From 21e812914845e4fc9ecd76a0e453d8d55073ca31 Mon Sep 17 00:00:00 2001 From: Seth Hoenig Date: Thu, 20 Aug 2020 12:00:34 -0500 Subject: [PATCH 1/3] ingress-gateway: add initial demo files for ingress gateways --- ingress-gateway/ig-bridge-demo.nomad | 96 +++++++++++++++++++++++++++ ingress-gateway/ig-demo.nomad | 98 ++++++++++++++++++++++++++++ 2 files changed, 194 insertions(+) create mode 100644 ingress-gateway/ig-bridge-demo.nomad create mode 100644 ingress-gateway/ig-demo.nomad diff --git a/ingress-gateway/ig-bridge-demo.nomad b/ingress-gateway/ig-bridge-demo.nomad new file mode 100644 index 0000000..80e3ec2 --- /dev/null +++ b/ingress-gateway/ig-bridge-demo.nomad @@ -0,0 +1,96 @@ +job "ig-bridge-demo" { + + datacenters = ["dc1"] + + group "ingress-group" { + + network { + mode = "bridge" + + # This example will enable plain HTTP traffic to access the uuid-api connect + # native example service on port 8080. + port "inbound" { + static = 8080 + to = 8080 + } + } + + service { + name = "my-ingress-service" + port = "8080" + + connect { + gateway { + + // Consul gateway [envoy] proxy options. + proxy { + # The following options are automatically set by Nomad if not + # explicitly configured when using bridge networking. + # + # envoy_gateway_no_default_bind = true + # envoy_gateway_bind_addresses "uuid-api" { + # address = "0.0.0.0" + # port = + # } + # + # Additional options are documented at + # https://www.nomadproject.io/docs/job-specification/gateway#proxy-parameters + } + + // Consul Ingress Gateway Configuration Entry. + ingress { + # Nomad will automatically manage the Configuration Entry in Consul + # given the parameters in the ingress block. + # + # Additional options are documented at + # https://www.nomadproject.io/docs/job-specification/gateway#ingress-parameters + listener { + port = 8080 + protocol = "tcp" + service { + name = "uuid-api" + } + } + } + } + } + } + } + + # The UUID generator from the connect-native demo is used as an example service. + # The ingress gateway above makes access to the service possible over normal HTTP. + # For example, + # + # $ g + group "generator" { + network { + mode = "host" + port "api" { + to = -1 + } + } + + service { + name = "uuid-api" + port = "${NOMAD_PORT_api}" + + connect { + native = true + } + } + + task "generate" { + driver = "docker" + + config { + image = "hashicorpnomad/uuid-api:v3" + network_mode = "host" + } + + env { + BIND = "0.0.0.0" + PORT = "${NOMAD_PORT_api}" + } + } + } +} diff --git a/ingress-gateway/ig-demo.nomad b/ingress-gateway/ig-demo.nomad new file mode 100644 index 0000000..c841e18 --- /dev/null +++ b/ingress-gateway/ig-demo.nomad @@ -0,0 +1,98 @@ +job "ig-demo" { + + datacenters = ["dc1"] + + group "ingress-group" { + + network { + mode = "host" + + # This example will enable plain HTTP traffic to access the uuid-api connect + # native example service on port 8080. + port "inbound" { + static = 8080 + } + + # When running an ingress gateway in host networking mode, the underlying + # Envoy proxy creates an admin interface listener bound to localhost that + # requires the allocation of a port. + port "envoy" { + static = 19001 + } + } + + service { + name = "my-ingress-service" + + # The Envoy proxy admin interface listener will use the service port to + # determine its localhost bind address. + port = "envoy" + + connect { + gateway { + + // Consul gateway [envoy] proxy options. + proxy { + # Envoy proxy options are documented at + # https://www.nomadproject.io/docs/job-specification/gateway#proxy-parameters + connect_timeout = "500ms" + } + + // Consul Ingress Gateway Configuration Entry. + ingress { + # Nomad will automatically manage the Configuration Entry in Consul + # given the parameters in the ingress block. + # + # Additional options are documented at + # https://www.nomadproject.io/docs/job-specification/gateway#ingress-parameters + listener { + port = 8080 + protocol = "tcp" + service { + name = "uuid-api" + } + } + } + } + } + } + } + + # The UUID generator from the connect-native demo is used as an example service. + # The ingress gateway above makes access to the service possible over normal HTTP. + # For example, + # + # $ curl $(dig +short @127.0.0.1 -p 8600 uuid-api.ingress.dc1.consul. ANY):8080 + group "generator" { + network { + mode = "host" + port "api" { + to = -1 + } + } + + service { + name = "uuid-api" + port = "${NOMAD_PORT_api}" + + connect { + native = true + } + } + + task "generate" { + driver = "docker" + + config { + image = "hashicorpnomad/uuid-api:v3" + network_mode = "host" + } + + env { + BIND = "0.0.0.0" + PORT = "${NOMAD_PORT_api}" + } + } + } +} + From 4ed74d296b51e6885bf1282e12c66194fb742ca8 Mon Sep 17 00:00:00 2001 From: Seth Hoenig Date: Tue, 25 Aug 2020 11:23:22 -0500 Subject: [PATCH 2/3] ingress-gateway: fix comment with example dns query --- ingress-gateway/ig-bridge-demo.nomad | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ingress-gateway/ig-bridge-demo.nomad b/ingress-gateway/ig-bridge-demo.nomad index 80e3ec2..1d5d226 100644 --- a/ingress-gateway/ig-bridge-demo.nomad +++ b/ingress-gateway/ig-bridge-demo.nomad @@ -61,7 +61,7 @@ job "ig-bridge-demo" { # The ingress gateway above makes access to the service possible over normal HTTP. # For example, # - # $ g + # $ curl $(dig +short @127.0.0.1 -p 8600 uuid-api.ingress.dc1.consul. ANY):8080 group "generator" { network { mode = "host" From 394bde8060003152fcf14e3dfdc94a44daf755cb Mon Sep 17 00:00:00 2001 From: Seth Hoenig Date: Wed, 26 Aug 2020 08:51:45 -0500 Subject: [PATCH 3/3] ingress-gateway: fixup port block & comments in examples --- ingress-gateway/ig-bridge-demo.nomad | 11 ++++++----- ingress-gateway/ig-demo.nomad | 8 +++++--- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/ingress-gateway/ig-bridge-demo.nomad b/ingress-gateway/ig-bridge-demo.nomad index 1d5d226..785ef1f 100644 --- a/ingress-gateway/ig-bridge-demo.nomad +++ b/ingress-gateway/ig-bridge-demo.nomad @@ -2,6 +2,9 @@ job "ig-bridge-demo" { datacenters = ["dc1"] + # This group will have a task providing the ingress gateway automatically + # created by Nomad. The ingress gateway is based on the Envoy proxy being + # managed by the docker driver. group "ingress-group" { network { @@ -22,7 +25,7 @@ job "ig-bridge-demo" { connect { gateway { - // Consul gateway [envoy] proxy options. + # Consul gateway [envoy] proxy options. proxy { # The following options are automatically set by Nomad if not # explicitly configured when using bridge networking. @@ -37,7 +40,7 @@ job "ig-bridge-demo" { # https://www.nomadproject.io/docs/job-specification/gateway#proxy-parameters } - // Consul Ingress Gateway Configuration Entry. + # Consul Ingress Gateway Configuration Entry. ingress { # Nomad will automatically manage the Configuration Entry in Consul # given the parameters in the ingress block. @@ -65,9 +68,7 @@ job "ig-bridge-demo" { group "generator" { network { mode = "host" - port "api" { - to = -1 - } + port "api" {} } service { diff --git a/ingress-gateway/ig-demo.nomad b/ingress-gateway/ig-demo.nomad index c841e18..1549549 100644 --- a/ingress-gateway/ig-demo.nomad +++ b/ingress-gateway/ig-demo.nomad @@ -2,6 +2,9 @@ job "ig-demo" { datacenters = ["dc1"] + # This group will have a task providing the ingress gateway automatically + # created by Nomad. The ingress gateway is based on the Envoy proxy being + # managed by the docker driver. group "ingress-group" { network { @@ -31,14 +34,14 @@ job "ig-demo" { connect { gateway { - // Consul gateway [envoy] proxy options. + # Consul gateway [envoy] proxy options. proxy { # Envoy proxy options are documented at # https://www.nomadproject.io/docs/job-specification/gateway#proxy-parameters connect_timeout = "500ms" } - // Consul Ingress Gateway Configuration Entry. + # Consul Ingress Gateway Configuration Entry. ingress { # Nomad will automatically manage the Configuration Entry in Consul # given the parameters in the ingress block. @@ -95,4 +98,3 @@ job "ig-demo" { } } } -