Go to file
Freddy 66e2def461
Only pass one hostname via EDS and prefer healthy ones (#8084)
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

Currently when passing hostname clusters to Envoy, we set each service instance registered with Consul as an LbEndpoint for the cluster.

However, Envoy can only handle one per cluster:
[2020-06-04 18:32:34.094][1][warning][config] [source/common/config/grpc_subscription_impl.cc:87] gRPC config for type.googleapis.com/envoy.api.v2.Cluster rejected: Error adding/updating cluster(s) dc2.internal.ddd90499-9b47-91c5-4616-c0cbf0fc358a.consul: LOGICAL_DNS clusters must have a single locality_lb_endpoint and a single lb_endpoint, server.dc2.consul: LOGICAL_DNS clusters must have a single locality_lb_endpoint and a single lb_endpoint

Envoy is currently handling this gracefully by only picking one of the endpoints. However, we should avoid passing multiple to avoid these warning logs.

This PR:

* Ensures we only pass one endpoint, which is tied to one service instance.
* We prefer sending an endpoint which is marked as Healthy by Consul.
* If no endpoints are healthy we emit a warning and skip the cluster.
* If multiple unique hostnames are spread across service instances we emit a warning and let the user know which will be resolved.
2020-06-12 13:46:17 -06:00
.circleci Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
.github fixed links (#8020) 2020-06-04 16:18:37 -04:00
acl Replace whitelist/blacklist terminology with allowlist/denylist (#7971) 2020-05-29 14:19:16 -04:00
agent Only pass one hostname via EDS and prefer healthy ones (#8084) 2020-06-12 13:46:17 -06:00
api Move ingress param to a new endpoint (#8081) 2020-06-10 13:07:15 -05:00
bench Gets benchmarks running again and does a rough pass for 0.7.1. 2016-11-29 13:02:26 -08:00
build-support Replace whitelist/blacklist terminology with allowlist/denylist (#7971) 2020-05-29 14:19:16 -04:00
command Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
connect ci: Add staticcheck and fix most errors 2020-05-28 11:59:58 -04:00
contributing Add contributing dir with Config file checklist (#7017) 2020-01-14 12:24:03 +00:00
demo demo: Added udp port forwarding 2018-05-30 13:56:56 +09:00
internal/go-sso Add unconvert linter 2020-05-12 13:47:25 -04:00
ipaddr Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
lib config: add HookWeakDecodeFromSlice 2020-06-08 17:05:09 -04:00
logging Merge pull request #7469 from djmgit/log_dir 2020-05-12 14:26:52 -04:00
sdk acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-05-29 16:16:03 -05:00
sentinel Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
service_os Changes made : 2018-06-28 21:18:14 -04:00
snapshot ci: Add staticcheck and fix most errors 2020-05-28 11:59:58 -04:00
terraform terraform: remove modules in repo (#5085) 2019-04-04 16:31:43 -07:00
test Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
testrpc acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-05-29 16:16:03 -05:00
tlsutil ci: Add staticcheck and fix most errors 2020-05-28 11:59:58 -04:00
types Removes remoteConsuls in favor of the new router. 2017-03-16 16:42:19 -07:00
ui-v2 ui: Colocate pageobject components with their components (#8098) 2020-06-12 16:50:09 +01:00
vendor Update google.golang.org/api and stretchr/testify 2020-06-09 16:03:05 -04:00
version Putting source back into Dev Mode 2020-05-28 14:39:39 -04:00
website Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
.dockerignore Update the scripting 2018-06-14 21:42:47 -04:00
.gitattributes Initial commit 2013-11-04 14:15:27 -08:00
.gitignore .gitignore: cut IDE-specific entries, cleanup (#7083) 2020-01-17 11:06:33 -08:00
.golangci.yml ci: Enabled SA2002 staticcheck check 2020-06-05 17:50:11 -04:00
.hashibot.hcl hashibot: let hashibot help us more (#7281) 2020-02-19 15:30:27 +01:00
CHANGELOG.md Adding 1.7.4 and 1.6.6 2020-06-11 00:01:49 +02:00
GNUmakefile Make envoy integration tests a `go test` suite (#7842) 2020-05-19 14:00:00 -04:00
INTERNALS.md Add contributing dir with Config file checklist (#7017) 2020-01-14 12:24:03 +00:00
LICENSE Initial commit 2013-11-04 14:15:27 -08:00
NOTICE.md add copyright notice file 2018-07-09 10:58:26 -07:00
README.md Add link to Learn to the top, move service mesh higher up on list of features. (#7474) 2020-03-23 12:10:42 -05:00
Vagrantfile Adds a basic Linux Vagrant setup, stolen from Nomad. 2017-10-06 08:10:12 -07:00
codecov.yml ui: Test Coverage Reporting (#7027) 2020-05-12 17:13:50 +00:00
go.mod Update google.golang.org/api and stretchr/testify 2020-06-09 16:03:05 -04:00
go.sum Update google.golang.org/api and stretchr/testify 2020-06-09 16:03:05 -04:00
main.go cli: slightly more direct way of printing custom version 2020-03-26 15:35:34 -04:00
main_test.go Adding basic CLI infrastructure 2013-12-19 11:22:08 -08:00

README.md

Consul CircleCI Discuss

Consul is a tool for service discovery and configuration. Consul is distributed, highly available, and extremely scalable.

Consul provides several key features:

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.

  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.

  • Service Segmentation/Service Mesh - Consul Connect enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections without being aware of Connect at all.

  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

  • Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

Consul runs on Linux, Mac OS X, FreeBSD, Solaris, and Windows. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

A few quick start guides are available on the Consul website:

Documentation

Full, comprehensive documentation is available on the Consul website:

https://www.consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance.