nomad
nomad copied to clipboard
hashicorp
Add Checks on ConsulExposeConfig
Description
Changes
- Added the
Checksbool field to the ConsulExposeConfig struct innomad/structs/services.goandapi/consul.go. - Updated parser in
jobspec/parse_service.go. - Updated
command/agent/job_endpoint.go. - Updated related tests.
- Update Nomad Documentation for ConsulExposeConfig struct.
Testing Changes
To test these changes you need to build a Nomad binary and deploy a cluster with both Nomad and Consul agents and clients.
When you have your cluster running you can run the following job-spec:
job "expose-example" {
datacenters = ["dc1"]
group "api" {
network {
mode = "bridge"
port "api_expose_healthcheck" {
to = -1
}
}
service {
name = "count-api"
port = "9001"
connect {
sidecar_service {
proxy {
expose {
# New field
checks = true
path {
path = "/health"
protocol = "http"
local_path_port = 9001
listener_port = "api_expose_healthcheck"
}
}
}
}
}
check {
name = "api-health"
type = "http"
path = "/health"
port = "api_expose_healthcheck"
interval = "10s"
timeout = "3s"
}
}
task "web" {
driver = "docker"
config {
image = "hashicorpdev/counter-api:v3"
}
}
}
}
Once the job is deployed, use Consul's API to get the sidecar proxy's configuration:
curl --request GET http://127.0.0.1:8500/v1/catalog/service/count-api-sidecar-proxy | json_pp
You will get the following JSON output:
[
{
"ID" : "9cab1f92-ea84-fe9a-9fd4-699c5dcef3a9",
"CreateIndex" : 7927,
"ServiceTags" : [],
"ServiceConnect" : {},
"Node" : "ip-172-31-21-166",
"NodeMeta" : {
"consul-network-segment" : ""
},
"ServiceName" : "count-api-sidecar-proxy",
"Address" : "172.31.21.166",
"ServiceID" : "_nomad-task-9340260f-0a0a-d6e9-ccf5-d0bc491068f3-group-api-count-api-9001-sidecar-proxy",
"ServiceMeta" : {
"external-source" : "nomad"
},
"ServiceProxy" : {
"Expose" : {
"Paths" : [
{
"Path" : "/health",
"Protocol" : "http",
"LocalPathPort" : 9001,
"ListenerPort" : 26767
}
],
"Checks" : true
},
"DestinationServiceID" : "_nomad-task-9340260f-0a0a-d6e9-ccf5-d0bc491068f3-group-api-count-api-9001",
"LocalServicePort" : 9001,
"LocalServiceAddress" : "127.0.0.1",
"Mode" : "",
"Config" : {
"bind_address" : "0.0.0.0",
"envoy_stats_tags" : [
"nomad.alloc_id=9340260f-0a0a-d6e9-ccf5-d0bc491068f3",
"nomad.group=api",
"nomad.job=expose-example",
"nomad.namespace=default"
],
"bind_port" : 23167
},
"DestinationServiceName" : "count-api",
"MeshGateway" : {}
},
"Datacenter" : "dc1",
"TaggedAddresses" : {
"lan_ipv4" : "172.31.21.166",
"wan_ipv4" : "172.31.21.166",
"lan" : "172.31.21.166",
"wan" : "172.31.21.166"
},
"ServiceTaggedAddresses" : {
"consul-virtual" : {
"Port" : 23167,
"Address" : "240.0.0.1"
},
"wan_ipv4" : {
"Address" : "172.31.21.166",
"Port" : 23167
},
"lan_ipv4" : {
"Address" : "172.31.21.166",
"Port" : 23167
}
},
"ServiceSocketPath" : "",
"ServiceWeights" : {
"Warning" : 1,
"Passing" : 1
},
"ServiceEnableTagOverride" : false,
"ServicePort" : 23167,
"ModifyIndex" : 7927,
"ServiceKind" : "connect-proxy",
"ServiceAddress" : "172.31.21.166"
}
]
Demo Video
https://user-images.githubusercontent.com/74208929/226931441-d80c99e2-ff6d-4c8e-8639-852852a28c2e.mp4
I've been digging into this one and it's not clear to me that we need or want this field. We've already got check.expose which generates the appropriate expose block for the checks. My understanding of what expose.checks is supposed to do is to do the same work in the Envoy proxy config, which would conflict with check.expose.
@mmcquillan I'm going to put a pin in this one too until I've had a chance to chat with some of the Consul folks about it.
I followed up on this and this behavior is entirely covered by the existing Nomad feature set. Pushing it to the Consul side via this API field would only make the job harder to debug because there'd be a split between where exposed paths are getting configured. Going to close this out.