Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new Consul fields on ConsulIngressService #16753

Closed
wants to merge 5 commits into from
Closed

Add new Consul fields on ConsulIngressService #16753

wants to merge 5 commits into from

Conversation

horaciomonsalvo
Copy link
Contributor

Description

Changes

  • Added support for ConsulIngressService configuration in nomad/structs/services.go and api/consul.go.
    • Added new fields to ConsulIngressService structs and updated their receiver functions.
      • TLS
      • RequestHeaders
      • ResponseHeaders
      • MaxConnections
      • MaxPendingRequests
      • MaxConcurrentRequests
  • Updated jobspec/parse_service.go
  • Updated command/agent/job_endpoint.go
  • Update related tests
  • Update Nomad Documentation for ConsulIngressService struct.

Testing Changes

To test these changes you need to build a Nomad binary and deploy a cluster with both Nomad and Consul agents and clients.
When you have your cluster running you can run the following job-spec:

# $ cat ig-http.nomad

job "ig-http" {

  datacenters = ["dc1"]

  group "ingress-group" {

    network {
      mode = "bridge"
      port "inbound" {
        static = 8080
        to     = 8080
      }
    }

    service {
      name = "my-ingress-service"
      port = "8080"

        connect {
            gateway {
                proxy {
                    connect_timeout = "500ms"
                }
                ingress {
                    listener {
                        port     = 8080
                        protocol = "http"
                        service {
                            name = "uuid-api"
                            hosts = ["example.com", "example.com:8080"]
                            # New Fields:
                            response_headers {
                                add {
                                    testAdd = "testAddV"
                                }
                                set {
                                    testSet = "testSetV"
                                }
                                remove = ["testRemove"]
                            }
                            request_headers {
                                add {
                                    testAdd = "testAddV"
                                }
                                set {
                                    testSet = "testSetV"
                                }
                                remove = ["testRemove"]
                            }
                            max_connections = 100
                            max_pending_requests = 100
                            max_concurrent_requests = 100
                            tls {
                                sds_config {
                                    cluster_name = "foo"
                                    cert_resource = "example.com-public-cert"
                                }
                            } 
                        }   
                    }
                }
            }
        }
    }
  }

  group "generator" {
    network {
      mode = "host"
      port "api" {}
    }

    service {
      name = "uuid-api"
      port = "${NOMAD_PORT_api}"

      connect {
        native = true
      }
    }

    task "generate" {
      driver = "docker"

      config {
        image        = "hashicorpnomad/uuid-api:v3"
        network_mode = "host"
      }

      env {
        BIND = "0.0.0.0"
        PORT = "${NOMAD_PORT_api}"
      }
    }
  }
}

Once the job is running and healthy, use Consul's API to get the terminating gateway's configuration:

curl --request GET http://127.0.0.1:8500/v1/config/ingress-gateway | json_pp

You will get the following JSON output:

[
    {
        "Kind": "ingress-gateway",
        "Name": "my-ingress-service",
        "TLS": {
            "Enabled": false
        },
        "Listeners": [
            {
                "Port": 8080,
                "Protocol": "http",
                "TLS": {
                    "Enabled": false
                },
                "Services": [
                    {
                        "Name": "uuid-api",
                        "Hosts": [
                            "example.com",
                            "example.com:8080"
                        ],
                        "TLS": {
                            "SDS": {
                                "ClusterName": "foo",
                                "CertResource": "example.com-public-cert"
                            }
                        },
                        "RequestHeaders": {
                            "Add": {
                                "testAdd": "testAddV"
                            },
                            "Set": {
                                "testSet": "testSetV"
                            },
                            "Remove": [
                                "testRemove"
                            ]
                        },
                        "ResponseHeaders": {
                            "Add": {
                                "testAdd": "testAddV"
                            },
                            "Set": {
                                "testSet": "testSetV"
                            },
                            "Remove": [
                                "testRemove"
                            ]
                        },
                        "MaxConnections": 100,
                        "MaxPendingRequests": 100,
                        "MaxConcurrentRequests": 100
                    }
                ]
            }
        ],
        "Defaults": {
            "MaxConnections": 0,
            "MaxPendingRequests": 0,
            "MaxConcurrentRequests": 0
        },
        "CreateIndex": 51,
        "ModifyIndex": 960
    }
]

Demo Video

ConsulIngressService.mp4

@tgross tgross added this to the 1.7.x milestone Oct 30, 2023
@tgross tgross self-requested a review March 20, 2024 20:58
@tgross
Copy link
Member

tgross commented Mar 20, 2024

I've pulled down this branch to rebase it on main and fix the merge conflicts, cleaned up some of the bits that aren't idiomatic Nomad code anymore, and had a first pass at improving the docs. I'll try to wrap that up later this week and I'll open a new PR with this branch once that's done.

@tgross tgross mentioned this pull request Mar 21, 2024
Merged
@tgross
Copy link
Member

tgross commented Mar 21, 2024

Closed in lieu of #20176

@tgross tgross closed this Mar 21, 2024
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Mar 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tgross tgross Awaiting requested review from tgross

Assignees
No one assigned
Labels
theme/consul
Projects
None yet
Milestone
1.7.x
Development

Successfully merging this pull request may close these issues.
2 participants
@horaciomonsalvo @tgross