Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

consul/connect: Add support for Connect terminating gateways #9829

Merged
merged 3 commits into from
Jan 25, 2021
Merged

consul/connect: Add support for Connect terminating gateways #9829

merged 3 commits into from
Jan 25, 2021
+1,985 −381

Commits on Jan 25, 2021

  1. consul/connect: Add support for Connect terminating gateways 

    This PR implements Nomad built-in support for running Consul Connect
terminating gateways. Such a gateway can be used by services running
inside the service mesh to access "legacy" services running outside
the service mesh while still making use of Consul's service identity
based networking and ACL policies.

https://www.consul.io/docs/connect/gateways/terminating-gateway

These gateways are declared as part of a task group level service
definition within the connect stanza.

service {
  connect {
    gateway {
      proxy {
        // envoy proxy configuration
      }
      terminating {
        // terminating-gateway configuration entry
      }
    }
  }
}

Currently Envoy is the only supported gateway implementation in
Consul. The gateay task can be customized by configuring the
connect.sidecar_task block.

When the gateway.terminating field is set, Nomad will write/update
the Configuration Entry into Consul on job submission. Because CEs
are global in scope and there may be more than one Nomad cluster
communicating with Consul, there is an assumption that any terminating
gateway defined in Nomad for a particular service will be the same
among Nomad clusters.

Gateways require Consul 1.8.0+, checked by a node constraint.

Closes #9445
    @shoenig
    shoenig committed Jan 25, 2021
    Configuration menu
    Copy the full SHA
    ceae8ad View commit details
    Browse the repository at this point in the history

  2. consul/connect: remove debug line

    @shoenig
    shoenig committed Jan 25, 2021
    Configuration menu
    Copy the full SHA
    37544ca View commit details
    Browse the repository at this point in the history

  3. consul/connect: copy bind address map if empty 

    This parameter is now supposed to be non-nil even if
empty, and the Copy method should also maintain that
invariant.
    @shoenig
    shoenig committed Jan 25, 2021
    Configuration menu
    Copy the full SHA
    74780f0 View commit details
    Browse the repository at this point in the history