Introduction
This article outlines the steps for implementing the Service Mesh functionality of Consul using Envoy as the default proxy in the Connect sidecars. It highlights the importance of adhering to specific upgrade processes when transitioning to Consul 1.11 and discusses updating Envoy bootstrap files and configurations to ensure compatibility.
Scenario
When implementing the Service Mesh functionality of Consul, Envoy serves as an essential open-source edge and service proxy for cloud-native applications. With the release of Consul 1.11, support for Envoy 1.16 and the v2 variant of the Envoy xDS Transport Protocol has been removed. Consequently, configurations generated using Consul CLI versions newer than 1.10 require an upgrade of Consul and Envoy following the Stairstep Upgrade Path before transitioning to Consul 1.11.
During an upgrade to Consul 1.10, Envoy sidecars must be restarted and re-bootstrapped using a Consul CLI version >= 1.10. Failure to follow these steps may lead to compatibility issues with Envoy sidecars under Consul 1.11.
Recommendation
To ensure a seamless upgrade process and compatibility, follow these steps:
- Upgrade Envoy Configuration via Proxy-Defaults Config Entries:
Use the global proxy-defaults
configuration to define settings such as tracing and static clusters. Below is an example of a config entry supporting v3 of the envoy_tracing_json
:
{
"Kind": "proxy-defaults",
"Name": "global",
"Config": {
"envoy_extra_static_clusters_json": "{\"connect_timeout\": \"3.000s\",\"dns_lookup_family\": \"V4_ONLY\",\"lb_policy\": \"ROUND_ROBIN\",\"load_assignment\": {\"cluster_name\": \"datadog_8126\",\"endpoints\": [{\"lb_endpoints\": [{\"endpoint\": {\"address\": {\"socket_address\": {\"address\": \"datadog-apm.service.owf-dev\",\"port_value\": 8126,\"protocol\": \"TCP\"}}}}]}]},\"name\": \"datadog_8126\",\"type\": \"STRICT_DNS\"}",
"envoy_tracing_json": "{\"http\": {\"name\": \"envoy.tracers.datadog\",\"typed_config\": {\"@type\": \"type.googleapis.com/envoy.config.trace.v3.DatadogConfig\", \"collector_cluster\": \"datadog_8126\",\"service_name\": \"envoy\"}}}",
"protocol": "http"
},
"MeshGateway": {},
"Expose": {},
"CreateIndex": 65504642,
"ModifyIndex": 65504642
}
-
Apply the Updated Configuration: Save the updated configuration to a JSON file and apply it using the following commands:
consul config write /tmp/consul.proxy-defaults.config.new.json
-
Verify Configuration Updates: Confirm the configuration changes using:
consul config read -kind proxy-defaults -name global
You will get output like below -
{
"Kind": "proxy-defaults",
"Name": "global",
"Namespace": "default",
"Config": {
"envoy_extra_static_clusters_json": "{\"connect_timeout\": \"3.000s\",\"dns_lookup_family\": \"V4_ONLY\",\"lb_policy\": \"ROUND_ROBIN\",\"load_assignment\": {\"cluster_name\": \"datadog_8126\",\"endpoints\": [{\"lb_endpoints\": [{\"endpoint\": {\"address\": {\"socket_address\": {\"address\": \"datadog-apm.service.owf-dev\",\"port_value\": 8126,\"protocol\": \"TCP\"}}}}]}]},\"name\": \"datadog_8126\",\"type\": \"STRICT_DNS\"}",
"envoy_tracing_json": "{\"http\": {\"name\": \"envoy.tracers.datadog\",\"typed_config\": {\"@type\": \"type.googleapis.com/envoy.config.trace.v3.DatadogConfig\", \"collector_cluster\": \"datadog_8126\",\"service_name\": \"envoy\"}}}",
"protocol": "http"
},
"MeshGateway": {},
"Expose": {},
"CreateIndex": 65504642,
"ModifyIndex": 168677014
}
-
Re-bootstrap Envoy Configurations: After updating the configuration in the Consul state store, trigger a re-bootstrap of the Envoy sidecars and restart them to apply the changes.