure_percentage_request_volume", Path = "/outlier_detection/max_ejection_time_jitter/seconds"
Value = 2345, Value = 1
} }
] ]
} }
@ -236,9 +237,13 @@ EnvoyExtensions = [
] ]
``` ```
### Set multiple values that replace the map The use of `/seconds` in these examples corresponds to the same field in the [google.protobuf.Duration](https://github.com/protocolbuffers/protobuf/blob/main/src/google/protobuf/duration.proto) proto definition, since the extension does not support JSON serialized string forms of common protobuf types (e.g. `120s`).
In the following example, a `ResourceFilter` targets outbound traffic to the `db` service and replaces the map of properties located at `/outlier_detection` with `enforcing_consecutive_5xx` and `failure_percentage_request_volume` and properties: -> **Note:** Using separate patches per field preserves any existing configuration of other fields in `outlier_detection` that may be directly set by Consul, such as [`enforcing_consecutive_5xx`](https://developer.hashicorp.com/consul/docs/connect/proxies/envoy#enforcing_consecutive_5xx).
### Replace a message field
In the following example, a `ResourceFilter` targets the cluster corresponding to the `other-svc` upstream service and _replaces_ the entire map of properties located at `/outlier_detection`, including explicitly set `enforcing_success_rate` and `success_rate_minimum_hosts` properties:
```hcl ```hcl
Kind = "service-defaults" Kind = "service-defaults"
@ -246,27 +251,29 @@ Name = "my-svc"
Protocol = "http" Protocol = "http"
EnvoyExtensions = [ EnvoyExtensions = [
{ {
Name = "builtin/property-override", Name = "builtin/property-override"
Arguments = { Arguments = {
ProxyType = "connect-proxy", ProxyType = "connect-proxy"
Patches = [ Patches = [
{ {
ResourceFilter = { ResourceFilter = {
ResourceType = "cluster", ResourceType = "cluster"
TrafficDirection = "outbound", TrafficDirection = "outbound"
Services = [{ Services = [{
Name = "other-svc" Name = "other-svc"
}], }]
}, }
Op = "add", Op = "add"
Path = "/outlier_detection", Path = "/outlier_detection"
Value = { Value = {
"enforcing_consecutive_5xx" = 1234, "enforcing_success_rate" = 80
"failure_percentage_request_volume" = 2345, "success_rate_minimum_hosts" = 2
}, }
} }
] ]
} }
} }
] ]
``` ```
Unlike the previous example, other `/outlier_detection` values set by Consul will _not_ be retained unless they match Envoy's defaults, because the entire value of `/outlier_detection` will be replaced.

55
website/content/docs/connect/proxies/envoy-extensions/usage/property-override.mdx
View File

@ -23,9 +23,9 @@ Add Envoy extension configurations to a proxy defaults or service defaults confi
- When you configure Envoy extensions on proxy defaults, they apply to every service. - When you configure Envoy extensions on proxy defaults, they apply to every service.
- When you configure Envoy extensions on service defaults, they apply to a specific service. - When you configure Envoy extensions on service defaults, they apply to a specific service.
Consul applies Envoy extensions configured in proxy defaults before it applies extensions in service defaults. As a result, the Envoy extension configuration in service defaults may override configurations in proxy defaults. Consul applies Envoy extensions configured in proxy defaults before it applies extensions in service defaults. As a result, the Envoy extension configuration in service defaults may override configurations in proxy defaults.
In the following service defaults configuration entry example, Consul adds a new `/upstream_connection_options/tcp_keepalive/keepalive_probes-5` field to each of the proxy's cluster configuration for the outbound `db`service upstream. The configuration applies to all `connect-proxy` proxies with services configured to communicate over HTTP: In the following proxy defaults configuration entry example, Consul sets the `/respect_dns_ttl` field on the `api` service proxy's cluster configuration for the `other-svc` upstream service:
<Tabs> <Tabs>
<Tab heading="HCL" group="hcl"> <Tab heading="HCL" group="hcl">
@ -33,7 +33,7 @@ In the following service defaults configuration entry example, Consul adds a new
```hcl ```hcl
Kind = "service-defaults" Kind = "service-defaults"
Name = "global" Name = "api"
Protocol = "http" Protocol = "http"
EnvoyExtensions = [ EnvoyExtensions = [
{ {
@ -50,8 +50,8 @@ EnvoyExtensions = [
}] }]
} }
Op = "add" Op = "add"
Path = "/upstream_connection_options/tcp_keepalive/keepalive_probes" Path = "/respect_dns_ttl"
Value = 5 Value = true
} }
] ]
} }
@ -66,9 +66,9 @@ EnvoyExtensions = [
```json ```json
"kind": "service-defaults", "kind": "service-defaults",
"name": "global", "name": "api",
"protocol": "http", "protocol": "http",
"envoy_extensions": [{ "envoyExtensions": [{
"name": "builtin/property-override", "name": "builtin/property-override",
"arguments": { "arguments": {
"proxyType": "connect-proxy", "proxyType": "connect-proxy",
@ -76,11 +76,11 @@ EnvoyExtensions = [
"resourceFilter": { "resourceFilter": {
"resourceType": "cluster", "resourceType": "cluster",
"trafficDirection": "outbound", "trafficDirection": "outbound",
"services": [{ "name": "other-svc" }], "services": [{ "name": "other-svc" }]
"op": "add", },
"path": "/upstream_connection_options/tcp_keepalive/keepalive_probes", "op": "add",
"value": 5 "path": "/respect_dns_ttl",
} "value": true
}] }]
} }
}] }]
@ -88,13 +88,13 @@ EnvoyExtensions = [
</CodeBlockConfig> </CodeBlockConfig>
</Tab> </Tab>
<Tab heading="Kubernetes" group="kubernetes"> <Tab heading="Kubernetes" group="kubernetes">
<CodeBlockConfig filename="property-override-extension-proxy-defaults.yaml"> <CodeBlockConfig filename="property-override-extension-service-defaults.yaml">
```yaml ```yaml
apiversion: consul.hashicorp.com/v1alpha1 apiversion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults kind: ServiceDefaults
metadata: metadata:
name: global name: api
spec: spec:
protocol: http protocol: http
envoyExtensions: envoyExtensions:
@ -108,8 +108,8 @@ spec:
services: services:
- name: "other-svc" - name: "other-svc"
op: "add" op: "add"
path: "/upstream_connection_options/tcp_keepalive/keepalive_probes", path: "/respect_dns_ttl",
value: 5 value: true
``` ```
</CodeBlockConfig> </CodeBlockConfig>
@ -136,6 +136,7 @@ EnvoyExtensions = [
{ {
Name = "builtin/property-override" Name = "builtin/property-override"
Arguments = { Arguments = {
Debug = true
ProxyType = "connect-proxy" ProxyType = "connect-proxy"
Patches = [ Patches = [
{ {
@ -146,7 +147,7 @@ EnvoyExtensions = [
Op = "add" Op = "add"
Path = "" Path = ""
Value = 5 Value = 5
} }
] ]
} }
} }
@ -157,19 +158,23 @@ After applying the configuration entry, Consul prints a message that includes th
```shell-session ```shell-session
$ consul config write api.hcl $ consul config write api.hcl
non-empty, non-root Path is required. available cluster fields: non-empty, non-root Path is required;
/outlier_detection available envoy.config.cluster.v3.Cluster fields:
/outlier_detection/enforcing_consecutive_5xx transport_socket_matches
/outlier_detection/failure_percentage_request_volume name
/round_robin_lb_config alt_stat_name
/round_robin_lb_config/slow_start_config type
cluster_type
eds_cluster_config
connect_timeout
...
``` ```
You can use the output to help you construct the appropriate value for the `Path` field. For example: You can use the output to help you construct the appropriate value for the `Path` field. For example:
```shell-session ```shell-session
$ consul config write api.hcl | grep round_robin $ consul config write api.hcl 2>&1 | grep round_robin
/round_robin_lb_config round_robin_lb_config
``` ```