consul icon indicating copy to clipboard operation
consul copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

[Feature/Bug] Terminating Gateway Configuration Attributes Missing

Open reskin89 opened this issue 2 years ago • 3 comments

Feature Description

Currently the Terminating Gateway mode for consul allows a written json/hcl configuration, however it is missing the ability to add things such as address or port to it, or register.

These attributes must be given to the consul connect envoy command subset as shown in the terminating gateway tutorial here

It is also seen in the struct for the TG configuration:

type TerminatingGatewayConfigEntry struct {
	Kind     string
	Name     string
	Services []LinkedService

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

I propose this struct be updated to either have port (int) and address (string), or one unified string much like the consul CLI:

type TerminatingGatewayConfigEntry struct {
	Kind     string
	Name     string
        Address  string `json:",omitempty"`
	Services []LinkedService

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

Use Case(s)

The new method for deploying consul on ECS uses a methodology of the consul-ecs binary bootstrapping the client and envoy configurations, utilizing an envoy only container afterwards.

As the terminating gateway configuration doesn't allow for this very necessary listening address and port config, its not possible to utilize the new methodology, or modify the current gateway-task terraform module to harbor Terminating Gateways.

reskin89 avatar Aug 03 '22 16:08 reskin89

@reskin89 , thanks for the input! Your proposal totally makes sense. Will work on a PR to enable that.

huikang avatar Aug 05 '22 18:08 huikang

@reskin89 , after some investigation, I think there is no need to make any change to the terminating-gateway config entry. This is because terminating-gateway itself is a service, so you can define the listening address (actually the address will be the bind address of the co-located consul agent) and port in the service definition file. Following is the process for the example in the tutorial

  1. Register an terminating gateway service
service {
  name = "legacy-services-gateway"
  kind = "terminating-gateway"
  port = 20444       // You can set to any port for listerning the traffic
  check {
    id      = "terminating-gateway listening"
    tcp     = "localhost:20444"
    method   = "GET"
    interval = "10s"
    timeout  = "1s"
  }
}

Register the terminating gateway service: consul services register ./service-terminating-gateway.hcl

  1. Start the envoy
consul connect envoy -gateway terminating \
      -service legacy-services-gateway

The difference between the above command and the example in the tutorial is that here we don't register the terminating gateway through consul connect (since we already did in step 1). The listener address will be the bind address of the consul agent similar to a regular service.

Now the terminating gateway is registered with the consul agent. To dynamically change the address or port, you can send a PUT request to the /agent/service/register endpoint.

huikang avatar Aug 06 '22 03:08 huikang

@huikang Thanks for the response! Ryan is looking into this.

GordonMcKinney avatar Aug 09 '22 15:08 GordonMcKinney