10af44006a
* Proxy Config Manager This component watches for local state changes on the agent and ensures that each service registered locally with Kind == connect-proxy has it's state being actively populated in the cache. This serves two purposes: 1. For the built-in proxy, it ensures that the state needed to accept connections is available in RAM shortly after registration and likely before the proxy actually starts accepting traffic. 2. For (future - next PR) xDS server and other possible future proxies that require _push_ based config discovery, this provides a mechanism to subscribe and be notified about updates to a proxy instance's config including upstream service discovery results. * Address review comments * Better comments; Better delivery of latest snapshot for slow watchers; Embed Config * Comment typos * Add upstream Stringer for funsies
54 lines
2.9 KiB
Go
54 lines
2.9 KiB
Go
// Package proxycfg provides a component that monitors local agent state for
|
|
// Connect proxy service registrations and maintains the necessary cache state
|
|
// for those proxies locally. Local cache state keeps pull based proxies (e.g.
|
|
// the built in one) performant even on first request/startup, and allows for
|
|
// push-based proxy APIs (e.g. xDS for Envoy) to be notified of updates to the
|
|
// proxy configuration.
|
|
//
|
|
// The relationship with other agent components looks like this:
|
|
//
|
|
// +------------------------------------------+
|
|
// | AGENT |
|
|
// | |
|
|
// | +--------+ 1. +----------+ |
|
|
// | | local |<-----+ proxycfg |<--------+ |
|
|
// | | state +----->| Manager |<---+ | |
|
|
// | +--------+ 2. +^---+-----+ | | |
|
|
// | 5.| | | | |
|
|
// | +----------+ | +-------+--+ |4. |
|
|
// | | +->| proxycfg | | |
|
|
// | | 3.| | State | | |
|
|
// | | | +----------+ | |
|
|
// | | | | |
|
|
// | | | +----------+ | |
|
|
// | | +->| proxycfg +-+ |
|
|
// | | | State | |
|
|
// | | +----------+ |
|
|
// | |6. |
|
|
// | +----v---+ |
|
|
// | | xDS | |
|
|
// | | Server | |
|
|
// | +--------+ |
|
|
// | |
|
|
// +------------------------------------------+
|
|
//
|
|
// 1. Manager watches local state for changes.
|
|
// 2. On local state change manager is notified and iterates through state
|
|
// looking for proxy service registrations.
|
|
// 3. For each proxy service registered, the manager maintains a State
|
|
// instance, recreating on change, removing when deregistered.
|
|
// 4. State instance copies the parts of the the proxy service registration
|
|
// needed to configure proxy, and sets up blocking watches on the local
|
|
// agent cache for all remote state needed: root and leaf certs, intentions,
|
|
// and service discovery results for the specified upstreams. This ensures
|
|
// these results are always in local cache for "pull" based proxies like the
|
|
// built-in one.
|
|
// 5. If needed, pull-based proxy config APIs like the xDS server can Watch the
|
|
// config for a given proxy service.
|
|
// 6. Watchers get notified every time something changes the current snapshot
|
|
// of config for the proxy. That might be changes to the registration,
|
|
// certificate rotations, changes to the upstreams required (needing
|
|
// different listener config), or changes to the service discovery results
|
|
// for any upstream (e.g. new instance of upstream service came up).
|
|
package proxycfg
|