admin: add json serialized proto for /clusters

[mrice32]

Description:
Added the /clusters?format=json admin endpoint along with a proto representation of /clusters.

Risk Level: Low

Testing: Added a unit test for the new format.

Docs Changes: Added a brief description on the admin docs and linked to the more detailed proto definition.

Release Notes: Added release notes.

Fixes #2020

[mattklein123]

@mrice32 this fixes #2020 so I added it to the description.

[zuercher]

What do you think of splitting this function in two to make it a little more readable?

[zuercher]

typo: mapping

[zuercher]

style nit: I'd prefer a blank line between fields for readability.

[mrice32]

@zuercher Thanks for the quick review! Responded to your comments. PTAL.

[zuercher]

Looks good. Thanks!

[htuch]

Thanks @mrice32, this takes the admin endpoint further in a really nice direction. I have a bunch of API-level feedback that I thought would be good to discuss.

[htuch]

Can you reorder the protos so that they are in topological sort order? This make the documentation clearer and is a convention we have adopted.

[mrice32]

Just to be clear, you're suggesting that if one message depends on another, the dependent message should go below the dependency? Is this a new convention? I was following the example of the bootstrap proto and others, which seem to do the opposite.

[htuch]

Actually, I think I'm wrong here, the other opposite convention seems to mostly hold.

[htuch]

Do we want to use https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/core/address.proto#L93 here? I.e. have some structure since this is proto, rather than encoding ports etc. in strings.

[mrice32]

This brings up a broader question. I think I have made uncharacteristic (in the scope of Envoy) use of maps. Both messages and enums (as mentioned in your other comment below) cannot be used as key types. Should we try to avoid maps here, generally (even when the key types allow), or just remove them in these two incompatible places?

[mrice32]

I think it probably makes sense for the HostStatus.stats field, but I think the rest are debatable.

[htuch]

Do you want

envoy/api/envoy/api/v2/core/base.proto

Line 114 in 49b122d

enum RoutingPriority {

?

[htuch]

References back to docs on this?

[htuch]

Are these percentages/ratios? If so, consider expressing with https://github.com/envoyproxy/envoy/blob/master/api/envoy/type/percent.proto.

[htuch]

In Envoy, we prefer unsigned types for things that are actually unsigned.

[htuch]

Prefer proto structure rather than opaque strings here.

[htuch]

Aren't these

envoy/api/envoy/api/v2/cluster/circuit_breaker.proto

Line 22 in 49b122d

message Thresholds {

? They are already available on /config_dump, so can we elide here?

[mrice32]

I was trying to be consistent with the info provided in the text printout, but I'll remove as long as there are no back-compat objections.

[mrice32]

@htuch, updated API as suggested. PTAL, and let me know if the new structure makes sense.

[htuch]

Actually, I think I'm wrong here, the other opposite convention seems to mostly hold.

[htuch]

Are you using -1 here or just omitting the field?

[htuch]

I think we can simplify this to just indicating when a host is unhealthy, and then when there are no bits set saying it's unhealthy, it's considered healthy. I wonder how this relates to https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/core/health_check.proto#L182.. it seems we should have the ability to also indicate draining? Should we have a single health status message?

[mrice32]

As for the former, I thought about that. My only hesitation is from a usability perspective. The highest order bit here is whether the host is healthy or not, but that would be the hardest for the user to determine if we were to eliminate the redundant healthy bool. You could probably get a little clever by omitting this message or a submessage for a healthy host to create an artificial way to signal a healthy host, but that might be more trouble than it's worth. WDYT?

As for how this relates to the EDS health status, that is reduced to a bool here IIUC - failed_eds_health_check. We could make this bool an enum to represent the full range of EDS health states rather than just healthy or unhealthy.

[htuch]

I think we don't have to spend too much time making these "usable", in that the APIs are intended for machine parsing first. So, I think we can drop the healthy status. The EDS health status is really a reflection of other health status possibilities. We might for example, via HDS, discover that a host is draining independent to EDS. So, I think we should be able to convey these possibilities. I would argue that we probably just want a single health status proto and it should be https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/core/health_check.proto#L182, we should make it work if it's not expressive enough for the requiremetns here (e.g. indicating outlier detection).

[htuch]

Can this be derived from the individual hosts' success_rate by the consumer of the endpoint?

[mrice32]

Basically, yes (see below for a more detailed answer). Is it worth providing it for usability?

They will be close. Technically, they may differ under two scenarios IIUC:

1. A host has been removed since the last time the success rates were updated (they operate on a timer).
2. I'm not 100% sure, but I think hosts that go from getting enough requests to be considered back to not having enough requests to be considered will report an outdated number for the successRate() call (this one is probably a bug since this goes against the documented behavior). Same effect if the number of hosts drops back below the threshold for calculating the cluster-wide success rate average - none of their values get updated until the cluster gets back above that threshold.

[htuch]

Unless the distinction is important to the use for (1) and (2), thenI would vote to just provide it at the host-level and allow the consumer to compute.

[mrice32]

Since the internally computed cluster-wide average is compared to each host's average to determine whether the host gets ejected or not, I would think the exact cluster-wide average might be important for users when debugging why a host got ejected. However, it's something that's easy to add later if someone specifically requests it, so SGTM.

[htuch]

Can we reuse https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/endpoint/endpoint.proto#L46 and related structures? Seems like a reasonable overlap.

[mrice32]

Hmmmm, yes, there's definitely some overlap, but I worry that this will creep into us providing the entire EDS config in /clusters (the overlap isn't 100%, so we would have to leave out fields). Didn't you have a suggestion on the previous round of review that we should eliminate config details that could easily be found in /config_dump to delineate status from configuration? Given that EDS info should be available in /config_dump, should we try to remove all of that from the host portion as well? I'm not super opinionated, but I think our approach should be consistent.

[htuch]

/config_dump doesn't provide EDS today :) @mattklein123 do you think we should provide EDS here or in /config_dump? I think the latter, but this PR seems related.

[mattklein123]

Yeah I think it should be provided in /config_dump. The reason I didn't do it is that it isn't a trivial change/design to figure out how to do it. Should it be top level? Should it be embedded within clusters? How will the config source be managed? Etc. I opened the issue to track adding it and hopefully we can discuss there when someone wants to work on it.

[mrice32]

SGTM, I'll remove weight, locality, and canary from HostStatus.

[htuch]

Is this the first time we're defining in proto the stats data model?

[mrice32]

Not exactly - see here. The only more sophisticated definition I could imagine would be differentiating between gauges and counters.

[htuch]

OK, I think it's fine to have a simpler variant without relying on Prometheus protos. Might belong in its own message though, so we can reuse again later. Would suggest the domain to be uint64.

[mrice32]

SGTM. Where do you think this stat message should go? Under api/envoy/data/, in api/envoy/metrics/v2/stats.proto, or somewhere else?

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 7 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[mrice32]

@htuch, I've updated the proto. PTAL. I'm holding off on making the corresponding changes to AdminImpl - I'll do so once we finalize the proto (this is why the CI is failing).

[htuch]

@mrice32 yep, I'm good with this proto now, thanks for fine tuning it.

[mrice32]

@htuch, thanks for the review. I've updated AdminImpl and the test. PTAL. I've also still got a lingering question about where the SimpleMetric proto should live: under api/envoy/data/, in api/envoy/metrics/v2/stats.proto, or somewhere else?

[htuch]

@mrice32 since SimpleMetric is just for admin output, I think it could live in api/envoy/admin/v2alpha/metrics.proto.

[htuch]

Can you move this to

envoy/test/test_common/utility.h

Line 156 in 20c0454

static bool protoEqual(const Protobuf::Message& lhs, const Protobuf::Message& rhs) {

and then you can take advantage of

envoy/test/test_common/utility.h

Line 381 in 20c0454

MATCHER_P(ProtoEq, rhs, "") { return TestUtility::protoEqual(arg, rhs); }

? This would be a really nice cleanup.

[htuch]

Maybe add some extra host statuses to this test to exercise non-EDS health check status.

[htuch]

Looks like docs build needs fixing.

[htuch]

@mrice32 still has merge conflict.