• Stars
    star
    163
  • Rank 231,141 (Top 5 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created almost 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Envoy XDS backed by Consul

consul-envoy-xds CircleCI

consul-envoy-xds is an implementation of an Envoy Control Plane/xDiscovery Service via the Envoy data plane API. It makes services registered with Consul available as upstreams through CDS, EDS and RDS.

xDS is the set of APIs that control the Envoy dynamic configuration. A longer explanation is available on the XDS Protocol page. Currently consul-envoy-xds implements CDS, EDS and RDS. In this implementation, the streaming version is available but the sync (Unary call) one is WIP.

If you are using Consul for service discovery and would like to use Envoy without manual configuration, consul-envoy-xds can be used. It uses Consul Watches and any changes to endpoints are streamed to Envoy via the Control Plane.

Building it

  1. We use Dep for dependency management, instructions to install it can be found here.

  2. Fetch dev dependencies and create dev config (application.yml) from sample.

    make setup
    
  3. Run make to fetch dependencies, run the tests and build.

    make
    
  4. Run it.

    ./out/consul-envoy-xds
    

Using it

Locally, the services can be configured by setting the environment variables in an application.yml file. When this file is unavailable, configuration is loaded from the environment variables. This is the recommended way to load configuration on production.

PORT: 8053
LOG_LEVEL: DEBUG
CONSUL_CLIENT_PORT: 8500
CONSUL_CLIENT_HOST: localhost
CONSUL_DC: dc1
CONSUL_TOKEN: ""
WATCHED_SERVICE: foo-service,bar_svc
FOO_SERVICE_WHITELISTED_ROUTES: /foo,/fuu
BAR_SVC_WHITELISTED_ROUTES: /bar

For above sample configuration, consul-envoy-xds will setup 2 clusters viz. foo-service and bar-svc. The foo-service cluster will have two routes in a virtual host i.e. /foo and /fuu. Similarly, bar_svc will have a route /bar into the same virtual host.

Currently xDS server implementation configures single virtual host with routes for all upstream clusters based on _WHITELISTED_ROUTES config. This implies no two services can have any whitelisted route with same prefix.

Example entry point on production environments.

env PORT=8053 LOG_LEVEL=INFO CONSUL_AGENT_PORT=8500 CONSUL_CLIENT_HOST=localhost CONSUL_DC=dc1 CONSUL_TOKEN="" WATCHED_SERVICE=foo-service,bar_svc BAR_SVC_WHITELISTED_ROUTES='/bar' FOO_SERVICE_WHITELISTED_ROUTES='/foo,/fuu' ./consul-envoy-xds

Configuring Regex Paths:

If you have url params in the routes that needs to be whitelisted, you can use use regex in the path. To specify regex path in the whitelisted routes, use this notion: %regex:some_route

Example:

Let's say you have REST endpoint for serving customer details with customer id in the path: /foo/{customer-id}/details. To whitelist this path, you can:

WATCHED_SERVICE: foo-service
FOO_SERVICE_WHITELISTED_ROUTES: %regex:/foo/customer/[0-9]*/details,/fuu

If you have more than one path which has regex:

WATCHED_SERVICE: foo-service
FOO_SERVICE_WHITELISTED_ROUTES: %regex:/foo/customer/[0-9]*/details,%regex:/fuu/[0-9A-Z]*/id

refer to Regex documentation for the regex pattern

Sample Config:

Replace $XDS\_IP and $XDS\_PORT with wherever you're running consul-envoy-xds. Refer to Envoy documentation for other options.

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 443 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          stat_prefix: ingress_http
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: foo-service }
          http_filters:
          - name: envoy.router
  clusters:
  - name: foo-service
    connect_timeout: 0.25s
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    type: EDS
    eds_cluster_config:
      eds_config:
        api_config_source:
          api_type: GRPC
          cluster_names: [xds_cluster]         
  - name: xds_cluster
    connect_timeout: 0.25s
    type: STATIC
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    hosts: [{ socket_address: { address: $XDS_IP, port_value: $XDS_PORT }}]
admin:
  access_log_path: /dev/null
  address:
    socket_address: { address: 127.0.0.1, port_value: 9901 }

Using it with Rate Limitter

Example config with HTTP Header Rate Limit:

HTTP_HEADER_RATE_LIMIT_ENABLED: true
HTTP_HEADER_RATE_LIMIT_DESCRIPTOR: "user_id"
HTTP_HEADER_RATE_LIMIT_NAME: "User-Id"

For above sample configuration, consul-envoy-xds will add ratelimit in returned routes configuration based on Http Header. Later you need to implement envoy global gRPC rate limiting service. Refer to Envoy Rate Limit.

Sample Config with Rate Limit:

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 443 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          stat_prefix: ingress_http
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: foo-service }
          http_filters:
          - name: envoy.router
  clusters:
  - name: foo-service
    connect_timeout: 0.25s
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    type: EDS
    eds_cluster_config:
      eds_config:
        api_config_source:
          api_type: GRPC
          cluster_names: [xds_cluster]

  - name: rate_limit_cluster
    connect_timeout: 0.250s
    http2_protocol_options: {}
    hosts:
    - socket_address:
      address: $RATE_LIMIT_IP
      port_value: $RATE_LIMIT_PORT
    dns_lookup_family: V4_ONLY
    health_checks:
    - timeout:
        seconds: 1
      interval:
        seconds: 1
      unhealthy_threshold: 3
      healthy_threshold: 3
      grpc_health_check:
        service_name: $RATE_LIMIT_SERVICE_NAME

  - name: xds_cluster
    connect_timeout: 0.25s
    type: STATIC
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    hosts: [{ socket_address: { address: $XDS_IP, port_value: $XDS_PORT }}]

rate_limit_service:
  grpc_service:
    envoy_grpc:
      cluster_name: rate_limit_cluster
    timeout: 0.25s

admin:
  access_log_path: /dev/null
  address:
    socket_address: { address: 127.0.0.1, port_value: 9901 }

Enable Health Check Filter

Example config to enable health check filter

ENABLE_HEALTH_CHECK_CATALOG_SVC: true

Only discover catalog service endpoints with health check status passed

More Repositories

1

heimdall

An enhanced HTTP client for Go
Go
2,623
star
2

awesome-distributed-systems

Awesome list of distributed systems resources
811
star
3

weaver

An Advanced HTTP Reverse Proxy with Dynamic Sharding Strategies
Go
601
star
4

ziggurat

A stream processing framework to build stateless applications on Kafka
Clojure
397
star
5

draftsman

Draftsman is an on device layout inspector which can be embedded in your android app.
Kotlin
255
star
6

wrest

A fluent, easy-to-use, object oriented Ruby HTTP/REST client library with support RFC2616 HTTP caching and async calls that runs on CRuby and JRuby.
Ruby
234
star
7

darkroom

Go
224
star
8

courier-android

Kotlin library for creating long running connections using MQTT protocol
Kotlin
140
star
9

merlin

Kubernetes-friendly ML model management, deployment, and serving.
Go
128
star
10

proctor

A Developer-Friendly Automation Orchestrator
Go
123
star
11

clickstream-android

A Modern, Fast, and Lightweight Android Library Ingestion Platform.
Kotlin
70
star
12

CureIAM

Clean accounts over permissions in GCP infra at scale
Python
70
star
13

kingsly

Your own x.509 cert manager
Ruby
67
star
14

turing

Fast, scalable and extensible system to deploy and evaluate ML experiments in production
Go
61
star
15

valkyrie

Go wrapper for handling zero or more errors
Go
60
star
16

dollhouse

Python
60
star
17

xp

Extreme Programming made simple
Go
60
star
18

go-coverage

Drive higher confidence in making changes by detecting large blocks of untested functionality
Go
58
star
19

courier-go

courier-go
Go
44
star
20

mlp

A platform for developing and operating the machine learning systems at the various stages of machine learning life cycle.
Go
44
star
21

courier-flutter

Dart port of our popular courier library
Dart
43
star
22

kafqa

Quality tool for kafka, verifying kafka ops
Go
42
star
23

courier-iOS

Courier iOS
Swift
39
star
24

clickstream-ios

A Modern, Fast, and Lightweight iOS Library Ingestion Platform.
Swift
37
star
25

kat

Swiss Knife for Kafka admin operations
Go
32
star
26

charts

Kubernetes Helm Charts
Mustache
28
star
27

bulwark

Hystrix for Clojurists
Clojure
23
star
28

StorageToolKit-iOS

StorageToolKit aims to be a set of tools that works together to identify and optimize disk usage.
Swift
19
star
29

gojek.github.io

Gojek Technologies Website 👻 🕸 hosted with ❤️ by GitHub
HTML
16
star
30

courier

Swift
16
star
31

meniscus

Fire concurrent HTTP requests, return partial successes after a timeout
Go
15
star
32

gojek

GO-JEK Technologies Website Source 👻 🕸 💻
HTML
15
star
33

fiber

Library for building dynamic proxies, routers and traffic mixers from a set of composable abstract network components
Go
14
star
34

next.gojek

JavaScript
11
star
35

nsxt_exporter

Simple server that scrapes NSX-T stats and exports them via HTTP for Prometheus consumption
Go
10
star
36

WorkManager

Swift
9
star
37

sentry-clj.async

Async Processor for pushing events to sentry
Clojure
9
star
38

turing-experiments

ML Experimentation Platform
Go
8
star
39

clickstream-web

A Modern, Fast, and Lightweight Event Ingestion library for Web
JavaScript
7
star
40

optimus-extension-valor

Go
6
star
41

homebrew-tap

Homebrew Formulas for GO-JEK OSS Tools
Ruby
5
star
42

conventional-changelog-angular-asana

asana task references support for your conventional commits
JavaScript
5
star
43

twemproxy-docker

Alpine docker build for twemproxy
Shell
4
star
44

GopherCon

GO-JEK's Code Challenges + Quizzes at GopherCon 🐵 💻 🌮
4
star
45

statsd-docker

Dockerized version of StatsD with console backend.
JavaScript
4
star
46

ziggurat-web

Home of all things Ziggurat.
JavaScript
3
star
47

postcss-customprop-validate

PostCSS plugin to validate fallback values of CSS custom properties
JavaScript
3
star
48

vision

Ruby
3
star
49

lua-dev

Lua / Luajit / Luarocks image for dev
Dockerfile
2
star
50

old.gojek

next.gojek.io Website Source
JavaScript
2
star
51

docker-kong-plugin-dev

base docker image for Kong with Plugins dev, testing and setup
Python
1
star