inject envoy_telemetry_bind_socket_dir proxy config when telemetry co…

…llector is enabled (#2143) * inject envoy_telemetry_bind_socket_dir proxy config when telemetry collector is enabled * use metrics.enableTelemetryCollector value to gate controller logic * add changelog entry and unit test
hashicorp · Aug 4, 2023 · 7bdb4fb · 7bdb4fb
1 parent 86f4f0c
commit 7bdb4fb
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 3 deletions.
diff --git a/.changelog/2143.txt b/.changelog/2143.txt
@@ -0,0 +1,4 @@
+
+```release-note:feature
+consul-telemetry-collector: Configure envoy proxy config during registration when consul-telemetry-collector is enabled.
+```
diff --git a/charts/consul/templates/connect-inject-deployment.yaml b/charts/consul/templates/connect-inject-deployment.yaml
@@ -259,6 +259,7 @@ spec:
                 {{- if and .Values.global.tls.enabled .Values.global.tls.enableAutoEncrypt }}
                 -enable-auto-encrypt \
                 {{- end }}
+                -enable-telemetry-collector={{ .Values.global.metrics.enableTelemetryCollector}}  \
           startupProbe:
             httpGet:
               path: /readyz/ready

diff --git a/charts/consul/test/unit/connect-inject-deployment.bats b/charts/consul/test/unit/connect-inject-deployment.bats
@@ -211,6 +211,19 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+@test "connectInject/Deployment: metrics.enableTelemetryCollector can be configured" {
+  cd `chart_dir`
+  local cmd=$(helm template \
+      -s templates/connect-inject-deployment.yaml \
+      --set 'connectInject.enabled=true' \
+      --set 'connectInject.metrics.enableTelemetryCollector=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.containers[0].command' | tee /dev/stderr)
+
+  local actual=$(echo "$cmd" |
+    yq 'any(contains("-enable-telemetry-collector=true"))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
 #--------------------------------------------------------------------
 # consul and consul-dataplane images
 

diff --git a/control-plane/connect-inject/controllers/endpoints/endpoints_controller.go b/control-plane/connect-inject/controllers/endpoints/endpoints_controller.go
@@ -44,9 +44,10 @@ const (
 	terminatingGateway = "terminating-gateway"
 	ingressGateway     = "ingress-gateway"
 
-	kubernetesSuccessReasonMsg = "Kubernetes health checks passing"
-	envoyPrometheusBindAddr    = "envoy_prometheus_bind_addr"
-	defaultNS                  = "default"
+	kubernetesSuccessReasonMsg           = "Kubernetes health checks passing"
+	envoyPrometheusBindAddr              = "envoy_prometheus_bind_addr"
+	envoyTelemetryCollectorBindSocketDir = "envoy_telemetry_collector_bind_socket_dir"
+	defaultNS                            = "default"
 
 	// clusterIPTaggedAddressName is the key for the tagged address to store the service's cluster IP and service port
 	// in Consul. Note: This value should not be changed without a corresponding change in Consul.
@@ -119,6 +120,10 @@ type Controller struct {
 	// to Consul client agents.
 	EnableAutoEncrypt bool
 
+	// EnableTelemetryCollector controls whether the proxy service should be registered
+	// with config to enable telemetry forwarding.
+	EnableTelemetryCollector bool
+
 	MetricsConfig metrics.Config
 	Log           logr.Logger
 
@@ -482,6 +487,10 @@ func (r *Controller) createServiceRegistrations(pod corev1.Pod, serviceEndpoints
 		proxyConfig.Config[envoyPrometheusBindAddr] = prometheusScrapeListener
 	}
 
+	if r.EnableTelemetryCollector {
+		proxyConfig.Config[envoyTelemetryCollectorBindSocketDir] = "/consul/connect-inject"
+	}
+
 	if consulServicePort > 0 {
 		proxyConfig.LocalServiceAddress = "127.0.0.1"
 		proxyConfig.LocalServicePort = consulServicePort
@@ -761,6 +770,10 @@ func (r *Controller) createGatewayRegistrations(pod corev1.Pod, serviceEndpoints
 		}
 	}
 
+	if r.EnableTelemetryCollector {
+		service.Proxy.Config[envoyTelemetryCollectorBindSocketDir] = "/consul/service"
+	}
+
 	serviceRegistration := &api.CatalogRegistration{
 		Node:    common.ConsulNodeNameFromK8sNode(pod.Spec.NodeName),
 		Address: pod.Status.HostIP,

diff --git a/control-plane/subcommand/inject-connect/command.go b/control-plane/subcommand/inject-connect/command.go
@@ -120,6 +120,9 @@ type Command struct {
 
 	flagEnableAutoEncrypt bool
 
+	// Consul telemetry collector
+	flagEnableTelemetryCollector bool
+
 	// Consul DNS flags.
 	flagEnableConsulDNS bool
 	flagResourcePrefix  string
@@ -209,6 +212,8 @@ func (c *Command) init() {
 		"Enables updating the CABundle on the webhook within this controller rather than using the web cert manager.")
 	c.flagSet.BoolVar(&c.flagEnableAutoEncrypt, "enable-auto-encrypt", false,
 		"Indicates whether TLS with auto-encrypt should be used when talking to Consul clients.")
+	c.flagSet.BoolVar(&c.flagEnableTelemetryCollector, "enable-telemetry-collector", false,
+		"Indicates whether proxies should be registered with configuration to enable forwarding metrics to consul-telemetry-collector")
 	c.flagSet.StringVar(&c.flagLogLevel, "log-level", zapcore.InfoLevel.String(),
 		fmt.Sprintf("Log verbosity level. Supported values (in order of detail) are "+
 			"%q, %q, %q, and %q.", zapcore.DebugLevel.String(), zapcore.InfoLevel.String(), zapcore.WarnLevel.String(), zapcore.ErrorLevel.String()))
@@ -455,6 +460,7 @@ func (c *Command) Run(args []string) int {
 		ReleaseName:                c.flagReleaseName,
 		ReleaseNamespace:           c.flagReleaseNamespace,
 		EnableAutoEncrypt:          c.flagEnableAutoEncrypt,
+		EnableTelemetryCollector:   c.flagEnableTelemetryCollector,
 		Context:                    ctx,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", endpoints.Controller{})