luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/client/allocrunner/taskrunner
History
Seth Hoenig 8b05efcf88 consul/connect: Add support for Connect terminating gateways 
This PR implements Nomad built-in support for running Consul Connect
terminating gateways. Such a gateway can be used by services running
inside the service mesh to access "legacy" services running outside
the service mesh while still making use of Consul's service identity
based networking and ACL policies.

https://www.consul.io/docs/connect/gateways/terminating-gateway

These gateways are declared as part of a task group level service
definition within the connect stanza.

service {
  connect {
    gateway {
      proxy {
        // envoy proxy configuration
      }
      terminating {
        // terminating-gateway configuration entry
      }
    }
  }
}

Currently Envoy is the only supported gateway implementation in
Consul. The gateay task can be customized by configuring the
connect.sidecar_task block.

When the gateway.terminating field is set, Nomad will write/update
the Configuration Entry into Consul on job submission. Because CEs
are global in scope and there may be more than one Nomad cluster
communicating with Consul, there is an assumption that any terminating
gateway defined in Nomad for a particular service will be the same
among Nomad clusters.

Gateways require Consul 1.8.0+, checked by a node constraint.

Closes #9445
2021-01-25 10:36:04 -06:00
..
getter update template and artifact interpolation to use client-relative paths 2021-01-04 22:25:34 +00:00
interfaces template: trigger change_mode for dynamic secrets on restore (#9636) 2020-12-16 13:36:19 -05:00
restarts lifecycle: add poststop hook (#8194) 2020-11-12 08:01:42 -08:00
state client: test logmon cleanup 2019-03-04 13:15:15 -08:00
template Fix some errcheck errors (#9811) 2021-01-14 12:46:35 -08:00
testdata executor/linux: make chroot binary paths absolute 2019-04-01 15:45:31 -07:00
artifact_hook.go update template and artifact interpolation to use client-relative paths 2021-01-04 22:25:34 +00:00
artifact_hook_test.go update template and artifact interpolation to use client-relative paths 2021-01-04 22:25:34 +00:00
connect_native_hook.go consul/connect: add support for bridge networks with connect native tasks 2020-07-29 09:26:01 -05:00
connect_native_hook_test.go consul/connect: fixup tests to use new consul sdk 2020-08-24 12:02:41 -05:00
device_hook.go Store device envs separately and pass to drivers 2018-12-19 14:23:09 -08:00
device_hook_test.go
dispatch_hook.go client/state: support upgrading from 0.8->0.9 2018-12-19 10:39:27 -08:00
dispatch_hook_test.go use drivers.FSIsolation 2019-01-08 09:11:47 -05:00
driver_handle.go implement client endpoint of nomad exec 2019-05-09 16:49:08 -04:00
envoy_bootstrap_hook.go consul/connect: Add support for Connect terminating gateways 2021-01-25 10:36:04 -06:00
envoy_bootstrap_hook_test.go consul/connect: ensure proxyID in test case 2021-01-20 09:48:12 -06:00
envoy_version_hook.go consul/connect: fix regression where client connect images ignored 2020-12-14 09:47:55 -06:00
envoy_version_hook_test.go update template and artifact interpolation to use client-relative paths 2021-01-04 22:25:34 +00:00
errors.go client: artifact errors are retry-able 2019-02-20 07:21:27 -08:00
errors_test.go client: artifact errors are retry-able 2019-02-20 07:21:27 -08:00
lazy_handle.go executor: implement streaming stats API 2019-01-12 12:18:22 -05:00
lifecycle.go template: trigger change_mode for dynamic secrets on restore (#9636) 2020-12-16 13:36:19 -05:00
logmon_hook.go address review comments 2019-12-13 11:21:00 -05:00
logmon_hook_test.go driver: allow disabling log collection 2019-12-08 14:15:03 -05:00
logmon_hook_unix_test.go driver: allow disabling log collection 2019-12-08 14:15:03 -05:00
plugin_supervisor_hook.go Add gosimple linter (#9590) 2020-12-09 11:05:18 -08:00
script_check_hook.go consul: fix validation of task in group-level script-checks 2020-09-28 15:02:59 -05:00
script_check_hook_test.go consul: fix validation of task in group-level script-checks 2020-09-28 15:02:59 -05:00
service_hook.go Consul with CNI and host_network addresses (#9095) 2020-10-15 15:32:21 -04:00
service_hook_test.go tr/service_hook: reset initialized flag during deregister 2020-04-06 16:05:36 -04:00
sids_hook.go client: PR cleanup - improved logging around kill task in SIDS hook 2020-01-31 19:05:23 -06:00
sids_hook_test.go tests: set consul token for nomad client for testing SIDS TR hook 2020-01-31 19:06:15 -06:00
stats_hook.go tests: deflake TestTaskRunner_StatsHook_Periodic (#9734) 2021-01-06 16:03:00 -05:00
stats_hook_test.go tests: deflake TestTaskRunner_StatsHook_Periodic (#9734) 2021-01-06 16:03:00 -05:00
task_dir_hook.go update template and artifact interpolation to use client-relative paths 2021-01-04 22:25:34 +00:00
task_runner.go lifecycle: add poststop hook (#8194) 2020-11-12 08:01:42 -08:00
task_runner_getters.go lifecycle: add poststop hook (#8194) 2020-11-12 08:01:42 -08:00
task_runner_hooks.go consul: always include task services hook 2021-01-05 08:47:19 -06:00
task_runner_test.go tests: restart restartpolicy for all tasks in tests 2020-03-24 21:52:48 -04:00
tasklet.go comments: cleanup some leftover debug comments and such 2020-01-31 19:04:35 -06:00
tasklet_test.go support script checks for task group services (#6197) 2019-09-03 15:09:04 -04:00
template_hook.go oss compoments for multi-vault namespaces 2020-07-24 10:14:59 -04:00
validate_hook.go s/0.13/1.0/g 2020-10-14 15:17:47 -07:00
validate_hook_test.go
vault_hook.go emit TaskRestartSignal event on vault restart 2019-02-22 15:56:14 -05:00
vault_hook_test.go
volume_hook.go volumes: return better error messages for unsupported task drivers (#8030) 2020-05-21 09:18:02 -04:00
volume_hook_test.go volumes: return better error messages for unsupported task drivers (#8030) 2020-05-21 09:18:02 -04:00