connect: configure envoy as dynamic forward proxy #6736
Labels
theme/connect
Anything related to Consul Connect, Service Mesh, Side Car Proxies
theme/envoy/xds
Related to Envoy support
type/question
Not an "enhancement" or "bug". Please post on discuss.hashicorp
We'd like to setup envoy as dynamic forward proxy with consul's escape hatch feature.
While the example from the docs provided as yaml/json to envoy at startup worked pretty well, we couldn't manage to get it running with consul, seeing errors like
[2019-11-01 10:32:36.606][1][warning][config] [bazel-out/k8-opt/bin/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:91] gRPC config stream closed: 2, can't unmarshal Any nested proto *v2.Cluster: unknown value "CLUSTER_PROVIDED" for enum envoy.api.v2.Cluster_LbPolicy
Replacing
CLUSTER_PROVIDED
with6
brought another error[2019-11-01 10:34:20.004][1][warning][config] [bazel-out/k8-opt/bin/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:91] gRPC config stream closed: 2, can't unmarshal Any nested proto *v2.Cluster: unknown message type "envoy.config.cluster.dynamic_forward_proxy.v2alpha.ClusterConfig"
That's our consul service registration
service { name = "journal" address = "192.168.144.9" port = 8888 connect { sidecar_service { proxy { upstreams { destination_name = "dynamic_forward_proxy_cluster" local_bind_port = 22222 config { envoy_cluster_json = <<EOL { "@type": "type.googleapis.com/envoy.api.v2.Cluster", "name": "dynamic_forward_proxy_cluster", "lb_policy": "CLUSTER_PROVIDED", "connect_timeout": "1s", "cluster_type": { "name": "envoy.clusters.dynamic_forward_proxy", "typed_config": { "@type": "type.googleapis.com/envoy.config.cluster.dynamic_forward_proxy.v2alpha.ClusterConfig", "dns_cache_config": { "name": "dynamic_forward_proxy_cache_config", "dns_lookup_family": "V4_ONLY" } } } } EOL envoy_listener_json = <<EOL { "@type": "type.googleapis.com/envoy.api.v2.Listener", "name": "listener_0", "address": { "socket_address": { "address": "127.0.0.1", "port_value": 22222 } }, "filterChains": [ { "filters": [ { "name": "envoy.http_connection_manager", "typed_config": { "@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager", "stat_prefix": "ingress_http", "route_config": { "name": "local_route", "virtual_hosts": [ { "name": "local_service", "domains": ["*"], "routes": [ { "match": { "prefix": "/" }, "route": { "cluster": "dynamic_forward_proxy_cluster" } } ] } ] }, "http_filters": [ { "name": "envoy.filters.http.dynamic_forward_proxy", "config": { "dns_cache_config": { "name": "dynamic_forward_proxy_cache_config", "dns_lookup_family": "V4_ONLY" } } }, { "name": "envoy.router", "config": {} } ] } } ] } ] } EOL } } } } } }
I asked envoy guys but they recommended me to ask here.
We tried that with consul 1.6.0 and envoy 1.11.2 and from master. Are we doing something wrong here?
The text was updated successfully, but these errors were encountered: