Configuring additional attributes for sidecar proxies

Normally, all sidecar proxies in the same VPC network receive the identical configuration information from Traffic Director, which ensures consistent behavior across the service mesh. Traffic Director also offers a way to customize individual proxies by using per-proxy configuration attributes.

The xDS API v2 provides a bootstrap node metadata interface that enables each proxy to send a set of key-value pairs to the Traffic Director instance on every xDS API request. Traffic Director uses this mechanism to enable proxy-specific configuration.

To use per-proxy configuration, add one or more supported parameters to your proxy's bootstrap node metadata configuration. The following table contains all supported per-proxy configuration attributes.

Attribute Value Description
TRAFFICDIRECTOR_INTERCEPTION_PORT An integer in the range 0-65535

A port number for the interception listener. Traffic destined to services configured in Traffic Director must be redirected to this port.

If this value is left empty, the interception listener is not configured by Traffic Director. If your configuration depends on traffic interception, the absence of the interception listener will break the flow of traffic.

TRAFFICDIRECTOR_NETWORK_NAME A string. For example: default.

GCP VPC network name for which the configuration is requested (This is the VPC network name referenced in the forwarding rule in the GCP API).

If this value is left empty, Traffic Director attempts to select the configuration for the VPC network over which the request from the sidecar proxy to trafficdirector.googleapis.com is sent out.

Leaving this as an empty value is not recommended. An empty value is not guaranteed to be supported in future releases.

TRAFFICDIRECTOR_GCP_PROJECT_NUMBER A string of digits. For example, 123456789. The GCP Project where Traffic Director resources are configured. This is the numeric identifier of your project (for example, 111222333444).

You can get a list of all your projects with their corresponding project numbers by using the gcloud projects list command or reviewing the Project info section of the GCP console.

If left empty, an attempt is made to fetch the configuration of the GCP project associated with the service account credentials.

Leaving this as an empty value is not recommended. An empty value is not guaranteed to be supported in future releases.

TRAFFICDIRECTOR_ACCESS_LOG_PATH A path to the access log file, represented as a string. For example: "/var/log/sidecar/access.log" The value of this parameter is used as file access log configuration, sent to a proxy by Traffic Director with other parameters. All incoming and outgoing requests are recorded in this file. For more information, refer to File access log documentation of the Envoy proxy.
TRAFFICDIRECTOR_ENABLE_TRACING Boolean, represented as a string. For example: "true" Enables the sidecar proxy to generate distributed tracing information. If set to "true", Envoy tracing parameters are programmed in the sidecar proxy by Traffic Director, and generate_request_id set to "true".

The following is an example in yaml format of how to configure the supported attributes in the node metadata section of the Envoy proxy bookstrap configuration:

node:
  metadata:
    TRAFFICDIRECTOR_INTERCEPTION_PORT: "15001"
    TRAFFICDIRECTOR_NETWORK_NAME: "default"
    TRAFFICDIRECTOR_GCP_PROJECT_NUMBER: "111222333444"
    TRAFFICDIRECTOR_ACCESS_LOG_PATH: "/tmp/sidecar/access.log"
    TRAFFICDIRECTOR_ENABLE_TRACING: "true"