Feature : Listener Filter Chain Discovery Service #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This changes the C++ builder to allow using the existing shared YAML, or create config via structured proto (100x faster) Most options are working as validated by config_builder_test, and the automatic diffing in debug mode. As discussed at the E-M meeting, I will adapt the remaining APIs to be builder friendly in a follow-up PR. Risk Level: medium Testing: yes Docs Changes: n/a Release Notes: defering until complete part of envoyproxy#24976 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
) It occasionally fails to connect: https://github.com/envoyproxy/envoy/actions/runs/4009263248/jobs/6884405763 Also move it below the `xcode-select` in case it helps. Signed-off-by: JP Simard <jp@jpsim.com>
* [balsa] Validate HTTP version string. Signed-off-by: Bence Béky <bnc@google.com>
* build: Bump image -> `7304f974de2` and revert: - envoyproxy#24979 - envoyproxy#25061 Signed-off-by: Ryan Northey <ryan@synca.io>
Commit Message: For QUIC, defer access logging to when the final ack is received from downstream. Additional Description: This PR implements QuicAckListenerInterface which allows QUIC streams to listen for acks. Here, we use the ack listener to record a "roundtrip response time" that is analogous to the full response time or time-to-last-byte as experienced by a downstream client. We also defer access logging to the ack listener in order to record this metric in the stream info and make it available to access logs. The stream info is copied into the ack listener so that it can be used for logging even after its originating stream is destroyed. Risk Level: Medium Testing: Integration tests. Docs Changes: N/A Release Notes: added Platform Specific Features: N/A Runtime guard: envoy_reloadable_features_quic_defer_logging_to_ack_listener defaults to true. Signed-off-by: Paul Sohn <paulsohn@google.com>
…xy#21093) Bumps [jinja2](https://github.com/pallets/jinja) from 3.0.3 to 3.1.2. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.0.3...3.1.2) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) This reverts commit b1c7055. Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
…25077) Signed-off-by: AlanDiaz <diazalan@google.com>
By setting `tags = ["no-remote-exec"]`. It appears that the EngFlow RBE machines are having trouble connecting to the `testmanagerd` socket due to permission errors. Perhaps a sandboxing issue. See https://envoyproxy.slack.com/archives/C02QMNG92A3/p1674766800532359 for discussion. Signed-off-by: JP Simard <jp@jpsim.com>
Add new test to validate multi. part pattern match Additional Description: Risk Level: Low. Testing only. Testing: Pattern match test. Docs Changes: Release Notes: Platform Specific Features: Signed-off-by: silverstar195 <seanmaloney@google.com>
Deletes the old MetadataEncoder implementation. Signed-off-by: Biren Roy <birenroy@google.com>
* datadog: time_util without tests Signed-off-by: David Goffredo <david.goffredo@datadoghq.com>
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
…envoyproxy#25055) Currently, there's a bug when the ApiConfigSource is AGGREGATED_DELTA_GRPC and xdstp is used: The GrpcCollectionSubscriptionImpl that gets created sets is_aggregated to false, instead of setting it to true. This causes the GrpcSubscriptionImpl instance to attempt to start the GrpcMux on start, instead of waiting to share a gRPC stream like ADS is supposed to. Unfortunately, this behavior was masked by the integration tests, because we use a FakeUpstream in the integration tests that just contains a single xDS stream to which the Envoy instances connect to. The only way to verify this behavior was to look at the logs when running the XdsTpAdsIntegrationTest: when is_aggregated was set to false (prior to this commit), the logs would contain GrpcStream messages saying the stream already exists. After changing is_aggregated to true, the logs no longer output stream "already exists", because we don't attempt to create multiple streams, which is the correct behavior. Signed-off-by: Ali Beyad <abeyad@google.com>
…xy#25185) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.39 to 2.2.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@a34ca99...436dbd9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…uthz/auth/http-service (envoyproxy#25187) build(deps): bump node in /examples/ext_authz/auth/http-service Bumps node from `ab3603c` to `4619ec6`. --- updated-dependencies: - dependency-name: node dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…amples/load-reporting-service (envoyproxy#25186) build(deps): bump google.golang.org/grpc Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.52.1 to 1.52.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.52.1...v1.52.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…voyproxy#25105) Bumps [setuptools](https://github.com/pypa/setuptools) from 66.1.0 to 66.1.1. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst) - [Commits](pypa/setuptools@v66.1.0...v66.1.1) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Local close details enhancements. Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
…nvoyproxy#25040) Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
…nvoyproxy#25209) Addresses envoyproxy#25205 Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: wangfakang <fakangwang@gmail.com>
Signed-off-by: Rakesh Datta <radatta@microsoft.com>
…)" (envoyproxy#25152) This reverts commit 91e048a. Signed-off-by: Ryan Northey <ryan@synca.io>
* http2: add fuzzer for decoding connection Signed-off-by: Robert Femmer <robert.femmer@x41-dsec.de>
* Reduce memory usage is cluster does not contain an upstream config Signed-off-by: AlanDiaz <diazalan@google.com>
Signed-off-by: Rakesh Datta <radatta@microsoft.com>
Signed-off-by: alexcei88 <alexcei88@yandex.ru> Signed-off-by: alexcei88 <lex9.darovskoi@gmail.com>
Disallow line folding (also called continuation lines) in BalsaParser. This is for spec compliance, though it is inconsistent with http-parser behavior. In the unlikely case that this behavioral difference blocks rolling out Balsa as a replacement for http-parser, line folding could be re-allowed behind a separate runtime flag. Signed-off-by: Bence Béky <bnc@google.com>
Adds a builder API to enable CDS, using ADS to configure the address. Then a simple unit test which adds a cluster with CDS and verifies it's been added Signed-off-by: caschoener <schoener@google.com>
Signed-off-by: bozhang <bozhang@ebay.com>
Changing the default E-M build to not include the admin interface. It is enabled for swift CI due to regression tests. Risk Level: low Testing: CI Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Commit Message: Remove scope id from ipv6 address in getLocalAddress Additional Description: This fixes the issue where Envoy-mobile fails to send out any packet on ipv6. Risk Level: Low Testing: unit tests Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a Fixes envoyproxy#25326 Signed-off-by: Renjie Tang <renjietang@google.com>
…oxy#25278) Use URL-encoding when adding URL as query parameters. Decode these query parameters using reverse algorithm but leaving intact character sequences that must be encoded in URLs. Signed-off-by: Yan Avlasov <yavlasov@google.com>
Add a Tcp async client and factory to thread local cluster. Commit Message: Additional Description: Risk Level: Low Testing: integration & unit test Docs Changes: Release Notes: Platform Specific Features: Signed-off-by: Boteng Yao <boteng@google.com>
Signed-off-by: John Chadwick <jchadwick@buf.build>
…yproxy#25420) Signed-off-by: wbpcode <wangbaiping@corp.netease.com>
This test had a race condition, because clusters may initially be in the warming state and not active in which case the comparison would fail. Waiting for cluster count to increase guarantees success Signed-off-by: caschoener <schoener@google.com>
…nvoyproxy#25419) * The virtual clusters builder was omitting the first comma and adding an extra trailing comma * The DNS preresolved host names builder wasn't adding any commas at all Signed-off-by: JP Simard <jp@jpsim.com>
Generic services are deprecated since protoc version 2.4.0 (2010). Protoc plugins that generates code may require that generic services are disabled, so that they can generate their own classes of the same name. Risk Level: Low Fixes envoyproxy#25172 Signed-off-by: Sébastien CROCQUESEL <88554524+scrocquesel@users.noreply.github.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
…amples/ext_authz/auth/grpc-service (envoyproxy#25436) build(deps): bump google.golang.org/grpc Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.52.3 to 1.53.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.52.3...v1.53.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…amples/load-reporting-service (envoyproxy#25435) build(deps): bump google.golang.org/grpc Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.52.3 to 1.53.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.52.3...v1.53.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…nfo (envoyproxy#25023) * TCP Tunneling: Optionally propagate response trailers to downstream info Signed-off-by: IssaAbuKalbein <isaqalbein@gmail.com>
…25381) Builder functions won't be available or even compiled if the corresponding flags aren't defined: ENVOY_ENABLE_QUIC ENVOY_ADMIN_FUNCTIONALITY ENVOY_MOBILE_REQUEST_COMPRESSION Commit Message: mobile: compile out unavailable engine builder functions Additional Description: Risk Level: Low Testing: Used nm to confirm that the symbols were being included with the build flags on, and excluded with the build flags off. Docs Changes: None Release Notes: None Platform Specific Features: None Fixes: envoyproxy#25355 Signed-off-by: JP Simard <jp@jpsim.com>
* Quote `dns_preresolve_hostnames_` values * Don't set `EngineBuilder::setAppId` twice Signed-off-by: JP Simard <jp@jpsim.com>
Signed-off-by: Yan Avlasov <yavlasov@google.com>
…oyproxy#25457) Signed-off-by: JP Simard <jp@jpsim.com>
…ly_data_and_http3 (envoyproxy#25022) Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Rakesh Datta <radatta@microsoft.com>
Signed-off-by: Rakesh Datta <radatta@microsoft.com>
|
@adisuissa After resolving the comments you had, I was getting an issue pushing some more changes (it was asking me to pull). I just ran 'sync fork' from git UI, and looks like the PR is all messed up now :( I don't see your comments and my replies anymore. Any suggestion on how to fix this? In case it cant be fixable, I have this draft PR ready, we can close this one and continue that one. I have taken the snaps of your comments and pasted in that PR, so that the previous discussions are not lost. Plz, let me know. Thanks |
Signed-off-by: Rakesh Datta <rakesh.datta@microsoft.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Commit Message: Feature: Listener Filter Chain Discovery Service
Additional Description:
This is an updated version of this PR: envoyproxy#23096
Representing tenants as filter-chains in envoy, its essential to be able to dynamically and independently load the tenant (filter chain) configs. To achieve that, this feature introduces anothe xDS called Filter Chain Discovery Service, which allows the filter chains inside a listener to be discovered dynamically.
This allows a tenant config to be added, deleted and modified on the fly, without impacting other tenant configs.
This is also an Implementation for the ask here: (envoyproxy#4540)
This feature would allow dynamic config update of filter chains.
Main envoy config yaml:
fcds (dynamic) resource format:
Risk Level: High
Testing: Locally tested with Inotify-based config updates.
Pending work:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]