api: Google gRPC client library configuration.#398
Conversation
In support of envoyproxy/envoy#2200 and some Google internal needs, we are planning on adding support to Envoy to allow a configuration (or possibly build) driven decision on whether to using the existing Envoy in-built Grpc::AsyncClient or the Google C++ gRPC client library (https://grpc.io/grpc/cpp/index.html). To move in this direction, the idea is we have the xDS ApiConfigSources, rate limit service config and other filter configurations point at a GrpcService object. This can be configured to use an Envoy cluster, where Grpc::AsyncClient will orchestrate communication, or to contain the config needed to establish a channel in Google C++ gRPC client library. Signed-off-by: Harvey Tuch <htuch@google.com>
|
@mattklein123 @wora @ramaraochavali @lizan I'm not exactly thrilled by this PR, but it's the Least Bad Option IMHO. The fundamental issue is that if we want to support both Envoy's internal notion of specifying backends via clusters for I'm open to ideas on how to better bridge the two worlds, consider this PR a strawman. @ctiller @markdroth for gRPC-side visibility and comments. |
Signed-off-by: Harvey Tuch <htuch@google.com>
api/grpc_service.proto
Outdated
| // <envoy_api_msg_ApiConfigSource>` and filter configurations. | ||
| message GrpcService { | ||
| oneof target_specifier { | ||
| // The name of the upstream gRPC cluster when using Envoy's gRPC client. SSL |
There was a problem hiding this comment.
We should keep it as SslCredentials to match the terminology used in the Google gRPC library for that specific message, but elsewhere +1.
| } | ||
| // A set of credentials that will be composed to form the `channel credentials | ||
| // <https://grpc.io/docs/guides/auth.html#credential-types>`_. | ||
| repeated Credentials credentials = 4; |
There was a problem hiding this comment.
WDYT about splitting GrpcService into basically:
- Common elements.
- A one_of between "envoy gRPC" and "google gRPC." (Which are discrete messages).
IMO ^ is a bit better because then it becomes more clear on what the split is around creds and possibly other things in the future.
None of the code that uses GrpcService is locked yet, but will be soon at Lyft, so now is the time to sort this out for sure.
There was a problem hiding this comment.
Do you plan on plumbing Credentials into the Envoy gRPC client? If not, should it go inside Google gRPC client?
There was a problem hiding this comment.
I think we want to leave this option open at the API level. For now, there is no immediate plan, as the recommendation will be to "just use the Google gRPC client if you want auth". However, there might emerge later use cases where folks will want to stick with standard Envoy cluster management for their gRPC service backends but want auth, where someone is willing to spend the cycles doing the lifting here. So, let's keep it open. I will document the current limitations.
There was a problem hiding this comment.
Why is this form of auth common between the types, but SslCredentials are specific to google-grpc?
Signed-off-by: Harvey Tuch <htuch@google.com>
|
I recommend we use a single PR just to finalize the GrpcService design,
then we do the refactoring. I don't think GrpcService exists today, so
adding it would have no risk and it is much easier to reason about it.
Another issue is there will be many gRPC clients talking to gRPC servers,
we want the GrpcService can be used by them as well. Everyone will have the
same issue as we just discovery ourselves. We should take a bit time to do
it right.
|
|
We are going to be using this in production at Lyft via the access log service very shortly. I would like to work on Monday to get this into decent shape. I'm not suggesting we split up GrpcService, just have sub-types which include a common part, Envoy gRPC, and Google gRPC. As much as I would like to drop Envoy gRPC and use Google gRPC, until Google gRPC has complete parity with all Envoy router features that is not possible. |
Signed-off-by: Harvey Tuch <htuch@google.com>
|
Updated. I'm hoping this is self-contained enough we can just agree on what |
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
Thanks, I like where this is heading. Two comments.
| } | ||
| // A set of credentials that will be composed to form the `channel credentials | ||
| // <https://grpc.io/docs/guides/auth.html#credential-types>`_. | ||
| repeated Credentials credentials = 4; |
There was a problem hiding this comment.
Do you plan on plumbing Credentials into the Envoy gRPC client? If not, should it go inside Google gRPC client?
| oneof target_specifier { | ||
| option (validate.required) = true; | ||
|
|
||
| // Envoy's in-built gRPC client. |
There was a problem hiding this comment.
We will need more documentation/guidance on which to choose, potentially here and in the architecture overview. Do you want to do that as part of this PR?
Signed-off-by: Harvey Tuch <htuch@google.com>
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
LGTM, thanks for the doc additions. I would recommending having @ggreenway and @wora take a look also.
api/bootstrap.proto
Outdated
|
|
||
| // Specifies the cluster manager cluster name that hosts the rate limit | ||
| // service. The client will connect to this cluster when it needs to make rate | ||
| // limit service requests. |
There was a problem hiding this comment.
Is it worth documenting the difference between the two choices in the one-of? Maybe not, because this one is deprecated. But which gRPC client will get used in the deprecated case? Or is it even the same protocol between these two?
| } | ||
| // A set of credentials that will be composed to form the `channel credentials | ||
| // <https://grpc.io/docs/guides/auth.html#credential-types>`_. | ||
| repeated Credentials credentials = 4; |
There was a problem hiding this comment.
Why is this form of auth common between the types, but SslCredentials are specific to google-grpc?
|
@ggreenway The |
Signed-off-by: Harvey Tuch <htuch@google.com>
As part of the switch to envoy::api::v2::GrpcService and preparing the code base for the Google C++ gRPC client, this PR introduces a singleton gRPC async client manager and factory pattern. This allows for details of TLS and shared state across clients to be hidden from consumers and for consumers to be agnostic about the type of gRPC client. This PR also introduces the deprecation of the specification of gRPC services by cluster name, envoy::api::v2::GrpcService should be used going forward. Risk Level: Medium (some changes to initialization, API cluster validation) Testing: New unit tests, validated full coverage. Docs Changes: envoyproxy/data-plane-api#398 Deprecated: Specifying rate limit and API config sources via cluster names, use the grpc_service(s) fields instead. Signed-off-by: Harvey Tuch <htuch@google.com>
4 participants
In support of envoyproxy/envoy#2200 and some
Google internal needs, we are planning on adding support to Envoy to
allow a configuration (or possibly build) driven decision on whether to
using the existing Envoy in-built Grpc::AsyncClient or
the Google C++ gRPC client library (https://grpc.io/grpc/cpp/index.html).
To move in this direction, the idea is we have the xDS ApiConfigSources,
rate limit service config and other filter configurations point at a
GrpcService object. This can be configured to use an Envoy cluster,
where Grpc::AsyncClient will orchestrate communication, or to contain
the config needed to establish a channel in Google C++ gRPC client
library.
Signed-off-by: Harvey Tuch htuch@google.com