Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(translator): http2 upstream settings #3682

Merged
merged 15 commits into from
Aug 5, 2024
Merged

Conversation

guydc
Copy link
Contributor

@guydc guydc commented Jun 26, 2024

What this PR does / why we need it:

Which issue(s) this PR fixes:
Fixes #3670, #3245
Related to #1048

Copy link

codecov bot commented Jun 26, 2024

Codecov Report

Attention: Patch coverage is 71.95122% with 23 lines in your changes missing coverage. Please review.

Project coverage is 67.61%. Comparing base (c2c705b) to head (f8ea793).
Report is 1 commits behind head on main.

Files Patch % Lines
internal/gatewayapi/http.go 62.16% 14 Missing ⚠️
internal/gatewayapi/backendtrafficpolicy.go 50.00% 4 Missing and 2 partials ⚠️
internal/xds/translator/listener.go 40.00% 2 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3682      +/-   ##
==========================================
+ Coverage   67.59%   67.61%   +0.01%     
==========================================
  Files         183      184       +1     
  Lines       22446    22521      +75     
==========================================
+ Hits        15173    15227      +54     
- Misses       6193     6212      +19     
- Partials     1080     1082       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@guydc guydc force-pushed the btp-http2 branch 3 times, most recently from 044255c to f567f3c Compare June 27, 2024 15:08
@guydc
Copy link
Contributor Author

guydc commented Jun 27, 2024

/retest

@guydc guydc marked this pull request as ready for review June 27, 2024 21:51
@guydc guydc requested a review from a team as a code owner June 27, 2024 21:51
@@ -478,3 +479,33 @@ type BackendRef struct {
// A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address range such as "2001:0db8:11a3:09d7::/64".
// +kubebuilder:validation:Pattern=`((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]+))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\/([0-9]+))`
type CIDR string

// HTTP2Settings provides HTTP/2 configuration on the listener.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit:

Suggested change
// HTTP2Settings provides HTTP/2 configuration on the listener.
// HTTP2Settings provides HTTP/2 configuration for listeners and backends.

@@ -478,3 +479,33 @@ type BackendRef struct {
// A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address range such as "2001:0db8:11a3:09d7::/64".
// +kubebuilder:validation:Pattern=`((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]+))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\/([0-9]+))`
type CIDR string

// HTTP2Settings provides HTTP/2 configuration on the listener.
type HTTP2Settings struct {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use the same default value for both the listeners and clusters?

Copy link
Contributor Author

@guydc guydc Jul 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • envoy recommendations for secure-by-default are the same for window sizes.
  • max concurrent streams do not necessarily require hardening in the cluster context.
  • stream resetting behavior is mostly a downstream concern.

We can move some of the defaulting behavior to the API, but some will remain in the XDS translator (due to differences between clusters and listeners). So, I propose we keep it as-is for now.

Copy link
Member

@zhaohuabing zhaohuabing Jul 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@guydc Thanks for the explanation! I'm just curious because the recommendation is for listeners. They can be the same for Clusters if there's no unintentional side effects.

Signed-off-by: Guy Daich <[email protected]>
zhaohuabing
zhaohuabing previously approved these changes Jul 24, 2024
Copy link
Member

@zhaohuabing zhaohuabing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM Thanks!

zhaohuabing
zhaohuabing previously approved these changes Jul 26, 2024
@guydc
Copy link
Contributor Author

guydc commented Jul 26, 2024

/retest

// It's recommended for L2 Envoy deployments to set this value to true.
// https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
// +optional
ResetStreamOnError *bool `json:"resetStreamOnError,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

false here really means terminateConnectionOnError , and true means terminateStreamOnError
is there any other API name and value that can encapsulate this ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea, talking about connections instead of streams would be easier for users to understand and better comprehend the impact. The only downside is that this could be confusing to someone who reads the envoy docs.

@guydc
Copy link
Contributor Author

guydc commented Jul 31, 2024

/retest

@guydc guydc requested review from arkodg and zhaohuabing July 31, 2024 15:34
@guydc
Copy link
Contributor Author

guydc commented Aug 1, 2024

/retest

@guydc guydc requested a review from arkodg August 1, 2024 00:01
api/v1alpha1/shared_types.go Outdated Show resolved Hide resolved
api/v1alpha1/shared_types.go Outdated Show resolved Hide resolved
Signed-off-by: Guy Daich <[email protected]>
@guydc
Copy link
Contributor Author

guydc commented Aug 2, 2024

/retest

2 similar comments
@guydc
Copy link
Contributor Author

guydc commented Aug 2, 2024

/retest

@guydc
Copy link
Contributor Author

guydc commented Aug 2, 2024

/retest

@guydc
Copy link
Contributor Author

guydc commented Aug 5, 2024

/retest

@guydc guydc requested review from zhaohuabing and arkodg August 5, 2024 12:39
Copy link
Member

@zhaohuabing zhaohuabing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Defer to @arkodg 🙂

Copy link
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks !

@arkodg arkodg merged commit 0f75173 into envoyproxy:main Aug 5, 2024
27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support HTTP/2 settings in BackendTrafficPolicy for upstreams
3 participants