I am trying to setup a Service Mesh PoC, I have three micro-services each running with their sidecar-proxy (through envoy). I ran the following command to launch the proxies :
consul connect envoy -sidecar-for <CONSUL_SERVICE_ID> -admin-bind 127.0.0.1:19000 -http-addr http://127.0.0.1:8500 -grpc-addr 127.0.0.1:8502
The problem is that my sidecar-proxy starts a public listener on port 21002 (don't know this port name comes from, the configuration files for envoy are nowhere to be found) and it is unreachable. This causes my sidecar health check to fail and therefore my service redirection to fail.
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/filter_chain_manager_impl.cc:214] new fc_contexts has 1 filter chains, including 1 newly built
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/target_impl.cc:15] init manager Server initializing target Listener-init-target public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/manager_impl.cc:45] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 contains no targets
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 initialized, notifying Listener-local-init-watcher public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] target Listener-init-target public_listener:10.26.57.59:21000 initialized, notifying init manager Server
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:80] Create listen socket for listener public_listener:10.26.57.59:21000 on address 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:70] Set listener public_listener:10.26.57.59:21000 socket factory local address to 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:508] add active listener: name=public_listener:10.26.57.59:21000, hash=5712408582249607733, address=10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][info][upstream] [external/envoy/source/server/lds_api.cc:76] lds: add/update listener 'public_listener:10.26.57.59:21000'
[2020-06-16 15:02:30.672][24383][warning][misc] [external/envoy/source/common/protobuf/utility.cc:198] Using deprecated option 'envoy.api.v2.listener.Filter.config' from file listener_components.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/intro/deprecated for details.
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_manager_impl.cc:386] begin add/update listener: name=javatestrs-microc-cicdev:127.0.0.1:6610 hash=14335360969741422718
Do you have any idea on accessing this envoy public listener ?
sidecar log :
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/filter_chain_manager_impl.cc:214] new fc_contexts has 1 filter chains, including 1 newly built
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/target_impl.cc:15] init manager Server initializing target Listener-init-target public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/manager_impl.cc:45] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 contains no targets
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 initialized, notifying Listener-local-init-watcher public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] target Listener-init-target public_listener:10.26.57.59:21000 initialized, notifying init manager Server
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:80] Create listen socket for listener public_listener:10.26.57.59:21000 on address 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:70] Set listener public_listener:10.26.57.59:21000 socket factory local address to 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:508] add active listener: name=public_listener:10.26.57.59:21000, hash=5712408582249607733, address=10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][info][upstream] [external/envoy/source/server/lds_api.cc:76] lds: add/update listener 'public_listener:10.26.57.59:21000'
[2020-06-16 15:02:30.672][24383][warning][misc] [external/envoy/source/common/protobuf/utility.cc:198] Using deprecated option 'envoy.api.v2.listener.Filter.config' from file listener_components.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/intro/deprecated for details.
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_manager_impl.cc:386] begin add/update listener: name=javatestrs-microc-cicdev:127.0.0.1:6610 hash=14335360969741422718
The public listener port is auto-allocated by Consul to the sidecar from a default range (21000 - 21255). It is used to receive mTLS connections from other proxies in the mesh. The range can be defined in the Consul agent's configuration under the ports {} stanza.
ports {
sidecar_min_port = 30000
sidecar_max_port = 31000
}
See https://www.consul.io/docs/agent/options#sidecar_min_port for the specific documentation.
You can select a specific port using the port parameter in the sidecar service definition.
{
"service": {
"name": "web",
"port": 8080,
"connect": {
"sidecar_service": {
"port": 31000
}
}
}
}