open-nomad/client/allocrunner
Seth Hoenig 8b05efcf88 consul/connect: Add support for Connect terminating gateways
This PR implements Nomad built-in support for running Consul Connect
terminating gateways. Such a gateway can be used by services running
inside the service mesh to access "legacy" services running outside
the service mesh while still making use of Consul's service identity
based networking and ACL policies.

https://www.consul.io/docs/connect/gateways/terminating-gateway

These gateways are declared as part of a task group level service
definition within the connect stanza.

service {
  connect {
    gateway {
      proxy {
        // envoy proxy configuration
      }
      terminating {
        // terminating-gateway configuration entry
      }
    }
  }
}

Currently Envoy is the only supported gateway implementation in
Consul. The gateay task can be customized by configuring the
connect.sidecar_task block.

When the gateway.terminating field is set, Nomad will write/update
the Configuration Entry into Consul on job submission. Because CEs
are global in scope and there may be more than one Nomad cluster
communicating with Consul, there is an assumption that any terminating
gateway defined in Nomad for a particular service will be the same
among Nomad clusters.

Gateways require Consul 1.8.0+, checked by a node constraint.

Closes #9445
2021-01-25 10:36:04 -06:00
..
interfaces implement alloc runner task restart hook 2021-01-22 10:55:40 -05:00
state client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
taskrunner consul/connect: Add support for Connect terminating gateways 2021-01-25 10:36:04 -06:00
alloc_runner.go implement alloc runner task restart hook 2021-01-22 10:55:40 -05:00
alloc_runner_hooks.go implement alloc runner task restart hook 2021-01-22 10:55:40 -05:00
alloc_runner_test.go lifecycle: add poststop hook (#8194) 2020-11-12 08:01:42 -08:00
alloc_runner_unix_test.go tests: restart restartpolicy for all tasks in tests 2020-03-24 21:52:48 -04:00
allocdir_hook.go client: cleanup and document context uses 2019-03-12 15:03:54 -07:00
config.go consul/connect: dynamically select envoy sidecar at runtime 2020-10-13 09:14:12 -05:00
consul_grpc_sock_hook.go consul/connect: add initial support for ingress gateways 2020-08-21 16:21:54 -05:00
consul_grpc_sock_hook_test.go consul/connect: add support for bridge networks with connect native tasks 2020-07-29 09:26:01 -05:00
consul_http_sock_hook.go consul/connect: fixup some spelling, comments, consts 2020-07-29 09:26:01 -05:00
consul_http_sock_hook_test.go consul/connect: add support for bridge networks with connect native tasks 2020-07-29 09:26:01 -05:00
csi_hook.go csi: Postrun hook should not change mode (#9323) 2020-11-11 13:06:30 -05:00
groupservice_hook.go implement alloc runner task restart hook 2021-01-22 10:55:40 -05:00
groupservice_hook_test.go implement alloc runner task restart hook 2021-01-22 10:55:40 -05:00
health_hook.go Add gosimple linter (#9590) 2020-12-09 11:05:18 -08:00
health_hook_test.go health: fail health if any task is pending 2020-03-22 11:13:41 -04:00
migrate_hook.go client: cleanup and document context uses 2019-03-12 15:03:54 -07:00
network_hook.go client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
network_hook_test.go client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
network_manager_linux.go safely handle existing net namespace in default network manager 2021-01-11 11:31:03 -05:00
network_manager_linux_test.go ar: rearrange network hook to support building on windows 2019-07-31 01:03:19 -04:00
network_manager_nonlinux.go ar: refactor network bridge config to use go-cni lib (#6255) 2019-09-04 16:33:25 -04:00
networking.go client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
networking_bridge_linux.go client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
networking_cni.go cni: prevent NPE if no interface has sandbox field set 2020-12-16 10:36:03 -05:00
task_hook_coordinator.go lifecycle: add poststop hook (#8194) 2020-11-12 08:01:42 -08:00
task_hook_coordinator_test.go test: add allocrunner test for poststart hooks 2020-08-12 09:54:14 -07:00
testing.go client: enable nomad client to request and set SI tokens for tasks 2020-01-31 19:03:38 -06:00
upstream_allocs_hook.go client: cleanup and document context uses 2019-03-12 15:03:54 -07:00
util.go