Configuration: Dynamic from control plane

These instructions are slightly more complex as you must also set up a control plane to provide Envoy with its configuration.

There are a number of control planes compatible with Envoy’s API such as Gloo or Istio.

You may also wish to explore implementing your own control plane, in which case the Go Control Plane provides a reference implementation that is a good place to start.

At a minimum, you will need to start Envoy configured with the following sections:

  • node to uniquely identify the proxy node.

  • dynamic_resources to tell Envoy which configurations should be updated dynamically

  • static_resources to specify where Envoy should retrieve its configuration from.

You can also add an admin section if you wish to monitor Envoy or retrieve stats or configuration information.

The following sections walk through the dynamic configuration provided in the demo dynamic control plane configuration file.

node

The node should specify cluster and id.

1
2
3
4
5
node:
  cluster: test-cluster
  id: test-id

dynamic_resources:

dynamic_resources

The dynamic_resources specify the configuration to load dynamically, and the cluster to connect to for dynamic configuration updates.

In this example, the configuration is provided by the xds_cluster configured below.

 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
  id: test-id

dynamic_resources:
  ads_config:
    api_type: GRPC
    transport_api_version: V3
    grpc_services:
    - envoy_grpc:
        cluster_name: xds_cluster
  cds_config:
    resource_api_version: V3
    ads: {}
  lds_config:
    resource_api_version: V3
    ads: {}

static_resources:

static_resources

Here we specify the static_resources to retrieve dynamic configuration from.

The xds_cluster is configured to query a control plane at http://my-control-plane:18000 .

17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
    ads: {}

static_resources:
  clusters:
  - connect_timeout: 1s
    type: strict_dns
    http2_protocol_options: {}
    name: xds_cluster
    load_assignment:
      cluster_name: xds_cluster
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: my-control-plane
                port_value: 18000

admin:

admin

Configuring the admin section is the same as for static configuration.

Enabling the admin interface with dynamic configuration, allows you to use the config_dump endpoint to see how Envoy is currently configured.

33
34
35
36
37
38
39
40
                port_value: 18000

admin:
  access_log_path: /dev/null
  address:
    socket_address:
      address: 0.0.0.0
      port_value: 19000

Warning

You may wish to restrict the network address the admin server listens to in your own deployment.