Go to file
Ashvitha f514182f3e
Allow HCP metrics collection for Envoy proxies
Co-authored-by: Ashvitha Sridharan <ashvitha.sridharan@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>

Add a new envoy flag: "envoy_hcp_metrics_bind_socket_dir", a directory
where a unix socket will be created with the name
`<namespace>_<proxy_id>.sock` to forward Envoy metrics.

If set, this will configure:
- In bootstrap configuration a local stats_sink and static cluster.
  These will forward metrics to a loopback listener sent over xDS.

- A dynamic listener listening at the socket path that the previously
  defined static cluster is sending metrics to.

- A dynamic cluster that will forward traffic received at this listener
  to the hcp-metrics-collector service.


Reasons for having a static cluster pointing at a dynamic listener:
- We want to secure the metrics stream using TLS, but the stats sink can
  only be defined in bootstrap config. With dynamic listeners/clusters
  we can use the proxy's leaf certificate issued by the Connect CA,
  which isn't available at bootstrap time.

- We want to intelligently route to the HCP collector. Configuring its
  addreess at bootstrap time limits our flexibility routing-wise. More
  on this below.

Reasons for defining the collector as an upstream in `proxycfg`:
- The HCP collector will be deployed as a mesh service.

- Certificate management is taken care of, as mentioned above.

- Service discovery and routing logic is automatically taken care of,
  meaning that no code changes are required in the xds package.

- Custom routing rules can be added for the collector using discovery
  chain config entries. Initially the collector is expected to be
  deployed to each admin partition, but in the future could be deployed
  centrally in the default partition. These config entries could even be
  managed by HCP itself.
2023-03-10 13:52:54 -07:00
.changelog Allow HCP metrics collection for Envoy proxies 2023-03-10 13:52:54 -07:00
.circleci NET-2954: Improve integration tests CI execution time (#16565) 2023-03-08 11:00:23 -05:00
.github Create a weekly 404 checker for all Consul docs content (#16603) 2023-03-10 14:13:14 -06:00
.release add back staging bits (#16411) 2023-02-23 19:39:40 -06:00
acl Synthesize anonymous token pre-bootstrap when needed (#16200) 2023-02-09 20:34:02 +00:00
agent Allow HCP metrics collection for Envoy proxies 2023-03-10 13:52:54 -07:00
api Allow HCP metrics collection for Envoy proxies 2023-03-10 13:52:54 -07:00
bench Gets benchmarks running again and does a rough pass for 0.7.1. 2016-11-29 13:02:26 -08:00
build-support Protobuf Refactoring for Multi-Module Cleanliness (#16302) 2023-02-17 16:14:46 -05:00
command Allow HCP metrics collection for Envoy proxies 2023-03-10 13:52:54 -07:00
connect Protobuf Refactoring for Multi-Module Cleanliness (#16302) 2023-02-17 16:14:46 -05:00
contributing Move contributing to docs 2021-08-30 16:17:09 -04:00
docs Adding experimental support for a more efficient LogStore implementation (#16176) 2023-02-08 16:50:22 +00:00
envoyextensions Bump submodules from latest 1.15.1 patch release (#16578) 2023-03-08 14:37:50 -06:00
grafana add readme outlining how to edit and publish 2021-01-12 14:47:11 -08:00
internal Remove private prefix from proto-gen-rpc-glue e2e test (#16433) 2023-03-03 14:05:14 -05:00
ipaddr Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
lib Suppress AlreadyRegisteredError to fix test retries (#16501) 2023-03-02 12:08:03 -05:00
logging Run config entry controller routines on leader (#16054) 2023-01-25 12:21:46 -06:00
proto allow setting locality on services and nodes (#16581) 2023-03-10 09:36:15 -05:00
proto-public GRPC stub for the ResourceService (#16528) 2023-03-09 13:40:23 -06:00
sdk allow setting locality on services and nodes (#16581) 2023-03-10 09:36:15 -05:00
sentinel re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
service_os re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
snapshot removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
test Add namespace file with build tag for OSS gateway tests (#16590) 2023-03-09 20:46:02 +00:00
testrpc Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
tlsutil Protobuf Refactoring for Multi-Module Cleanliness (#16302) 2023-02-17 16:14:46 -05:00
tools/internal-grpc-proxy grpc: rename public/private directories to external/internal (#13721) 2022-07-13 16:33:48 +01:00
troubleshoot Bump submodules from latest 1.15.1 patch release (#16578) 2023-03-08 14:37:50 -06:00
types agent: convert listener config to TLS types (#12522) 2022-03-24 15:32:25 -04:00
ui UI: Fix htmlsafe errors throughout the app (#16574) 2023-03-09 12:43:35 -07:00
version cli: remove stray whitespace when loading the consul version from the VERSION file (#16467) 2023-02-28 14:37:52 -06:00
website Allow HCP metrics collection for Envoy proxies 2023-03-10 13:52:54 -07:00
.dockerignore Update the scripting 2018-06-14 21:42:47 -04:00
.gitattributes Initial commit 2013-11-04 14:15:27 -08:00
.gitignore grpc: `protoc` plugin for generating gRPC rate limit specifications (#15564) 2023-01-04 16:07:02 +00:00
.golangci.yml removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
CHANGELOG.md Update changelog with patch releases (#16576) 2023-03-08 19:32:22 +00:00
Dockerfile Upgrade Alpine image to 3.17 (#16358) 2023-02-22 10:09:41 -06:00
GNUmakefile Protobuf Refactoring for Multi-Module Cleanliness (#16302) 2023-02-17 16:14:46 -05:00
LICENSE [COMPLIANCE] Update MPL-2.0 LICENSE (#14964) 2022-11-09 12:24:14 -06:00
NOTICE.md add copyright notice file 2018-07-09 10:58:26 -07:00
README.md Fixed broken links referring to tutorials running as local agent (#14954) 2022-10-11 13:01:29 -07:00
buf.work.yaml Protobuf Refactoring for Multi-Module Cleanliness (#16302) 2023-02-17 16:14:46 -05:00
fixup_acl_move.sh Fixup script 2 2022-04-05 14:52:43 -07:00
go.mod Bump submodules from latest 1.15.1 patch release (#16578) 2023-03-08 14:37:50 -06:00
go.sum support vault auth config for alicloud ca provider 2023-03-07 03:02:05 +00:00
main.go [OSS] security: update go to 1.20.1 (#16263) 2023-02-17 15:04:12 -05:00

README.md

Consul logo Consul

Docker Pulls Go Report Card

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

Consul provides several key features:

  • Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

  • Service Mesh - Consul Service Mesh enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections with Transparent Proxy.

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.

  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.

  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

Consul runs on Linux, macOS, FreeBSD, Solaris, and Windows and includes an optional browser based UI. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

A few quick start guides are available on the Consul website:

Documentation

Full, comprehensive documentation is available on the Consul website: https://consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance. For contributions specifically to the browser based UI, please refer to the UI's README.md for guidance.