Bump Envoy to v1.20.1

[sunjayBhatia]

See release notes:
https://www.envoyproxy.io/docs/envoy/v1.20.0/version_history/current

Also bumps go-control-plane to latest

Deprecation of existing headermatch usage will need to be handled in the release after this is
merged. The "string match" header matching method is preferred but was
added in 1.20.1 and it was not present in 1.19.x, we will need to
release a version with Envoy 1.20.x compatibility and the subsequent
release will need to move to the "string match" method (rather than the
individual regex/exact/etc. methods.

[sunjayBhatia]

Not sure if we want to merge for 1.19 or not cc @projectcontour/maintainers

[codecov]

Codecov Report

Merging #4075 (63d5d5d) into main (39a31e6) will increase coverage by 0.10%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #4075      +/-   ##
==========================================
+ Coverage   76.41%   76.52%   +0.10%     
==========================================
  Files         111      111              
  Lines        9883     9869      -14     
==========================================
  Hits         7552     7552              
+ Misses       2164     2150      -14     
  Partials      167      167              

Impacted Files	Coverage Δ
internal/xds/v3/snapshotter.go	0.00% <0.00%> (ø)
internal/xdscache/snapshot.go	11.62% <0.00%> (+2.19%)	⬆️

[skriss]

👍 I don't see any reason not to ship it in Contour 1.19.

[skriss]

Should update the compat matrix and versions.yaml as well

[sunjayBhatia]

looks like a few e2e tests not passing

submitted #4080 so we get a proper failure rather than a panic, but looks like some requests never succeeding in tests

[sunjayBhatia]

added do not merge since this is a bit of a curious one, tests seem to be failing in CI but not locally "on my machine"

[stevesloka]

I tried running on my machine and seems like some tests are timing out. 🤔

[sunjayBhatia]

I tried running on my machine and seems like some tests are timing out. 🤔

yeah latest CI runs ~140s for the httpproxy suite, my local machine ~975 and CI ~882, some issues here for sure

[sunjayBhatia]

I tried running on my machine and seems like some tests are timing out. 🤔

yeah latest CI runs ~140s, my local machine ~975 and CI ~882, some issues here for sure

just switching back to the older Envoy, I get ~140s locally for the httpproxy suite, drastic change from the 1.20.0 image

[sunjayBhatia]

I tried running on my machine and seems like some tests are timing out. 🤔

yeah latest CI runs ~140s, my local machine ~975 and CI ~882, some issues here for sure

just switching back to the older Envoy, I get ~140s locally for the httpproxy suite, drastic change from the 1.20.0 image

seemingly a lot of TLS handshake timeouts and stalling the tests when we're making requests, might also adjust the test suite to use an http client that has some more strict timeouts but its pretty black and white switching back to Envoy 1.19.1 with no changes to the tests, these issues go away (the other code changes in the PR are kept in, just changing the Envoy image)

[sunjayBhatia]

With a git bisect, was able to find this commit as the Envoy culprit: envoyproxy/envoy@ba474ac

[sunjayBhatia]

adding some logging to our test suite, you can see the holdup is in waiting for requests to succeed after we program an HTTPProxy etc.

there aren't connection refused errors in the slow tests but rather TLS handshake timeouts, I assume as listeners/filter chains/worker threads are spun up and torn down with the new logic that was introduced; it appears connections are still accepted by Envoy but the new slowness is maybe a mixture of our tests initiating a connection before worker threads have properly been initialized and these connections being held open waiting for a response that will never come

our tests dont currently have a request timeout/they use the default go http client which has no HTTP request timeout and only has the default TLS handshake timeout from the default TLS transport so adding a timeout there should help

[sunjayBhatia]

See envoyproxy/envoy#18616

[sunjayBhatia]

testing with image docker.io/envoyproxy/envoy-dev:6f0ecc5ae16f3c39937dd13a3bc0327177a0e754 (and removed http client timeouts in tests) which has the fix from envoyproxy/envoy#18686

[sunjayBhatia]

looks like that passed ^

We'll have to wait for the linked change to be backported to Envoy 1.20.x

[wrowe]

@sunjayBhatia could you fix the PR title? Thx!

[github-actions]

Marking this PR stale since there has been no activity for 14 days. It will be closed if there is no activity for another 30 days.

[skriss]

🎉