251da1077f
* Vendor updates for gRPC and xDS server * xDS server implementation for serving Envoy as a Connect proxy * Address initial review comments * consistent envoy package aliases; typos fixed; override TLS and authz for custom listeners * Moar Typos * Moar typos
80 lines
2.4 KiB
Go
80 lines
2.4 KiB
Go
package xds
|
|
|
|
import (
|
|
"errors"
|
|
"time"
|
|
|
|
envoy "github.com/envoyproxy/go-control-plane/envoy/api/v2"
|
|
envoyauth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth"
|
|
envoycore "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
|
|
"github.com/gogo/protobuf/proto"
|
|
|
|
"github.com/hashicorp/consul/agent/proxycfg"
|
|
)
|
|
|
|
// clustersFromSnapshot returns the xDS API representation of the "clusters"
|
|
// (upstreams) in the snapshot.
|
|
func clustersFromSnapshot(cfgSnap *proxycfg.ConfigSnapshot, token string) ([]proto.Message, error) {
|
|
if cfgSnap == nil {
|
|
return nil, errors.New("nil config given")
|
|
}
|
|
// Include the "app" cluster for the public listener
|
|
clusters := make([]proto.Message, len(cfgSnap.Proxy.Upstreams)+1)
|
|
|
|
clusters[0] = makeAppCluster(cfgSnap)
|
|
|
|
for idx, upstream := range cfgSnap.Proxy.Upstreams {
|
|
clusters[idx+1] = makeUpstreamCluster(upstream.Identifier(), cfgSnap)
|
|
}
|
|
|
|
return clusters, nil
|
|
}
|
|
|
|
func makeAppCluster(cfgSnap *proxycfg.ConfigSnapshot) *envoy.Cluster {
|
|
addr := cfgSnap.Proxy.LocalServiceAddress
|
|
if addr == "" {
|
|
addr = "127.0.0.1"
|
|
}
|
|
return &envoy.Cluster{
|
|
Name: LocalAppClusterName,
|
|
// TODO(banks): make this configurable from the proxy config
|
|
ConnectTimeout: 5 * time.Second,
|
|
Type: envoy.Cluster_STATIC,
|
|
// API v2 docs say hosts is deprecated and should use LoadAssignment as
|
|
// below.. but it doesn't work for tcp_proxy target for some reason.
|
|
Hosts: []*envoycore.Address{makeAddressPtr(addr, cfgSnap.Proxy.LocalServicePort)},
|
|
// LoadAssignment: &envoy.ClusterLoadAssignment{
|
|
// ClusterName: LocalAppClusterName,
|
|
// Endpoints: []endpoint.LocalityLbEndpoints{
|
|
// {
|
|
// LbEndpoints: []endpoint.LbEndpoint{
|
|
// makeEndpoint(LocalAppClusterName,
|
|
// addr,
|
|
// cfgSnap.Proxy.LocalServicePort),
|
|
// },
|
|
// },
|
|
// },
|
|
// },
|
|
}
|
|
}
|
|
|
|
func makeUpstreamCluster(name string, cfgSnap *proxycfg.ConfigSnapshot) *envoy.Cluster {
|
|
return &envoy.Cluster{
|
|
Name: name,
|
|
// TODO(banks): make this configurable from the upstream config
|
|
ConnectTimeout: 5 * time.Second,
|
|
Type: envoy.Cluster_EDS,
|
|
EdsClusterConfig: &envoy.Cluster_EdsClusterConfig{
|
|
EdsConfig: &envoycore.ConfigSource{
|
|
ConfigSourceSpecifier: &envoycore.ConfigSource_Ads{
|
|
Ads: &envoycore.AggregatedConfigSource{},
|
|
},
|
|
},
|
|
},
|
|
// Enable TLS upstream with the configured client certificate.
|
|
TlsContext: &envoyauth.UpstreamTlsContext{
|
|
CommonTlsContext: makeCommonTLSContext(cfgSnap),
|
|
},
|
|
}
|
|
}
|