Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(translator): extension server should fail close #4936

Merged
merged 8 commits into from
Jan 9, 2025
Merged

feat(translator): extension server should fail close #4936

merged 8 commits into from
Jan 9, 2025

Conversation

liorokman
Copy link
Contributor

This PR changes the default behavior for extension servers to fail-close instead of fail open.

Which issue(s) this PR fixes:
Fixes #4155

Release Notes: Yes

@codecov Codecov
Copy link

codecov bot commented Dec 16, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 65.60000% with 43 lines in your changes missing coverage. Please review.

Project coverage is 66.75%. Comparing base (00ecd08) to head (52a41c2).
Report is 4 commits behind head on main.

Files with missing lines Patch % Lines
internal/extension/registry/extension_manager.go 0.00% 16 Missing ⚠️
internal/xds/translator/translator.go 83.87% 10 Missing and 5 partials ⚠️
internal/xds/translator/extension.go 25.00% 8 Missing and 4 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4936      +/-   ##
==========================================
- Coverage   66.80%   66.75%   -0.06%     
==========================================
  Files         209      209              
  Lines       32264    32367     +103     
==========================================
+ Hits        21554    21606      +52     
- Misses       9419     9455      +36     
- Partials     1291     1306      +15

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@liorokman
Copy link
Contributor Author

/retest

1 similar comment
@liorokman
Copy link
Contributor Author

/retest

@liorokman liorokman marked this pull request as ready for review December 18, 2024 12:35
@liorokman liorokman requested a review from a team as a code owner December 18, 2024 12:35
guydc
guydc reviewed Jan 7, 2025
View reviewed changes
internal/xds/translator/translator.go
for _, filter := range listener.FilterChains {
hcm, err := findHCMinFilterChain(filter)
if err != nil {
// no HCM found, skip
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also cover use cases where tcp_proxy is found instead of HCM? e.g. for filter chains generated for TCP/TLSRoute. Is it currently possible to mutate these filter chains in the extension manager using one of the hooks?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The listener hook will be called for non-HTTP(s) listeners.

But for non-HTTP(s) listeners, it's not possible to return an HTTP 500 response. What would "failing-close" look like here?

Copy link
Contributor

@guydc guydc Jan 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can remove the filter chain such that envoy resets connections? Anyway, not blocking IMHO.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I'll do something like that.

release-notes/current.yaml Outdated Show resolved Hide resolved
@arkodg
Copy link
Contributor

arkodg commented Jan 7, 2025

thanks @liorokman , overall LGTM, added some non blocking comments around adding comments

@liorokman
Start of work on fail-close for extension server
3b335df 
Signed-off-by: Lior Okman <lior.okman@sap.com>
@liorokman
Override hook targets if the hooks return an error for HTTP listeners
d114cb8 
and HTTP routes.

Signed-off-by: Lior Okman <lior.okman@sap.com>
@liorokman
Added support for setting the extension server's mode to fail-open.
cb86115 
Signed-off-by: Lior Okman <lior.okman@sap.com>
@liorokman
Treat connection errors in the same way as hook errors.
fb16037 
Signed-off-by: Lior Okman <lior.okman@sap.com>
@liorokman
Added a note in the release notes
252e27d 
Signed-off-by: Lior Okman <lior.okman@sap.com>
@liorokman
Some more tests
459b13a 
Signed-off-by: Lior Okman <lior.okman@sap.com>
@liorokman
Updated release notes and comments as requested in the review.
0ffd03c 
Signed-off-by: Lior Okman <lior.okman@sap.com>
@liorokman liorokman force-pushed the ext-server-fail-close branch from 2357622 to 0ffd03c Compare January 8, 2025 08:53
@liorokman
Removed a trailing space in the release notes.
52a41c2 
Signed-off-by: Lior Okman <lior.okman@sap.com>
@liorokman
Copy link
Contributor Author

/retest

arkodg
arkodg approved these changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks !

@guydc guydc merged commit 4c29175 into envoyproxy:main Jan 9, 2025
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guydc guydc guydc approved these changes

@arkodg arkodg arkodg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

"Fail Safe" control knob for Extension Server
3 participants
@liorokman @arkodg @guydc