From ab189b0af7ef5e7aa6e20b5293612bd51ab10fe2 Mon Sep 17 00:00:00 2001 From: Zach Reyes <39203661+zasweq@users.noreply.github.com> Date: Mon, 2 Dec 2024 14:48:15 -0500 Subject: [PATCH] examples/features/csm_observability: Add xDS Credentials (#7875) --- examples/features/csm_observability/client/main.go | 9 ++++++++- examples/features/csm_observability/server/main.go | 14 +++++++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/examples/features/csm_observability/client/main.go b/examples/features/csm_observability/client/main.go index 20b357c2faad..cf33e6cb641d 100644 --- a/examples/features/csm_observability/client/main.go +++ b/examples/features/csm_observability/client/main.go @@ -29,6 +29,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" + xdscreds "google.golang.org/grpc/credentials/xds" "google.golang.org/grpc/examples/features/proto/echo" "google.golang.org/grpc/stats/opentelemetry" "google.golang.org/grpc/stats/opentelemetry/csm" @@ -56,7 +57,13 @@ func main() { cleanup := csm.EnableObservability(context.Background(), opentelemetry.Options{MetricsOptions: opentelemetry.MetricsOptions{MeterProvider: provider}}) defer cleanup() - cc, err := grpc.NewClient(*target, grpc.WithTransportCredentials(insecure.NewCredentials())) + // Set up xds credentials that fall back to insecure as described in: + // https://cloud.google.com/service-mesh/docs/service-routing/security-proxyless-setup#workloads_are_unable_to_communicate_in_the_security_setup. + creds, err := xdscreds.NewClientCredentials(xdscreds.ClientOptions{FallbackCreds: insecure.NewCredentials()}) + if err != nil { + log.Fatalf("Failed to create xDS credentials: %v", err) + } + cc, err := grpc.NewClient(*target, grpc.WithTransportCredentials(creds)) if err != nil { log.Fatalf("Failed to start NewClient: %v", err) } diff --git a/examples/features/csm_observability/server/main.go b/examples/features/csm_observability/server/main.go index b87f859aa1c0..3cafe23316b3 100644 --- a/examples/features/csm_observability/server/main.go +++ b/examples/features/csm_observability/server/main.go @@ -28,9 +28,12 @@ import ( "net/http" "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + xdscreds "google.golang.org/grpc/credentials/xds" pb "google.golang.org/grpc/examples/features/proto/echo" "google.golang.org/grpc/stats/opentelemetry" "google.golang.org/grpc/stats/opentelemetry/csm" + "google.golang.org/grpc/xds" "github.com/prometheus/client_golang/prometheus/promhttp" "go.opentelemetry.io/otel/exporters/prometheus" @@ -67,7 +70,16 @@ func main() { if err != nil { log.Fatalf("Failed to listen: %v", err) } - s := grpc.NewServer() + // Set up xds credentials that fall back to insecure as described in: + // https://cloud.google.com/service-mesh/docs/service-routing/security-proxyless-setup#workloads_are_unable_to_communicate_in_the_security_setup. + creds, err := xdscreds.NewServerCredentials(xdscreds.ServerOptions{FallbackCreds: insecure.NewCredentials()}) + if err != nil { + log.Fatalf("Failed to create xDS credentials: %v", err) + } + s, err := xds.NewGRPCServer(grpc.Creds(creds)) + if err != nil { + log.Fatalf("Failed to start xDS Server: %v", err) + } pb.RegisterEchoServer(s, &echoServer{addr: ":" + *port}) log.Printf("Serving on %s\n", *port)