Anthos Service Mesh and Traffic Director are now Cloud Service Mesh. For more information, see the Cloud Service Mesh overview.

Configure Envoy bootstrap attributes

When the Envoy proxies and gRPC libraries that power your service mesh initialize, they need to connect to Cloud Service Mesh and become Cloud Service Mesh clients. To establish this connection, a client needs to be bootstrapped with configuration information, for example:

Where to find Cloud Service Mesh (trafficdirector.googleapis.com)
The VPC network name for which the client should request configuration
Other optional information like whether to enable logging

This document covers how to supply bootstrapping information when using Envoy with Cloud Service Mesh. The method that you use to supply bootstrapping configuration varies depending on how you deploy your services:

For Envoy sidecar proxies deployed automatically with VMs, see Options for VM setup with automated Envoy deployment for the parameter equivalents when you create an instance template.
For Envoy sidecar proxies deployed automatically with GKE Pods, add the supported parameters below to the proxyMetadata in the sidecar injector's ConfigMap. For more information about configuring required attributes, see Set up Google Kubernetes Engine Pods with automated Envoy injection.
For manual Envoy deployments, add the supported parameters below to your proxy's bootstrap node metadata configuration.

Required bootstrap configuration for manual Envoy deployments

The following table contains all required bootstrap configuration attributes.

Attribute Value Description

TRAFFICDIRECTOR_NETWORK_NAME

A string. For example: default.

Attribute	Value	Description
TRAFFICDIRECTOR_NETWORK_NAME	A string. For example: default.	Google Cloud VPC network name for which the configuration is requested (This is the VPC network name referenced in the forwarding rule in the Google Cloud API). When you use the xDS v2 API, we recommend that you set the network name. If this value is left empty, Cloud Service Mesh attempts to select the configuration for the VPC network over which the request from the sidecar proxy to trafficdirector.googleapis.com is sent out. When you use the xDS v3 API, you must provide the network name. Leaving this as an empty value is not recommended. An empty value is not guaranteed to be supported in future releases.
TRAFFICDIRECTOR_GCP_PROJECT_NUMBER	A string of digits. For example, `123456789`.	The Google Cloud project where Cloud Service Mesh resources are configured. This is the numeric identifier of your project (for example, `111222333444`). You can get a list of all your projects with their corresponding project numbers by using the gcloud projects list command or reviewing the Project info section of the Google Cloud console. When using the xDS v2 API, we recommend that you set the project number. If you leave the field empty, Cloud Service Mesh attempts to fetch the configuration of the Google Cloud project associated with the service account credentials. An empty value is not guaranteed to be supported in future releases. When using the xDS v3 API, you must provide the project number.

Google Cloud VPC network name for which the configuration is requested (This is the VPC network name referenced in the forwarding rule in the Google Cloud API).

When you use the xDS v2 API, we recommend that you set the network name. If this value is left empty, Cloud Service Mesh attempts to select the configuration for the VPC network over which the request from the sidecar proxy to trafficdirector.googleapis.com is sent out.

When you use the xDS v3 API, you must provide the network name.

Leaving this as an empty value is not recommended. An empty value is not guaranteed to be supported in future releases.

TRAFFICDIRECTOR_GCP_PROJECT_NUMBER

A string of digits. For example, 123456789.

The Google Cloud project where Cloud Service Mesh resources are configured. This is the numeric identifier of your project (for example, 111222333444).

You can get a list of all your projects with their corresponding project numbers by using the gcloud projects list command or reviewing the Project info section of the Google Cloud console.

When using the xDS v2 API, we recommend that you set the project number. If you leave the field empty, Cloud Service Mesh attempts to fetch the configuration of the Google Cloud project associated with the service account credentials. An empty value is not guaranteed to be supported in future releases.

When using the xDS v3 API, you must provide the project number.

Optional bootstrap configuration for manual Envoy deployments

The following table contains all optional bootstrap configuration attributes.

Attribute Value Description

TRAFFICDIRECTOR_INTERCEPTION_PORT

An integer in the range 0-65535

Attribute	Value	Description
TRAFFICDIRECTOR_INTERCEPTION_PORT	An integer in the range 0-65535	A port number for the interception listener. Traffic destined to services configured in Cloud Service Mesh must be redirected to this port. If this value is left empty, the interception listener is not configured by Cloud Service Mesh. If your configuration depends on outbound traffic interception, the absence of the interception listener breaks the flow of traffic. This field is not required for middle proxy use cases where only inbound traffic must be intercepted.
TRAFFICDIRECTOR_ACCESS_LOG_PATH	A path to the access log file, represented as a string. For example: "/var/log/sidecar/access.log"	The value of this parameter is used for file access log configuration, sent to a proxy by Cloud Service Mesh with other parameters. All incoming and outgoing requests are recorded in this file. For more information, refer to File access log documentation of the Envoy proxy.
TRAFFICDIRECTOR_ENABLE_TRACING	Boolean, represented as a string; for example, `true`	Enables the sidecar proxy to generate distributed tracing information. If set to `true`, Envoy tracing parameters are programmed in the sidecar proxy by Cloud Service Mesh, and generate_request_id set to "true".

A port number for the interception listener. Traffic destined to services configured in Cloud Service Mesh must be redirected to this port.

If this value is left empty, the interception listener is not configured by Cloud Service Mesh. If your configuration depends on outbound traffic interception, the absence of the interception listener breaks the flow of traffic. This field is not required for middle proxy use cases where only inbound traffic must be intercepted.

TRAFFICDIRECTOR_ACCESS_LOG_PATH A path to the access log file, represented as a string. For example: "/var/log/sidecar/access.log" The value of this parameter is used for file access log configuration, sent to a proxy by Cloud Service Mesh with other parameters. All incoming and outgoing requests are recorded in this file. For more information, refer to File access log documentation of the Envoy proxy.

TRAFFICDIRECTOR_ENABLE_TRACING Boolean, represented as a string; for example, true Enables the sidecar proxy to generate distributed tracing information. If set to true, Envoy tracing parameters are programmed in the sidecar proxy by Cloud Service Mesh, and generate_request_id set to "true".

The following is an example in yaml format of how to configure the supported attributes in the node metadata section of the Envoy proxy bootstrap configuration:

node:
  metadata:
    TRAFFICDIRECTOR_INTERCEPTION_PORT: "15001"
    TRAFFICDIRECTOR_NETWORK_NAME: "default"
    TRAFFICDIRECTOR_GCP_PROJECT_NUMBER: "111222333444"
    TRAFFICDIRECTOR_ACCESS_LOG_PATH: "/tmp/sidecar/access.log"
    TRAFFICDIRECTOR_ENABLE_TRACING: "true"