Use Consul Dataplane for Terminating Gateways #1534
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
t-eckert
changed the base branch from
agentless-base
to
ashwin/agentless-ingress-gateways
t-eckert
force-pushed
the
agentless-termgw-dataplane
branch
10 times, most recently
from
a24d97e to
db41a21
Compare
t-eckert
changed the base branch from
ashwin/agentless-ingress-gateways
to
ashwin/ingress-gateways
t-eckert
force-pushed
the
agentless-termgw-dataplane
branch
9 times, most recently
from
03401b8 to
9ba968e
Compare
t-eckert
commented
Sep 28, 2022
Comment on lines
-2080
to
-2082
| serviceInstances, _, err := consulClient.Catalog().Service(consulSvcName, "", &api.QueryOptions{Namespace: ts.ConsulNS}) | ||
| defaultNS, _, err := consulClient.Catalog().Service(consulSvcName, "", &api.QueryOptions{Namespace: "default"}) | ||
| require.NoError(t, err) | ||
| require.Empty(t, serviceInstances) |
There was a problem hiding this comment.
This fixes a "loophole" where the Mesh gateway could sneak through this check if it was not deregistered and the ConsulNS was not "default".
thisisnotashwin
force-pushed
the
ashwin/ingress-gateways
branch
2 times, most recently
from
453199c to
57dfafc
Compare
Add initial support for the basic service mesh running with agentless. * Update connect-inject deployment to talk to consul servers (currently only in-cluster servers are supported; external servers support will come in a later PR) * Update endpoints controller to register and deregister services and health checks in the catalog and stop using agent APIs * Update connect-init command to take the -node-name flag so that it can search for services within a given node using catalog APIs * Add k8s probes to the envoy container * Provide -node-name flag to the consul connect envoy command so that we can generate correct configuration * Selectively disable acceptance tests that don't yet work in this configuration * Disable consul clients by default
* Register mesh-gateways using the endpoints controller. - Use consul-dataplane to configure the mesh-gateway proxy and remove envoy container. - Remove instances of client and auto-encrypt from the deployment. * Replace ioutil.ReadFile with os.ReadFile
…ager * Introduce new set of Consul flags that will be used by all consul-k8s commands * Use consul-server-connection-manager to discover servers and use up-to-date server IP every time we need to make an API request.
- Use consul-dataplane to configure the mesh-gateway proxy and remove envoy container. - Remove instances of client and auto-encrypt from the deployment.
t-eckert
force-pushed
the
agentless-termgw-dataplane
branch
from
709d2a2 to
26cfe42
Compare
t-eckert
commented
Sep 28, 2022
Comment on lines
+118
to
+150
| - name: consul-service | ||
| emptyDir: | ||
| medium: "Memory" | ||
| {{- range (default $defaults.extraVolumes .extraVolumes) }} | ||
| - name: userconfig-{{ .name }} | ||
| {{ .type }}: | ||
| {{- if (eq .type "configMap") }} | ||
| name: {{ .name }} | ||
| {{- else if (eq .type "secret") }} | ||
| secretName: {{ .name }} | ||
| {{- end }} | ||
| {{- with .items }} | ||
| items: | ||
| {{- range . }} | ||
| - key: {{.key}} | ||
| path: {{.path}} | ||
| {{- end }} | ||
| {{- end }} | ||
| {{- end }} | ||
| {{- if $root.Values.global.tls.enabled }} | ||
| {{- if not (and $root.Values.externalServers.enabled $root.Values.externalServers.useSystemRoots) }} | ||
| - name: consul-ca-cert | ||
| secret: | ||
| {{- if $root.Values.global.tls.caCert.secretName }} | ||
| secretName: {{ $root.Values.global.tls.caCert.secretName }} | ||
| {{- else }} | ||
| secretName: {{ template "consul.fullname" $root }}-ca-cert | ||
| {{- end }} | ||
| items: | ||
| - key: {{ default "tls.crt" $root.Values.global.tls.caCert.secretKey }} | ||
| path: tls.crt | ||
| {{- end }} | ||
| {{- end }} |
There was a problem hiding this comment.
Mesh and ingress had these one less indented so I just matched it.
ishustava
approved these changes
Sep 28, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes proposed in this PR:
consul-dataplaneinstead of EnvoyHow I've tested this PR:
How I expect reviewers to test this PR:
Checklist: