consul-k8s icon indicating copy to clipboard operation
consul-k8s copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

helm:Pass additional arguments to MeshGateway Envoy

Open tasansga opened this issue 4 years ago • 5 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.

The official documentation for Consul (https://www.consul.io/commands/connect/envoy) suggests to pass optional arguments to envoy like this:

$ consul connect envoy -sidecar-for web -- -l debug

Apparently there's no way to pass these additional arguments to Envoy sidecars within MeshGateway through the Helm chart though? How can we pass additional arguments to specifically MeshGateway's Envoy using the Helm chart?

tasansga avatar Oct 28 '20 05:10 tasansga

Hi @tasansga, thanks for the issue. Note that for now you can bump log levels on envoy by port-forwarding and calling their admin api (https://www.envoyproxy.io/docs/envoy/latest/operations/admin#post--logging)

lkysow avatar Oct 28 '20 18:10 lkysow

Good idea, thanks a lot!

Didn't get it working though:

$  kubectl -n consul port-forward consul-mesh-gateway-7689cbb889-955mv 9901:9901
Forwarding from 127.0.0.1:9901 -> 9901
Forwarding from [::1]:9901 -> 9901
Handling connection for 9901
E1029 07:09:01.779810  606801 portforward.go:400] an error occurred forwarding 9901 -> 9901: error forwarding port 9901 to pod 1778671dff32b33610a39b46a07aa75e18c4144a5149c47d9292c1e800e712c7, uid : exit status 1: 2020/10/29 06:09:01 socat[1294] E connect(5, AF=2 127.0.0.1:9901, 16): Connection refused

Did I miss something here?

tasansga avatar Oct 29 '20 06:10 tasansga

Hi @tasansga, Consul configures Envoy to expose the admin API on localhost port 19000 (see consul connect envoy -admin-bind). Once you update the port you should be able to establish the port forward, and raise logging with curl --request POST http://localhost:19000/logging?level=debug.

blake avatar Oct 29 '20 15:10 blake

We support passing envoy options to all connect containers now (https://www.consul.io/docs/k8s/helm#v-connectinject-envoyextraargs) but not to mesh gateways yet.

lkysow avatar Jan 12 '21 01:01 lkysow

This logLevel requirement could likely be addressed cleanly with a good UX via https://github.com/hashicorp/consul-k8s/issues/1256, however I'm curious if other mesh Gateway flags are needed here.

david-yu avatar Jun 17 '22 19:06 david-yu

Will go ahead and close as now logLevel should be available via meshGateways via Helm.

david-yu avatar Jul 28 '23 17:07 david-yu