Documentation
¶
Index ¶
- Constants
- Variables
- func GetConsulToken() string
- func GetHealthCheckPort(p int) int
- type AgentServiceConnectProxyConfig
- type AgentWeights
- type Config
- func (c *Config) ClientConfig() *api.Config
- func (cfg *Config) ConsulDNSEnabled() bool
- func (c *Config) ConsulServerConnMgrConfig(taskMeta awsutil.ECSTaskMeta) (discovery.Config, error)
- func (c *Config) IsGateway() bool
- func (cfg *Config) TransparentProxyEnabled() bool
- func (c *Config) UnmarshalJSON(data []byte) error
- type ConsulDNS
- type ConsulLogin
- type ConsulServers
- type Controller
- type DefaultSettings
- type ExposeConfig
- type ExposePath
- type GRPCSettings
- type GatewayAddress
- type GatewayProxyConfig
- type GatewayRegistration
- type HTTPSettings
- type MeshGatewayConfig
- type ServiceRegistration
- type TLSSettings
- type TransparentProxyConfig
- type Upstream
Constants ¶
View Source
const ( // Cert used for internal RPC communication to the servers ConsulGRPCCACertPemEnvVar = "CONSUL_GRPC_CACERT_PEM" ConsulDataplaneDNSBindHost = "127.0.0.1" ConsulDataplaneDNSBindPort = 8600 // Login meta fields added to the token ConsulTokenTaskIDMeta = "consul.hashicorp.com/task-id" ConsulTokenClusterIDMeta = "consul.hashicorp.com/cluster" )
View Source
const ( // ServiceTokenFilename is the file in the BootstrapDir where the service token is written by `consul login`. ServiceTokenFilename = "service-token" // DefaultAuthMethodName is the default name of the Consul IAM auth method used for `consul login`. DefaultAuthMethodName = "iam-ecs-service-token" // DefaultGatewayPort (8443) is the default gateway registration port used by 'consul connect envoy -register'. DefaultGatewayPort = 8443 // DefaultPublicListenerPort is the default public listener port for sidecar proxies. DefaultPublicListenerPort = 20000 // DefaultProxyHealthCheckPort is the default HTTP health check port for the proxy. DefaultProxyHealthCheckPort = 22000 // TaggedAddressLAN is the map key for LAN tagged addresses. TaggedAddressLAN = "lan" // TaggedAddressWAN is the map key for WAN tagged addresses. TaggedAddressWAN = "wan" // Name of the dataplane's container ConsulDataplaneContainerName = "consul-dataplane" // Match Consul: https://github.com/hashicorp/consul/blob/68e79b8180ca89e8cfca291b40a30d943039bd49/agent/consul/authmethod/awsauth/aws.go#L16-L20 AuthMethodType string = "aws-iam" IAMServerIDHeaderName string = "X-Consul-IAM-ServerID" GetEntityMethodHeader string = "X-Consul-IAM-GetEntity-Method" GetEntityURLHeader string = "X-Consul-IAM-GetEntity-URL" GetEntityHeadersHeader string = "X-Consul-IAM-GetEntity-Headers" GetEntityBodyHeader string = "X-Consul-IAM-GetEntity-Body" SyntheticNode string = "synthetic-node" )
View Source
const (
ConfigEnvironmentVariable = "CONSUL_ECS_CONFIG_JSON"
)
Variables ¶
View Source
var Schema string
Functions ¶
func GetConsulToken ¶ added in v0.7.0
func GetConsulToken() string
func GetHealthCheckPort ¶ added in v0.7.0
Types ¶
type AgentServiceConnectProxyConfig ¶
type AgentServiceConnectProxyConfig struct {
Config map[string]interface{} `json:"config,omitempty"`
LocalServiceAddress string `json:"localServiceAddress,omitempty"`
PublicListenerPort int `json:"publicListenerPort,omitempty"`
HealthCheckPort int `json:"healthCheckPort,omitempty"`
Upstreams []Upstream `json:"upstreams,omitempty"`
MeshGateway *MeshGatewayConfig `json:"meshGateway,omitempty"`
Expose *ExposeConfig `json:"expose,omitempty"`
}
AgentServiceConnectProxyConfig defines the sidecar proxy configuration.
NOTE: For the proxy registration request (api.AgentServiceRegistration in Consul),
- The Kind and Port are set by mesh-init, so these fields are not configurable.
- The ID, Name, Tags, Meta, EnableTagOverride, and Weights fields are inferred or copied from the service registration by mesh-init.
- The bind address defaults to localhost in ECS but can be overridden with LocalServiceAddress and SocketPath is excluded.
- The Connect field is excluded. Since the sidecar proxy is being used, it's not a Connect-native service, and we don't need the nested proxy config included in the Connect field.
- The Partition field is excluded. mesh-init will use the partition from the service registration.
- The Namespace field is excluded. mesh-init will use the namespace from the service registration.
- There's not a use-case for specifying TaggedAddresses with Consul ECS, and Enable
For the proxy configuration (api.AgentServiceConnectProxyConfig in Consul),
- The DestinationServiceName, DestinationServiceId, LocalServiceAddress, and LocalServicePort are all set by mesh-init, based on the service configuration.
- The LocalServiceSocketPath is excluded, since it would conflict with the address/port set by mesh-init.
- Checks are excluded. mesh-init automatically configures useful checks for the proxy.
- TProxy is not supported on ECS, so the Mode and TransparentProxy fields are excluded.
func (*AgentServiceConnectProxyConfig) GetPublicListenerPort ¶ added in v0.4.3
func (a *AgentServiceConnectProxyConfig) GetPublicListenerPort() int
func (*AgentServiceConnectProxyConfig) ToConsulType ¶
func (a *AgentServiceConnectProxyConfig) ToConsulType() *api.AgentServiceConnectProxyConfig
type AgentWeights ¶
func (*AgentWeights) ToConsulType ¶
func (w *AgentWeights) ToConsulType() api.AgentWeights
type Config ¶
type Config struct {
BootstrapDir string `json:"bootstrapDir"`
ConsulLogin ConsulLogin `json:"consulLogin"`
HealthSyncContainers []string `json:"healthSyncContainers,omitempty"`
LogLevel string `json:"logLevel,omitempty"`
Proxy *AgentServiceConnectProxyConfig `json:"proxy"`
Gateway *GatewayRegistration `json:"gateway,omitempty"`
Service ServiceRegistration `json:"service"`
ConsulServers ConsulServers `json:"consulServers"`
Controller Controller `json:"controller"`
TransparentProxy TransparentProxyConfig `json:"transparentProxy"`
}
Config is the top-level config object.
func (*Config) ClientConfig ¶ added in v0.7.0
func (*Config) ConsulDNSEnabled ¶ added in v0.8.0
func (*Config) ConsulServerConnMgrConfig ¶ added in v0.7.0
func (*Config) TransparentProxyEnabled ¶ added in v0.8.0
func (*Config) UnmarshalJSON ¶ added in v0.8.0
UnmarshalJSON is a custom unmarshaller that assigns defaults to certain fields
type ConsulLogin ¶ added in v0.5.0
type ConsulLogin struct {
Enabled bool `json:"enabled"`
Method string `json:"method"`
IncludeEntity bool `json:"includeEntity"`
Meta map[string]string `json:"meta"`
Region string `json:"region"`
Datacenter string `json:"datacenter"`
// These are passed through to the consul-awsauth library.
STSEndpoint string `json:"stsEndpoint"`
ServerIDHeaderValue string `json:"serverIdHeaderValue"`
// These are for unit tests. They are disallowed by the JSON schema.
AccessKeyID string `json:"-"`
SecretAccessKey string `json:"-"`
}
ConsulLogin configures login options for the Consul IAM auth method.
func (*ConsulLogin) UnmarshalJSON ¶ added in v0.5.0
func (c *ConsulLogin) UnmarshalJSON(data []byte) error
UnmarshalJSON is a custom unmarshaller that defaults `includeEntity` to true
type ConsulServers ¶ added in v0.7.0
type ConsulServers struct {
Hosts string `json:"hosts"`
SkipServerWatch bool `json:"skipServerWatch"`
Defaults DefaultSettings `json:"defaults"`
GRPC GRPCSettings `json:"grpc"`
HTTP HTTPSettings `json:"http"`
}
ConsulServers configures options that helps the Consul specific ECS containers discover the consul servers.
func (*ConsulServers) GetGRPCTLSSettings ¶ added in v0.7.0
func (c *ConsulServers) GetGRPCTLSSettings() *TLSSettings
func (*ConsulServers) UnmarshalJSON ¶ added in v0.7.0
func (c *ConsulServers) UnmarshalJSON(data []byte) error
UnmarshalJSON is a custom unmarshaller that assigns defaults to certain fields
type Controller ¶ added in v0.7.0
type Controller struct {
IAMRolePath string `json:"iamRolePath"`
PartitionsEnabled bool `json:"partitionsEnabled"`
Partition string `json:"partition"`
}
Controller configures the options to start the consul-ecs-controller command.
func (*Controller) UnmarshalJSON ¶ added in v0.7.0
func (c *Controller) UnmarshalJSON(data []byte) error
UnmarshalJSON is a custom unmarshaller that assigns defaults to certain fields
type DefaultSettings ¶ added in v0.7.0
type DefaultSettings struct {
CaCertFile string `json:"caCertFile"`
EnableTLS bool `json:"tls"`
TLSServerName string `json:"tlsServerName"`
}
DefaultSettings hold the default TLS settings for Consul server's RPC and HTTP interfaces
func (*DefaultSettings) UnmarshalJSON ¶ added in v0.7.0
func (d *DefaultSettings) UnmarshalJSON(data []byte) error
UnmarshalJSON is a custom unmarshaller that assigns defaults to certain fields
type ExposeConfig ¶
type ExposeConfig struct {
Checks bool `json:"checks,omitempty"`
Paths []ExposePath `json:"paths,omitempty"`
}
ExposeConfig describes HTTP paths to expose through Envoy outside of Connect.
func (*ExposeConfig) ToConsulType ¶
func (e *ExposeConfig) ToConsulType() api.ExposeConfig
type ExposePath ¶
type ExposePath struct {
ListenerPort int `json:"listenerPort,omitempty"`
Path string `json:"path,omitempty"`
LocalPathPort int `json:"localPathPort,omitempty"`
Protocol string `json:"protocol,omitempty"`
}
ExposePath are the paths to expose outside of connect. See ExposeConfig.
func (*ExposePath) ToConsulType ¶
func (e *ExposePath) ToConsulType() api.ExposePath
type GRPCSettings ¶ added in v0.7.0
type GRPCSettings struct {
Port int `json:"port"`
CaCertFile string `json:"caCertFile"`
EnableTLS *bool `json:"tls"`
TLSServerName string `json:"tlsServerName"`
}
GRPCSettings hold the settings for Consul server's RPC interfaces. Overrides the configuration present in DefaultSettings for TLS.
func (*GRPCSettings) UnmarshalJSON ¶ added in v0.7.0
func (g *GRPCSettings) UnmarshalJSON(data []byte) error
UnmarshalJSON is a custom unmarshaller that assigns defaults to certain fields
type GatewayAddress ¶ added in v0.5.0
type GatewayAddress struct {
Address string `json:"address,omitempty"`
Port int `json:"port,omitempty"`
}
func (*GatewayAddress) ToConsulType ¶ added in v0.5.0
func (a *GatewayAddress) ToConsulType() api.ServiceAddress
type GatewayProxyConfig ¶ added in v0.5.0
type GatewayProxyConfig struct {
Config map[string]interface{} `json:"config,omitempty"`
}
func (*GatewayProxyConfig) ToConsulType ¶ added in v0.5.0
func (p *GatewayProxyConfig) ToConsulType() *api.AgentServiceConnectProxyConfig
type GatewayRegistration ¶ added in v0.5.0
type GatewayRegistration struct {
Kind api.ServiceKind `json:"kind"`
LanAddress *GatewayAddress `json:"lanAddress,omitempty"`
WanAddress *GatewayAddress `json:"wanAddress,omitempty"`
Name string `json:"name,omitempty"`
Tags []string `json:"tags,omitempty"`
Meta map[string]string `json:"meta,omitempty"`
Namespace string `json:"namespace,omitempty"`
Partition string `json:"partition,omitempty"`
Proxy *GatewayProxyConfig `json:"proxy,omitempty"`
HealthCheckPort int `json:"healthCheckPort,omitempty"`
}
func (*GatewayRegistration) ToConsulType ¶ added in v0.5.0
func (g *GatewayRegistration) ToConsulType() *api.AgentService
type HTTPSettings ¶ added in v0.7.0
type HTTPSettings struct {
Port int `json:"port"`
EnableHTTPS bool `json:"https"`
CaCertFile string `json:"caCertFile"`
EnableTLS *bool `json:"tls"`
TLSServerName string `json:"tlsServerName"`
}
HTTPSettings hold the settings for Consul server's HTTP interfaces. Overrides the configuration present in DefaultSettings for TLS.
func (*HTTPSettings) UnmarshalJSON ¶ added in v0.7.0
func (h *HTTPSettings) UnmarshalJSON(data []byte) error
UnmarshalJSON is a custom unmarshaller that assigns defaults to certain fields
type MeshGatewayConfig ¶
type MeshGatewayConfig struct {
Mode api.MeshGatewayMode `json:"mode,omitempty"`
}
MeshGatewayConfig describes how to use mesh gateways to reach other services.
func (*MeshGatewayConfig) ToConsulType ¶
func (m *MeshGatewayConfig) ToConsulType() api.MeshGatewayConfig
type ServiceRegistration ¶
type ServiceRegistration struct {
Name string `json:"name"`
Tags []string `json:"tags,omitempty"`
Port int `json:"port"`
EnableTagOverride bool `json:"enableTagOverride,omitempty"`
Meta map[string]string `json:"meta,omitempty"`
Weights *AgentWeights `json:"weights,omitempty"`
Namespace string `json:"namespace,omitempty"`
Partition string `json:"partition,omitempty"`
}
ServiceRegistration configures the Consul service registration.
NOTE: - The Kind and Id fields are set by mesh-init during service/proxy registration. - The Address field excluded. The agent's address (task ip) should always be used in ECS. - The Connect field is not supported:
- No Connect-native support for now. We assume Envoy is used.
- Proxy registration occurs in a separate request, so no need to inline the proxy config. See the SidecarProxyRegistration type.
func (*ServiceRegistration) ToConsulType ¶
func (r *ServiceRegistration) ToConsulType() *api.AgentService
type TLSSettings ¶ added in v0.7.0
type TransparentProxyConfig ¶ added in v0.8.0
type TransparentProxyConfig struct {
Enabled bool `json:"enabled"`
ExcludeInboundPorts []int `json:"excludeInboundPorts"`
ExcludeOutboundPorts []int `json:"excludeOutboundPorts"`
ExcludeOutboundCIDRs []string `json:"excludeOutboundCIDRs"`
ExcludeUIDs []string `json:"excludeUIDs"`
ConsulDNS ConsulDNS `json:"consulDNS"`
}
func (*TransparentProxyConfig) UnmarshalJSON ¶ added in v0.8.0
func (c *TransparentProxyConfig) UnmarshalJSON(data []byte) error
type Upstream ¶
type Upstream struct {
DestinationType api.UpstreamDestType `json:"destinationType,omitempty"`
DestinationNamespace string `json:"destinationNamespace,omitempty"`
DestinationPartition string `json:"destinationPartition,omitempty"`
DestinationName string `json:"destinationName,omitempty"`
DestinationPeer string `json:"destinationPeer,omitempty"`
Datacenter string `json:"datacenter,omitempty"`
LocalBindAddress string `json:"localBindAddress,omitempty"`
LocalBindPort int `json:"localBindPort,omitempty"`
Config map[string]interface{} `json:"config,omitempty"`
MeshGateway *MeshGatewayConfig `json:"meshGateway,omitempty"`
}
Upstream describes an upstream Consul Service.
NOTE: The LocalBindSocketPath and LocalBindSocketMode are excluded. This level of control/restriction is not as relevant in ECS since each proxy runs in an isolated Docker container.
func (*Upstream) ToConsulType ¶
Source Files
Click to show internal directories.
Click to hide internal directories.