Light Dark Auto

Control Plane

Remote, programmatic configuration of proxies

Connect to Control

Each Grey Matter Proxy connects to the Grey Matter Control server with a bi-directional gRPC stream. This connection is kept alive as long as both servers are up, and updates to configuration will flow every 30 seconds (default; but configurable) from gm-control to each connected gm-proxy.

Set Up the Connection

To properly set up the connection, run gm-proxy with the following two environment variables.

PROXY_DYNAMIC=true   # To run in dynamic configuration mode

XDS_HOST=<gm-control host>
XDS_PORT=<gm-control port>

Use TLS (Optional)

When connecting to the Envoy management server, proxies may also connect with TLS:

PROXY_DYNAMIC=true   # To run in dynamic configuration mode

XDS_SERVER_CA_PATH-<gm-control trust path>
XDS_SERVER_CERT_PATH=<gm-control certificate path>
XDS_SERVER_KEY_PATH=<gm-control certificate key path>

Verify Connection

If you receive repeated proxy log messages in the form below, it means that the connection to gm-control is failing. Usually this is because the address is incorrect or not addressable. If these logs do not appear, the connection is successful.

[2019-10-11 15:21:51.635][8][warning][config] [bazel-out/k8-fastbuild/bin/external/envoy/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:102] gRPC config stream closed: 14, no healthy upstream
[2019-10-11 15:21:51.635][8][warning][config] [bazel-out/k8-fastbuild/bin/external/envoy/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:56] Unable to establish new stream