From 1ad90a45c69d03a2c8640f4512f3b1a4ad8d56bc Mon Sep 17 00:00:00 2001 From: John Murret Date: Mon, 1 Jul 2024 12:13:03 -0600 Subject: [PATCH] set up flags --- cmd/consul-dataplane/config.go | 9 ++++++ cmd/consul-dataplane/config_test.go | 45 +++++++++++++++++++++++++++++ cmd/consul-dataplane/main.go | 7 +++-- pkg/consuldp/config.go | 12 ++++++++ 4 files changed, 71 insertions(+), 2 deletions(-) diff --git a/cmd/consul-dataplane/config.go b/cmd/consul-dataplane/config.go index 1823ddd4..f008ddd8 100644 --- a/cmd/consul-dataplane/config.go +++ b/cmd/consul-dataplane/config.go @@ -97,11 +97,13 @@ type ProxyFlags struct { } type XDSServerFlags struct { + Enabled *bool `json:"enabled,omitempty"` BindAddr *string `json:"bindAddress,omitempty"` BindPort *int `json:"bindPort,omitempty"` } type DNSServerFlags struct { + Enabled *bool `json:"enabled,omitempty"` BindAddr *string `json:"bindAddress,omitempty"` BindPort *int `json:"bindPort,omitempty"` } @@ -128,6 +130,7 @@ type PrometheusTelemetryFlags struct { } type EnvoyFlags struct { + Enabled *bool `json:"enabled,omitempty"` AdminBindAddr *string `json:"adminBindAddress,omitempty"` AdminBindPort *int `json:"adminBindPort,omitempty"` ReadyBindAddr *string `json:"readyBindAddress,omitempty"` @@ -231,6 +234,7 @@ func buildDefaultConsulDPFlags() (DataplaneConfigFlags, error) { } }, "envoy": { + "enabled": true, "adminBindAddress": "127.0.0.1", "adminBindPort": 19000, "readyBindPort": 0, @@ -246,10 +250,12 @@ func buildDefaultConsulDPFlags() (DataplaneConfigFlags, error) { "startupGracePeriodSeconds": 0 }, "xdsServer": { + "enabled": true, "bindAddress": "127.0.0.1", "bindPort": 0 }, "dnsServer": { + "enabled": true, "bindAddress": "127.0.0.1", "bindPort": -1 } @@ -323,6 +329,7 @@ func constructRuntimeConfig(cfg DataplaneConfigFlags, extraArgs []string) (*cons LogLevel: strings.ToUpper(stringVal(cfg.Logging.LogLevel)), }, Envoy: &consuldp.EnvoyConfig{ + Enabled: boolVal(cfg.Envoy.Enabled), AdminBindAddress: stringVal(cfg.Envoy.AdminBindAddr), AdminBindPort: intVal(cfg.Envoy.AdminBindPort), ReadyBindAddress: stringVal(cfg.Envoy.ReadyBindAddr), @@ -352,10 +359,12 @@ func constructRuntimeConfig(cfg DataplaneConfigFlags, extraArgs []string) (*cons }, }, XDSServer: &consuldp.XDSServer{ + Enabled: boolVal(cfg.XDSServer.Enabled), BindAddress: stringVal(cfg.XDSServer.BindAddr), BindPort: intVal(cfg.XDSServer.BindPort), }, DNSServer: &consuldp.DNSServerConfig{ + Enabled: boolVal(cfg.DNSServer.Enabled), BindAddr: stringVal(cfg.DNSServer.BindAddr), Port: intVal(cfg.DNSServer.BindPort), }, diff --git a/cmd/consul-dataplane/config_test.go b/cmd/consul-dataplane/config_test.go index 25859065..eac29022 100644 --- a/cmd/consul-dataplane/config_test.go +++ b/cmd/consul-dataplane/config_test.go @@ -69,14 +69,17 @@ func TestConfigGeneration(t *testing.T) { LogLevel: "WARN", }, DNSServer: &consuldp.DNSServerConfig{ + Enabled: true, BindAddr: "127.0.0.1", Port: 8604, }, XDSServer: &consuldp.XDSServer{ + Enabled: true, BindAddress: "127.0.1.0", BindPort: 0, }, Envoy: &consuldp.EnvoyConfig{ + Enabled: true, AdminBindAddress: "127.0.1.0", AdminBindPort: 18000, ReadyBindAddress: "127.0.1.0", @@ -147,14 +150,17 @@ func TestConfigGeneration(t *testing.T) { LogLevel: "WARN", }, DNSServer: &consuldp.DNSServerConfig{ + Enabled: true, BindAddr: "127.0.0.1", Port: 8604, }, XDSServer: &consuldp.XDSServer{ + Enabled: true, BindAddress: "127.0.1.0", BindPort: 0, }, Envoy: &consuldp.EnvoyConfig{ + Enabled: true, AdminBindAddress: "127.0.1.0", AdminBindPort: 18000, ReadyBindAddress: "127.0.1.0", @@ -202,6 +208,10 @@ func TestConfigGeneration(t *testing.T) { opts.dataplaneConfig.DNSServer.BindAddr = strReference("127.0.0.2") opts.dataplaneConfig.XDSServer.BindPort = intReference(6060) opts.dataplaneConfig.Envoy.DumpEnvoyConfigOnExitEnabled = boolReference(true) + opts.dataplaneConfig.Envoy.Enabled = boolReference(false) + opts.dataplaneConfig.XDSServer.Enabled = boolReference(false) + opts.dataplaneConfig.DNSServer.Enabled = boolReference(false) + return opts, nil }, makeExpectedCfg: func(flagOpts *FlagOpts) *consuldp.Config { @@ -250,14 +260,17 @@ func TestConfigGeneration(t *testing.T) { LogLevel: "WARN", }, DNSServer: &consuldp.DNSServerConfig{ + Enabled: false, BindAddr: "127.0.0.2", Port: 8604, }, XDSServer: &consuldp.XDSServer{ + Enabled: false, BindAddress: "127.0.1.0", BindPort: 6060, }, Envoy: &consuldp.EnvoyConfig{ + Enabled: false, AdminBindAddress: "127.0.1.0", AdminBindPort: 18000, ReadyBindAddress: "127.0.1.0", @@ -354,14 +367,17 @@ func TestConfigGeneration(t *testing.T) { LogLevel: "WARN", }, DNSServer: &consuldp.DNSServerConfig{ + Enabled: true, BindAddr: "127.0.0.2", Port: 8604, }, XDSServer: &consuldp.XDSServer{ + Enabled: true, BindAddress: "127.0.1.0", BindPort: 6060, }, Envoy: &consuldp.EnvoyConfig{ + Enabled: true, AdminBindAddress: "127.0.1.0", AdminBindPort: 18000, ReadyBindAddress: "127.0.1.0", @@ -444,14 +460,17 @@ func TestConfigGeneration(t *testing.T) { LogLevel: "WARN", }, DNSServer: &consuldp.DNSServerConfig{ + Enabled: true, BindAddr: "127.0.0.1", Port: 8604, }, XDSServer: &consuldp.XDSServer{ + Enabled: true, BindAddress: "127.0.1.0", BindPort: 6060, }, Envoy: &consuldp.EnvoyConfig{ + Enabled: true, AdminBindAddress: "127.0.1.0", AdminBindPort: 18000, ReadyBindAddress: "127.0.1.0", @@ -500,9 +519,16 @@ func TestConfigGeneration(t *testing.T) { "partition": "default" }, "envoy": { + "enabled": false, "adminBindAddress": "127.0.0.1", "adminBindPort": 19000 }, + "xdsServer": { + "enabled": false + }, + "dnsServer": { + "enabled": false + }, "logging": { "logLevel": "info", "logJSON": false @@ -543,14 +569,17 @@ func TestConfigGeneration(t *testing.T) { LogLevel: "INFO", }, DNSServer: &consuldp.DNSServerConfig{ + Enabled: false, BindAddr: "127.0.0.1", Port: -1, }, XDSServer: &consuldp.XDSServer{ + Enabled: false, BindAddress: "127.0.0.1", BindPort: 0, }, Envoy: &consuldp.EnvoyConfig{ + Enabled: false, AdminBindAddress: "127.0.0.1", AdminBindPort: 19000, ReadyBindPort: 0, @@ -666,14 +695,17 @@ func TestConfigGeneration(t *testing.T) { LogLevel: "INFO", }, DNSServer: &consuldp.DNSServerConfig{ + Enabled: true, BindAddr: "127.0.0.1", Port: 8604, }, XDSServer: &consuldp.XDSServer{ + Enabled: true, BindAddress: "127.0.1.0", BindPort: 0, }, Envoy: &consuldp.EnvoyConfig{ + Enabled: true, AdminBindAddress: "127.0.1.0", AdminBindPort: 18000, ReadyBindAddress: "127.0.1.0", @@ -716,6 +748,9 @@ func TestConfigGeneration(t *testing.T) { opts.dataplaneConfig.Consul.Credentials.Login.Meta = map[string]string{ "key1": "value1", } + opts.dataplaneConfig.Envoy.Enabled = boolReference(true) + opts.dataplaneConfig.XDSServer.Enabled = boolReference(true) + opts.dataplaneConfig.DNSServer.Enabled = boolReference(true) return opts, nil }, @@ -733,9 +768,16 @@ func TestConfigGeneration(t *testing.T) { "partition": "default" }, "envoy": { + "enabled": false, "adminBindAddress": "127.0.0.1", "adminBindPort": 19000 }, + "xdsServer": { + "enabled": false + }, + "dnsServer": { + "enabled": false + }, "logging": { "logLevel": "warn", "logJSON": true @@ -793,14 +835,17 @@ func TestConfigGeneration(t *testing.T) { LogLevel: "INFO", }, DNSServer: &consuldp.DNSServerConfig{ + Enabled: true, BindAddr: "127.0.0.1", Port: 8604, }, XDSServer: &consuldp.XDSServer{ + Enabled: true, BindAddress: "127.0.1.0", BindPort: 0, }, Envoy: &consuldp.EnvoyConfig{ + Enabled: true, AdminBindAddress: "127.0.1.0", AdminBindPort: 18000, ReadyBindAddress: "127.0.1.0", diff --git a/cmd/consul-dataplane/main.go b/cmd/consul-dataplane/main.go index 3fc258e8..52ba0e1c 100644 --- a/cmd/consul-dataplane/main.go +++ b/cmd/consul-dataplane/main.go @@ -89,6 +89,7 @@ func init() { StringVar(flags, &flagOpts.dataplaneConfig.Telemetry.Prometheus.ScrapePath, "telemetry-prom-scrape-path", "DP_TELEMETRY_PROM_SCRAPE_PATH", "The URL path where Envoy serves Prometheus metrics.") IntVar(flags, &flagOpts.dataplaneConfig.Telemetry.Prometheus.MergePort, "telemetry-prom-merge-port", "DP_TELEMETRY_PROM_MERGE_PORT", "The port to serve merged Prometheus metrics.") + BoolVar(flags, &flagOpts.dataplaneConfig.Envoy.Enabled, "envoy-enabled", "DP_ENVOY_ENABLED", "Indicates whether the Envoy is run within dataplane.") StringVar(flags, &flagOpts.dataplaneConfig.Envoy.AdminBindAddr, "envoy-admin-bind-address", "DP_ENVOY_ADMIN_BIND_ADDRESS", "The address on which the Envoy admin server is available.") IntVar(flags, &flagOpts.dataplaneConfig.Envoy.AdminBindPort, "envoy-admin-bind-port", "DP_ENVOY_ADMIN_BIND_PORT", "The port on which the Envoy admin server is available.") StringVar(flags, &flagOpts.dataplaneConfig.Envoy.ReadyBindAddr, "envoy-ready-bind-address", "DP_ENVOY_READY_BIND_ADDRESS", "The address on which Envoy's readiness probe is available.") @@ -97,6 +98,7 @@ func init() { IntVar(flags, &flagOpts.dataplaneConfig.Envoy.DrainTimeSeconds, "envoy-drain-time-seconds", "DP_ENVOY_DRAIN_TIME", "The time in seconds for which Envoy will drain connections.") StringVar(flags, &flagOpts.dataplaneConfig.Envoy.DrainStrategy, "envoy-drain-strategy", "DP_ENVOY_DRAIN_STRATEGY", "The behaviour of Envoy during the drain sequence. Determines whether all open connections should be encouraged to drain immediately or to increase the percentage gradually as the drain time elapses.") + BoolVar(flags, &flagOpts.dataplaneConfig.XDSServer.Enabled, "xds-enabled", "DP_XDS_ENABLED", "Indicates whether the Envoy xDS server is run within dataplane.") StringVar(flags, &flagOpts.dataplaneConfig.XDSServer.BindAddr, "xds-bind-addr", "DP_XDS_BIND_ADDR", "The address on which the Envoy xDS server is available.") IntVar(flags, &flagOpts.dataplaneConfig.XDSServer.BindPort, "xds-bind-port", "DP_XDS_BIND_PORT", "The port on which the Envoy xDS server is available.") @@ -107,8 +109,9 @@ func init() { StringVar(flags, &flagOpts.dataplaneConfig.Consul.TLS.ServerName, "tls-server-name", "DP_TLS_SERVER_NAME", "The hostname to expect in the server certificate's subject. This is required if -addresses is not a DNS name.") BoolVar(flags, &flagOpts.dataplaneConfig.Consul.TLS.InsecureSkipVerify, "tls-insecure-skip-verify", "DP_TLS_INSECURE_SKIP_VERIFY", "Do not verify the server's certificate. Useful for testing, but not recommended for production.") - StringVar(flags, &flagOpts.dataplaneConfig.DNSServer.BindAddr, "consul-dns-bind-addr", "DP_CONSUL_DNS_BIND_ADDR", "The address that will be bound to the consul dns proxy.") - IntVar(flags, &flagOpts.dataplaneConfig.DNSServer.BindPort, "consul-dns-bind-port", "DP_CONSUL_DNS_BIND_PORT", "The port the consul dns proxy will listen on. By default -1 disables the dns proxy") + BoolVar(flags, &flagOpts.dataplaneConfig.DNSServer.Enabled, "consul-dns-enabled", "DP_CONSUL_DNS_ENABLED", "Indicates whether the consul DNS listener is run within dataplane.") + StringVar(flags, &flagOpts.dataplaneConfig.DNSServer.BindAddr, "consul-dns-bind-addr", "DP_CONSUL_DNS_BIND_ADDR", "The address that will be bound to the consul dns listener.") + IntVar(flags, &flagOpts.dataplaneConfig.DNSServer.BindPort, "consul-dns-bind-port", "DP_CONSUL_DNS_BIND_PORT", "The port the consul dns listener will listen on. By default -1 disables the dns listener.") // Default is false because it will generally be configured appropriately by Helm // configuration or pod annotation. diff --git a/pkg/consuldp/config.go b/pkg/consuldp/config.go index 8687f65a..7a4554e9 100644 --- a/pkg/consuldp/config.go +++ b/pkg/consuldp/config.go @@ -34,6 +34,8 @@ type ConsulConfig struct { // DNSServerConfig is the configuration for the transparent DNS proxy that will forward requests to consul type DNSServerConfig struct { + // Enabled configures whether DNS Server is enabled. + Enabled bool // BindAddr is the address the DNS server will bind to. Default will be 127.0.0.1 BindAddr string // Port is the port which the DNS server will bind to. @@ -264,6 +266,8 @@ type PrometheusTelemetryConfig struct { // EnvoyConfig contains configuration for the Envoy process. type EnvoyConfig struct { + // Enabled configures whether Envoy is enabled. + Enabled bool // AdminBindAddress is the address on which the Envoy admin server will be available. AdminBindAddress string // AdminBindPort is the port on which the Envoy admin server will be available. @@ -307,6 +311,8 @@ type EnvoyConfig struct { // XDSServer contains the configuration of the xDS server. type XDSServer struct { + // Enabled configures whether xDS Server is enabled. + Enabled bool // BindAddress is the address on which the Envoy xDS server will be available. BindAddress string // BindPort is the address on which the Envoy xDS port will be available. @@ -323,4 +329,10 @@ type Config struct { Telemetry *TelemetryConfig Envoy *EnvoyConfig XDSServer *XDSServer + // DNSProxyMode indicates that consul-dataplane is not running as a sidecar + // and will: + // - disable xDS. + // - disable Envoy. + // - disable validation that DNS can only listen on loopback address. + DNSProxyMode *bool }