fix envoy TD config for xDSv1.3

modules/cloud-config-container/envoy-traffic-director/files/customize.sh

@@ -13,11 +13,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-ENVOY_NODE_ID=$(uuidgen)~$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/ip)
+ENVOY_NODE_ID=$(uuidgen)
 ENVOY_ZONE=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/zone | cut -f 4 -d '/')
 CONFIG_PROJECT_NUMBER=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/network | cut -f 2 -d '/')
 VPC_NETWORK_NAME=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/network | cut -f 4 -d '/')
-sed -i "s/_ENVOY_NODE_ID_/${ENVOY_NODE_ID}/" /etc/envoy/envoy.yaml
+sed -i "s/ENVOY_NODE_ID/${ENVOY_NODE_ID}/" /etc/envoy/envoy.yaml
-sed -i "s/_ENVOY_ZONE_/${ENVOY_ZONE}/" /etc/envoy/envoy.yaml
+sed -i "s/ENVOY_ZONE/${ENVOY_ZONE}/" /etc/envoy/envoy.yaml
-sed -i "s/_CONFIG_PROJECT_NUMBER_/${CONFIG_PROJECT_NUMBER}/" /etc/envoy/envoy.yaml
+sed -i "s/CONFIG_PROJECT_NUMBER/${CONFIG_PROJECT_NUMBER}/" /etc/envoy/envoy.yaml
-sed -i "s/_VPC_NETWORK_NAME_/${VPC_NETWORK_NAME}/" /etc/envoy/envoy.yaml
+sed -i "s/VPC_NETWORK_NAME/${VPC_NETWORK_NAME}/" /etc/envoy/envoy.yaml

modules/cloud-config-container/envoy-traffic-director/files/envoy.yaml

@@ -13,47 +13,68 @@
 # limitations under the License.
 
 node:
-  id: "_ENVOY_NODE_ID_"
+  # The id must be in the following format: projects/<project number>/networks/<network name>/nodes/<node id>
+  id: "projects/CONFIG_PROJECT_NUMBER/networks/VPC_NETWORK_NAME/nodes/ENVOY_NODE_ID"
   cluster: cluster # unused
   locality:
-    zone: "_ENVOY_ZONE_"
+    zone: "ENVOY_ZONE"
   metadata:
     TRAFFICDIRECTOR_INTERCEPTION_PORT: "15001"
-    TRAFFICDIRECTOR_NETWORK_NAME: "_VPC_NETWORK_NAME_"
-    TRAFFICDIRECTOR_GCP_PROJECT_NUMBER: "_CONFIG_PROJECT_NUMBER_"
     TRAFFICDIRECTOR_ENABLE_TRACING: "false"
     TRAFFICDIRECTOR_ACCESS_LOG_PATH: ""
     TRAFFICDIRECTOR_INBOUND_BACKEND_PORTS: ""
 
 dynamic_resources:
-  lds_config: { ads: {} }
+  lds_config:
-  cds_config: { ads: {} }
+    ads: {}
+    resource_api_version: V3
+  cds_config:
+    ads: {}
+    resource_api_version: V3
   ads_config:
     api_type: GRPC
+    transport_api_version: V3
     grpc_services:
-      - google_grpc:
+    - google_grpc:
-          target_uri: trafficdirector.googleapis.com:443
+        target_uri: trafficdirector.googleapis.com:443
-          stat_prefix: trafficdirector
+        stat_prefix: trafficdirector
-          channel_credentials:
+        channel_credentials:
-            ssl_credentials:
+          ssl_credentials:
-              root_certs:
+            root_certs:
-                filename: /etc/ssl/certs/ca-certificates.crt
+              filename: /etc/ssl/certs/ca-certificates.crt
-          call_credentials:
+        call_credentials:
-            google_compute_engine: {}
+          google_compute_engine: {}
+        channel_args:
+          args:
+            grpc.http2.max_pings_without_data:
+              int_value: 0
+            grpc.keepalive_time_ms:
+              int_value: 10000
+            grpc.keepalive_timeout_ms:
+              int_value: 20000
 
 cluster_manager:
   load_stats_config:
     api_type: GRPC
+    transport_api_version: V3
     grpc_services:
-      - google_grpc:
+    - google_grpc:
-          target_uri: trafficdirector.googleapis.com:443
+        target_uri: trafficdirector.googleapis.com:443
-          stat_prefix: trafficdirector
+        stat_prefix: trafficdirector
-          channel_credentials:
+        channel_credentials:
-            ssl_credentials:
+          ssl_credentials:
-              root_certs:
+            root_certs:
-                filename: /etc/ssl/certs/ca-certificates.crt
+              filename: /etc/ssl/certs/ca-certificates.crt
-          call_credentials:
+        call_credentials:
-            google_compute_engine: {}
+          google_compute_engine: {}
+        channel_args:
+          args:
+            grpc.http2.max_pings_without_data:
+              int_value: 0
+            grpc.keepalive_time_ms:
+              int_value: 10000
+            grpc.keepalive_timeout_ms:
+              int_value: 20000
 
 admin:
   access_log_path: /dev/stdout
@@ -66,89 +87,15 @@ tracing:
   http:
     name: envoy.tracers.opencensus
     typed_config:
-      "@type": type.googleapis.com/envoy.config.trace.v2.OpenCensusConfig
+      "@type": type.googleapis.com/envoy.config.trace.v3.OpenCensusConfig
       stackdriver_exporter_enabled: "false"
       stackdriver_project_id: ""
 
 layered_runtime:
   layers:
-    - name: rtds_layer
+  - name: rtds_layer
-      rtds_layer:
+    rtds_layer:
-        name: traffic_director_runtime
+      name: traffic_director_runtime
-        rtds_config: { ads: {} }
+      rtds_config:
-    - name: static_layer
+        ads: {}
-      static_layer:
+        resource_api_version: V3
-        envoy:
-          deprecated_features:
-            cluster:
-              proto:ORIGINAL_DST_LB: "true"
-              proto:extension_protocol_options: "true"
-              proto:tls_context: "true"
-            health_check:
-              proto:use_http2: "true"
-            http_connection_manager:
-              proto:operation_name: "true"
-            listener:
-              proto:tls_context: "true"
-            listener_components:
-              proto:config: "true"
-            route_components:
-              proto:allow_origin: "true"
-              proto:method: "true"
-              proto:pattern: "true"
-              proto:regex: "true"
-              proto:regex_match: "true"
-              proto:value: "true"
-            string:
-              proto:regex: "true"
-            trace:
-              proto:HTTP_JSON_V1: "true"
-          deprecated_features:envoy:
-            api:
-              v2:
-                Cluster:
-                  LbPolicy:
-                    ORIGINAL_DST_LB: "true"
-                  extension_protocol_options: "true"
-                  tls_context: "true"
-                Listener:
-                  tls_context: "true"
-                core:
-                  HealthCheck:
-                    HttpHealthCheck:
-                      use_http2: "true"
-                listener:
-                  Filter:
-                    config: "true"
-                  ListenerFilter:
-                    config: "true"
-                route:
-                  CorsPolicy:
-                    allow_origin: "true"
-                  HeaderMatcher:
-                    regex_match: "true"
-                  QueryParameterMatcher:
-                    regex: "true"
-                    value: "true"
-                  RouteMatch:
-                    regex: "true"
-                  VirtualCluster:
-                    method: "true"
-                    pattern: "true"
-            config:
-              filter:
-                network:
-                  http_connection_manager:
-                    v2:
-                      HttpConnectionManager:
-                        Tracing:
-                          operation_name: "true"
-              trace:
-                v2:
-                  ZipkinConfig:
-                    CollectorEndpointVersion:
-                      HTTP_JSON_V1: "true"
-            type:
-              matcher:
-                StringMatcher:
-                  regex: "true"

modules/cloud-config-container/envoy-traffic-director/variables.tf

@@ -17,7 +17,7 @@
 variable "envoy_image" {
   description = "Envoy Proxy container image to use."
   type        = string
-  default     = "envoyproxy/envoy:v1.14.1"
+  default     = "envoyproxy/envoy:v1.15.5"
 }
 
 variable "docker_logging" {