-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
switch all client nodes in dc2 to dataplane [NET-4299] #18608
Changes from 4 commits
868b727
f13b60e
7324ad6
2972b7e
7016acb
946fa73
c6ac290
0b0b9ba
d176eda
17f6ef5
fcb531d
ee3df2a
6355264
a511e11
54424a1
cc85121
fb1cf05
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -318,13 +318,45 @@ | |
Address: node.LocalAddress(), | ||
}, | ||
} | ||
if svc.IsMeshGateway { | ||
reg.Service.Kind = api.ServiceKindMeshGateway | ||
reg.Service.Proxy = &api.AgentServiceConnectProxyConfig{ | ||
Config: map[string]interface{}{ | ||
"envoy_gateway_no_default_bind": true, | ||
"envoy_gateway_bind_tagged_addresses": true, | ||
}, | ||
MeshGateway: api.MeshGatewayConfig{ | ||
Mode: api.MeshGatewayModeLocal, | ||
}, | ||
} | ||
} | ||
if node.HasPublicAddress() { | ||
reg.TaggedAddresses = map[string]string{ | ||
"lan": node.LocalAddress(), | ||
"lan_ipv4": node.LocalAddress(), | ||
"wan": node.PublicAddress(), | ||
"wan_ipv4": node.PublicAddress(), | ||
} | ||
// TODO: not sure what the difference is between these, but with just the | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Was it being set in agentful mode? Looking at the proxy config code I would expect node tagged addresses to generally be ignored for all proxies. I think the only way to use tagged addresses for service mesh is to set the services tagged addresses like you have done here. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Compared with an agentful mgw in DC1, I see that it has both |
||
// top-level set, it appeared to not get set in either :/ | ||
reg.Service.TaggedAddresses = map[string]api.ServiceAddress{ | ||
"lan": api.ServiceAddress{ | ||
Check failure on line 343 in testing/deployer/sprawl/catalog.go GitHub Actions / lint / lint testing/deployer
|
||
Address: node.LocalAddress(), | ||
Port: svc.Port, | ||
}, | ||
"lan_ipv4": api.ServiceAddress{ | ||
Address: node.LocalAddress(), | ||
Port: svc.Port, | ||
}, | ||
"wan": api.ServiceAddress{ | ||
Address: node.PublicAddress(), | ||
Port: svc.Port, | ||
}, | ||
"wan_ipv4": api.ServiceAddress{ | ||
Address: node.PublicAddress(), | ||
Port: svc.Port, | ||
}, | ||
} | ||
} | ||
if cluster.Enterprise { | ||
reg.Partition = svc.ID.Partition | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,14 +13,14 @@ import ( | |
"github.com/hashicorp/consul/testing/deployer/topology" | ||
) | ||
|
||
func (g *Generator) generateAgentHCL(node *topology.Node) (string, error) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. these are all unrecoverable errors, so I just panic |
||
func (g *Generator) generateAgentHCL(node *topology.Node) string { | ||
if !node.IsAgent() { | ||
return "", fmt.Errorf("not an agent") | ||
panic("generateAgentHCL only applies to agents") | ||
} | ||
|
||
cluster, ok := g.topology.Clusters[node.Cluster] | ||
if !ok { | ||
return "", fmt.Errorf("no such cluster: %s", node.Cluster) | ||
panic(fmt.Sprintf("no such cluster: %s", node.Cluster)) | ||
} | ||
|
||
var b HCLBuilder | ||
|
@@ -167,7 +167,7 @@ func (g *Generator) generateAgentHCL(node *topology.Node) (string, error) { | |
} | ||
} | ||
|
||
return b.String(), nil | ||
return b.String() | ||
} | ||
|
||
type HCLBuilder struct { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TBH I don't know what these do or if they're necessary, but
consul connect envoy -mesh-gateway
set them on registration.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The no default bind one will not bind to the main service address and the bind tagged addrs one then instructs it to bind envoy listeners to all the tagged addrs instead.
You could omit the main service addr form the tagged addresses and use the combination by not specifying the no default bind attribute. Or if you are in k8s then you just bind to the services addr (pod address) and ignore all the tagged addrs.
Basically, the binding of a mgw to specific addrs and ports is very flexible and controlled by these proxy config settings.