diff --git a/configs/envoy_double_proxy_v2.template.yaml b/configs/envoy_double_proxy_v2.template.yaml index 0d638a6fe85dc..2c08332f795d8 100644 --- a/configs/envoy_double_proxy_v2.template.yaml +++ b/configs/envoy_double_proxy_v2.template.yaml @@ -25,7 +25,8 @@ {%endif -%} filters: - name: envoy.http_connection_manager - config: + typed_config: + "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager codec_type: AUTO stat_prefix: router route_config: @@ -42,14 +43,18 @@ timeout: 20s http_filters: - name: envoy.health_check - config: + typed_config: + "@type": type.googleapis.com/envoy.config.filter.http.health_check.v2.HealthCheck pass_through_mode: false - endpoint: /healthcheck - name: envoy.buffer - config: + headers: + - exact_match: /healthcheck + name: :path + - name: envoy.buffer + typed_config: + "@type": type.googleapis.com/envoy.config.filter.http.buffer.v2.Buffer max_request_bytes: 5242880 - name: envoy.router - config: {} + - name: envoy.router + typed_config: {} tracing: operation_name: INGRESS idle_timeout: 840s @@ -71,7 +76,8 @@ default_value: 1000 runtime_key: access_log.access_error.duration - traceable_filter: {} - config: + typed_config: + "@type": type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog path: /var/log/envoy/access_error.log format: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%REQ(X-LYFT-USER-ID)%\" \"%RESP(GRPC-STATUS)%\"\n" {% if proxy_proto %} @@ -91,20 +97,30 @@ static_resources: type: STATIC connect_timeout: 0.25s lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: 127.0.0.1 - port_value: 8125 + load_assignment: + cluster_name: statsd + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 8125 + protocol: TCP - name: backhaul type: STRICT_DNS connect_timeout: 1s lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: front-proxy.yourcompany.net - port_value: 9400 + load_assignment: + cluster_name: backhaul + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: front-proxy.yourcompany.net + port_value: 9400 + protocol: TCP # There are so few connections going back # that we can get some imbalance. Until we come up # with a better solution just limit the requests @@ -127,11 +143,16 @@ static_resources: type: LOGICAL_DNS connect_timeout: 1s lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: collector-grpc.lightstep.com - port_value: 443 + load_assignment: + cluster_name: lightstep_saas + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: collector-grpc.lightstep.com + port_value: 443 + protocol: TCP http2_protocol_options: {} tls_context: common_tls_context: @@ -143,12 +164,14 @@ static_resources: flags_path: "/etc/envoy/flags" stats_sinks: - name: envoy.statsd - config: + typed_config: + "@type": type.googleapis.com/envoy.config.metrics.v2.StatsdSink tcp_cluster_name: statsd tracing: http: name: envoy.lightstep - config: + typed_config: + "@type": type.googleapis.com/envoy.config.trace.v2.LightstepConfig access_token_file: "/etc/envoy/lightstep_access_token" collector_cluster: lightstep_saas runtime: @@ -156,7 +179,7 @@ runtime: subdirectory: envoy override_subdirectory: envoy_override admin: - access_log_path: "var/log/envoy/admin_access.log" + access_log_path: "/var/log/envoy/admin_access.log" address: socket_address: protocol: TCP diff --git a/configs/envoy_front_proxy_v2.template.yaml b/configs/envoy_front_proxy_v2.template.yaml index ef44b641ab609..35f734f80ad2e 100644 --- a/configs/envoy_front_proxy_v2.template.yaml +++ b/configs/envoy_front_proxy_v2.template.yaml @@ -31,7 +31,8 @@ {%endif %} filters: - name: envoy.http_connection_manager - config: + typed_config: + "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager codec_type: AUTO stat_prefix: router {% if proxy_proto -%} @@ -42,13 +43,15 @@ {{ router_file_content(router_file='envoy_router_v2.template.yaml')|indent(10) }} http_filters: - name: envoy.health_check - config: + typed_config: + "@type": type.googleapis.com/envoy.config.filter.http.health_check.v2.HealthCheck pass_through_mode: false headers: - name: ":path" exact_match: "/healthcheck" - name: envoy.buffer - config: + typed_config: + "@type": type.googleapis.com/envoy.config.filter.http.buffer.v2.Buffer max_request_bytes: 5242880 - name: envoy.rate_limit config: @@ -59,7 +62,7 @@ envoy_grpc: cluster_name: ratelimit - name: envoy.router - config: {} + typed_config: {} add_user_agent: true tracing: operation_name: INGRESS @@ -82,7 +85,8 @@ default_value: 1000 runtime_key: access_log.access_error.duration - traceable_filter: {} - config: + typed_config: + "@type": type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog path: "/var/log/envoy/access_error.log" format: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%REQ(X-LYFT-USER-ID)%\" \"%RESP(GRPC-STATUS)%\"\n" {% endmacro -%} @@ -100,29 +104,44 @@ static_resources: type: STRICT_DNS connect_timeout: 0.25s lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: disccovery.yourcompany.net - port_value: 80 + load_assignment: + cluster_name: sds + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: discovery.yourcompany.net + port_value: 80 + protocol: TCP - name: statsd type: STATIC connect_timeout: 0.25s lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: 127.0.0.1 - port_value: 8125 + load_assignment: + cluster_name: statsd + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 8125 + protocol: TCP - name: lightstep_saas type: LOGICAL_DNS connect_timeout: 1s lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: collector-grpc.lightstep.com - port_value: 443 + load_assignment: + cluster_name: lightstep_saas + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: collector-grpc.lightstep.com + port_value: 443 + protocol: TCP http2_protocol_options: {} {% for service, options in clusters.items() -%} - {{ helper.internal_cluster_definition(service, options)|indent(2) }} @@ -134,7 +153,8 @@ flags_path: /etc/envoy/flags tracing: http: name: envoy.lightstep - config: + typed_config: + "@type": type.googleapis.com/envoy.config.trace.v2.LightstepConfig collector_cluster: lightstep_saas access_token_file: "/etc/envoy/lightstep_access_token" runtime: diff --git a/configs/envoy_service_to_service_v2.template.yaml b/configs/envoy_service_to_service_v2.template.yaml index e6b40b734ff77..083a8c39a2926 100644 --- a/configs/envoy_service_to_service_v2.template.yaml +++ b/configs/envoy_service_to_service_v2.template.yaml @@ -9,7 +9,8 @@ filter_chains: - filters: - name: envoy.http_connection_manager - config: + typed_config: + "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager codec_type: AUTO stat_prefix: ingress_http route_config: @@ -32,22 +33,25 @@ cluster: local_service http_filters: - name: envoy.health_check - config: - pass_through_mode: true - headers: - - name: ":path" - exact_match: "/healthcheck" - cache_time: 2.5s + typed_config: + "@type": type.googleapis.com/envoy.config.filter.http.health_check.v2.HealthCheck + pass_through_mode: true + headers: + - name: ":path" + exact_match: "/healthcheck" + cache_time: 2.5s - name: envoy.buffer - config: - max_request_bytes: 5242880 + typed_config: + "@type": type.googleapis.com/envoy.config.filter.http.buffer.v2.Buffer + max_request_bytes: 5242880 - name: envoy.router - config: {} + typed_config: {} access_log: - name: envoy.file_access_log filter: not_health_check_filter: {} - config: + typed_config: + "@type": type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog path: "/var/log/envoy/ingress_http.log" {{ access_log_helper.ingress_full()|indent(10)}} - name: envoy.file_access_log @@ -75,7 +79,8 @@ default_value: 2000 runtime_key: access_log.access_error.duration - not_health_check_filter: {} - config: + typed_config: + "@type": type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog path: "/var/log/envoy/ingress_http_error.log" {{ access_log_helper.ingress_sampled_log()|indent(10)}} - name: envoy.file_access_log @@ -85,7 +90,8 @@ - not_health_check_filter: {} - runtime_filter: runtime_key: access_log.ingress_http - config: + typed_config: + "@type": type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog path: "/var/log/envoy/ingress_http_sampled.log" {{ access_log_helper.ingress_sampled_log()|indent(10)}} idle_timeout: 840s @@ -103,7 +109,8 @@ static_resources: filter_chains: - filters: - name: envoy.http_connection_manager - config: + typed_config: + "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager codec_type: AUTO stat_prefix: egress_http route_config: @@ -141,9 +148,10 @@ static_resources: default_value: 2000 runtime_key: access_log.access_error.duration - traceable_filter: {} - config: + typed_config: + "@type": type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog path: "/var/log/envoy/egress_http_error.log" - {{ access_log_helper.egress_error_log()|indent(10)}} + {{ access_log_helper.egress_error_log()|indent(10) }} use_remote_address: true http_filters: - name: envoy.rate_limit @@ -154,9 +162,9 @@ static_resources: envoy_grpc: cluster_name: ratelimit - name: envoy.grpc_http1_bridge - config: {} + typed_config: {} - name: envoy.router - config: {} + typed_config: {} - address: socket_address: @@ -166,7 +174,8 @@ static_resources: filter_chains: - filters: - name: envoy.http_connection_manager - config: + typed_config: + "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager codec_type: AUTO stat_prefix: egress_http rds: @@ -199,7 +208,8 @@ static_resources: default_value: 2000 runtime_key: access_log.access_error.duration - traceable_filter: {} - config: + typed_config: + "@type": type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog path: "/var/log/envoy/egress_http_error.log" {{ access_log_helper.egress_error_log()|indent(10) }} use_remote_address: true @@ -212,9 +222,9 @@ static_resources: envoy_grpc: cluster_name: ratelimit - name: envoy.grpc_http1_bridge - config: {} + typed_config: {} - name: envoy.router - config: {} + typed_config: {} {% if external_virtual_hosts|length > 0 or mongos_servers|length > 0 %}{% endif -%} {% for mapping in external_virtual_hosts -%} - name: "{{ mapping['address']}}" @@ -226,7 +236,8 @@ static_resources: filter_chains: - filters: - name: envoy.http_connection_manager - config: + typed_config: + "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager codec_type: AUTO idle_timeout: 840s stat_prefix: egress_{{ mapping['name'] }} @@ -251,10 +262,10 @@ static_resources: http_filters: {% if mapping['name'] in ['dynamodb_iad', 'dynamodb_legacy'] -%} - name: envoy.http_dynamo_filter - config: {} + typed_config: {} {% endif -%} - name: envoy.router - config: {} + typed_config: {} access_log: - name: envoy.file_access_log filter: @@ -280,7 +291,8 @@ static_resources: default_value: 2000 runtime_key: access_log.access_error.duration {% endif %} - config: + typed_config: + "@type": type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog path: "/var/log/envoy/egress_{{ mapping['name'] }}_http_error.log" {% if mapping.get('is_amzn_service', False) -%} {{ access_log_helper.egress_error_amazon_service()|indent(10) }} @@ -299,7 +311,8 @@ static_resources: filter_chains: - filters: - name: envoy.tcp_proxy - config: + typed_config: + "@type": type.googleapis.com/envoy.config.filter.network.tcp_proxy.v2.TcpProxy stat_prefix: mongo_{{ key }} cluster: mongo_{{ key }} - name: envoy.mongo_proxy @@ -342,11 +355,16 @@ static_resources: {% endif %} type: LOGICAL_DNS lb_policy: ROUND_ROBIN - hosts: - - socket_address: - address: {{ host['remote_address'] }} - port_value: {{ host['port_value'] }} - protocol: {{ host['protocol'] }} + load_assignment: + cluster_name: egress_{{ host['name'] }} + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: {{ host['remote_address'] }} + port_value: {{ host['port_value'] }} + protocol: {{ host['protocol'] }} {% endfor -%} {% endfor -%} {% for key, value in mongos_servers.items() -%} @@ -354,13 +372,18 @@ static_resources: connect_timeout: 0.25s type: STRICT_DNS lb_policy: RANDOM - hosts: - {% for server in value['hosts'] -%} - - socket_address: - protocol: {{ server['protocol'] }} - port_value: {{ server['port_value'] }} - address: {{ server['address'] }} - {% endfor -%} + load_assignment: + cluster_name: mongo_{{ key }} + endpoints: + - lb_endpoints: + {% for server in value['hosts'] -%} + - endpoint: + address: + socket_address: + address: {{ server['address'] }} + port_value: {{ server['port_value'] }} + protocol: {{ server['protocol'] }} + {% endfor -%} {% endfor %} - name: main_website connect_timeout: 0.25s @@ -368,20 +391,32 @@ static_resources: # Comment out the following line to test on v6 networks dns_lookup_family: V4_ONLY lb_policy: ROUND_ROBIN - hosts: - - socket_address: - address: main_website.com - port_value: 443 - tls_context: { sni: www.main_website.com } + load_assignment: + cluster_name: main_website + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: main_website.com + port_value: 443 + protocol: TCP + tls_context: + sni: www.main_website.com - name: local_service connect_timeout: 0.25s type: STATIC lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: 127.0.0.1 - port_value: 8080 + load_assignment: + cluster_name: main_website + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 8080 + protocol: TCP circuit_breakers: thresholds: max_pending_requests: 30 @@ -391,11 +426,16 @@ static_resources: type: STATIC lb_policy: ROUND_ROBIN http2_protocol_options: {} - hosts: - - socket_address: - protocol: TCP - address: 127.0.0.1 - port_value: 8081 + load_assignment: + cluster_name: local_service_grpc + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 8081 + protocol: TCP circuit_breakers: thresholds: max_requests: 200 @@ -404,31 +444,46 @@ static_resources: connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: rds.yourcompany.net - port_value: 80 + load_assignment: + cluster_name: local_service_grpc + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: rds.yourcompany.net + port_value: 80 + protocol: TCP dns_lookup_family: V4_ONLY - name: statsd connect_timeout: 0.25s type: STATIC lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: 127.0.0.1 - port_value: 8125 + load_assignment: + cluster_name: statsd + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 8125 + protocol: TCP dns_lookup_family: V4_ONLY - name: lightstep_saas connect_timeout: 1s type: LOGICAL_DNS lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: collector-grpc.lightstep.com - port_value: 443 + load_assignment: + cluster_name: lightstep_saas + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: collector-grpc.lightstep.com + port_value: 443 + protocol: TCP http2_protocol_options: max_concurrent_streams: 100 tls_context: @@ -442,20 +497,30 @@ static_resources: connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: cds.yourcompany.net - port_value: 80 + load_assignment: + cluster_name: cds_cluster + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: cds.yourcompany.net + port_value: 80 + protocol: TCP - name: sds connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN - hosts: - - socket_address: - protocol: TCP - address: discovery.yourcompany.net - port_value: 80 + load_assignment: + cluster_name: sds + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: discovery.yourcompany.net + port_value: 80 + protocol: TCP dynamic_resources: cds_config: api_config_source: @@ -467,13 +532,15 @@ cluster_manager: {} flags_path: "/etc/envoy/flags" stats_sinks: - name: envoy.statsd - config: + typed_config: + "@type": type.googleapis.com/envoy.config.metrics.v2.StatsdSink tcp_cluster_name: statsd watchdog: {} tracing: http: name: envoy.lightstep - config: + typed_config: + "@type": type.googleapis.com/envoy.config.trace.v2.LightstepConfig access_token_file: "/etc/envoy/lightstep_access_token" collector_cluster: lightstep_saas runtime: