From f5a0242638eb3f290eb814b148c5cd21f409c6f9 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Wed, 8 Feb 2023 13:54:05 -0800 Subject: [PATCH] Enable envoy bootstrap config logging if global.logLevel == debug --- .../ingress-gateways-deployment.yaml | 3 ++ .../templates/mesh-gateway-deployment.yaml | 3 ++ .../terminating-gateways-deployment.yaml | 3 ++ .../unit/ingress-gateways-deployment.bats | 30 +++++++++++++++++++ .../test/unit/mesh-gateway-deployment.bats | 29 ++++++++++++++++++ .../unit/terminating-gateways-deployment.bats | 30 +++++++++++++++++++ .../connect-inject/container_init.go | 11 +++++++ .../connect-inject/container_init_test.go | 19 ++++++++++++ 8 files changed, 128 insertions(+) diff --git a/charts/consul/templates/ingress-gateways-deployment.yaml b/charts/consul/templates/ingress-gateways-deployment.yaml index ed5724389e..1a2c1aa38f 100644 --- a/charts/consul/templates/ingress-gateways-deployment.yaml +++ b/charts/consul/templates/ingress-gateways-deployment.yaml @@ -388,6 +388,9 @@ spec: {{- if $root.Values.global.adminPartitions.enabled }} - -partition={{ $root.Values.global.adminPartitions.name }} {{- end }} + {{- if (eq $root.Values.global.logLevel "debug")}} + - -enable-config-gen-logging + {{- end }} livenessProbe: tcpSocket: port: 21000 diff --git a/charts/consul/templates/mesh-gateway-deployment.yaml b/charts/consul/templates/mesh-gateway-deployment.yaml index a74abce318..d9c876ba07 100644 --- a/charts/consul/templates/mesh-gateway-deployment.yaml +++ b/charts/consul/templates/mesh-gateway-deployment.yaml @@ -333,6 +333,9 @@ spec: {{- if .Values.global.adminPartitions.enabled }} - -partition={{ .Values.global.adminPartitions.name }} {{- end }} + {{- if eq .Values.global.logLevel "debug"}} + - -enable-config-gen-logging + {{- end }} livenessProbe: tcpSocket: port: {{ .Values.meshGateway.containerPort }} diff --git a/charts/consul/templates/terminating-gateways-deployment.yaml b/charts/consul/templates/terminating-gateways-deployment.yaml index 540fded2e6..405fd7de6a 100644 --- a/charts/consul/templates/terminating-gateways-deployment.yaml +++ b/charts/consul/templates/terminating-gateways-deployment.yaml @@ -343,6 +343,9 @@ spec: {{- if $root.Values.global.adminPartitions.enabled }} - -partition={{ $root.Values.global.adminPartitions.name }} {{- end }} + {{- if (eq $root.Values.global.logLevel "debug")}} + - -enable-config-gen-logging + {{- end }} livenessProbe: tcpSocket: port: 8443 diff --git a/charts/consul/test/unit/ingress-gateways-deployment.bats b/charts/consul/test/unit/ingress-gateways-deployment.bats index f4bbc40881..705bfc5963 100644 --- a/charts/consul/test/unit/ingress-gateways-deployment.bats +++ b/charts/consul/test/unit/ingress-gateways-deployment.bats @@ -1661,6 +1661,36 @@ EOF [[ "$output" =~ "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" ]] } +#-------------------------------------------------------------------- +# envoy bootstrap logging + +@test "ingressGateways/Deployment: envoy bootstrap logging is not present by default" { + cd `chart_dir` + local object=$(helm template \ + -s templates/ingress-gateways-deployment.yaml \ + --set 'ingressGateways.enabled=true' \ + --set 'connectInject.enabled=true' \ + . | tee /dev/stderr | + yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "ingressGateways/Deployment: envoy bootstrap logging flag is present if global.logLevel == debug" { + cd `chart_dir` + local object=$(helm template \ + -s templates/ingress-gateways-deployment.yaml \ + --set 'ingressGateways.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'global.logLevel=debug' \ + . | tee /dev/stderr | + yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + #-------------------------------------------------------------------- # multiple gateways diff --git a/charts/consul/test/unit/mesh-gateway-deployment.bats b/charts/consul/test/unit/mesh-gateway-deployment.bats index 300886e713..5f3696ca7a 100755 --- a/charts/consul/test/unit/mesh-gateway-deployment.bats +++ b/charts/consul/test/unit/mesh-gateway-deployment.bats @@ -1788,6 +1788,35 @@ EOF [[ "$output" =~ "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" ]] } +#-------------------------------------------------------------------- +# envoy bootstrap logging + +@test "meshGateway/Deployment: envoy bootstrap logging is not present by default" { + cd `chart_dir` + local actual=$(helm template \ + -s templates/mesh-gateway-deployment.yaml \ + --set 'meshGateway.enabled=true' \ + --set 'connectInject.enabled=true' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr) + + [ "${actual}" = "false" ] +} + +@test "meshGateway/Deployment: envoy bootstrap logging flag is present if global.logLevel == debug" { + cd `chart_dir` + local actual=$(helm template \ + -s templates/mesh-gateway-deployment.yaml \ + --set 'meshGateway.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'global.logLevel=debug' \ + . | tee /dev/stderr | + yq '.spec.template.spec.containers[0].command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr) + + [ "${actual}" = "true" ] +} + + #-------------------------------------------------------------------- # get-auto-encrypt-client-ca diff --git a/charts/consul/test/unit/terminating-gateways-deployment.bats b/charts/consul/test/unit/terminating-gateways-deployment.bats index 5165c63565..19cee6f148 100644 --- a/charts/consul/test/unit/terminating-gateways-deployment.bats +++ b/charts/consul/test/unit/terminating-gateways-deployment.bats @@ -1475,6 +1475,36 @@ EOF [[ "$output" =~ "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" ]] } +#-------------------------------------------------------------------- +# envoy bootstrap logging + +@test "terminatingGateways/Deployment: envoy bootstrap logging is not present by default" { + cd `chart_dir` + local object=$(helm template \ + -s templates/terminating-gateways-deployment.yaml \ + --set 'terminatingGateways.enabled=true' \ + --set 'connectInject.enabled=true' \ + . | tee /dev/stderr | + yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "terminatingGateways/Deployment: envoy bootstrap logging flag is present if global.logLevel == debug" { + cd `chart_dir` + local object=$(helm template \ + -s templates/terminating-gateways-deployment.yaml \ + --set 'terminatingGateways.enabled=true' \ + --set 'connectInject.enabled=true' \ + --set 'global.logLevel=debug' \ + . | tee /dev/stderr | + yq -s -r '.[0].spec.template.spec.containers[0]' | tee /dev/stderr) + + local actual=$(echo $object | yq -r '.command | any(contains("-enable-config-gen-logging"))' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + #-------------------------------------------------------------------- # multiple gateways diff --git a/control-plane/connect-inject/container_init.go b/control-plane/connect-inject/container_init.go index 47dabbbe0b..a4bedc4e8c 100644 --- a/control-plane/connect-inject/container_init.go +++ b/control-plane/connect-inject/container_init.go @@ -9,6 +9,7 @@ import ( "text/template" "time" + "go.uber.org/zap/zapcore" corev1 "k8s.io/api/core/v1" "k8s.io/utils/pointer" ) @@ -71,6 +72,9 @@ type initContainerCommandData struct { // redirection is handled by the CNI plugin on pod creation. EnableCNI bool + // EnableEnvoyBootstrapLogging enables debug log output when generating the Envoy bootstrap config. + EnableEnvoyBootstrapLogging bool + // TProxyExcludeInboundPorts is a list of inbound ports to exclude from traffic redirection via // the consul connect redirect-traffic command. TProxyExcludeInboundPorts []string @@ -260,6 +264,10 @@ func (w *MeshWebhook) containerInit(namespace corev1.Namespace, pod corev1.Pod, } } + if w.LogLevel == zapcore.DebugLevel.String() { + data.EnableEnvoyBootstrapLogging = true + } + // Render the command var buf bytes.Buffer tpl := template.Must(template.New("root").Parse(strings.TrimSpace( @@ -479,6 +487,9 @@ consul-k8s-control-plane connect-init -pod-name=${POD_NAME} -pod-namespace=${POD {{- if .ConsulNamespace }} -namespace="{{ .ConsulNamespace }}" \ {{- end }} + {{- if .EnableEnvoyBootstrapLogging }} + -enable-config-gen-logging \ + {{- end }} {{- if .MultiPort }} -admin-bind=127.0.0.1:{{ .EnvoyAdminPort }} \ {{- end }} diff --git a/control-plane/connect-inject/container_init_test.go b/control-plane/connect-inject/container_init_test.go index f4ab3eed47..96dc4ce7a4 100644 --- a/control-plane/connect-inject/container_init_test.go +++ b/control-plane/connect-inject/container_init_test.go @@ -8,6 +8,7 @@ import ( "time" "github.com/stretchr/testify/require" + "go.uber.org/zap/zapcore" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -160,6 +161,24 @@ consul-k8s-control-plane connect-init -pod-name=${POD_NAME} -pod-namespace=${POD -prometheus-ca-path="/certs/ca/" \ -prometheus-cert-file="/certs/server.crt" \ -prometheus-key-file="/certs/key.pem" \ + -bootstrap > /consul/connect-inject/envoy-bootstrap.yaml`, + "", + "", + }, + { + "When logLevel is debug, enable logging for Envoy bootstrap config generation", + func(pod *corev1.Pod) *corev1.Pod { + pod.Annotations[annotationService] = "web" + return pod + }, + MeshWebhook{ + ConsulAPITimeout: 5 * time.Second, + LogLevel: zapcore.DebugLevel.String(), + }, + `# Generate the envoy bootstrap code +/consul/connect-inject/consul connect envoy \ + -proxy-id="$(cat /consul/connect-inject/proxyid)" \ + -enable-config-gen-logging \ -bootstrap > /consul/connect-inject/envoy-bootstrap.yaml`, "", "",