-
Notifications
You must be signed in to change notification settings - Fork 5.5k
admission control: Filter implementation with no-op controller #11414
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 117 commits
991d39f
84c1b51
d3e80e0
668040d
3727a6d
b91335f
871fe70
cd1d879
b768ad1
7a4678e
d5278b8
34144fd
f3ec7f7
5e3d1ed
5654fa2
10472c0
a15ad6e
7f30f79
fa3cd1c
29478b0
6b69513
48043b6
d0b8c50
5358a78
6bf90d1
fbecc7f
c31da84
a9b9f8b
e01eda5
5e97619
fc666b7
d639d37
167133d
598fc5f
bafb45e
17fa361
3bde611
0d6dc11
e416db7
2748f16
0fa0905
72cd42d
8340a73
65c9773
dde5ea2
74a35a3
dbd2d88
0359eb4
5bb2747
762b131
a29c9eb
c83b8fd
c562c65
b420460
935e672
cddd71e
eab6c0f
6b893f6
1379ac5
9921663
9cb2499
80c219a
43d479b
20f6036
8f1428e
4dab945
cb2e4d8
0bd08e0
c266d3a
343b75b
d27fbe7
6be3d03
594bd23
b6591d3
ae1ca6e
1a5b3ba
08ab835
40dc2ec
1d516aa
0baddea
59fe97c
7e7844c
53e3476
648a936
1976891
70cf114
c557fe7
0f25dbb
6681bc0
6846ce8
c3d1b42
02f8a79
39e3286
775619f
ca85a3e
7368a10
cf292eb
af7ac9f
5f2e0d0
d8841cd
ca62264
18a92b9
811af9e
f6884ed
aca33f6
2f6e768
e610c6c
c37c1d1
a0dcb07
15354d2
c8953b0
1123eef
57ecfb7
aa38fec
529db5c
d73174c
7724223
446c279
440a83c
da072c2
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # DO NOT EDIT. This file is generated by tools/proto_sync.py. | ||
|
|
||
| load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") | ||
|
|
||
| licenses(["notice"]) # Apache 2 | ||
|
|
||
| api_proto_package( | ||
| deps = [ | ||
| "//envoy/config/core/v3:pkg", | ||
| "//envoy/type/v3:pkg", | ||
| "@com_github_cncf_udpa//udpa/annotations:pkg", | ||
| ], | ||
| ) |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| syntax = "proto3"; | ||
|
|
||
| package envoy.extensions.filters.http.admission_control.v3alpha; | ||
|
|
||
| import "envoy/config/core/v3/base.proto"; | ||
| import "envoy/type/v3/range.proto"; | ||
|
|
||
| import "google/api/annotations.proto"; | ||
| import "google/protobuf/duration.proto"; | ||
| import "google/protobuf/wrappers.proto"; | ||
| import "google/rpc/status.proto"; | ||
|
|
||
| import "udpa/annotations/migrate.proto"; | ||
| import "udpa/annotations/status.proto"; | ||
| import "validate/validate.proto"; | ||
|
|
||
| option java_package = "io.envoyproxy.envoy.extensions.filters.http.admission_control.v3alpha"; | ||
| option java_outer_classname = "AdmissionControlProto"; | ||
| option java_multiple_files = true; | ||
| option (udpa.annotations.file_status).work_in_progress = true; | ||
| option (udpa.annotations.file_status).package_version_status = ACTIVE; | ||
|
|
||
| // [#protodoc-title: Admission Control] | ||
| // [#extension: envoy.filters.http.admission_control] | ||
|
|
||
| message AdmissionControl { | ||
| // Default method of specifying what constitutes a successful request. All status codes that | ||
| // indicate a successful request must be explicitly specified if not relying on the default | ||
| // values. | ||
| message SuccessCriteria { | ||
| message HttpCriteria { | ||
| // Status code ranges that constitute a successful request. Configurable codes are in the | ||
| // range [100, 600). If empty, all HTTP requests will be considered unsuccessful. | ||
| repeated type.v3.Int32Range http_success_status = 1; | ||
| } | ||
|
|
||
| message GrpcCriteria { | ||
| // Status codes that constitute a successful request. If empty, all gRPC requests will be | ||
| // considered unsuccessful. | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this a good default? Should we have 0 be successful if empty? |
||
| // Mappings can be found at: https://github.com/grpc/grpc/blob/master/doc/statuscodes.md. | ||
| repeated uint32 grpc_success_status = 1; | ||
| } | ||
|
|
||
| // If HTTP criteria are unspecified, all HTTP status codes below 500 are treated as successful | ||
| // responses. | ||
|
Comment on lines
+44
to
+45
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hmm I see how you structured this. I would do 200-299 by default, and if specified I would make http_success_status min length 1 in the message above.
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. See the grpc code comment below. I think it also applies here for things like redirects or 403/404/etc. |
||
| HttpCriteria http_criteria = 1; | ||
|
|
||
| // GRPC status codes to consider as request successes. If unspecified, defaults to: Ok, | ||
|
tonya11en marked this conversation as resolved.
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Similar comment above. I would make the min repeated above required if the message is specified, and I think the default should be just OK here?
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. My reasoning for picking these specific codes is that something like Does that change anything for you?
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I guess? I'm fine either way but I would flesh out the docs as to why the default is what it is. Same for the HTTP one. |
||
| // Cancelled, Unknown, InvalidArgument, NotFound, AlreadyExists, Unauthenticated, | ||
| // FailedPrecondition, OutOfRange, and Unimplemented. | ||
| GrpcCriteria grpc_criteria = 2; | ||
| } | ||
|
|
||
| // If set to false, the admission control filter will operate as a pass-through filter. If the | ||
| // message is unspecified, the filter will be enabled. | ||
| config.core.v3.RuntimeFeatureFlag enabled = 1; | ||
|
|
||
| // Defines how a request is considered a success/failure. | ||
| oneof evaluation_criteria { | ||
| option (validate.required) = true; | ||
|
|
||
| SuccessCriteria success_criteria = 2; | ||
| } | ||
|
|
||
| // The sliding time window over which the success rate is calculated. The window is rounded to the | ||
| // nearest second. Defaults to 120s. | ||
| google.protobuf.Duration sampling_window = 3; | ||
|
tonya11en marked this conversation as resolved.
|
||
|
|
||
| // Rejection probability is defined by the formula:: | ||
| // | ||
| // max(0, (rq_count - aggression_coefficient * rq_success_count) / (rq_count + 1)) | ||
| // | ||
| // The coefficient dictates how aggressively the admission controller will throttle requests as | ||
| // the success rate drops. Lower values will cause throttling to kick in at higher success rates | ||
| // and result in more aggressive throttling. Any values less than 1.0, will be set to 1.0. If the | ||
| // message is unspecified, the coefficient is 2.0. | ||
| config.core.v3.RuntimeDouble aggression_coefficient = 4; | ||
| } | ||
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| load( | ||
| "//bazel:envoy_build_system.bzl", | ||
| "envoy_cc_extension", | ||
| "envoy_package", | ||
| ) | ||
|
|
||
| licenses(["notice"]) # Apache 2 | ||
|
|
||
| # HTTP L7 filter that probabilistically rejects requests based on upstream success-rate. | ||
| # Public docs: docs/root/configuration/http_filters/admission_control.rst | ||
|
|
||
| envoy_package() | ||
|
|
||
| envoy_cc_extension( | ||
| name = "admission_control_filter_lib", | ||
| srcs = [ | ||
| "admission_control.cc", | ||
| ], | ||
| hdrs = [ | ||
| "admission_control.h", | ||
| "thread_local_controller.h", | ||
| ], | ||
| security_posture = "unknown", | ||
| deps = [ | ||
| "//include/envoy/http:filter_interface", | ||
| "//include/envoy/runtime:runtime_interface", | ||
| "//source/common/common:cleanup_lib", | ||
| "//source/common/http:codes_lib", | ||
| "//source/common/runtime:runtime_lib", | ||
| "//source/extensions/filters/http:well_known_names", | ||
| "//source/extensions/filters/http/admission_control/evaluators:response_evaluator_lib", | ||
| "//source/extensions/filters/http/common:pass_through_filter_lib", | ||
| "@envoy_api//envoy/extensions/filters/http/admission_control/v3alpha:pkg_cc_proto", | ||
| ], | ||
| ) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a good default? Should we have 200-299 be successful by default?