Add meta and default on ConsulIngressConfigEntry

[horaciomonsalvo]

Description

Changes

• Added support for ConsulIngressConfigEntry configuration in nomad/structs/services.go and api/consul.go.
  • Added new fields to ConsulIngressConfigEntry structs and updated their receiver functions.
    • Meta
    • Defaults
• Updated jobspec/parse_service.go
• Updated command/agent/job_endpoint.go
• Update related tests
• Update Nomad Documentation for ConsulIngressConfigEntry struct.

Testing Changes

To test these changes you need to build a Nomad binary and deploy a cluster with both Nomad and Consul agents and clients.
When you have your cluster running you can run the following job-spec:

job "ingress-demo" {

  datacenters = ["dc1"]

  # This group will have a task providing the ingress gateway automatically
  # created by Nomad. The ingress gateway is based on the Envoy proxy being
  # managed by the docker driver.
  group "ingress-group" {

    network {
      mode = "bridge"

      # This example will enable plain HTTP traffic to access the uuid-api connect
      # native example service on port 8080.
      port "inbound" {
        static = 8080
        to     = 8080
      }
    }

    service {
      name = "my-ingress-service"
      port = "8080"

      connect {
        gateway {

          # Consul gateway [envoy] proxy options.
          proxy {
            # The following options are automatically set by Nomad if not
            # explicitly configured when using bridge networking.
            #
            # envoy_gateway_no_default_bind = true
            # envoy_gateway_bind_addresses "uuid-api" {
            #   address = "0.0.0.0"
            #   port    = <associated listener.port>
            # }
            #
            # Additional options are documented at
            # https://www.nomadproject.io/docs/job-specification/gateway#proxy-parameters
          }

          # Consul Ingress Gateway Configuration Entry.
          ingress {
            # Nomad will automatically manage the Configuration Entry in Consul
            # given the parameters in the ingress block.
            #
            # Additional options are documented at
            # https://www.nomadproject.io/docs/job-specification/gateway#ingress-parameters
            tls {
              sds_config {
                  cluster_name = "foo"
                  cert_resource = "example.com-public-cert"
              }
            }  
            listener {
              port     = 8080
              protocol = "tcp"
              service {
                name = "uuid-api"
              }
            }
            # New fields:
            meta {
                testKey = "testValue"
            }
            defaults {
                max_connections = 100
                max_pending_requests = 100
            }
          }
        }
      }
    }
  }

  # The UUID generator from the connect-native demo is used as an example service.
  # The ingress gateway above makes access to the service possible over normal HTTP.
  # For example,
  #
  # $ curl $(dig +short @127.0.0.1 -p 8600 uuid-api.ingress.dc1.consul. ANY):8080
  group "generator" {
    network {
      mode = "host"
      port "api" {}
    }

    service {
      name = "uuid-api"
      port = "api"

      connect {
        native = true
      }
    }

    task "generate" {
      driver = "docker"

      config {
        image        = "hashicorpdev/uuid-api:v5"
        network_mode = "host"
      }

      env {
        BIND = "0.0.0.0"
        PORT = "${NOMAD_PORT_api}"
      }
    }
  }
}

Once the job is running and healthy, use Consul's API to get the terminating gateway's configuration:

curl --request GET http://127.0.0.1:8500/v1/config/ingress-gateway | json_pp

You will get the following JSON output:

[
    {
          "Kind": "ingress-gateway",
          "Name": "my-ingress-service",
          "TLS": {
              "Enabled": false,
              "SDS": {
                  "ClusterName": "foo",
                  "CertResource": "example.com-pulic-cert"
              }
          },
          "Listeners": [
              {
                  "Port": 8080,
                  "Protocol": "tcp",
                  "TLS": {
                      "Enabled": false
                  },
                  "Services": [
                      {
                          "Name": "uuid-api",
                          "Hosts": null,
                          "TLS": {},
                          "RequestHeaders": {},
                          "ResponseHeaders": {}
                      }
                  ]
              }
          ],
          "Defaults": {
              "MaxConnections": 100,
              "MaxPendingRequests": 100,
              "MaxConcurrentRequests": 0
          },
          "Meta": {
              "testKey": "testValue"
          },
          "CreateIndex": 51,
          "ModifyIndex": 233
    }
]

Demo Video

ConsulIngressConfigEntry.mp4

[tgross]

We didn't land this work when we did our big Consul refresh as it wasn't at the top of priority queue and was going to need rework to merge anyways. Given the current roadmap it doesn't make sense to try to ship these changes unless its in response to a specific request, so I'm going to close this out (and the other 2 similar PRs).