luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/helper/envoy/envoy.go
Seth Hoenig d026ff1f66 consul/connect: add support for connect mesh gateways 
This PR implements first-class support for Nomad running Consul
Connect Mesh Gateways. Mesh gateways enable services in the Connect
mesh to make cross-DC connections via gateways, where each datacenter
may not have full node interconnectivity.

Consul docs with more information:
https://www.consul.io/docs/connect/gateways/mesh-gateway

The following group level service block can be used to establish
a Connect mesh gateway.

service {
  connect {
    gateway {
      mesh {
        // no configuration
      }
    }
  }
}

Services can make use of a mesh gateway by configuring so in their
upstream blocks, e.g.

service {
  connect {
    sidecar_service {
      proxy {
        upstreams {
          destination_name = "<service>"
          local_bind_port  = <port>
          datacenter       = "<datacenter>"
          mesh_gateway {
            mode = "<mode>"
          }
        }
      }
    }
  }
}

Typical use of a mesh gateway is to create a bridge between datacenters.
A mesh gateway should then be configured with a service port that is
mapped from a host_network configured on a WAN interface in Nomad agent
config, e.g.

client {
  host_network "public" {
    interface = "eth1"
  }
}

Create a port mapping in the group.network block for use by the mesh
gateway service from the public host_network, e.g.

network {
  mode = "bridge"
  port "mesh_wan" {
    host_network = "public"
  }
}

Use this port label for the service.port of the mesh gateway, e.g.

service {
  name = "mesh-gateway"
  port = "mesh_wan"
  connect {
    gateway {
      mesh {}
    }
  }
}

Currently Envoy is the only supported gateway implementation in Consul.
By default Nomad client will run the latest official Envoy docker image
supported by the local Consul agent. The Envoy task can be customized
by setting `meta.connect.gateway_image` in agent config or by setting
the `connect.sidecar_task` block.

Gateways require Consul 1.8.0+, enforced by the Nomad scheduler.

Closes #9446
2021-06-04 08:24:49 -05:00

64 lines
2.7 KiB
Go
Raw Blame History

// Package envoy provides a high level view of the variables that go into
// selecting an envoy version.
package envoy
import (
"fmt"
)
const (
// SidecarMetaParam is the parameter name used to configure the connect sidecar
// at the client level. Setting this option in client configuration takes the
// lowest precedence.
//
// If this meta option is not set in client configuration, it defaults to
// ImageFormat, so that Nomad will defer envoy version selection to Consul.
SidecarMetaParam = "connect.sidecar_image"
// SidecarConfigVar is used as the default config.image value for connect
// sidecar proxies, when they are injected in the job connect mutator.
SidecarConfigVar = "${meta." + SidecarMetaParam + "}"
// GatewayMetaParam is the parameter name used to configure the connect gateway
// at the client level. Setting this option in client configuration takes the
// lowest precedence.
//
// If this meta option is not set in client configuration, it defaults to
// ImageFormat, so that Nomad will defer envoy version selection to Consul.
GatewayMetaParam = "connect.gateway_image"
// GatewayConfigVar is used as the default config.image value for connect
// gateway proxies, when they are injected in the job connect mutator.
GatewayConfigVar = "${meta." + GatewayMetaParam + "}"
// ImageFormat is the default format string used for official envoy Docker
// images with the tag being the semver of the version of envoy. Nomad fakes
// interpolation of ${NOMAD_envoy_version} by replacing it with the version
// string for envoy that Consul reports as preferred.
//
// Folks wanting to build and use custom images while still having Nomad refer
// to specific versions as preferred by Consul would set meta.connect.sidecar_image
// to something like: "custom/envoy:${NOMAD_envoy_version}".
ImageFormat = "envoyproxy/envoy:v" + VersionVar
// VersionVar will be replaced with the Envoy version string when
// used in the meta.connect.sidecar_image variable.
VersionVar = "${NOMAD_envoy_version}"
// FallbackImage is the image set in the node meta by default
// to be used by Consul Connect sidecar tasks. As of Nomad 1.0, this value
// is only used as a fallback when the version of Consul does not yet support
// dynamic envoy versions.
FallbackImage = "envoyproxy/envoy:v1.11.2@sha256:a7769160c9c1a55bb8d07a3b71ce5d64f72b1f665f10d81aa1581bc3cf850d09"
)
// PortLabel creates a consistent port label using the inputs of a prefix,
// service name, and optional suffix. The prefix should be the Kind part of
// TaskKind the envoy is being configured for.
func PortLabel(prefix, service, suffix string) string {
if suffix == "" {
return fmt.Sprintf("%s-%s", prefix, service)
}
return fmt.Sprintf("%s-%s-%s", prefix, service, suffix)
}
Reference in a new issue View git blame Copy permalink