connect: enable proxy.passthrough configuration

Enable configuration of HTTP and gRPC endpoints which should be exposed by the Connect sidecar proxy. This changeset is the first "non-magical" pass that lays the groundwork for enabling Consul service checks for tasks running in a network namespace because they are Connect-enabled. The changes here provide for full configuration of the connect { sidecar_service { proxy { expose { paths = [{ path = <exposed endpoint> protocol = <http or grpc> local_path_port = <local endpoint port> listener_port = <inbound mesh port> }, ... ] } } } stanza. Everything from `expose` and below is new, and partially implements the precedent set by Consul: https://www.consul.io/docs/connect/registration/service-registration.html#expose-paths-configuration-reference Combined with a task-group level network port-mapping in the form: port "exposeExample" { to = -1 } it is now possible to "punch a hole" through the network namespace to a specific HTTP or gRPC path, with the anticipated use case of creating Consul checks on Connect enabled services. A future PR may introduce more automagic behavior, where we can do things like 1) auto-fill the 'expose.path.local_path_port' with the default value of the 'service.port' value for task-group level connect-enabled services. 2) automatically generate a port-mapping 3) enable an 'expose.checks' flag which automatically creates exposed endpoints for every compatible consul service check (http/grpc checks on connect enabled services).
2026-01-06 10:25:42 +03:00 · 2020-03-06 21:15:22 -06:00
parent 69f19cc0c0
commit 2a9749c41c
15 changed files with 1150 additions and 203 deletions
--- a/api/services.go
+++ b/api/services.go
@@ -168,8 +168,9 @@ type SidecarTask struct {

 // ConsulProxy represents a Consul Connect sidecar proxy jobspec stanza.
 type ConsulProxy struct {
-	LocalServiceAddress string `mapstructure:"local_service_address"`
-	LocalServicePort    int    `mapstructure:"local_service_port"`
+	LocalServiceAddress string              `mapstructure:"local_service_address"`
+	LocalServicePort    int                 `mapstructure:"local_service_port"`
+	ExposeConfig        *ConsulExposeConfig `mapstructure:"expose"`
 	Upstreams           []*ConsulUpstream
 	Config              map[string]interface{}
 }
@@ -179,3 +180,15 @@ type ConsulUpstream struct {
 	DestinationName string `mapstructure:"destination_name"`
 	LocalBindPort   int    `mapstructure:"local_bind_port"`
 }
+
+type ConsulExposeConfig struct {
+	Paths []*ConsulExposePath `mapstructure:"paths"`
+	// todo(shoenig): add magic for 'checks' option
+}
+
+type ConsulExposePath struct {
+	Path          string
+	Protocol      string
+	LocalPathPort int    `mapstructure:"local_path_port"`
+	ListenerPort  string `mapstructure:"listener_port"`
+}