Merge pull request #10071 from Ilhicas/connect-upstream-local-bind-address

consul/connect: enable setting local_bind_address in upstream
2021-02-26 08:03:40 -06:00 · 2021-02-26 08:03:40 -06:00 · 97f5904fa6
parent b5f8a3eb93 30c840e88e
commit 97f5904fa6
13 changed files with 106 additions and 74 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,8 @@ BUG FIXES:
 * cli: Fixed a bug where non-int proxy port would panic CLI [[GH-10072](https://github.com/hashicorp/nomad/issues/10072)]
 * cli: Fixed a bug where `nomad operator debug` incorrectly parsed https Consul API URLs. [[GH-10082](https://github.com/hashicorp/nomad/pull/10082)]

+IMPROVEMENTS:
+ * consul/connect: Enable setting `local_bind_address` field on connect upstreams [[GH-6248](https://github.com/hashicorp/nomad/issues/6248)]
 ## 1.0.4 (February 24, 2021)

 FEATURES:
--- a/api/services.go
+++ b/api/services.go
@ -286,9 +286,10 @@ func (cp *ConsulProxy) Canonicalize() {

 // ConsulUpstream represents a Consul Connect upstream jobspec stanza.
 type ConsulUpstream struct {
-	DestinationName string `mapstructure:"destination_name" hcl:"destination_name,optional"`
-	LocalBindPort   int    `mapstructure:"local_bind_port" hcl:"local_bind_port,optional"`
-	Datacenter      string `mapstructure:"datacenter" hcl:"datacenter,optional"`
+	DestinationName  string `mapstructure:"destination_name" hcl:"destination_name,optional"`
+	LocalBindPort    int    `mapstructure:"local_bind_port" hcl:"local_bind_port,optional"`
+	Datacenter       string `mapstructure:"datacenter" hcl:"datacenter,optional"`
+	LocalBindAddress string `mapstructure:"local_bind_address" hcl:"local_bind_address,optional"`
 }

 type ConsulExposeConfig struct {
--- a/api/services_test.go
+++ b/api/services_test.go
@ -228,9 +228,10 @@ func TestService_Connect_proxy_settings(t *testing.T) {
 				Proxy: &ConsulProxy{
 					Upstreams: []*ConsulUpstream{
 						{
-							DestinationName: "upstream",
-							LocalBindPort:   80,
-							Datacenter:      "dc2",
+							DestinationName:  "upstream",
+							LocalBindPort:    80,
+							Datacenter:       "dc2",
+							LocalBindAddress: "127.0.0.2",
 						},
 					},
 					LocalServicePort: 8000,
@ -244,6 +245,7 @@ func TestService_Connect_proxy_settings(t *testing.T) {
 	require.Equal(t, proxy.Upstreams[0].DestinationName, "upstream")
 	require.Equal(t, proxy.Upstreams[0].LocalBindPort, 80)
 	require.Equal(t, proxy.Upstreams[0].Datacenter, "dc2")
+	require.Equal(t, proxy.Upstreams[0].LocalBindAddress, "127.0.0.2")
 	require.Equal(t, proxy.LocalServicePort, 8000)
 }

--- a/client/taskenv/services.go
+++ b/client/taskenv/services.go
@ -147,6 +147,7 @@ func interpolateConnectSidecarService(taskEnv *TaskEnv, sidecar *structs.ConsulS
 		for i := 0; i < len(sidecar.Proxy.Upstreams); i++ {
 			sidecar.Proxy.Upstreams[i].Datacenter = taskEnv.ReplaceEnv(sidecar.Proxy.Upstreams[i].Datacenter)
 			sidecar.Proxy.Upstreams[i].DestinationName = taskEnv.ReplaceEnv(sidecar.Proxy.Upstreams[i].DestinationName)
+			sidecar.Proxy.Upstreams[i].LocalBindAddress = taskEnv.ReplaceEnv(sidecar.Proxy.Upstreams[i].LocalBindAddress)
 		}
 		sidecar.Proxy.Config = interpolateMapStringInterface(taskEnv, sidecar.Proxy.Config)
 	}
--- a/client/taskenv/services_test.go
+++ b/client/taskenv/services_test.go
@ -164,41 +164,42 @@ func TestInterpolate_interpolateConnect(t *testing.T) {
 	t.Parallel()

 	e := map[string]string{
-		"tag1":         "_tag1",
-		"port1":        "12345",
-		"address1":     "1.2.3.4",
-		"destination1": "_dest1",
-		"datacenter1":  "_datacenter1",
-		"path1":        "_path1",
-		"protocol1":    "_protocol1",
-		"port2":        "_port2",
-		"config1":      "_config1",
-		"driver1":      "_driver1",
-		"user1":        "_user1",
-		"config2":      "_config2",
-		"env1":         "_env1",
-		"env2":         "_env2",
-		"mode1":        "_mode1",
-		"device1":      "_device1",
-		"cidr1":        "10.0.0.0/64",
-		"ip1":          "1.1.1.1",
-		"server1":      "10.0.0.1",
-		"search1":      "10.0.0.2",
-		"option1":      "10.0.0.3",
-		"port3":        "_port3",
-		"network1":     "_network1",
-		"port4":        "_port4",
-		"network2":     "_network2",
-		"resource1":    "_resource1",
-		"meta1":        "_meta1",
-		"meta2":        "_meta2",
-		"signal1":      "_signal1",
-		"bind1":        "_bind1",
-		"address2":     "10.0.0.4",
-		"config3":      "_config3",
-		"protocol2":    "_protocol2",
-		"service1":     "_service1",
-		"host1":        "_host1",
+		"tag1":              "_tag1",
+		"port1":             "12345",
+		"address1":          "1.2.3.4",
+		"destination1":      "_dest1",
+		"datacenter1":       "_datacenter1",
+		"localbindaddress1": "127.0.0.2",
+		"path1":             "_path1",
+		"protocol1":         "_protocol1",
+		"port2":             "_port2",
+		"config1":           "_config1",
+		"driver1":           "_driver1",
+		"user1":             "_user1",
+		"config2":           "_config2",
+		"env1":              "_env1",
+		"env2":              "_env2",
+		"mode1":             "_mode1",
+		"device1":           "_device1",
+		"cidr1":             "10.0.0.0/64",
+		"ip1":               "1.1.1.1",
+		"server1":           "10.0.0.1",
+		"search1":           "10.0.0.2",
+		"option1":           "10.0.0.3",
+		"port3":             "_port3",
+		"network1":          "_network1",
+		"port4":             "_port4",
+		"network2":          "_network2",
+		"resource1":         "_resource1",
+		"meta1":             "_meta1",
+		"meta2":             "_meta2",
+		"signal1":           "_signal1",
+		"bind1":             "_bind1",
+		"address2":          "10.0.0.4",
+		"config3":           "_config3",
+		"protocol2":         "_protocol2",
+		"service1":          "_service1",
+		"host1":             "_host1",
 	}
 	env := NewTaskEnv(e, e, nil, nil, "", "")

@ -211,9 +212,10 @@ func TestInterpolate_interpolateConnect(t *testing.T) {
 				LocalServiceAddress: "${address1}",
 				LocalServicePort:    10000,
 				Upstreams: []structs.ConsulUpstream{{
-					DestinationName: "${destination1}",
-					Datacenter:      "${datacenter1}",
-					LocalBindPort:   10001,
+					DestinationName:  "${destination1}",
+					Datacenter:       "${datacenter1}",
+					LocalBindPort:    10001,
+					LocalBindAddress: "${localbindaddress1}",
 				}},
 				Expose: &structs.ConsulExposeConfig{
 					Paths: []structs.ConsulExposePath{{
@ -318,9 +320,10 @@ func TestInterpolate_interpolateConnect(t *testing.T) {
 				LocalServiceAddress: "1.2.3.4",
 				LocalServicePort:    10000,
 				Upstreams: []structs.ConsulUpstream{{
-					DestinationName: "_dest1",
-					Datacenter:      "_datacenter1",
-					LocalBindPort:   10001,
+					DestinationName:  "_dest1",
+					Datacenter:       "_datacenter1",
+					LocalBindPort:    10001,
+					LocalBindAddress: "127.0.0.2",
 				}},
 				Expose: &structs.ConsulExposeConfig{
 					Paths: []structs.ConsulExposePath{{
--- a/command/agent/consul/connect.go
+++ b/command/agent/consul/connect.go
@ -189,9 +189,10 @@ func connectUpstreams(in []structs.ConsulUpstream) []api.Upstream {
 	upstreams := make([]api.Upstream, len(in))
 	for i, upstream := range in {
 		upstreams[i] = api.Upstream{
-			DestinationName: upstream.DestinationName,
-			LocalBindPort:   upstream.LocalBindPort,
-			Datacenter:      upstream.Datacenter,
+			DestinationName:  upstream.DestinationName,
+			LocalBindPort:    upstream.LocalBindPort,
+			Datacenter:       upstream.Datacenter,
+			LocalBindAddress: upstream.LocalBindAddress,
 		}
 	}
 	return upstreams
--- a/command/agent/consul/connect_test.go
+++ b/command/agent/consul/connect_test.go
@ -315,17 +315,19 @@ func TestConnect_connectUpstreams(t *testing.T) {
 				DestinationName: "foo",
 				LocalBindPort:   8000,
 			}, {
-				DestinationName: "bar",
-				LocalBindPort:   9000,
-				Datacenter:      "dc2",
+				DestinationName:  "bar",
+				LocalBindPort:    9000,
+				Datacenter:       "dc2",
+				LocalBindAddress: "127.0.0.2",
 			}},
 			connectUpstreams([]structs.ConsulUpstream{{
 				DestinationName: "foo",
 				LocalBindPort:   8000,
 			}, {
-				DestinationName: "bar",
-				LocalBindPort:   9000,
-				Datacenter:      "dc2",
+				DestinationName:  "bar",
+				LocalBindPort:    9000,
+				Datacenter:       "dc2",
+				LocalBindAddress: "127.0.0.2",
 			}}),
 		)
 	})
--- a/command/agent/job_endpoint.go
+++ b/command/agent/job_endpoint.go
@ -1513,9 +1513,10 @@ func apiUpstreamsToStructs(in []*api.ConsulUpstream) []structs.ConsulUpstream {
 	upstreams := make([]structs.ConsulUpstream, len(in))
 	for i, upstream := range in {
 		upstreams[i] = structs.ConsulUpstream{
-			DestinationName: upstream.DestinationName,
-			LocalBindPort:   upstream.LocalBindPort,
-			Datacenter:      upstream.Datacenter,
+			DestinationName:  upstream.DestinationName,
+			LocalBindPort:    upstream.LocalBindPort,
+			Datacenter:       upstream.Datacenter,
+			LocalBindAddress: upstream.LocalBindAddress,
 		}
 	}
 	return upstreams
--- a/command/agent/job_endpoint_test.go
+++ b/command/agent/job_endpoint_test.go
@ -3009,13 +3009,15 @@ func TestConversion_apiUpstreamsToStructs(t *testing.T) {
 	require.Nil(t, apiUpstreamsToStructs(nil))
 	require.Nil(t, apiUpstreamsToStructs(make([]*api.ConsulUpstream, 0)))
 	require.Equal(t, []structs.ConsulUpstream{{
-		DestinationName: "upstream",
-		LocalBindPort:   8000,
-		Datacenter:      "dc2",
+		DestinationName:  "upstream",
+		LocalBindPort:    8000,
+		Datacenter:       "dc2",
+		LocalBindAddress: "127.0.0.2",
 	}}, apiUpstreamsToStructs([]*api.ConsulUpstream{{
-		DestinationName: "upstream",
-		LocalBindPort:   8000,
-		Datacenter:      "dc2",
+		DestinationName:  "upstream",
+		LocalBindPort:    8000,
+		Datacenter:       "dc2",
+		LocalBindAddress: "127.0.0.2",
 	}}))
 }

--- a/nomad/structs/diff_test.go
+++ b/nomad/structs/diff_test.go
@ -2695,9 +2695,10 @@ func TestTaskGroupDiff(t *testing.T) {
 									LocalServicePort:    8080,
 									Upstreams: []ConsulUpstream{
 										{
-											DestinationName: "foo",
-											LocalBindPort:   8000,
-											Datacenter:      "dc2",
+											DestinationName:  "foo",
+											LocalBindPort:    8000,
+											Datacenter:       "dc2",
+											LocalBindAddress: "127.0.0.2",
 										},
 									},
 									Config: map[string]interface{}{
@ -2986,6 +2987,12 @@ func TestTaskGroupDiff(t *testing.T) {
 																Old:  "",
 																New:  "foo",
 															},
+															{
+																Type: DiffTypeAdded,
+																Name: "LocalBindAddress",
+																Old:  "",
+																New:  "127.0.0.2",
+															},
 															{
 																Type: DiffTypeAdded,
 																Name: "LocalBindPort",
--- a/nomad/structs/services.go
+++ b/nomad/structs/services.go
@ -630,6 +630,7 @@ func hashConnect(h hash.Hash, connect *ConsulConnect) {
 				hashString(h, upstream.DestinationName)
 				hashString(h, strconv.Itoa(upstream.LocalBindPort))
 				hashStringIfNonEmpty(h, upstream.Datacenter)
+				hashStringIfNonEmpty(h, upstream.LocalBindAddress)
 			}
 		}
 	}
@ -1198,6 +1199,10 @@ type ConsulUpstream struct {

 	// Datacenter is the datacenter in which to issue the discovery query to.
 	Datacenter string
+
+	// LocalBindAddress is the address the proxy will receive connections for the
+	// upstream on.
+	LocalBindAddress string
 }

 func upstreamsEquals(a, b []ConsulUpstream) bool {
@ -1224,9 +1229,10 @@ func (u *ConsulUpstream) Copy() *ConsulUpstream {
 	}

 	return &ConsulUpstream{
-		DestinationName: u.DestinationName,
-		LocalBindPort:   u.LocalBindPort,
-		Datacenter:      u.Datacenter,
+		DestinationName:  u.DestinationName,
+		LocalBindPort:    u.LocalBindPort,
+		Datacenter:       u.Datacenter,
+		LocalBindAddress: u.LocalBindAddress,
 	}
 }

--- a/vendor/github.com/hashicorp/nomad/api/services.go
+++ b/vendor/github.com/hashicorp/nomad/api/services.go
@ -286,9 +286,10 @@ func (cp *ConsulProxy) Canonicalize() {

 // ConsulUpstream represents a Consul Connect upstream jobspec stanza.
 type ConsulUpstream struct {
-	DestinationName string `mapstructure:"destination_name" hcl:"destination_name,optional"`
-	LocalBindPort   int    `mapstructure:"local_bind_port" hcl:"local_bind_port,optional"`
-	Datacenter      string `mapstructure:"datacenter" hcl:"datacenter,optional"`
+	DestinationName  string `mapstructure:"destination_name" hcl:"destination_name,optional"`
+	LocalBindPort    int    `mapstructure:"local_bind_port" hcl:"local_bind_port,optional"`
+	Datacenter       string `mapstructure:"datacenter" hcl:"datacenter,optional"`
+	LocalBindAddress string `mapstructure:"local_bind_address" hcl:"local_bind_address,optional"`
 }

 type ConsulExposeConfig struct {
--- a/website/content/docs/job-specification/upstreams.mdx
+++ b/website/content/docs/job-specification/upstreams.mdx
@ -54,6 +54,7 @@ job "countdash" {
              destination_name = "count-api"
              local_bind_port  = 8080
              datacenter = "dc1"
+              local_bind_address = "127.0.0.1"
            }
          }
        }
@ -84,6 +85,8 @@ job "countdash" {
 - `datacenter` `(string: "")` - The Consul datacenter in which to issue the
  discovery query. Defaults to the empty string, which Consul interprets as the
  local Consul datacenter.
+- `local_bind_address` - `(string: "")` - The address the proxy will receive
+  connections for the upstream on.

 The `NOMAD_UPSTREAM_ADDR_<destination_name>` environment variables may be used
 to interpolate the upstream's `host:port` address.