github.imxd.top/hashicorp/consul@v1.4.5/agent/proxycfg/proxycfg.go

github.imxd.top/hashicorp/consul@v1.4.5/agent/proxycfg/proxycfg.go (about)

     1  // Package proxycfg provides a component that monitors local agent state for
     2  // Connect proxy service registrations and maintains the necessary cache state
     3  // for those proxies locally. Local cache state keeps pull based proxies (e.g.
     4  // the built in one) performant even on first request/startup, and allows for
     5  // push-based proxy APIs (e.g. xDS for Envoy) to be notified of updates to the
     6  // proxy configuration.
     7  //
     8  // The relationship with other agent components looks like this:
     9  //
    10  //     +------------------------------------------+
    11  //     | AGENT                                    |
    12  //     |                                          |
    13  //     | +--------+  1.  +----------+             |
    14  //     | | local  |<-----+ proxycfg |<--------+   |
    15  //     | | state  +----->| Manager  |<---+    |   |
    16  //     | +--------+  2.  +^---+-----+    |    |   |
    17  //     |                5.|   |          |    |   |
    18  //     |       +----------+   |  +-------+--+ |4. |
    19  //     |       |              +->| proxycfg | |   |
    20  //     |       |            3.|  |  State   | |   |
    21  //     |       |              |  +----------+ |   |
    22  //     |       |              |               |   |
    23  //     |       |              |  +----------+ |   |
    24  //     |       |              +->| proxycfg +-+   |
    25  //     |       |                 |  State   |     |
    26  //     |       |                 +----------+     |
    27  //     |       |6.                                |
    28  //     |  +----v---+                              |
    29  //     |  |   xDS  |                              |
    30  //     |  | Server |                              |
    31  //     |  +--------+                              |
    32  //     |                                          |
    33  //     +------------------------------------------+
    34  //
    35  //  1. Manager watches local state for changes.
    36  //  2. On local state change manager is notified and iterates through state
    37  //     looking for proxy service registrations.
    38  //  3. For each proxy service registered, the manager maintains a State
    39  //     instance, recreating on change, removing when deregistered.
    40  //  4. State instance copies the parts of the the proxy service registration
    41  //     needed to configure proxy, and sets up blocking watches on the local
    42  //     agent cache for all remote state needed: root and leaf certs, intentions,
    43  //     and service discovery results for the specified upstreams. This ensures
    44  //     these results are always in local cache for "pull" based proxies like the
    45  //     built-in one.
    46  //  5. If needed, pull-based proxy config APIs like the xDS server can Watch the
    47  //     config for a given proxy service.
    48  //  6. Watchers get notified every time something changes the current snapshot
    49  //     of config for the proxy. That might be changes to the registration,
    50  //     certificate rotations, changes to the upstreams required (needing
    51  //     different listener config), or changes to the service discovery results
    52  //     for any upstream (e.g. new instance of upstream service came up).
    53  package proxycfg