Skip to content

Stop honoring DESTINATION_GET_* configuration#696

Merged
olix0r merged 4 commits intomainfrom
ver/split-resolve
Oct 7, 2020
Merged

Stop honoring DESTINATION_GET_* configuration#696
olix0r merged 4 commits intomainfrom
ver/split-resolve

Conversation

@olix0r
Copy link
Member

@olix0r olix0r commented Oct 7, 2020

In a5e0b29, we extracted profile resolution so that each component
(inbound/outbound/gateway) makes its own filtering decisions. This
change does the same for endpoing resolution, moving the bulk of the
logic out of app:dst and into app::outbound::resolve.

The app::dst module is now only responsible for providing API clients
that transparently retry/reconnect.

Furthermore, the ...DESTINATION_GET_{SUFFIXES,NETWORKS} environment
variables are no longer honored. Now, endpoints are resolved for all
addresses for which a profile lookup is successful.

The Resolve API has been cleaned up slightly: we no longer rely on the
TryStream alias (as it causes confusion + boilerplate), instead relying
on the more general Stream.

@olix0r
Stop honoring DESTINATION_GET_* configuration
78faae2 
In a5e0b29, we extracted profile resolution so that each component
(inbound/outbound/gateway) makes its own filtering decisions. This
change does the same for endpoing resolution, moving the bulk of the
logic out of `app:dst` and into `app::outbound::resolve`.

The `app::dst` module is now only responsible for providing API clients
that transparently retry/reconnect.

Furthermore, the `...DESTINATION_GET_{SUFFIXES,NETWORKS}` environment
variables are no longer honored. Now, endpoints are resolved for all
addresses for which a profile lookup is successful.

The `Resolve` API has been cleaned up slightly: we no longer rely on the
`TryStream` alias (as it causes confusion + boilerplate), instead relying
on the more general `Stream`.
@olix0r olix0r requested a review from a team October 7, 2020 15:54
@hawkw
Copy link
Contributor

hawkw commented Oct 7, 2020

Looks like some tests aren't compiling?

hawkw
hawkw approved these changes Oct 7, 2020
View reviewed changes
Copy link
Contributor

@hawkw hawkw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks good to me (i'm assuming that the change to not send schemes in Destination.Get requests is expected on the controller side). the refactoring all makes sense.

i wonder if we want to rename the PROFILE_GET_xxx env variables, since they now configure both profile and destination discovery? but, that would require changing the proxy injector etc as well, so we should probably punt on that for the immediate future.

linkerd/app/core/src/addr_match.rs
Comment on lines +8 to +9
names: NameMatch,
nets: IpMatch,
Copy link
Contributor

@hawkw hawkw Oct 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

<3 thanks

linkerd/app/outbound/src/resolve.rs
Comment on lines +42 to +45
map_endpoint::Resolve::new(
endpoint::FromMetadata,
RecoverDefault(RequestFilter::new(filter, resolve.into_service())),
)
Copy link
Contributor

@hawkw hawkw Oct 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a thought: it seems like, theoretically, we could compose a lot of the resolver stuff using a stack rather than a bunch of nested constructors...maybe a future refactor?

Copy link
Member Author

@olix0r olix0r Oct 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think stacks are preferable when we have to compose many orthogonal concerns. In this case, I think it's simpler/clearer to just construct the services manually.

@olix0r
Copy link
Member Author

olix0r commented Oct 7, 2020

i wonder if we want to rename the PROFILE_GET_xxx env variables, since they now configure both profile and destination discovery? but, that would require changing the proxy injector etc as well, so we should probably punt on that for the immediate future.

Punt for now

@olix0r olix0r merged commit 2bb66ef into main Oct 7, 2020
@olix0r olix0r deleted the ver/split-resolve branch October 7, 2020 17:56
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Oct 10, 2020
@olix0r
proxy: v2.114.0
91fcdeb 
This release overhauls the discovery and routing logic implemented by
the proxy: instead of looking at HTTP request metadata for service
discovery, the outbound proxy now exclusively use each connection's
target IP:PORT. This eager resolution eliminates per-request cache
binding; and supports using TrafficSplit with non-HTTP services.

This has a few side effects:

- The `l5d-dst-override` header is no longer honored.
- When the application attempts to connect to a pod IP, the proxy no
  longer load balances these requests among all pods in the service.
  The proxy will now honor session-stickiness as selected by an
  application-level load balancer.
- `TrafficSplits` are only applied when a client targets a service's IP.
- The proxy no longer performs DNS "canonicalization" to translate
  relative host header names to a fully-qualified form.

---

* Unify RequestFilter and Admit middlewares (linkerd/linkerd2-proxy#692)
* Only allow name-based profile discovery for inbound requests (linkerd/linkerd2-proxy#695)
* outbound: initial tests for TCP mTLS (with fewer moving parts) (linkerd/linkerd2-proxy#693)
* Stop honoring DESTINATION_GET_* configuration (linkerd/linkerd2-proxy#696)
* stack: add SwitchReady service (linkerd/linkerd2-proxy#694)
* telemetry: Remove trailing comma in build_info labels (linkerd/linkerd2-proxy#699)
* Update Rust to 1.47.0 (linkerd/linkerd2-proxy#701)
@olix0r olix0r mentioned this pull request Oct 10, 2020
Merged
olix0r added a commit to linkerd/linkerd2 that referenced this pull request Oct 12, 2020
@olix0r
proxy: v2.114.0 (#5062)
4d7da72 
This release overhauls the discovery and routing logic implemented by
the proxy: instead of looking at HTTP request metadata for service
discovery, the outbound proxy now exclusively use each connection's
target IP:PORT. This eager resolution eliminates per-request cache
binding; and supports using TrafficSplit with non-HTTP services.

This has a few side effects:

- The `l5d-dst-override` header is no longer honored.
- When the application attempts to connect to a pod IP, the proxy no
  longer load balances these requests among all pods in the service.
  The proxy will now honor session-stickiness as selected by an
  application-level load balancer.
- `TrafficSplits` are only applied when a client targets a service's IP.
- The proxy no longer performs DNS "canonicalization" to translate
  relative host header names to a fully-qualified form.

---

* Unify RequestFilter and Admit middlewares (linkerd/linkerd2-proxy#692)
* Only allow name-based profile discovery for inbound requests (linkerd/linkerd2-proxy#695)
* outbound: initial tests for TCP mTLS (with fewer moving parts) (linkerd/linkerd2-proxy#693)
* Stop honoring DESTINATION_GET_* configuration (linkerd/linkerd2-proxy#696)
* stack: add SwitchReady service (linkerd/linkerd2-proxy#694)
* telemetry: Remove trailing comma in build_info labels (linkerd/linkerd2-proxy#699)
* Update Rust to 1.47.0 (linkerd/linkerd2-proxy#701)
* cache: Delete benchmarks (linkerd/linkerd2-proxy#705)
* outbound: Discover profiles for each unique TCP target (linkerd/linkerd2-proxy#704)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@hawkw hawkw hawkw approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@olix0r @hawkw