Each Grey Matter Proxy connects to the Grey Matter Control server with a bi-directional gRPC stream. This connection is kept alive as long as both servers are up, and updates to configuration will flow every 30 seconds (default; but configurable) from gm-control to each connected gm-proxy.
Set Up the Connection
To properly set up the connection, run gm-proxy with the following two environment variables.
PROXY_DYNAMIC=true # To run in dynamic configuration mode
XDS_HOST=<gm-control host>
XDS_PORT=<gm-control port>
Use TLS (Optional)
When connecting to the Envoy management server, proxies may also connect with TLS:
PROXY_DYNAMIC=true # To run in dynamic configuration mode
XDS_ENABLE_TLS=true
XDS_SERVER_CA_PATH-<gm-control trust path>
XDS_SERVER_CERT_PATH=<gm-control certificate path>
XDS_SERVER_KEY_PATH=<gm-control certificate key path>
In order for sidecars to connect to Control with TLS, the Control server must also be configured with TLS. See the Grey Matter Control documentation to learn more.
REST
If Grey Matter Control is using REST instead of gRPC (see Grey Matter Control REST support), the following environment variables must be set in order to connect:
XDS_PORT should match the port of the environment variable GM_CONTROL_XDS_GATEWAY_ADDR set for Grey Matter Control. By default this value is 50001.
Verify Connection
If you receive repeated proxy log messages in the form below, it means that the connection to gm-control is failing. Usually this is because the address is incorrect or not addressable. If these logs do not appear, the connection is successful.
Note: a single, or intermittent, occurrence of this error message often occurs during startup, and is not a concern.
