Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom Connect Sidecar Checks #10524

Closed
wants to merge 8 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions api/services.go
Original file line number Diff line number Diff line change
Expand Up @@ -189,9 +189,10 @@ func (cc *ConsulConnect) Canonicalize() {
// ConsulSidecarService represents a Consul Connect SidecarService jobspec
// stanza.
type ConsulSidecarService struct {
Tags []string `hcl:"tags,optional"`
Port string `hcl:"port,optional"`
Proxy *ConsulProxy `hcl:"proxy,block"`
Tags []string `hcl:"tags,optional"`
Port string `hcl:"port,optional"`
Proxy *ConsulProxy `hcl:"proxy,block"`
Checks []ServiceCheck `hcl:"check,block"`
}

func (css *ConsulSidecarService) Canonicalize() {
Expand Down
29 changes: 22 additions & 7 deletions command/agent/consul/connect.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,12 +105,9 @@ func connectSidecarRegistration(serviceId string, css *structs.ConsulSidecarServ
return nil, err
}

return &api.AgentServiceRegistration{
Tags: helper.CopySliceString(css.Tags),
Port: cMapping.Value,
Address: cMapping.HostIP,
Proxy: proxy,
Checks: api.AgentServiceChecks{
var checks []*api.AgentServiceCheck
if len(css.Checks) == 0 {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With this change, there is no way to actually disable sidecar checks. The job author must specify a check or we insert the default TCP ones. This seems a bit reasonable.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is also the only option if registering with Consul directly; this approach is just following suite

checks = api.AgentServiceChecks{
{
Name: "Connect Sidecar Listening",
TCP: net.JoinHostPort(cMapping.HostIP, strconv.Itoa(cMapping.Value)),
Expand All @@ -120,7 +117,25 @@ func connectSidecarRegistration(serviceId string, css *structs.ConsulSidecarServ
Name: "Connect Sidecar Aliasing " + serviceId,
AliasService: serviceId,
},
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unclear what the value of this Aliasing service id - do we need to insert it even when checks are overriden?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The alias basically means "if you request health for service X, send the request to me instead" - which is useful for connect, where requests must go through the sidecar proxy. I think yes, this should always be there

},
}
} else {
checks = make([]*api.AgentServiceCheck, len(css.Checks))
for i, c := range css.Checks {
check, err := createCheckReg(serviceId, "", c, cMapping.HostIP, cMapping.Value, "")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if I'm doing this correctly, and what host/port should be used. When I tried, I can successfully set a custom TCP check; but cannot seem to get an HTTP to pass. The default envoyproxy seems to reject HTTP connection?!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I sort of imagined being able to create checks that somehow made use of NOMAD_ENVOY_ADMIN_ADDR_<service>, where envoy provides some default paths one might query https://www.envoyproxy.io/docs/envoy/latest/operations/admin to represent the envoy's health.

The only way that will work is if the Consul agent is able to make a connection to that ip:port, which is going to be 127.0.0.1:1900x inside the network namespace - which means Nomad would need to inject a new dynamic port mapping to that envoy admin port.

if err != nil {
return nil, fmt.Errorf("failed to register check %v: %w", c.Name, err)
}

checks[i] = &check.AgentServiceCheck
}
}

return &api.AgentServiceRegistration{
Tags: helper.CopySliceString(css.Tags),
Port: cMapping.Value,
Address: cMapping.HostIP,
Proxy: proxy,
Checks: checks,
}, nil
}

Expand Down
36 changes: 36 additions & 0 deletions command/agent/consul/connect_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,42 @@ func TestConnect_newConnect(t *testing.T) {
},
}, asr.SidecarService)
})

t.Run("with sidecar and custom check", func(t *testing.T) {
asr, err := newConnect("redis-service-id", "redis", &structs.ConsulConnect{
Native: false,
SidecarService: &structs.ConsulSidecarService{
Tags: []string{"foo", "bar"},
Port: "connect-proxy-redis",
Checks: []*structs.ServiceCheck{
{
Type: "tcp",
Interval: 5 * time.Second,
Timeout: 2 * time.Second,
},
},
},
}, testConnectNetwork, testConnectPorts)
require.NoError(t, err)
require.Equal(t, &api.AgentServiceRegistration{
Tags: []string{"foo", "bar"},
Port: 3000,
Address: "192.168.30.1",
Proxy: &api.AgentServiceConnectProxyConfig{
Config: map[string]interface{}{
"bind_address": "0.0.0.0",
"bind_port": 3000,
},
},
Checks: api.AgentServiceChecks{
{
TCP: "192.168.30.1:3000",
Interval: "5s",
Timeout: "2s",
},
},
}, asr.SidecarService)
})
}

func TestConnect_connectSidecarRegistration(t *testing.T) {
Expand Down
93 changes: 50 additions & 43 deletions command/agent/job_endpoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -1291,51 +1291,57 @@ func ApiServicesToStructs(in []*api.Service) []*structs.Service {
Meta: helper.CopyMapStringString(s.Meta),
CanaryMeta: helper.CopyMapStringString(s.CanaryMeta),
OnUpdate: s.OnUpdate,
Checks: apiServiceChecksToStructs(s.Checks, s.OnUpdate), // Inherit OnUpdate from service by default
Connect: ApiConsulConnectToStructs(s.Connect),
}

if l := len(s.Checks); l != 0 {
out[i].Checks = make([]*structs.ServiceCheck, l)
for j, check := range s.Checks {
onUpdate := s.OnUpdate // Inherit from service as default
if check.OnUpdate != "" {
onUpdate = check.OnUpdate
}
out[i].Checks[j] = &structs.ServiceCheck{
Name: check.Name,
Type: check.Type,
Command: check.Command,
Args: check.Args,
Path: check.Path,
Protocol: check.Protocol,
PortLabel: check.PortLabel,
Expose: check.Expose,
AddressMode: check.AddressMode,
Interval: check.Interval,
Timeout: check.Timeout,
InitialStatus: check.InitialStatus,
TLSSkipVerify: check.TLSSkipVerify,
Header: check.Header,
Method: check.Method,
Body: check.Body,
GRPCService: check.GRPCService,
GRPCUseTLS: check.GRPCUseTLS,
TaskName: check.TaskName,
OnUpdate: onUpdate,
}
if check.CheckRestart != nil {
out[i].Checks[j].CheckRestart = &structs.CheckRestart{
Limit: check.CheckRestart.Limit,
Grace: *check.CheckRestart.Grace,
IgnoreWarnings: check.CheckRestart.IgnoreWarnings,
}
}
}
}
}

if s.Connect != nil {
out[i].Connect = ApiConsulConnectToStructs(s.Connect)
return out
}

func apiServiceChecksToStructs(in []api.ServiceCheck, defaultOnUpdate string) []*structs.ServiceCheck {
if len(in) == 0 {
return nil
}

out := make([]*structs.ServiceCheck, len(in))
for i, inc := range in {
onUpdate := defaultOnUpdate
if inc.OnUpdate != "" {
onUpdate = inc.OnUpdate
}
check := &structs.ServiceCheck{
Name: inc.Name,
Type: inc.Type,
Command: inc.Command,
Args: inc.Args,
Path: inc.Path,
Protocol: inc.Protocol,
PortLabel: inc.PortLabel,
Expose: inc.Expose,
AddressMode: inc.AddressMode,
Interval: inc.Interval,
Timeout: inc.Timeout,
InitialStatus: inc.InitialStatus,
TLSSkipVerify: inc.TLSSkipVerify,
Header: inc.Header,
Method: inc.Method,
Body: inc.Body,
GRPCService: inc.GRPCService,
GRPCUseTLS: inc.GRPCUseTLS,
TaskName: inc.TaskName,
OnUpdate: onUpdate,
}
if inc.CheckRestart != nil {
check.CheckRestart = &structs.CheckRestart{
Limit: inc.CheckRestart.Limit,
Grace: *inc.CheckRestart.Grace,
IgnoreWarnings: inc.CheckRestart.IgnoreWarnings,
}
}

out[i] = check
}

return out
Expand Down Expand Up @@ -1499,9 +1505,10 @@ func apiConnectSidecarServiceToStructs(in *api.ConsulSidecarService) *structs.Co
return nil
}
return &structs.ConsulSidecarService{
Port: in.Port,
Tags: helper.CopySliceString(in.Tags),
Proxy: apiConnectSidecarServiceProxyToStructs(in.Proxy),
Port: in.Port,
Tags: helper.CopySliceString(in.Tags),
Proxy: apiConnectSidecarServiceProxyToStructs(in.Proxy),
Checks: apiServiceChecksToStructs(in.Checks, ""),
}
}

Expand Down
25 changes: 17 additions & 8 deletions command/agent/job_endpoint_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"net/http"
"net/http/httptest"
"reflect"
"strings"
"testing"
"time"

Expand All @@ -13,7 +12,6 @@ import (
"github.com/hashicorp/nomad/helper"
"github.com/hashicorp/nomad/nomad/mock"
"github.com/hashicorp/nomad/nomad/structs"
"github.com/kr/pretty"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
Expand Down Expand Up @@ -2037,6 +2035,14 @@ func TestJobs_ApiJobToStructsJob(t *testing.T) {
SidecarService: &api.ConsulSidecarService{
Tags: []string{"f", "g"},
Port: "9000",

Checks: []api.ServiceCheck{
{
Type: "TCP",
Interval: 10 * time.Second,
Timeout: 5 * time.Second,
},
},
},
},
},
Expand Down Expand Up @@ -2416,6 +2422,13 @@ func TestJobs_ApiJobToStructsJob(t *testing.T) {
SidecarService: &structs.ConsulSidecarService{
Tags: []string{"f", "g"},
Port: "9000",
Checks: []*structs.ServiceCheck{
{
Type: "TCP",
Interval: 10 * time.Second,
Timeout: 5 * time.Second,
},
},
},
},
},
Expand Down Expand Up @@ -2605,9 +2618,7 @@ func TestJobs_ApiJobToStructsJob(t *testing.T) {

structsJob := ApiJobToStructJob(apiJob)

if diff := pretty.Diff(expected, structsJob); len(diff) > 0 {
t.Fatalf("bad:\n%s", strings.Join(diff, "\n"))
}
require.Equal(t, expected, structsJob)

systemAPIJob := &api.Job{
Stop: helper.BoolToPtr(true),
Expand Down Expand Up @@ -2850,9 +2861,7 @@ func TestJobs_ApiJobToStructsJob(t *testing.T) {

systemStructsJob := ApiJobToStructJob(systemAPIJob)

if diff := pretty.Diff(expectedSystemJob, systemStructsJob); len(diff) > 0 {
t.Fatalf("bad:\n%s", strings.Join(diff, "\n"))
}
require.Equal(t, expectedSystemJob, systemStructsJob)
}

func TestJobs_ApiJobToStructsJobUpdate(t *testing.T) {
Expand Down
Loading