From 3a799adc7b0eeb85c1e94cadb01cbb51ea7fe308 Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Tue, 16 May 2023 23:59:33 -0400 Subject: [PATCH 1/3] inject envoy_telemetry_bind_socket_dir proxy config when telemetry collector is enabled --- .../templates/connect-inject-deployment.yaml | 3 +++ .../endpoints/endpoints_controller.go | 19 ++++++++++++++++--- .../subcommand/inject-connect/command.go | 6 ++++++ 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/charts/consul/templates/connect-inject-deployment.yaml b/charts/consul/templates/connect-inject-deployment.yaml index 2b52c1b81c..266a1cb76a 100644 --- a/charts/consul/templates/connect-inject-deployment.yaml +++ b/charts/consul/templates/connect-inject-deployment.yaml @@ -257,6 +257,9 @@ spec: {{- if and .Values.global.tls.enabled .Values.global.tls.enableAutoEncrypt }} -enable-auto-encrypt \ {{- end }} + {{- if .Values.global.enableTelemetryCollector }} + -enable-telemetry-collector \ + {{- end }} startupProbe: httpGet: path: /readyz/ready diff --git a/control-plane/connect-inject/controllers/endpoints/endpoints_controller.go b/control-plane/connect-inject/controllers/endpoints/endpoints_controller.go index 13f75f1156..584abd48c6 100644 --- a/control-plane/connect-inject/controllers/endpoints/endpoints_controller.go +++ b/control-plane/connect-inject/controllers/endpoints/endpoints_controller.go @@ -44,9 +44,10 @@ const ( terminatingGateway = "terminating-gateway" ingressGateway = "ingress-gateway" - kubernetesSuccessReasonMsg = "Kubernetes health checks passing" - envoyPrometheusBindAddr = "envoy_prometheus_bind_addr" - defaultNS = "default" + kubernetesSuccessReasonMsg = "Kubernetes health checks passing" + envoyPrometheusBindAddr = "envoy_prometheus_bind_addr" + envoyTelemetryCollectorBindSocketDir = "envoy_telemetry_collector_bind_socket_dir" + defaultNS = "default" // clusterIPTaggedAddressName is the key for the tagged address to store the service's cluster IP and service port // in Consul. Note: This value should not be changed without a corresponding change in Consul. @@ -119,6 +120,10 @@ type Controller struct { // to Consul client agents. EnableAutoEncrypt bool + // EnableTelemetryCollector controls whether the proxy service should be registered + // with config to enable telemetry forwarding. + EnableTelemetryCollector bool + MetricsConfig metrics.Config Log logr.Logger @@ -482,6 +487,10 @@ func (r *Controller) createServiceRegistrations(pod corev1.Pod, serviceEndpoints proxyConfig.Config[envoyPrometheusBindAddr] = prometheusScrapeListener } + if r.EnableTelemetryCollector { + proxyConfig.Config[envoyTelemetryCollectorBindSocketDir] = "/consul/connect-inject" + } + if consulServicePort > 0 { proxyConfig.LocalServiceAddress = "127.0.0.1" proxyConfig.LocalServicePort = consulServicePort @@ -761,6 +770,10 @@ func (r *Controller) createGatewayRegistrations(pod corev1.Pod, serviceEndpoints } } + if r.EnableTelemetryCollector { + service.Proxy.Config[envoyTelemetryCollectorBindSocketDir] = "/consul/service" + } + serviceRegistration := &api.CatalogRegistration{ Node: common.ConsulNodeNameFromK8sNode(pod.Spec.NodeName), Address: pod.Status.HostIP, diff --git a/control-plane/subcommand/inject-connect/command.go b/control-plane/subcommand/inject-connect/command.go index c7c04dd481..671a15f7cd 100644 --- a/control-plane/subcommand/inject-connect/command.go +++ b/control-plane/subcommand/inject-connect/command.go @@ -118,6 +118,9 @@ type Command struct { flagEnableAutoEncrypt bool + // Consul telemetry collector + flagEnableTelemetryCollector bool + // Consul DNS flags. flagEnableConsulDNS bool flagResourcePrefix string @@ -203,6 +206,8 @@ func (c *Command) init() { "Enables updating the CABundle on the webhook within this controller rather than using the web cert manager.") c.flagSet.BoolVar(&c.flagEnableAutoEncrypt, "enable-auto-encrypt", false, "Indicates whether TLS with auto-encrypt should be used when talking to Consul clients.") + c.flagSet.BoolVar(&c.flagEnableTelemetryCollector, "enable-telemetry-collector", false, + "Indicates whether proxies should be registered with configuration to enable forwarding metrics to consul-telemetry-collector") c.flagSet.StringVar(&c.flagLogLevel, "log-level", zapcore.InfoLevel.String(), fmt.Sprintf("Log verbosity level. Supported values (in order of detail) are "+ "%q, %q, %q, and %q.", zapcore.DebugLevel.String(), zapcore.InfoLevel.String(), zapcore.WarnLevel.String(), zapcore.ErrorLevel.String())) @@ -449,6 +454,7 @@ func (c *Command) Run(args []string) int { ReleaseName: c.flagReleaseName, ReleaseNamespace: c.flagReleaseNamespace, EnableAutoEncrypt: c.flagEnableAutoEncrypt, + EnableTelemetryCollector: c.flagEnableTelemetryCollector, Context: ctx, }).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", endpoints.Controller{}) From 9a95c9f0f118f88607d1dcd0f81c86bd84dd2d29 Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Tue, 30 May 2023 12:03:55 -0400 Subject: [PATCH 2/3] use metrics.enableTelemetryCollector value to gate controller logic --- charts/consul/templates/connect-inject-deployment.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/charts/consul/templates/connect-inject-deployment.yaml b/charts/consul/templates/connect-inject-deployment.yaml index 266a1cb76a..479e05b25a 100644 --- a/charts/consul/templates/connect-inject-deployment.yaml +++ b/charts/consul/templates/connect-inject-deployment.yaml @@ -257,9 +257,7 @@ spec: {{- if and .Values.global.tls.enabled .Values.global.tls.enableAutoEncrypt }} -enable-auto-encrypt \ {{- end }} - {{- if .Values.global.enableTelemetryCollector }} - -enable-telemetry-collector \ - {{- end }} + -enable-telemetry-collector={{ .Values.global.metrics.enableTelemetryCollector}} \ startupProbe: httpGet: path: /readyz/ready From af05804861b52a3e19f7e666cc07f6684a0e8d42 Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Tue, 30 May 2023 13:14:52 -0400 Subject: [PATCH 3/3] add changelog entry and unit test --- .changelog/2143.txt | 4 ++++ .../consul/test/unit/connect-inject-deployment.bats | 13 +++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 .changelog/2143.txt diff --git a/.changelog/2143.txt b/.changelog/2143.txt new file mode 100644 index 0000000000..8f58328f3d --- /dev/null +++ b/.changelog/2143.txt @@ -0,0 +1,4 @@ + +```release-note:feature +consul-telemetry-collector: Configure envoy proxy config during registration when consul-telemetry-collector is enabled. +``` diff --git a/charts/consul/test/unit/connect-inject-deployment.bats b/charts/consul/test/unit/connect-inject-deployment.bats index c60ea14f1f..e7d5b3bf48 100755 --- a/charts/consul/test/unit/connect-inject-deployment.bats +++ b/charts/consul/test/unit/connect-inject-deployment.bats @@ -211,6 +211,19 @@ load _helpers [ "${actual}" = "true" ] } +@test "connectInject/Deployment: metrics.enableTelemetryCollector can be configured" { + cd `chart_dir` + local cmd=$(helm template \ + -s templates/connect-inject-deployment.yaml \ + --set 'connectInject.enabled=true' \ + --set 'connectInject.metrics.enableTelemetryCollector=true' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command' | tee /dev/stderr) + + local actual=$(echo "$cmd" | + yq 'any(contains("-enable-telemetry-collector=true"))' | tee /dev/stderr) + [ "${actual}" = "true" ] +} #-------------------------------------------------------------------- # consul and consul-dataplane images