search

hashicorp / consul

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
https://www.consul.io
Other
28.22k stars 4.41k forks source link

connect: configure envoy as dynamic forward proxy #6736

Open hamann opened 4 years ago

hamann commented 4 years ago

We'd like to setup envoy as dynamic forward proxy with consul's escape hatch feature.

While the example from the docs provided as yaml/json to envoy at startup worked pretty well, we couldn't manage to get it running with consul, seeing errors like

[2019-11-01 10:32:36.606][1][warning][config] [bazel-out/k8-opt/bin/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:91] gRPC config stream closed: 2,
can't unmarshal Any nested proto *v2.Cluster: unknown value "CLUSTER_PROVIDED" for enum envoy.api.v2.Cluster_LbPolicy

Replacing CLUSTER_PROVIDED with 6 brought another error

 [2019-11-01 10:34:20.004][1][warning][config] [bazel-out/k8-opt/bin/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:91] gRPC config stream closed: 2,
can't unmarshal Any nested proto *v2.Cluster: unknown message type "envoy.config.cluster.dynamic_forward_proxy.v2alpha.ClusterConfig"

That's our consul service registration

service {
  name = "journal"
  address = "192.168.144.9"
  port = 8888
  connect {
    sidecar_service {
      proxy {
        upstreams {
          destination_name = "dynamic_forward_proxy_cluster"
          local_bind_port = 22222
          config {
            envoy_cluster_json = <<EOL
              {
                "@type": "type.googleapis.com/envoy.api.v2.Cluster",
                "name": "dynamic_forward_proxy_cluster",
                "lb_policy": "CLUSTER_PROVIDED",
                "connect_timeout": "1s",
                "cluster_type": {
                  "name": "envoy.clusters.dynamic_forward_proxy",
                  "typed_config": {
                    "@type": "type.googleapis.com/envoy.config.cluster.dynamic_forward_proxy.v2alpha.ClusterConfig",
                    "dns_cache_config": {
                      "name": "dynamic_forward_proxy_cache_config",
                      "dns_lookup_family": "V4_ONLY"
                    }
                  }
                }
              }
            EOL

            envoy_listener_json = <<EOL
              {
                "@type": "type.googleapis.com/envoy.api.v2.Listener",
                "name": "listener_0",
                "address": {
                  "socket_address": {
                    "address": "127.0.0.1",
                    "port_value": 22222
                  }
                },
                "filterChains": [
                  {
                    "filters": [
                      {
                        "name": "envoy.http_connection_manager",
                        "typed_config": {
                          "@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager",
                          "stat_prefix": "ingress_http",
                          "route_config": {
                            "name": "local_route",
                            "virtual_hosts": [
                              {
                                "name": "local_service",
                                "domains": ["*"],
                                "routes": [
                                  {
                                    "match": {
                                      "prefix": "/"
                                    },
                                    "route": {
                                      "cluster": "dynamic_forward_proxy_cluster"
                                    }
                                  }
                                ]
                              }
                            ]
                          },
                          "http_filters": [
                            {
                              "name": "envoy.filters.http.dynamic_forward_proxy",
                              "config": {
                                "dns_cache_config": {
                                  "name": "dynamic_forward_proxy_cache_config",
                                  "dns_lookup_family": "V4_ONLY"
                                }
                              }
                            },
                            {
                              "name": "envoy.router",
                              "config": {}
                            }
                          ]
                        }
                      }
                    ]
                  }
                ]
              }
            EOL
          }
        }
      }
    }
  }
}

I asked envoy guys but they recommended me to ask here. We tried that with consul 1.6.0 and envoy 1.11.2 and from master. Are we doing something wrong here?

stale[bot] commented 4 years ago

Hey there, We wanted to check in on this request since it has been inactive for at least 60 days. If you think this is still an important issue in the latest version of Consul or its documentation please reply with a comment here which will cause it to stay open for investigation. If there is still no activity on this issue for 30 more days, we will go ahead and close it.

Feel free to check out the community forum as well! Thank you!