traefik/pkg/provider/consulcatalog/consul_catalog.go
2020-08-17 18:04:03 +02:00

288 lines
10 KiB
Go

package consulcatalog
import (
"context"
"fmt"
"strconv"
"strings"
"text/template"
"time"
"github.com/cenkalti/backoff/v4"
"github.com/containous/traefik/v2/pkg/config/dynamic"
"github.com/containous/traefik/v2/pkg/job"
"github.com/containous/traefik/v2/pkg/log"
"github.com/containous/traefik/v2/pkg/provider"
"github.com/containous/traefik/v2/pkg/provider/constraints"
"github.com/containous/traefik/v2/pkg/safe"
"github.com/containous/traefik/v2/pkg/types"
"github.com/hashicorp/consul/api"
ptypes "github.com/traefik/paerser/types"
)
// DefaultTemplateRule The default template for the default rule.
const DefaultTemplateRule = "Host(`{{ normalize .Name }}`)"
var _ provider.Provider = (*Provider)(nil)
type itemData struct {
ID string
Node string
Name string
Address string
Port string
Status string
Labels map[string]string
Tags []string
ExtraConf configuration
}
// Provider holds configurations of the provider.
type Provider struct {
Constraints string `description:"Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container." json:"constraints,omitempty" toml:"constraints,omitempty" yaml:"constraints,omitempty" export:"true"`
Endpoint *EndpointConfig `description:"Consul endpoint settings" json:"endpoint,omitempty" toml:"endpoint,omitempty" yaml:"endpoint,omitempty" export:"true"`
Prefix string `description:"Prefix for consul service tags. Default 'traefik'" json:"prefix,omitempty" toml:"prefix,omitempty" yaml:"prefix,omitempty" export:"true"`
RefreshInterval ptypes.Duration `description:"Interval for check Consul API. Default 100ms" json:"refreshInterval,omitempty" toml:"refreshInterval,omitempty" yaml:"refreshInterval,omitempty" export:"true"`
RequireConsistent bool `description:"Forces the read to be fully consistent." json:"requireConsistent,omitempty" toml:"requireConsistent,omitempty" yaml:"requireConsistent,omitempty" export:"true"`
Stale bool `description:"Use stale consistency for catalog reads." json:"stale,omitempty" toml:"stale,omitempty" yaml:"stale,omitempty" export:"true"`
Cache bool `description:"Use local agent caching for catalog reads." json:"cache,omitempty" toml:"cache,omitempty" yaml:"cache,omitempty" export:"true"`
ExposedByDefault bool `description:"Expose containers by default." json:"exposedByDefault,omitempty" toml:"exposedByDefault,omitempty" yaml:"exposedByDefault,omitempty" export:"true"`
DefaultRule string `description:"Default rule." json:"defaultRule,omitempty" toml:"defaultRule,omitempty" yaml:"defaultRule,omitempty"`
client *api.Client
defaultRuleTpl *template.Template
}
// EndpointConfig holds configurations of the endpoint.
type EndpointConfig struct {
Address string `description:"The address of the Consul server" json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty" export:"true"`
Scheme string `description:"The URI scheme for the Consul server" json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
DataCenter string `description:"Data center to use. If not provided, the default agent data center is used" json:"datacenter,omitempty" toml:"datacenter,omitempty" yaml:"datacenter,omitempty" export:"true"`
Token string `description:"Token is used to provide a per-request ACL token which overrides the agent's default token" json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" export:"true"`
TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
HTTPAuth *EndpointHTTPAuthConfig `description:"Auth info to use for http access" json:"httpAuth,omitempty" toml:"httpAuth,omitempty" yaml:"httpAuth,omitempty" export:"true"`
EndpointWaitTime ptypes.Duration `description:"WaitTime limits how long a Watch will block. If not provided, the agent default values will be used" json:"endpointWaitTime,omitempty" toml:"endpointWaitTime,omitempty" yaml:"endpointWaitTime,omitempty" export:"true"`
}
// SetDefaults sets the default values.
func (c *EndpointConfig) SetDefaults() {
c.Address = "http://127.0.0.1:8500"
}
// EndpointHTTPAuthConfig holds configurations of the authentication.
type EndpointHTTPAuthConfig struct {
Username string `description:"Basic Auth username" json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" export:"true"`
Password string `description:"Basic Auth password" json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" export:"true"`
}
// SetDefaults sets the default values.
func (p *Provider) SetDefaults() {
endpoint := &EndpointConfig{}
endpoint.SetDefaults()
p.Endpoint = endpoint
p.RefreshInterval = ptypes.Duration(15 * time.Second)
p.Prefix = "traefik"
p.ExposedByDefault = true
p.DefaultRule = DefaultTemplateRule
}
// Init the provider.
func (p *Provider) Init() error {
defaultRuleTpl, err := provider.MakeDefaultRuleTemplate(p.DefaultRule, nil)
if err != nil {
return fmt.Errorf("error while parsing default rule: %w", err)
}
p.defaultRuleTpl = defaultRuleTpl
return nil
}
// Provide allows the consul catalog provider to provide configurations to traefik using the given configuration channel.
func (p *Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.Pool) error {
pool.GoCtx(func(routineCtx context.Context) {
ctxLog := log.With(routineCtx, log.Str(log.ProviderName, "consulcatalog"))
logger := log.FromContext(ctxLog)
operation := func() error {
var err error
p.client, err = createClient(p.Endpoint)
if err != nil {
return fmt.Errorf("error create consul client, %w", err)
}
ticker := time.NewTicker(time.Duration(p.RefreshInterval))
for {
select {
case <-ticker.C:
data, err := p.getConsulServicesData(routineCtx)
if err != nil {
logger.Errorf("error get consul catalog data, %v", err)
return err
}
configuration := p.buildConfiguration(routineCtx, data)
configurationChan <- dynamic.Message{
ProviderName: "consulcatalog",
Configuration: configuration,
}
case <-routineCtx.Done():
ticker.Stop()
return nil
}
}
}
notify := func(err error, time time.Duration) {
logger.Errorf("Provider connection error %+v, retrying in %s", err, time)
}
err := backoff.RetryNotify(safe.OperationWithRecover(operation), backoff.WithContext(job.NewBackOff(backoff.NewExponentialBackOff()), ctxLog), notify)
if err != nil {
logger.Errorf("Cannot connect to consul catalog server %+v", err)
}
})
return nil
}
func (p *Provider) getConsulServicesData(ctx context.Context) ([]itemData, error) {
consulServiceNames, err := p.fetchServices(ctx)
if err != nil {
return nil, err
}
var data []itemData
for _, name := range consulServiceNames {
consulServices, healthServices, err := p.fetchService(ctx, name)
if err != nil {
return nil, err
}
for i, consulService := range consulServices {
address := consulService.ServiceAddress
if address == "" {
address = consulService.Address
}
item := itemData{
ID: consulService.ServiceID,
Node: consulService.Node,
Name: consulService.ServiceName,
Address: address,
Port: strconv.Itoa(consulService.ServicePort),
Labels: tagsToNeutralLabels(consulService.ServiceTags, p.Prefix),
Tags: consulService.ServiceTags,
Status: healthServices[i].Checks.AggregatedStatus(),
}
extraConf, err := p.getConfiguration(item)
if err != nil {
log.FromContext(ctx).Errorf("Skip item %s: %v", item.Name, err)
continue
}
item.ExtraConf = extraConf
data = append(data, item)
}
}
return data, nil
}
func (p *Provider) fetchService(ctx context.Context, name string) ([]*api.CatalogService, []*api.ServiceEntry, error) {
var tagFilter string
if !p.ExposedByDefault {
tagFilter = p.Prefix + ".enable=true"
}
opts := &api.QueryOptions{AllowStale: p.Stale, RequireConsistent: p.RequireConsistent, UseCache: p.Cache}
consulServices, _, err := p.client.Catalog().Service(name, tagFilter, opts)
if err != nil {
return nil, nil, err
}
healthServices, _, err := p.client.Health().Service(name, tagFilter, false, opts)
return consulServices, healthServices, err
}
func (p *Provider) fetchServices(ctx context.Context) ([]string, error) {
// The query option "Filter" is not supported by /catalog/services.
// https://www.consul.io/api/catalog.html#list-services
opts := &api.QueryOptions{AllowStale: p.Stale, RequireConsistent: p.RequireConsistent, UseCache: p.Cache}
serviceNames, _, err := p.client.Catalog().Services(opts)
if err != nil {
return nil, err
}
// The keys are the service names, and the array values provide all known tags for a given service.
// https://www.consul.io/api/catalog.html#list-services
var filtered []string
for svcName, tags := range serviceNames {
logger := log.FromContext(log.With(ctx, log.Str("serviceName", svcName)))
if !p.ExposedByDefault && !contains(tags, p.Prefix+".enable=true") {
logger.Debug("Filtering disabled item")
continue
}
if contains(tags, p.Prefix+".enable=false") {
logger.Debug("Filtering disabled item")
continue
}
matches, err := constraints.MatchTags(tags, p.Constraints)
if err != nil {
logger.Errorf("Error matching constraints expression: %v", err)
continue
}
if !matches {
logger.Debugf("Container pruned by constraint expression: %q", p.Constraints)
continue
}
filtered = append(filtered, svcName)
}
return filtered, err
}
func contains(values []string, val string) bool {
for _, value := range values {
if strings.EqualFold(value, val) {
return true
}
}
return false
}
func createClient(cfg *EndpointConfig) (*api.Client, error) {
config := api.Config{
Address: cfg.Address,
Scheme: cfg.Scheme,
Datacenter: cfg.DataCenter,
WaitTime: time.Duration(cfg.EndpointWaitTime),
Token: cfg.Token,
}
if cfg.HTTPAuth != nil {
config.HttpAuth = &api.HttpBasicAuth{
Username: cfg.HTTPAuth.Username,
Password: cfg.HTTPAuth.Password,
}
}
if cfg.TLS != nil {
config.TLSConfig = api.TLSConfig{
Address: cfg.Address,
CAFile: cfg.TLS.CA,
CertFile: cfg.TLS.Cert,
KeyFile: cfg.TLS.Key,
InsecureSkipVerify: cfg.TLS.InsecureSkipVerify,
}
}
return api.NewClient(&config)
}