diff --git a/modules/cloud-config-container/envoy-traffic-director/README.md b/modules/cloud-config-container/envoy-traffic-director/README.md
index c18df6e445..a37e60810a 100644
--- a/modules/cloud-config-container/envoy-traffic-director/README.md
+++ b/modules/cloud-config-container/envoy-traffic-director/README.md
@@ -20,7 +20,7 @@ module "cos-envoy-td" {
module "vm-cos" {
source = "./modules/compute-vm"
project_id = local.project_id
- region = local.region
+ zone = local.zone
name = "cos-envoy-td"
network_interfaces = [{
network = local.vpc.self_link,
@@ -28,7 +28,6 @@ module "vm-cos" {
nat = false,
addresses = null
}]
- instance_count = 1
tags = ["ssh", "http"]
metadata = {
@@ -51,7 +50,7 @@ module "vm-cos" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [docker_logging](variables.tf#L23) | Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead. | bool | | true |
-| [envoy_image](variables.tf#L17) | Envoy Proxy container image to use. | string | | "envoyproxy/envoy:v1.14.1" |
+| [envoy_image](variables.tf#L17) | Envoy Proxy container image to use. | string | | "envoyproxy/envoy:v1.15.5" |
## Outputs
diff --git a/modules/cloud-config-container/envoy-traffic-director/files/customize.sh b/modules/cloud-config-container/envoy-traffic-director/files/customize.sh
index 85c8746ea0..eb9ae82d51 100644
--- a/modules/cloud-config-container/envoy-traffic-director/files/customize.sh
+++ b/modules/cloud-config-container/envoy-traffic-director/files/customize.sh
@@ -13,11 +13,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-ENVOY_NODE_ID=$(uuidgen)~$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/ip)
+ENVOY_NODE_ID=$(uuidgen)
ENVOY_ZONE=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/zone | cut -f 4 -d '/')
CONFIG_PROJECT_NUMBER=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/network | cut -f 2 -d '/')
VPC_NETWORK_NAME=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/network | cut -f 4 -d '/')
-sed -i "s/_ENVOY_NODE_ID_/${ENVOY_NODE_ID}/" /etc/envoy/envoy.yaml
-sed -i "s/_ENVOY_ZONE_/${ENVOY_ZONE}/" /etc/envoy/envoy.yaml
-sed -i "s/_CONFIG_PROJECT_NUMBER_/${CONFIG_PROJECT_NUMBER}/" /etc/envoy/envoy.yaml
-sed -i "s/_VPC_NETWORK_NAME_/${VPC_NETWORK_NAME}/" /etc/envoy/envoy.yaml
+sed -i "s/ENVOY_NODE_ID/${ENVOY_NODE_ID}/" /etc/envoy/envoy.yaml
+sed -i "s/ENVOY_ZONE/${ENVOY_ZONE}/" /etc/envoy/envoy.yaml
+sed -i "s/CONFIG_PROJECT_NUMBER/${CONFIG_PROJECT_NUMBER}/" /etc/envoy/envoy.yaml
+sed -i "s/VPC_NETWORK_NAME/${VPC_NETWORK_NAME}/" /etc/envoy/envoy.yaml
diff --git a/modules/cloud-config-container/envoy-traffic-director/files/envoy.yaml b/modules/cloud-config-container/envoy-traffic-director/files/envoy.yaml
index 2be4ef3c52..d9a14623db 100644
--- a/modules/cloud-config-container/envoy-traffic-director/files/envoy.yaml
+++ b/modules/cloud-config-container/envoy-traffic-director/files/envoy.yaml
@@ -13,47 +13,68 @@
# limitations under the License.
node:
- id: "_ENVOY_NODE_ID_"
+ # The id must be in the following format: projects//networks//nodes/
+ id: "projects/CONFIG_PROJECT_NUMBER/networks/VPC_NETWORK_NAME/nodes/ENVOY_NODE_ID"
cluster: cluster # unused
locality:
- zone: "_ENVOY_ZONE_"
+ zone: "ENVOY_ZONE"
metadata:
TRAFFICDIRECTOR_INTERCEPTION_PORT: "15001"
- TRAFFICDIRECTOR_NETWORK_NAME: "_VPC_NETWORK_NAME_"
- TRAFFICDIRECTOR_GCP_PROJECT_NUMBER: "_CONFIG_PROJECT_NUMBER_"
TRAFFICDIRECTOR_ENABLE_TRACING: "false"
TRAFFICDIRECTOR_ACCESS_LOG_PATH: ""
TRAFFICDIRECTOR_INBOUND_BACKEND_PORTS: ""
dynamic_resources:
- lds_config: { ads: {} }
- cds_config: { ads: {} }
+ lds_config:
+ ads: {}
+ resource_api_version: V3
+ cds_config:
+ ads: {}
+ resource_api_version: V3
ads_config:
api_type: GRPC
+ transport_api_version: V3
grpc_services:
- - google_grpc:
- target_uri: trafficdirector.googleapis.com:443
- stat_prefix: trafficdirector
- channel_credentials:
- ssl_credentials:
- root_certs:
- filename: /etc/ssl/certs/ca-certificates.crt
- call_credentials:
- google_compute_engine: {}
+ - google_grpc:
+ target_uri: trafficdirector.googleapis.com:443
+ stat_prefix: trafficdirector
+ channel_credentials:
+ ssl_credentials:
+ root_certs:
+ filename: /etc/ssl/certs/ca-certificates.crt
+ call_credentials:
+ google_compute_engine: {}
+ channel_args:
+ args:
+ grpc.http2.max_pings_without_data:
+ int_value: 0
+ grpc.keepalive_time_ms:
+ int_value: 10000
+ grpc.keepalive_timeout_ms:
+ int_value: 20000
cluster_manager:
load_stats_config:
api_type: GRPC
+ transport_api_version: V3
grpc_services:
- - google_grpc:
- target_uri: trafficdirector.googleapis.com:443
- stat_prefix: trafficdirector
- channel_credentials:
- ssl_credentials:
- root_certs:
- filename: /etc/ssl/certs/ca-certificates.crt
- call_credentials:
- google_compute_engine: {}
+ - google_grpc:
+ target_uri: trafficdirector.googleapis.com:443
+ stat_prefix: trafficdirector
+ channel_credentials:
+ ssl_credentials:
+ root_certs:
+ filename: /etc/ssl/certs/ca-certificates.crt
+ call_credentials:
+ google_compute_engine: {}
+ channel_args:
+ args:
+ grpc.http2.max_pings_without_data:
+ int_value: 0
+ grpc.keepalive_time_ms:
+ int_value: 10000
+ grpc.keepalive_timeout_ms:
+ int_value: 20000
admin:
access_log_path: /dev/stdout
@@ -66,89 +87,15 @@ tracing:
http:
name: envoy.tracers.opencensus
typed_config:
- "@type": type.googleapis.com/envoy.config.trace.v2.OpenCensusConfig
+ "@type": type.googleapis.com/envoy.config.trace.v3.OpenCensusConfig
stackdriver_exporter_enabled: "false"
stackdriver_project_id: ""
layered_runtime:
layers:
- - name: rtds_layer
- rtds_layer:
- name: traffic_director_runtime
- rtds_config: { ads: {} }
- - name: static_layer
- static_layer:
- envoy:
- deprecated_features:
- cluster:
- proto:ORIGINAL_DST_LB: "true"
- proto:extension_protocol_options: "true"
- proto:tls_context: "true"
- health_check:
- proto:use_http2: "true"
- http_connection_manager:
- proto:operation_name: "true"
- listener:
- proto:tls_context: "true"
- listener_components:
- proto:config: "true"
- route_components:
- proto:allow_origin: "true"
- proto:method: "true"
- proto:pattern: "true"
- proto:regex: "true"
- proto:regex_match: "true"
- proto:value: "true"
- string:
- proto:regex: "true"
- trace:
- proto:HTTP_JSON_V1: "true"
- deprecated_features:envoy:
- api:
- v2:
- Cluster:
- LbPolicy:
- ORIGINAL_DST_LB: "true"
- extension_protocol_options: "true"
- tls_context: "true"
- Listener:
- tls_context: "true"
- core:
- HealthCheck:
- HttpHealthCheck:
- use_http2: "true"
- listener:
- Filter:
- config: "true"
- ListenerFilter:
- config: "true"
- route:
- CorsPolicy:
- allow_origin: "true"
- HeaderMatcher:
- regex_match: "true"
- QueryParameterMatcher:
- regex: "true"
- value: "true"
- RouteMatch:
- regex: "true"
- VirtualCluster:
- method: "true"
- pattern: "true"
- config:
- filter:
- network:
- http_connection_manager:
- v2:
- HttpConnectionManager:
- Tracing:
- operation_name: "true"
- trace:
- v2:
- ZipkinConfig:
- CollectorEndpointVersion:
- HTTP_JSON_V1: "true"
- type:
- matcher:
- StringMatcher:
- regex: "true"
+ - name: rtds_layer
+ rtds_layer:
+ name: traffic_director_runtime
+ rtds_config:
+ ads: {}
+ resource_api_version: V3
diff --git a/modules/cloud-config-container/envoy-traffic-director/variables.tf b/modules/cloud-config-container/envoy-traffic-director/variables.tf
index 8135a48a1e..7c97585de8 100644
--- a/modules/cloud-config-container/envoy-traffic-director/variables.tf
+++ b/modules/cloud-config-container/envoy-traffic-director/variables.tf
@@ -17,7 +17,7 @@
variable "envoy_image" {
description = "Envoy Proxy container image to use."
type = string
- default = "envoyproxy/envoy:v1.14.1"
+ default = "envoyproxy/envoy:v1.15.5"
}
variable "docker_logging" {