Enable envoy bootstrap config logging if global.logLevel == debug

hashicorp · Feb 23, 2023 · f5a0242 · f5a0242
1 parent 032fbaf
commit f5a0242
Show file tree

Hide file tree

Showing 8 changed files with 128 additions and 0 deletions.
diff --git a/charts/consul/templates/ingress-gateways-deployment.yaml b/charts/consul/templates/ingress-gateways-deployment.yaml
@@ -388,6 +388,9 @@ spec:
             {{- if $root.Values.global.adminPartitions.enabled }}
             - -partition={{ $root.Values.global.adminPartitions.name }}
             {{- end }}
+            {{- if (eq $root.Values.global.logLevel "debug")}}
+            - -enable-config-gen-logging
+            {{- end }}
           livenessProbe:
             tcpSocket:
               port: 21000

diff --git a/charts/consul/templates/mesh-gateway-deployment.yaml b/charts/consul/templates/mesh-gateway-deployment.yaml
@@ -333,6 +333,9 @@ spec:
             {{- if .Values.global.adminPartitions.enabled }}
             - -partition={{ .Values.global.adminPartitions.name }}
             {{- end }}
+            {{- if eq .Values.global.logLevel "debug"}}
+            - -enable-config-gen-logging
+            {{- end }}
           livenessProbe:
             tcpSocket:
               port: {{ .Values.meshGateway.containerPort }}

diff --git a/charts/consul/templates/terminating-gateways-deployment.yaml b/charts/consul/templates/terminating-gateways-deployment.yaml
@@ -343,6 +343,9 @@ spec:
             {{- if $root.Values.global.adminPartitions.enabled }}
             - -partition={{ $root.Values.global.adminPartitions.name }}
             {{- end }}
+            {{- if (eq $root.Values.global.logLevel "debug")}}
+            - -enable-config-gen-logging
+            {{- end }}
           livenessProbe:
             tcpSocket:
               port: 8443

diff --git a/charts/consul/test/unit/ingress-gateways-deployment.bats b/charts/consul/test/unit/ingress-gateways-deployment.bats
@@ -1661,6 +1661,36 @@ EOF
     [[ "$output" =~ "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" ]]
 }
 
+#--------------------------------------------------------------------
+# envoy bootstrap logging
+
+@test "ingressGateways/Deployment: envoy bootstrap logging is not present by default" {
+  cd `chart_dir`
+  local object=$(helm template \
+      -s templates/ingress-gateways-deployment.yaml  \
+      --set 'ingressGateways.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr)
+
+  local actual=$(echo $object | yq -r '.command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "ingressGateways/Deployment: envoy bootstrap logging flag is present if global.logLevel == debug" {
+  cd `chart_dir`
+  local object=$(helm template \
+      -s templates/ingress-gateways-deployment.yaml  \
+      --set 'ingressGateways.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.logLevel=debug' \
+      . | tee /dev/stderr |
+      yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr)
+
+  local actual=$(echo $object | yq -r '.command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # multiple gateways
 

diff --git a/charts/consul/test/unit/mesh-gateway-deployment.bats b/charts/consul/test/unit/mesh-gateway-deployment.bats
@@ -1788,6 +1788,35 @@ EOF
   [[ "$output" =~ "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" ]]
 }
 
+#--------------------------------------------------------------------
+# envoy bootstrap logging
+
+@test "meshGateway/Deployment: envoy bootstrap logging is not present by default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/mesh-gateway-deployment.yaml  \
+      --set 'meshGateway.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.containers[0].command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr)
+
+  [ "${actual}" = "false" ]
+}
+
+@test "meshGateway/Deployment: envoy bootstrap logging flag is present if global.logLevel == debug" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/mesh-gateway-deployment.yaml  \
+      --set 'meshGateway.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.logLevel=debug' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.containers[0].command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr)
+
+  [ "${actual}" = "true" ]
+}
+
+
 #--------------------------------------------------------------------
 # get-auto-encrypt-client-ca
 

diff --git a/charts/consul/test/unit/terminating-gateways-deployment.bats b/charts/consul/test/unit/terminating-gateways-deployment.bats
@@ -1475,6 +1475,36 @@ EOF
     [[ "$output" =~ "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" ]]
 }
 
+#--------------------------------------------------------------------
+# envoy bootstrap logging
+
+@test "terminatingGateways/Deployment: envoy bootstrap logging is not present by default" {
+  cd `chart_dir`
+  local object=$(helm template \
+      -s templates/terminating-gateways-deployment.yaml  \
+      --set 'terminatingGateways.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr)
+
+  local actual=$(echo $object | yq -r '.command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "terminatingGateways/Deployment: envoy bootstrap logging flag is present if global.logLevel == debug" {
+  cd `chart_dir`
+  local object=$(helm template \
+      -s templates/terminating-gateways-deployment.yaml  \
+      --set 'terminatingGateways.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.logLevel=debug' \
+      . | tee /dev/stderr |
+      yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr)
+
+  local actual=$(echo $object | yq -r '.command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # multiple gateways
 

diff --git a/control-plane/connect-inject/container_init.go b/control-plane/connect-inject/container_init.go
@@ -9,6 +9,7 @@ import (
 	"text/template"
 	"time"
 
+	"go.uber.org/zap/zapcore"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/utils/pointer"
 )
@@ -71,6 +72,9 @@ type initContainerCommandData struct {
 	// redirection is handled by the CNI plugin on pod creation.
 	EnableCNI bool
 
+	// EnableEnvoyBootstrapLogging enables debug log output when generating the Envoy bootstrap config.
+	EnableEnvoyBootstrapLogging bool
+
 	// TProxyExcludeInboundPorts is a list of inbound ports to exclude from traffic redirection via
 	// the consul connect redirect-traffic command.
 	TProxyExcludeInboundPorts []string
@@ -260,6 +264,10 @@ func (w *MeshWebhook) containerInit(namespace corev1.Namespace, pod corev1.Pod,
 		}
 	}
 
+	if w.LogLevel == zapcore.DebugLevel.String() {
+		data.EnableEnvoyBootstrapLogging = true
+	}
+
 	// Render the command
 	var buf bytes.Buffer
 	tpl := template.Must(template.New("root").Parse(strings.TrimSpace(
@@ -479,6 +487,9 @@ consul-k8s-control-plane connect-init -pod-name=${POD_NAME} -pod-namespace=${POD
   {{- if .ConsulNamespace }}
   -namespace="{{ .ConsulNamespace }}" \
   {{- end }}
+  {{- if .EnableEnvoyBootstrapLogging }}
+  -enable-config-gen-logging \
+  {{- end }}
   {{- if .MultiPort }}
   -admin-bind=127.0.0.1:{{ .EnvoyAdminPort }} \
   {{- end }}

diff --git a/control-plane/connect-inject/container_init_test.go b/control-plane/connect-inject/container_init_test.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/require"
+	"go.uber.org/zap/zapcore"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -160,6 +161,24 @@ consul-k8s-control-plane connect-init -pod-name=${POD_NAME} -pod-namespace=${POD
   -prometheus-ca-path="/certs/ca/" \
   -prometheus-cert-file="/certs/server.crt" \
   -prometheus-key-file="/certs/key.pem" \
+  -bootstrap > /consul/connect-inject/envoy-bootstrap.yaml`,
+			"",
+			"",
+		},
+		{
+			"When logLevel is debug, enable logging for Envoy bootstrap config generation",
+			func(pod *corev1.Pod) *corev1.Pod {
+				pod.Annotations[annotationService] = "web"
+				return pod
+			},
+			MeshWebhook{
+				ConsulAPITimeout: 5 * time.Second,
+				LogLevel:         zapcore.DebugLevel.String(),
+			},
+			`# Generate the envoy bootstrap code
+/consul/connect-inject/consul connect envoy \
+  -proxy-id="$(cat /consul/connect-inject/proxyid)" \
+  -enable-config-gen-logging \
   -bootstrap > /consul/connect-inject/envoy-bootstrap.yaml`,
 			"",
 			"",