d6c0557e86
* Add support for HTTP proxy listeners * Add customizable bootstrap configuration options * Debug logging for xDS AuthZ * Add Envoy Integration test suite with basic test coverage * Add envoy command tests to cover new cases * Add tracing integration test * Add gRPC support WIP * Merged changes from master Docker. get CI integration to work with same Dockerfile now * Make docker build optional for integration * Enable integration tests again! * http2 and grpc integration tests and fixes * Fix up command config tests * Store all container logs as artifacts in circle on fail * Add retries to outer part of stats measurements as we keep missing them in CI * Only dump logs on failing cases * Fix typos from code review * Review tidying and make tests pass again * Add debug logs to exec test. * Fix legit test failure caused by upstream rename in envoy config * Attempt to reduce cases of bad TLS handshake in CI integration tests * bring up the right service * Add prometheus integration test * Add test for denied AuthZ both HTTP and TCP * Try ANSI term for Circle
194 lines
4 KiB
YAML
194 lines
4 KiB
YAML
version: '3.4'
|
|
|
|
x-workdir:
|
|
&workdir-volume
|
|
type: volume
|
|
source: workdir
|
|
target: /workdir
|
|
volume:
|
|
nocopy: true
|
|
|
|
volumes:
|
|
workdir:
|
|
|
|
services:
|
|
# This is a dummy container that we use to create volume and keep it
|
|
# accessible while other containers are down.
|
|
workdir:
|
|
image: alpine
|
|
volumes:
|
|
- *workdir-volume
|
|
command:
|
|
- sleep
|
|
- "86400"
|
|
|
|
consul:
|
|
image: "consul-dev"
|
|
command:
|
|
- "agent"
|
|
- "-dev"
|
|
- "-config-dir"
|
|
- "/workdir/consul"
|
|
- "-client"
|
|
- "0.0.0.0"
|
|
volumes:
|
|
- *workdir-volume
|
|
ports:
|
|
# Exposing to host makes debugging locally a bit easier
|
|
- "8500:8500"
|
|
- "8502:8502"
|
|
# For zipkin which uses this containers network
|
|
- 9411:9411
|
|
# Jaeger UI
|
|
- 16686:16686
|
|
|
|
s1:
|
|
depends_on:
|
|
- consul
|
|
image: "fortio/fortio"
|
|
command:
|
|
- "server"
|
|
- "-http-port"
|
|
- ":8080"
|
|
- "-grpc-port"
|
|
- ":8079"
|
|
network_mode: service:consul
|
|
|
|
s2:
|
|
depends_on:
|
|
- consul
|
|
image: "fortio/fortio"
|
|
command:
|
|
- "server"
|
|
- "-http-port"
|
|
- ":8181"
|
|
- "-grpc-port"
|
|
- ":8179"
|
|
network_mode: service:consul
|
|
|
|
s1-sidecar-proxy:
|
|
depends_on:
|
|
- consul
|
|
image: "envoyproxy/envoy:v${ENVOY_VERSION:-1.8.0}"
|
|
command:
|
|
- "envoy"
|
|
- "-c"
|
|
- "/workdir/envoy/s1-bootstrap.json"
|
|
- "-l"
|
|
- "debug"
|
|
# Hot restart breaks since both envoys seem to interact with each other
|
|
# despite separate containers that don't share IPC namespace. Not quite
|
|
# sure how this happens but may be due to unix socket being in some shared
|
|
# location?
|
|
- "--disable-hot-restart"
|
|
- "--drain-time-s"
|
|
- "1"
|
|
volumes:
|
|
- *workdir-volume
|
|
network_mode: service:consul
|
|
|
|
s2-sidecar-proxy:
|
|
depends_on:
|
|
- consul
|
|
image: "envoyproxy/envoy:v${ENVOY_VERSION:-1.8.0}"
|
|
command:
|
|
- "envoy"
|
|
- "-c"
|
|
- "/workdir/envoy/s2-bootstrap.json"
|
|
- "-l"
|
|
- "debug"
|
|
# Hot restart breaks since both envoys seem to interact with each other
|
|
# despite separate containers that don't share IPC namespace. Not quite
|
|
# sure how this happens but may be due to unix socket being in some shared
|
|
# location?
|
|
- "--disable-hot-restart"
|
|
- "--drain-time-s"
|
|
- "1"
|
|
volumes:
|
|
- *workdir-volume
|
|
network_mode: service:consul
|
|
|
|
verify:
|
|
depends_on:
|
|
- consul
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile-bats
|
|
tty: true
|
|
command:
|
|
- "--pretty"
|
|
- "/workdir/bats"
|
|
volumes:
|
|
- *workdir-volume
|
|
network_mode: service:consul
|
|
|
|
s1-sidecar-proxy-consul-exec:
|
|
depends_on:
|
|
- consul
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile-consul-envoy
|
|
args:
|
|
ENVOY_VERSION: ${ENVOY_VERSION:-1.8.0}
|
|
command:
|
|
- "consul"
|
|
- "connect"
|
|
- "envoy"
|
|
- "-sidecar-for"
|
|
- "s1"
|
|
- "--"
|
|
- "-l"
|
|
- "debug"
|
|
network_mode: service:consul
|
|
|
|
fake-statsd:
|
|
depends_on:
|
|
- consul
|
|
image: "alpine/socat"
|
|
command:
|
|
- -u
|
|
- UDP-RECVFROM:8125,fork,reuseaddr
|
|
# This magic incantation is needed since Envoy doesn't add newlines and so
|
|
# we need each packet to be passed to echo to add a new line before
|
|
# appending.
|
|
- SYSTEM:'xargs -0 echo >> /workdir/statsd/statsd.log'
|
|
volumes:
|
|
- *workdir-volume
|
|
network_mode: service:consul
|
|
|
|
wipe-volumes:
|
|
volumes:
|
|
- *workdir-volume
|
|
image: alpine
|
|
command:
|
|
- sh
|
|
- -c
|
|
- 'rm -rf /workdir/*'
|
|
|
|
# This is a debugging tool run docker-compose up dump-volumes to see the
|
|
# current state.
|
|
dump-volumes:
|
|
volumes:
|
|
- *workdir-volume
|
|
- ./:/cwd
|
|
image: alpine
|
|
command:
|
|
- cp
|
|
- -r
|
|
- /workdir/.
|
|
- /cwd/workdir/
|
|
|
|
zipkin:
|
|
volumes:
|
|
- *workdir-volume
|
|
image: openzipkin/zipkin
|
|
network_mode: service:consul
|
|
|
|
jaeger:
|
|
volumes:
|
|
- *workdir-volume
|
|
image: jaegertracing/all-in-one:1.11
|
|
network_mode: service:consul
|
|
command:
|
|
- --collector.zipkin.http-port=9411
|