feat(clustering) support http forward proxy #9758
Conversation
fffonion
force-pushed
the
feat/hybrid-forward-proxy
branch
from
3d9e04e
to
8859298
Compare
|
For reviewers:
|
fffonion
force-pushed
the
feat/hybrid-forward-proxy
branch
from
8859298
to
ab234ec
Compare
github-actions
bot
added
the
chore
| @@ -0,0 +1,440 @@ | |||
| -- Copyright (C) Yichun Zhang (agentzh) | |||
There was a problem hiding this comment.
We now have our own fork of lua-resty-websocket for any of our extra features that haven't made it upstream yet.
I think we should try to get this change into the fork and then ship it with OSS (currently it's only packaged in EE, but it is trivial to add to OSS). It is currently installed by kong-build-tools in-place of resty.websocket, so any changes/additions just need to be backwards-compatible, but this hasn't proved to be too much of a challenge yet. Feel free to @/ping me for help and/or code review if needed.
If it's not feasible to do make this change before code freeze, would you be willing to do so in a follow-up PR? I'd like us to not have to maintain multiple versions of this library.
There was a problem hiding this comment.
@flrgh exactly, vendoring this is not a good idea. RIght now i'm vendoring it so I can test it in a single PR (and
it's easier to tell what did we change).
We already have patch for lua-resty-websocket, so adding another one won't bring more burden. So yes I will make this a proper patch and remove the vendoring
after feature freeze.
There was a problem hiding this comment.
We already have patch for lua-resty-websocket, so adding another one won't bring more burden.
To explain why I'm pushing for Kong/lua-resty-websocket over openresty-patches approach:
Any build that bundles Kong/lua-resty-websocket (currently just EE) overwrites the entire resty/websocket tree after OpenResty patches are applied. The reason this doesn't cause any breakage in EE today is because Kong/lua-resty-websocket was forked from OpenResty/lua-resty-websocket:master, so it already contains the unreleased client mtls commit(s).
What this means is that any new features/patches added to openresty-patches in kong-build-tools that don't already exist upstream must be ported to be Kong/lua-resty-websocket, or there will be breakage in EE. So it puts us in the place of needing to maintain separate patches in two different repositories against codebases that are already diverging over time.
An aside: the reason for overwriting resty.websocket rather than using our own namespace (i.e. kong.resty.websocket) is historical. I don't believe there's anything today stopping us from namespacing it and shipping it via luarocks rather than the clunky KBT install process, if we so choose. There just hasn't really been any friction with the current process until now.
|
Please make sure to add a kong.conf.default entry as part of this PR. |
fffonion
force-pushed
the
feat/hybrid-forward-proxy
branch
7 times, most recently
from
ebf99ed
to
93b69dc
Compare
github-actions
bot
removed
the
chore
fffonion
force-pushed
the
feat/hybrid-forward-proxy
branch
2 times, most recently
from
6b39a40
to
c222d1d
Compare
|
Should we add |
|
@chronolaw |
This reverts commit 5b30332.
This reverts commit 6ad4fe5d49afcba88f08d6c5628a11a424bc1f3c.
fffonion
force-pushed
the
feat/hybrid-forward-proxy
branch
from
122fdbf
to
b477a1f
Compare
Co-authored-by: Datong Sun <[email protected]>
Co-authored-by: Datong Sun <[email protected]>
This adds our lua-resty-websocket fork as a dependency and removes the vendored resty.websocket.client module that was added in #9758.
Currently, the connect_timeout/read_timeout/send_timeout would all set to be `null` if the deprecated timeout is explicitly set to `null`. This commit fixes it. FTI-6110
Summary
Allow Dp -> Cp connection to go through a HTTP proxy tunnel. Only HTTP proxy is supported for now.
Things to do after feature frezze before code freeze:
Full changelog
Issue reference
FTI-2996