Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SDS: reduce cost of secret update #19971

Merged
merged 12 commits into from
Feb 17, 2022
Merged

SDS: reduce cost of secret update #19971

merged 12 commits into from
Feb 17, 2022

Conversation

lambdai
Copy link
Contributor

@lambdai lambdai commented Feb 15, 2022

Commit Message:
Previously the SSL context manager scans the maintained list of context weak_ptr at any context update.

In this PR, the role of the maintenance moved to prod ClientSslSocketFactory and ServerSslSocketFactory.
The prod SSL context manager can then switch to shared_ptr from weak_ptr.
The shared_ptr can be put into hash set container and no list scan is needed.

This PR also move the context construction and destroy out of the critical contention.

Additional Description:
Risk Level: LOW
Testing: existing integration test, and updated unit test cases that bypassing the SslSocketFactory
Docs Changes:
Release Notes:
Fix #19774

yanavlasov
yanavlasov requested changes Feb 16, 2022
View reviewed changes
Copy link
Contributor

@yanavlasov yanavlasov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/wait-any

source/extensions/transport_sockets/tls/context_manager_impl.cc Outdated Show resolved Hide resolved
yanavlasov
yanavlasov previously approved these changes Feb 16, 2022
View reviewed changes
ggreenway
ggreenway requested changes Feb 16, 2022
View reviewed changes
Copy link
Contributor

@ggreenway ggreenway left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new ownership model and data structures looks good. Nice fix!

/wait

source/extensions/transport_sockets/tls/context_manager_impl.cc Outdated Show resolved Hide resolved
envoy/ssl/context_manager.h Outdated Show resolved Hide resolved
@ggreenway ggreenway enabled auto-merge (squash) February 16, 2022 22:28
ggreenway
ggreenway previously requested changes Feb 16, 2022
View reviewed changes
Copy link
Contributor

@ggreenway ggreenway left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a release note

@lambdai
Copy link
Contributor Author

lambdai commented Feb 16, 2022
edited
Loading

@ggreenway Is there a section for this optimization? Not a bug fix, nor api change...

add an item in minor behavior change

@lambdai
release note
ef5cd97 
Signed-off-by: Yuchen Dai <[email protected]>
auto-merge was automatically disabled February 17, 2022 00:00

Head branch was pushed to by a user without write access

yanavlasov
yanavlasov previously approved these changes Feb 17, 2022
View reviewed changes
@yanavlasov yanavlasov enabled auto-merge (squash) February 17, 2022 00:25
auto-merge was automatically disabled February 17, 2022 05:42

Head branch was pushed to by a user without write access

@yanavlasov yanavlasov dismissed ggreenway’s stale review February 17, 2022 18:29

Requested release notes added

@yanavlasov yanavlasov merged commit bfa926c into envoyproxy:main Feb 17, 2022
@lambdai lambdai deleted the fewercontextscan branch February 23, 2022 19:54
@lambdai
Copy link
Contributor Author

lambdai commented Feb 23, 2022

/backport

I am happy to create the PRs if it is approved

@repokitteh-read-only repokitteh-read-only bot added the backport/review Request to backport to stable releases label Feb 23, 2022
@lambdai
Copy link
Contributor Author

lambdai commented Mar 1, 2022

/backport

I am happy to create the PRs if it is approved

CC @oschaaf for approval

@oschaaf
Copy link
Member

oschaaf commented Mar 2, 2022

@lambdai I have no objections if @ggreenway or @yanavlasov would be up for reviewing the backports.

lambdai added a commit to lambdai/envoy-dai that referenced this pull request Mar 2, 2022
@lambdai
SDS: reduce cost of secret update (envoyproxy#19971)
582d215 
Signed-off-by: Yuchen Dai <[email protected]>
@lambdai lambdai mentioned this pull request Mar 2, 2022
Merged
lambdai added a commit to lambdai/envoy-dai that referenced this pull request Mar 3, 2022
@lambdai
SDS: reduce cost of secret update (envoyproxy#19971)
1c2d160 
Signed-off-by: Yuchen Dai <[email protected]>
@lambdai lambdai mentioned this pull request Mar 3, 2022
Merged
lambdai added a commit to lambdai/envoy-dai that referenced this pull request Mar 3, 2022
@lambdai
SDS: reduce cost of secret update (envoyproxy#19971)
51a07a7 
Signed-off-by: Yuchen Dai <[email protected]>
@lambdai lambdai mentioned this pull request Mar 3, 2022
Merged
lambdai added a commit to lambdai/envoy-dai that referenced this pull request Mar 3, 2022
@lambdai
SDS: reduce cost of secret update (envoyproxy#19971)
56ff170 
Signed-off-by: Yuchen Dai <[email protected]>
This was referenced Mar 3, 2022
Closed
Closed
ggreenway pushed a commit that referenced this pull request Mar 9, 2022
@lambdai
backport #19971 SDS: reduce cost of secret update (#20189)
5266855 
Signed-off-by: Yuchen Dai <[email protected]>
ggreenway pushed a commit that referenced this pull request Mar 15, 2022
@lambdai
SDS: reduce cost of secret update (#20191)
8511ebd 
Backport of #19971

Signed-off-by: Yuchen Dai <[email protected]>
alyssawilk pushed a commit that referenced this pull request Mar 28, 2022
@lambdai
[1.19] backport #19971 SDS: reduce cost of secret update (#20192)
c74a3ac 
Commit Message:
Backport #19971
Signed-off-by: Yuchen Dai [email protected]

Signed-off-by: Yuchen Dai <[email protected]>
lambdai
lambdai commented May 25, 2022
View reviewed changes
source/extensions/transport_sockets/tls/ssl_socket.cc
config_->setSecretUpdateCallback([this]() { onAddOrUpdateSecret(); });
}

ClientSslSocketFactory::~ClientSslSocketFactory() { manager_.removeContext(ssl_ctx_); }
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

manager_ could be a dangling reference when Envoy shuts down

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you create a test that fails in ASAN for this?

@lambdai lambdai mentioned this pull request May 25, 2022
Closed
@kyessenov kyessenov mentioned this pull request May 31, 2022
Open
@phlax phlax removed the backport/review Request to backport to stable releases label Feb 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ggreenway ggreenway ggreenway left review comments

@yanavlasov yanavlasov yanavlasov approved these changes

@mattklein123 mattklein123 Awaiting requested review from mattklein123 mattklein123 is a code owner

@alyssawilk alyssawilk Awaiting requested review from alyssawilk alyssawilk is a code owner

@lizan lizan Awaiting requested review from lizan

Assignees

@yanavlasov yanavlasov

@ggreenway ggreenway

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Slow startup speed triggered by "Secret is updated"
5 participants
@lambdai @oschaaf @yanavlasov @ggreenway @phlax