set up flags

cmd/consul-dataplane/config.go

@@ -97,11 +97,13 @@ type ProxyFlags struct {
 }
 
 type XDSServerFlags struct {
+	Enabled  *bool   `json:"enabled,omitempty"`
 	BindAddr *string `json:"bindAddress,omitempty"`
 	BindPort *int    `json:"bindPort,omitempty"`
 }
 
 type DNSServerFlags struct {
+	Enabled  *bool   `json:"enabled,omitempty"`
 	BindAddr *string `json:"bindAddress,omitempty"`
 	BindPort *int    `json:"bindPort,omitempty"`
 }
@@ -128,6 +130,7 @@ type PrometheusTelemetryFlags struct {
 }
 
 type EnvoyFlags struct {
+	Enabled          *bool   `json:"enabled,omitempty"`
 	AdminBindAddr    *string `json:"adminBindAddress,omitempty"`
 	AdminBindPort    *int    `json:"adminBindPort,omitempty"`
 	ReadyBindAddr    *string `json:"readyBindAddress,omitempty"`
@@ -231,6 +234,7 @@ func buildDefaultConsulDPFlags() (DataplaneConfigFlags, error) {
 			}
 		},
 		"envoy": {
+			"enabled": true,
 			"adminBindAddress": "127.0.0.1",
 			"adminBindPort": 19000,
 			"readyBindPort": 0,
@@ -246,10 +250,12 @@ func buildDefaultConsulDPFlags() (DataplaneConfigFlags, error) {
 			"startupGracePeriodSeconds": 0
 		},
 		"xdsServer": {
+			"enabled": true,
 			"bindAddress": "127.0.0.1",
 			"bindPort": 0
 		},
 		"dnsServer": {
+			"enabled": true,
 			"bindAddress": "127.0.0.1",
 			"bindPort": -1
 		}
@@ -323,6 +329,7 @@ func constructRuntimeConfig(cfg DataplaneConfigFlags, extraArgs []string) (*cons
 			LogLevel: strings.ToUpper(stringVal(cfg.Logging.LogLevel)),
 		},
 		Envoy: &consuldp.EnvoyConfig{
+			Enabled:                       boolVal(cfg.Envoy.Enabled),
 			AdminBindAddress:              stringVal(cfg.Envoy.AdminBindAddr),
 			AdminBindPort:                 intVal(cfg.Envoy.AdminBindPort),
 			ReadyBindAddress:              stringVal(cfg.Envoy.ReadyBindAddr),
@@ -352,10 +359,12 @@ func constructRuntimeConfig(cfg DataplaneConfigFlags, extraArgs []string) (*cons
 			},
 		},
 		XDSServer: &consuldp.XDSServer{
+			Enabled:     boolVal(cfg.XDSServer.Enabled),
 			BindAddress: stringVal(cfg.XDSServer.BindAddr),
 			BindPort:    intVal(cfg.XDSServer.BindPort),
 		},
 		DNSServer: &consuldp.DNSServerConfig{
+			Enabled:  boolVal(cfg.DNSServer.Enabled),
 			BindAddr: stringVal(cfg.DNSServer.BindAddr),
 			Port:     intVal(cfg.DNSServer.BindPort),
 		},

cmd/consul-dataplane/config_test.go

@@ -69,14 +69,17 @@ func TestConfigGeneration(t *testing.T) {
 						LogLevel: "WARN",
 					},
 					DNSServer: &consuldp.DNSServerConfig{
+						Enabled:  true,
 						BindAddr: "127.0.0.1",
 						Port:     8604,
 					},
 					XDSServer: &consuldp.XDSServer{
+						Enabled:     true,
 						BindAddress: "127.0.1.0",
 						BindPort:    0,
 					},
 					Envoy: &consuldp.EnvoyConfig{
+						Enabled:                       true,
 						AdminBindAddress:              "127.0.1.0",
 						AdminBindPort:                 18000,
 						ReadyBindAddress:              "127.0.1.0",
@@ -147,14 +150,17 @@ func TestConfigGeneration(t *testing.T) {
 						LogLevel: "WARN",
 					},
 					DNSServer: &consuldp.DNSServerConfig{
+						Enabled:  true,
 						BindAddr: "127.0.0.1",
 						Port:     8604,
 					},
 					XDSServer: &consuldp.XDSServer{
+						Enabled:     true,
 						BindAddress: "127.0.1.0",
 						BindPort:    0,
 					},
 					Envoy: &consuldp.EnvoyConfig{
+						Enabled:                       true,
 						AdminBindAddress:              "127.0.1.0",
 						AdminBindPort:                 18000,
 						ReadyBindAddress:              "127.0.1.0",
@@ -202,6 +208,10 @@ func TestConfigGeneration(t *testing.T) {
 				opts.dataplaneConfig.DNSServer.BindAddr = strReference("127.0.0.2")
 				opts.dataplaneConfig.XDSServer.BindPort = intReference(6060)
 				opts.dataplaneConfig.Envoy.DumpEnvoyConfigOnExitEnabled = boolReference(true)
+				opts.dataplaneConfig.Envoy.Enabled = boolReference(false)
+				opts.dataplaneConfig.XDSServer.Enabled = boolReference(false)
+				opts.dataplaneConfig.DNSServer.Enabled = boolReference(false)
+
 				return opts, nil
 			},
 			makeExpectedCfg: func(flagOpts *FlagOpts) *consuldp.Config {
@@ -250,14 +260,17 @@ func TestConfigGeneration(t *testing.T) {
 						LogLevel: "WARN",
 					},
 					DNSServer: &consuldp.DNSServerConfig{
+						Enabled:  false,
 						BindAddr: "127.0.0.2",
 						Port:     8604,
 					},
 					XDSServer: &consuldp.XDSServer{
+						Enabled:     false,
 						BindAddress: "127.0.1.0",
 						BindPort:    6060,
 					},
 					Envoy: &consuldp.EnvoyConfig{
+						Enabled:                       false,
 						AdminBindAddress:              "127.0.1.0",
 						AdminBindPort:                 18000,
 						ReadyBindAddress:              "127.0.1.0",
@@ -354,14 +367,17 @@ func TestConfigGeneration(t *testing.T) {
 						LogLevel: "WARN",
 					},
 					DNSServer: &consuldp.DNSServerConfig{
+						Enabled:  true,
 						BindAddr: "127.0.0.2",
 						Port:     8604,
 					},
 					XDSServer: &consuldp.XDSServer{
+						Enabled:     true,
 						BindAddress: "127.0.1.0",
 						BindPort:    6060,
 					},
 					Envoy: &consuldp.EnvoyConfig{
+						Enabled:                       true,
 						AdminBindAddress:              "127.0.1.0",
 						AdminBindPort:                 18000,
 						ReadyBindAddress:              "127.0.1.0",
@@ -444,14 +460,17 @@ func TestConfigGeneration(t *testing.T) {
 						LogLevel: "WARN",
 					},
 					DNSServer: &consuldp.DNSServerConfig{
+						Enabled:  true,
 						BindAddr: "127.0.0.1",
 						Port:     8604,
 					},
 					XDSServer: &consuldp.XDSServer{
+						Enabled:     true,
 						BindAddress: "127.0.1.0",
 						BindPort:    6060,
 					},
 					Envoy: &consuldp.EnvoyConfig{
+						Enabled:                       true,
 						AdminBindAddress:              "127.0.1.0",
 						AdminBindPort:                 18000,
 						ReadyBindAddress:              "127.0.1.0",
@@ -500,9 +519,16 @@ func TestConfigGeneration(t *testing.T) {
 					  "partition": "default"
 					},
 					"envoy": {
+					  "enabled": false,
 					  "adminBindAddress": "127.0.0.1",
 					  "adminBindPort": 19000
 					},
+					"xdsServer": {
+					  "enabled": false
+					},
+					"dnsServer": {
+					  "enabled": false
+					},
 					"logging": {
 					  "logLevel": "info",
 					  "logJSON": false
@@ -543,14 +569,17 @@ func TestConfigGeneration(t *testing.T) {
 						LogLevel: "INFO",
 					},
 					DNSServer: &consuldp.DNSServerConfig{
+						Enabled:  false,
 						BindAddr: "127.0.0.1",
 						Port:     -1,
 					},
 					XDSServer: &consuldp.XDSServer{
+						Enabled:     false,
 						BindAddress: "127.0.0.1",
 						BindPort:    0,
 					},
 					Envoy: &consuldp.EnvoyConfig{
+						Enabled:                       false,
 						AdminBindAddress:              "127.0.0.1",
 						AdminBindPort:                 19000,
 						ReadyBindPort:                 0,
@@ -666,14 +695,17 @@ func TestConfigGeneration(t *testing.T) {
 						LogLevel: "INFO",
 					},
 					DNSServer: &consuldp.DNSServerConfig{
+						Enabled:  true,
 						BindAddr: "127.0.0.1",
 						Port:     8604,
 					},
 					XDSServer: &consuldp.XDSServer{
+						Enabled:     true,
 						BindAddress: "127.0.1.0",
 						BindPort:    0,
 					},
 					Envoy: &consuldp.EnvoyConfig{
+						Enabled:                       true,
 						AdminBindAddress:              "127.0.1.0",
 						AdminBindPort:                 18000,
 						ReadyBindAddress:              "127.0.1.0",
@@ -716,6 +748,9 @@ func TestConfigGeneration(t *testing.T) {
 				opts.dataplaneConfig.Consul.Credentials.Login.Meta = map[string]string{
 					"key1": "value1",
 				}
+				opts.dataplaneConfig.Envoy.Enabled = boolReference(true)
+				opts.dataplaneConfig.XDSServer.Enabled = boolReference(true)
+				opts.dataplaneConfig.DNSServer.Enabled = boolReference(true)
 
 				return opts, nil
 			},
@@ -733,9 +768,16 @@ func TestConfigGeneration(t *testing.T) {
 					  "partition": "default"
 					},
 					"envoy": {
+					  "enabled": false,
 					  "adminBindAddress": "127.0.0.1",
 					  "adminBindPort": 19000
 					},
+					"xdsServer": {
+					  "enabled": false
+					},
+					"dnsServer": {
+					  "enabled": false
+					},
 					"logging": {
 					  "logLevel": "warn",
 					  "logJSON": true
@@ -793,14 +835,17 @@ func TestConfigGeneration(t *testing.T) {
 						LogLevel: "INFO",
 					},
 					DNSServer: &consuldp.DNSServerConfig{
+						Enabled:  true,
 						BindAddr: "127.0.0.1",
 						Port:     8604,
 					},
 					XDSServer: &consuldp.XDSServer{
+						Enabled:     true,
 						BindAddress: "127.0.1.0",
 						BindPort:    0,
 					},
 					Envoy: &consuldp.EnvoyConfig{
+						Enabled:                       true,
 						AdminBindAddress:              "127.0.1.0",
 						AdminBindPort:                 18000,
 						ReadyBindAddress:              "127.0.1.0",

cmd/consul-dataplane/main.go

@@ -89,6 +89,7 @@ func init() {
 	StringVar(flags, &flagOpts.dataplaneConfig.Telemetry.Prometheus.ScrapePath, "telemetry-prom-scrape-path", "DP_TELEMETRY_PROM_SCRAPE_PATH", "The URL path where Envoy serves Prometheus metrics.")
 	IntVar(flags, &flagOpts.dataplaneConfig.Telemetry.Prometheus.MergePort, "telemetry-prom-merge-port", "DP_TELEMETRY_PROM_MERGE_PORT", "The port to serve merged Prometheus metrics.")
 
+	BoolVar(flags, &flagOpts.dataplaneConfig.Envoy.Enabled, "envoy-enabled", "DP_ENVOY_ENABLED", "Indicates whether the Envoy is run within dataplane.")
 	StringVar(flags, &flagOpts.dataplaneConfig.Envoy.AdminBindAddr, "envoy-admin-bind-address", "DP_ENVOY_ADMIN_BIND_ADDRESS", "The address on which the Envoy admin server is available.")
 	IntVar(flags, &flagOpts.dataplaneConfig.Envoy.AdminBindPort, "envoy-admin-bind-port", "DP_ENVOY_ADMIN_BIND_PORT", "The port on which the Envoy admin server is available.")
 	StringVar(flags, &flagOpts.dataplaneConfig.Envoy.ReadyBindAddr, "envoy-ready-bind-address", "DP_ENVOY_READY_BIND_ADDRESS", "The address on which Envoy's readiness probe is available.")
@@ -97,6 +98,7 @@ func init() {
 	IntVar(flags, &flagOpts.dataplaneConfig.Envoy.DrainTimeSeconds, "envoy-drain-time-seconds", "DP_ENVOY_DRAIN_TIME", "The time in seconds for which Envoy will drain connections.")
 	StringVar(flags, &flagOpts.dataplaneConfig.Envoy.DrainStrategy, "envoy-drain-strategy", "DP_ENVOY_DRAIN_STRATEGY", "The behaviour of Envoy during the drain sequence. Determines whether all open connections should be encouraged to drain immediately or to increase the percentage gradually as the drain time elapses.")
 
+	BoolVar(flags, &flagOpts.dataplaneConfig.XDSServer.Enabled, "xds-enabled", "DP_XDS_ENABLED", "Indicates whether the Envoy xDS server is run within dataplane.")
 	StringVar(flags, &flagOpts.dataplaneConfig.XDSServer.BindAddr, "xds-bind-addr", "DP_XDS_BIND_ADDR", "The address on which the Envoy xDS server is available.")
 	IntVar(flags, &flagOpts.dataplaneConfig.XDSServer.BindPort, "xds-bind-port", "DP_XDS_BIND_PORT", "The port on which the Envoy xDS server is available.")
 
@@ -107,8 +109,9 @@ func init() {
 	StringVar(flags, &flagOpts.dataplaneConfig.Consul.TLS.ServerName, "tls-server-name", "DP_TLS_SERVER_NAME", "The hostname to expect in the server certificate's subject. This is required if -addresses is not a DNS name.")
 	BoolVar(flags, &flagOpts.dataplaneConfig.Consul.TLS.InsecureSkipVerify, "tls-insecure-skip-verify", "DP_TLS_INSECURE_SKIP_VERIFY", "Do not verify the server's certificate. Useful for testing, but not recommended for production.")
 
-	StringVar(flags, &flagOpts.dataplaneConfig.DNSServer.BindAddr, "consul-dns-bind-addr", "DP_CONSUL_DNS_BIND_ADDR", "The address that will be bound to the consul dns proxy.")
-	IntVar(flags, &flagOpts.dataplaneConfig.DNSServer.BindPort, "consul-dns-bind-port", "DP_CONSUL_DNS_BIND_PORT", "The port the consul dns proxy will listen on. By default -1 disables the dns proxy")
+	BoolVar(flags, &flagOpts.dataplaneConfig.DNSServer.Enabled, "consul-dns-enabled", "DP_CONSUL_DNS_ENABLED", "Indicates whether the consul DNS listener is run within dataplane.")
+	StringVar(flags, &flagOpts.dataplaneConfig.DNSServer.BindAddr, "consul-dns-bind-addr", "DP_CONSUL_DNS_BIND_ADDR", "The address that will be bound to the consul dns listener.")
+	IntVar(flags, &flagOpts.dataplaneConfig.DNSServer.BindPort, "consul-dns-bind-port", "DP_CONSUL_DNS_BIND_PORT", "The port the consul dns listener will listen on. By default -1 disables the dns listener.")
 
 	// Default is false because it will generally be configured appropriately by Helm
 	// configuration or pod annotation.

pkg/consuldp/config.go

@@ -34,6 +34,8 @@ type ConsulConfig struct {
 
 // DNSServerConfig is the configuration for the transparent DNS proxy that will forward requests to consul
 type DNSServerConfig struct {
+	// Enabled configures whether DNS Server is enabled.
+	Enabled bool
 	// BindAddr is the address the DNS server will bind to. Default will be 127.0.0.1
 	BindAddr string
 	// Port is the port which the DNS server will bind to.
@@ -264,6 +266,8 @@ type PrometheusTelemetryConfig struct {
 
 // EnvoyConfig contains configuration for the Envoy process.
 type EnvoyConfig struct {
+	// Enabled configures whether Envoy is enabled.
+	Enabled bool
 	// AdminBindAddress is the address on which the Envoy admin server will be available.
 	AdminBindAddress string
 	// AdminBindPort is the port on which the Envoy admin server will be available.
@@ -307,6 +311,8 @@ type EnvoyConfig struct {
 
 // XDSServer contains the configuration of the xDS server.
 type XDSServer struct {
+	// Enabled configures whether xDS Server is enabled.
+	Enabled bool
 	// BindAddress is the address on which the Envoy xDS server will be available.
 	BindAddress string
 	// BindPort is the address on which the Envoy xDS port will be available.
@@ -323,4 +329,10 @@ type Config struct {
 	Telemetry *TelemetryConfig
 	Envoy     *EnvoyConfig
 	XDSServer *XDSServer
+	// DNSProxyMode indicates that consul-dataplane is not running as a sidecar
+	// and will:
+	// - disable xDS.
+	// - disable Envoy.
+	// - disable validation that DNS can only listen on loopback address.
+	DNSProxyMode *bool
 }