update master-tokio-0.2 from master#503
Merged
hawkw merged 16 commits intomaster-tokio-0.2from May 5, 2020
Merged
Conversation
This change adds support for a `LINKERD2_PROXY_TRACE_ATTRIBUTES_PATH` configuration that, when tracing is enabled, loads metadata (especially Kubernetes labels) to be emitted with traces. Fixes linkerd/linkerd2#4008
Relates to linkerd/linkerd2#3984 Add a `/live` endpoint to the admin server which always returns a 200 success. This can be used for liveness checking. Signed-off-by: Alex Leong <[email protected]>
Our docker builds do not permit caching of dependencies or intermediate build artifacts. However, Docker's new (experimental) buildkit features add this functionality. I've been using this configuration locally for some time, and it seems generaly useful enough to promote (especially since this Dockerfile is only intended for development). This change also untroduces the `PROXY_FEATURES` build-arg so that the Dockerfile can be used to support profiling builds. Furthermore, the `update-rust-versions.sh` script has been updated to check versions and be more permissive about how it replaces versions in the Dockerfile. The docker CI build has been disabled until GitHub Actions has support for this Dockerfile format.
If we run make in a cross-compile environment where the strip binary we want to use is something else than strip, it is useful to have a STRIP variable in the Makefile. If STRIP is not set, the default value is the common strip. Signed-off-by: Joakim Roubert <[email protected]>
A recent [Twitter thread][mudge] suggested that tools like [`checksec`][checksec] be used to validate release binaries. Checksec reports whether modern security features like stack canaries are employed. Proxy builds appear to do pretty well out-of-the-box. This change introduces a checksec.sh wrapper that is used by the Makefile during packaging. A new _package_ github action is introduced to provide `checksec` and `jq` dependencies at runtime. (Note: the version of checksec provided by debian does not include JSON output, so it is instead fetched directly from GitHub). During an automated release, the generated checksec is compared to an expected set of values and, if a regression is detected, the release will fail. [mudge]: https://twitter.com/dotMudge/status/1249359519471341569 [checksec]: https://github.com/slimm609/checksec.sh
When the proxy receives connections on ports on which protocol detection is not disabled, it holds the connection until the client has sent some data. This means that clients that send no data can consume proxy resources indefinitely and that the proxy provides no feedback to the application that it cannot handle the connection. This change uses the configured dispatch timeout to limit the amount of time a connection can wait for data to detect its protocol. This is accomplished by modifying the `Accept` trait so that its response type is a `Future` that is provided once protocol detection, etc have been completed. Fixes linkerd/linkerd2#4069
Fetch the raw script, not the HTML.
During testing, we set a hardcoded release version, but this was not undone. This fixes the release action by restoring the tag-derived version string.
Also, modify update-rust-version.sh to operate on all Dockerfiles in the repo.
The retryable HTTP responses that were not retries are only those with the skipped: no_budget label. Actual retries that occured fall under this metric category. Signed-off-by: Naseem <[email protected]>
The destination controller may set a per-endpoint `override_authority` field that sets a new `Host`/`:authority` value to be used on the outbound request. This change introduces an `override_authority` middleware that uses this metadata to modify outbound requests when an override is set.
When gRPC implementations encounter an underlying transport error, they surface the error via an `UNAVAILABLE` gRPC status code. Linkerd breaks this behavior by converting these errors to stream resets, which instead appear as an `UNKNOWN` error to applications. This change modifies the proxy's error handling logic to set the the correct gRPC status code when a stream fails with a hyper error, which should work more seamlessly with gRPC error handling. This status is only set when the request's content-type indicates the stream is sending gRPC messages.
In #493, we opted to handle all hyper errors as `UNAVAILABLE` for gRPC messages. This change modifies the signature of `http_status` & `set_grpc_status` so that we can unwrap arbitrary inner errors via `Error::source`. This reduces some unnecessary special-casing and allows us to more-narrowly target IO errors.
Signed-off-by: Eliza Weisman <[email protected]>
Signed-off-by: Eliza Weisman <[email protected]>
olix0r
approved these changes
May 5, 2020
kleimkuhler
approved these changes
May 5, 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This branch updates
master-tokio-0.2from the latestmaster.A lot of this diff is totally unrelated and is largely ignoreable (e.g.
changes to the docker build configuration, etc). However, there was also
a decently large chunk of code that had changed in both
master-tokio-0.2and on master. The majority of the merge conflictswere related to the changes to
Acceptin #464, becauseAccepthadalso been updated to use
std::futureonmaster-tokio-0.2. A reviewshould probably focus on the
Acceptcodepaths.