http: add Kill Request HTTP filter#14039
Conversation
qqustc
changed the title
htuch
left a comment
htuch
left a comment
There was a problem hiding this comment.
Thanks. I'll assume there is no strong objection around general utility and review. I think we should have some CI test to verify this is not included in any normal Envoy binary, or some Bazel magic to make sure it only comes up with a specific --define.
/wait
There was a problem hiding this comment.
You shouldn't need to set a deprecated name for a new extension.
There was a problem hiding this comment.
See comment below about deprecated names. In fact, all extension names are now effectively deprecated. @kyessenov should we have some way to register without declaring these at all?
There was a problem hiding this comment.
Yes, we can just do REGISTER_FACTORY(KillRequestFilterFactory, Server::Configuration::NamedHttpFilterConfigFactory)
envoy/include/envoy/registry/registry.h
Line 504 in 9ccd778
There was a problem hiding this comment.
Yeah, the name argument here is supposed to be an alias I think. Factories have unique names with aliases.
There was a problem hiding this comment.
See existing utilities for this, ProtobufPercentHelper::evaluateFractionalPercent etc.
There was a problem hiding this comment.
Thanks Harvey, switched to evaluateFractionalPercent
There was a problem hiding this comment.
drive by comment: what does blast radius mean in this context?
There was a problem hiding this comment.
Thanks Otto. Here the blast radius means when we send a kill request to 1 Envoy among a pool of Envoys, how many neighboring Envoy will be affected. This is specific to the downstream use case, so will remove this from the doc.
Thank you Harvey! I have commented out the new filter in extensions_build_config.bzl and added a test in |
It turns out CI Generate docs failed after we commented out the new filter in |
…3721) There are a few limitations in our existing support for symlink-based key rotation: We don't atomically resolve symlinks, so a single snapshot might have inconsistent symlink resolutions for different watched files. Watches are on parent directories, e.g. for /foo/bar/baz on /foo/bar, which doesn't support common key rotation schemes were /foo/new/baz is rotated via a mv -Tf /foo/new /foo/bar. The solution is to provide a structured WatchedDirectory for Secrets to opt into when monitoring DataSources. SDS will used WatchedDirectory to setup the inotify watch instead of the DataSource path. On update, it will read key/cert twice, verifying file content hash consistency. Risk level: Low (opt-in feature) Testing: Unit and integration tests added. Fixes envoyproxy#13663 Fixes envoyproxy#10979 Fixes envoyproxy#13370 Signed-off-by: Harvey Tuch <htuch@google.com> Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Yuchen Dai <silentdai@gmail.com> Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Ryan Northey <ryan@synca.io> Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Qin Qin <qqin@google.com>
…y doesn't match (envoyproxy#14023) Fixes envoyproxy#14022 Signed-off-by: Dongfang Qu <qudongfang@gmail.com> Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Qin Qin <qqin@google.com>
/bin/bash: line 1: q: command not found Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Qin Qin <qqin@google.com>
Signed-off-by: Qin Qin <qqin@google.com>
…#14131) This fixes a regression which resulted in the downstreamRemoteAddress on the StreamInfo for a connection not having the address supplied by the proxy protocol filter, but instead having the address of the directly connected peer. This issue does not affect HTTP filters. Fixes envoyproxy#14087 Signed-off-by: Greg Greenway <ggreenway@apple.com> Signed-off-by: Qin Qin <qqin@google.com>
… is marked dead by Lua GC (envoyproxy#14092) Fixes envoyproxy#14091 The problem and fix is similiar to envoyproxy#4312 Risk Level: Low Testing: regression test, manual testing Docs Changes: N/A Release Notes: N/A Signed-off-by: Marcin Falkowski <marcin.falkowski@allegro.pl> Signed-off-by: Qin Qin <qqin@google.com>
Swapped test flag use in compile time options to refer to legacy codecs. By default, we use new codecs unless the flag is set FOR legacy. Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Qin Qin <qqin@google.com>
Commit Message: Additional Description: Risk Level: Low Testing: unit test, integration, manual testing Docs Changes: Added documentation on how to configure Envoy for tunneling TCP over HTTP/1 Release Notes: n/a (still hidden) Part of envoyproxy#11308 Signed-off-by: Iacopo Rozzo <iacopo@kubermatic.com> Signed-off-by: Qin Qin <qqin@google.com>
…3915) Add extra test case to guard that cluster upstream extension support header rewrite. Signed-off-by: Yuchen Dai <silentdai@gmail.com> Signed-off-by: Qin Qin <qqin@google.com>
envoyproxy#10526 allowed tracers to use CDS clusters. But zipkin proto doc still says bootstrap cluster is mandatory Risk Level: Low Testing: N/A Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Qin Qin <qqin@google.com>
Updated link of "life of a request" in STYLE.md. Currently redirecting to 404. Fixes envoyproxy#13397 Signed-off-by: Manish Kumar <manish.kumar1@india.nec.com> Signed-off-by: Qin Qin <qqin@google.com>
…ements (envoyproxy#13960) Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com> Signed-off-by: Qin Qin <qqin@google.com>
Add a method to the ThreadLocalOverloadState to support creating arbitrary scaled timers. This can be used by extension filters to scale their behavior in response to load without requiring a separate overload action registration. Filter factories can obtain a reference to the OverloadManager and use that to pass references to the thread-local state into the constructed filters, which can in turn be used to create scaled timers. Signed-off-by: Alex Konradi <akonradi@google.com> Signed-off-by: Qin Qin <qqin@google.com>
Fix a test-only use-after-free that causes flakes of //test/integration:tcp_tunneling_integration_test. Signed-off-by: Alex Konradi <akonradi@google.com> Signed-off-by: Qin Qin <qqin@google.com>
…14140) Signed-off-by: Joshua Marantz <jmarantz@google.com> Signed-off-by: Qin Qin <qqin@google.com>
Use simulated time for the integration test to ensure that timers don't time out due to the test running slow. This prevents test flakes, and TSAN errors when running in that mode. Signed-off-by: Alex Konradi <akonradi@google.com> Signed-off-by: Qin Qin <qqin@google.com>
Right now, the shellcheck format checks all files under the directory, which is unfriendly for a number of reasons (git worktrees, dev scripts, autogenerated code). Instead of using find, use `git ls-files` to list files which can then be filtered. Signed-off-by: Alex Konradi <akonradi@google.com> Signed-off-by: Qin Qin <qqin@google.com>
Abseil thread annotation macros are now prefixed by `ABSL_`. There is no semantic change; this is just a rename. Signed-off-by: Teju Nareddy <nareddyt@google.com> Signed-off-by: Qin Qin <qqin@google.com>
…er (envoyproxy#13797) Signed-off-by: Kevin Baichoo <kbaichoo@google.com> Signed-off-by: Qin Qin <qqin@google.com>
…#14100) * add upstream flood tests to detect empty data and empty continuation frames Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Qin Qin <qqin@google.com>
qqustc
requested review from
PiotrSikora,
alyssawilk,
asraa,
dio,
ggreenway,
jmarantz,
lizan and
mattklein123
as code owners
repokitteh-read-only
bot
added
the
deps
|
Sorry for the spam, accidentally messed up this PR, closed this PR and will open a new one |
20 participants
Please review #14170 instead!