Skip to content

Commit

Permalink
Merge branch 'master' into b-ui/topo-viz-accounting
Browse files Browse the repository at this point in the history
  • Loading branch information
backspace committed Jan 28, 2021
2 parents d3dd3f5 + 5bbe53f commit 73be2c3
Show file tree
Hide file tree
Showing 81 changed files with 2,525 additions and 586 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/ember-test-audit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ jobs:
comparison-identifier: ${{ github.event.pull_request.head.sha }}
timing-output-path: audit-diff.md
flakiness-output-path: flakiness-report.md
- uses: marocchino/sticky-pull-request-comment@33a6cfb
- uses: marocchino/sticky-pull-request-comment@v2.0.0
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
path: audit-diff.md
Expand All @@ -77,7 +77,7 @@ jobs:
files: "flakiness-report.md"
- name: comment PR
if: steps.check_file.outputs.files_exists == 'true'
uses: machine-learning-apps/pr-comment@v1
uses: machine-learning-apps/pr-comment@1.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
4 changes: 3 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
## 1.0.3 (Unreleased)

FEATURES:
* **Terminating Gateways**: Adds built-in support for running Consul Connect terminating gateways [[GH-9829](https://github.com/hashicorp/nomad/pull/9829)]

IMPROVEMENTS:
* consul/connect: Made handling of sidecar task container image URLs consistent with the `docker` task driver. [[GH-9580](https://github.com/hashicorp/nomad/issues/9580)]

BUG FIXES:

* consul: Fixed a bug where failing tasks with group services would only cause the allocation to restart once instead of respecting the `restart` field. [[GH-9869](https://github.com/hashicorp/nomad/issues/9869)]
* consul/connect: Fixed a bug where gateway proxy connection default timeout not set [[GH-9851](https://github.com/hashicorp/nomad/pull/9851)]
* consul/connect: Fixed a bug preventing more than one connect gateway per Nomad client [[GH-9849](https://github.com/hashicorp/nomad/pull/9849)]
Expand Down
10 changes: 10 additions & 0 deletions api/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,8 @@ type Config struct {
//
// TLSConfig is ignored if HttpClient is set.
TLSConfig *TLSConfig

Headers http.Header
}

// ClientConfig copies the configuration with a new client address, region, and
Expand Down Expand Up @@ -527,6 +529,7 @@ type request struct {
body io.Reader
obj interface{}
ctx context.Context
header http.Header
}

// setQueryOptions is used to annotate the request with
Expand Down Expand Up @@ -612,6 +615,8 @@ func (r *request) toHTTP() (*http.Request, error) {
return nil, err
}

req.Header = r.header

// Optionally configure HTTP basic authentication
if r.url.User != nil {
username := r.url.User.Username()
Expand Down Expand Up @@ -649,6 +654,7 @@ func (c *Client) newRequest(method, path string) (*request, error) {
Path: u.Path,
RawPath: u.RawPath,
},
header: make(http.Header),
params: make(map[string][]string),
}
if c.config.Region != "" {
Expand All @@ -671,6 +677,10 @@ func (c *Client) newRequest(method, path string) (*request, error) {
}
}

if c.config.Headers != nil {
r.header = c.config.Headers
}

return r, nil
}

Expand Down
16 changes: 16 additions & 0 deletions api/api_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,22 @@ func TestParseWriteMeta(t *testing.T) {
}
}

func TestClientHeader(t *testing.T) {
t.Parallel()
c, s := makeClient(t, func(c *Config) {
c.Headers = http.Header{
"Hello": []string{"World"},
}
}, nil)
defer s.Stop()

r, _ := c.newRequest("GET", "/v1/jobs")

if r.header.Get("Hello") != "World" {
t.Fatalf("bad: %v", r.header)
}
}

func TestQueryString(t *testing.T) {
t.Parallel()
c, s := makeClient(t, nil, nil)
Expand Down
87 changes: 78 additions & 9 deletions api/services.go
Original file line number Diff line number Diff line change
Expand Up @@ -302,8 +302,8 @@ type ConsulGateway struct {
// Ingress represents the Consul Configuration Entry for an Ingress Gateway.
Ingress *ConsulIngressConfigEntry `hcl:"ingress,block"`

// Terminating is not yet supported.
// Terminating *ConsulTerminatingConfigEntry
// Terminating represents the Consul Configuration Entry for a Terminating Gateway.
Terminating *ConsulTerminatingConfigEntry `hcl:"terminating,block"`

// Mesh is not yet supported.
// Mesh *ConsulMeshConfigEntry
Expand All @@ -315,6 +315,7 @@ func (g *ConsulGateway) Canonicalize() {
}
g.Proxy.Canonicalize()
g.Ingress.Canonicalize()
g.Terminating.Canonicalize()
}

func (g *ConsulGateway) Copy() *ConsulGateway {
Expand All @@ -323,8 +324,9 @@ func (g *ConsulGateway) Copy() *ConsulGateway {
}

return &ConsulGateway{
Proxy: g.Proxy.Copy(),
Ingress: g.Ingress.Copy(),
Proxy: g.Proxy.Copy(),
Ingress: g.Ingress.Copy(),
Terminating: g.Terminating.Copy(),
}
}

Expand All @@ -335,8 +337,8 @@ type ConsulGatewayBindAddress struct {
}

var (
// defaultConnectTimeout is the default amount of time a connect gateway will
// wait for a response from an upstream service (same as consul)
// defaultGatewayConnectTimeout is the default amount of time connections to
// upstreams are allowed before timing out.
defaultGatewayConnectTimeout = 5 * time.Second
)

Expand All @@ -349,6 +351,7 @@ type ConsulGatewayProxy struct {
EnvoyGatewayBindTaggedAddresses bool `mapstructure:"envoy_gateway_bind_tagged_addresses" hcl:"envoy_gateway_bind_tagged_addresses,optional"`
EnvoyGatewayBindAddresses map[string]*ConsulGatewayBindAddress `mapstructure:"envoy_gateway_bind_addresses" hcl:"envoy_gateway_bind_addresses,block"`
EnvoyGatewayNoDefaultBind bool `mapstructure:"envoy_gateway_no_default_bind" hcl:"envoy_gateway_no_default_bind,optional"`
EnvoyDNSDiscoveryType string `mapstructure:"envoy_dns_discovery_type" hcl:"envoy_dns_discovery_type,optional"`
Config map[string]interface{} `hcl:"config,block"` // escape hatch envoy config
}

Expand Down Expand Up @@ -397,6 +400,7 @@ func (p *ConsulGatewayProxy) Copy() *ConsulGatewayProxy {
EnvoyGatewayBindTaggedAddresses: p.EnvoyGatewayBindTaggedAddresses,
EnvoyGatewayBindAddresses: binds,
EnvoyGatewayNoDefaultBind: p.EnvoyGatewayNoDefaultBind,
EnvoyDNSDiscoveryType: p.EnvoyDNSDiscoveryType,
Config: config,
}
}
Expand Down Expand Up @@ -549,9 +553,74 @@ func (e *ConsulIngressConfigEntry) Copy() *ConsulIngressConfigEntry {
}
}

// ConsulTerminatingConfigEntry is not yet supported.
// type ConsulTerminatingConfigEntry struct {
// }
type ConsulLinkedService struct {
Name string `hcl:"name,optional"`
CAFile string `hcl:"ca_file,optional"`
CertFile string `hcl:"cert_file,optional"`
KeyFile string `hcl:"key_file,optional"`
SNI string `hcl:"sni,optional"`
}

func (s *ConsulLinkedService) Canonicalize() {
// nothing to do for now
}

func (s *ConsulLinkedService) Copy() *ConsulLinkedService {
if s == nil {
return nil
}

return &ConsulLinkedService{
Name: s.Name,
CAFile: s.CAFile,
CertFile: s.CertFile,
KeyFile: s.KeyFile,
SNI: s.SNI,
}
}

// ConsulTerminatingConfigEntry represents the Consul Configuration Entry type
// for a Terminating Gateway.
//
// https://www.consul.io/docs/agent/config-entries/terminating-gateway#available-fields
type ConsulTerminatingConfigEntry struct {
// Namespace is not yet supported.
// Namespace string

Services []*ConsulLinkedService `hcl:"service,block"`
}

func (e *ConsulTerminatingConfigEntry) Canonicalize() {
if e == nil {
return
}

if len(e.Services) == 0 {
e.Services = nil
}

for _, service := range e.Services {
service.Canonicalize()
}
}

func (e *ConsulTerminatingConfigEntry) Copy() *ConsulTerminatingConfigEntry {
if e == nil {
return nil
}

var services []*ConsulLinkedService = nil
if n := len(e.Services); n > 0 {
services = make([]*ConsulLinkedService, n)
for i := 0; i < n; i++ {
services[i] = e.Services[i].Copy()
}
}

return &ConsulTerminatingConfigEntry{
Services: services,
}
}

// ConsulMeshConfigEntry is not yet supported.
// type ConsulMeshConfigEntry struct {
Expand Down
53 changes: 53 additions & 0 deletions api/services_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -291,7 +291,10 @@ func TestService_ConsulGateway_Canonicalize(t *testing.T) {
}
cg.Canonicalize()
require.Equal(t, timeToPtr(5*time.Second), cg.Proxy.ConnectTimeout)
require.True(t, cg.Proxy.EnvoyGatewayBindTaggedAddresses)
require.Nil(t, cg.Proxy.EnvoyGatewayBindAddresses)
require.True(t, cg.Proxy.EnvoyGatewayNoDefaultBind)
require.Empty(t, cg.Proxy.EnvoyDNSDiscoveryType)
require.Nil(t, cg.Proxy.Config)
require.Nil(t, cg.Ingress.Listeners)
})
Expand All @@ -314,6 +317,7 @@ func TestService_ConsulGateway_Copy(t *testing.T) {
"listener2": {Address: "10.0.0.1", Port: 2001},
},
EnvoyGatewayNoDefaultBind: true,
EnvoyDNSDiscoveryType: "STRICT_DNS",
Config: map[string]interface{}{
"foo": "bar",
"baz": 3,
Expand All @@ -334,6 +338,11 @@ func TestService_ConsulGateway_Copy(t *testing.T) {
}},
},
},
Terminating: &ConsulTerminatingConfigEntry{
Services: []*ConsulLinkedService{{
Name: "linked-service1",
}},
},
}

t.Run("complete", func(t *testing.T) {
Expand Down Expand Up @@ -418,3 +427,47 @@ func TestService_ConsulIngressConfigEntry_Copy(t *testing.T) {
require.Equal(t, entry, result)
})
}

func TestService_ConsulTerminatingConfigEntry_Canonicalize(t *testing.T) {
t.Parallel()

t.Run("nil", func(t *testing.T) {
c := (*ConsulTerminatingConfigEntry)(nil)
c.Canonicalize()
require.Nil(t, c)
})

t.Run("empty services", func(t *testing.T) {
c := &ConsulTerminatingConfigEntry{
Services: []*ConsulLinkedService{},
}
c.Canonicalize()
require.Nil(t, c.Services)
})
}

func TestService_ConsulTerminatingConfigEntry_Copy(t *testing.T) {
t.Parallel()

t.Run("nil", func(t *testing.T) {
result := (*ConsulIngressConfigEntry)(nil).Copy()
require.Nil(t, result)
})

entry := &ConsulTerminatingConfigEntry{
Services: []*ConsulLinkedService{{
Name: "servic1",
}, {
Name: "service2",
CAFile: "ca_file.pem",
CertFile: "cert_file.pem",
KeyFile: "key_file.pem",
SNI: "sni.terminating.consul",
}},
}

t.Run("complete", func(t *testing.T) {
result := entry.Copy()
require.Equal(t, entry, result)
})
}
23 changes: 14 additions & 9 deletions client/allocrunner/taskrunner/envoy_bootstrap_hook.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,13 +110,16 @@ func (envoyBootstrapHook) Name() string {
return envoyBootstrapHookName
}

func isConnectKind(kind string) bool {
kinds := []string{structs.ConnectProxyPrefix, structs.ConnectIngressPrefix, structs.ConnectTerminatingPrefix}
return helper.SliceStringContains(kinds, kind)
}

func (_ *envoyBootstrapHook) extractNameAndKind(kind structs.TaskKind) (string, string, error) {
serviceKind := kind.Name()
serviceName := kind.Value()
serviceKind := kind.Name()

switch serviceKind {
case structs.ConnectProxyPrefix, structs.ConnectIngressPrefix:
default:
if !isConnectKind(serviceKind) {
return "", "", errors.New("envoy must be used as connect sidecar or gateway")
}

Expand Down Expand Up @@ -350,13 +353,15 @@ func (h *envoyBootstrapHook) newEnvoyBootstrapArgs(
proxyID string // gateway only
)

if service.Connect.HasSidecar() {
switch {
case service.Connect.HasSidecar():
sidecarForID = h.proxyServiceID(group, service)
}

if service.Connect.IsGateway() {
gateway = "ingress" // more types in the future
case service.Connect.IsIngress():
proxyID = h.proxyServiceID(group, service)
gateway = "ingress"
case service.Connect.IsTerminating():
proxyID = h.proxyServiceID(group, service)
gateway = "terminating"
}

h.logger.Debug("bootstrapping envoy",
Expand Down
Loading

0 comments on commit 73be2c3

Please sign in to comment.