feat: support section name for BackendTrafficPolicy#6888
feat: support section name for BackendTrafficPolicy#6888arkodg merged 16 commits intoenvoyproxy:mainfrom
Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #6888 +/- ##
==========================================
+ Coverage 72.01% 72.13% +0.12%
==========================================
Files 230 230
Lines 33420 33619 +199
==========================================
+ Hits 24066 24252 +186
- Misses 7601 7609 +8
- Partials 1753 1758 +5 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
63a7932 to
59a4758
Compare
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
543779a to
c83d688
Compare
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
c83d688 to
baf5287
Compare
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
internal/gatewayapi/testdata/backendtrafficpolicy-strategic-merge-global-ratelimit.out.yaml
Show resolved
Hide resolved
|
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. Please feel free to give a status update now, ping for review, when it's ready. Thank you for your contributions! |
|
This is great! I was just trying to use section names to activate proxy protocol on one gateway listener today. Anything I can do to help get this merged? |
| Settings: destSettings, | ||
| Metadata: buildResourceMetadata(udpRoute, nil), | ||
| // udpRoute Must have a single rule, so can use index 0. | ||
| Metadata: buildResourceMetadata(udpRoute, udpRoute.Spec.Rules[0].Name), |
There was a problem hiding this comment.
is this from a different PR ?
There was a problem hiding this comment.
yes 🙏 I just rebased onto the latest main.
| } | ||
|
|
||
| // If specified the sectionName must match listenerName from ir listener metadata. | ||
| if target.SectionName != nil && string(*target.SectionName) != tcp.Metadata.SectionName { |
There was a problem hiding this comment.
Can we avoid reliance on metadata here? I think that it turns this feature from being user-facing to being more of a core EG feature. I'm concerned that in the long term, we may need to disable metadata for some use cases, so prefer to not depend on it in the translator.
There was a problem hiding this comment.
thanks for the good insight.
For listener, it seems we can handle it based on the IR name.
https://github.com/envoyproxy/gateway/blob/main/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml#L142
For xRoute rule, since the IR name uses an index-based format, it seems there’s currently no field other than metadata from which we can obtain the section name.
https://github.com/envoyproxy/gateway/blob/main/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml#L182
It would mean having some redundant field, but what do you think about adding a sectionName field to the IR struct?
There was a problem hiding this comment.
Alternatively, we cloud consider using the rule name instead of the index only when a rule name is set.
httproute/default/httproute-1/rule/<rule-name>/match/0/*
(I’m not exactly sure where this change would impact the codebase...)
it may seems that Istio has some code implementing this kind of behavior.
https://github.com/istio/istio/blob/master/pilot/pkg/config/kube/gateway/conversion.go#L105
guydc
left a comment
There was a problem hiding this comment.
Overall, seems structurally correct. Thanks, this is an important change.
| gateway, ok := gatewayMap[key] | ||
| if !ok { | ||
| continue | ||
| if currTarget.Kind != resource.KindGateway && currTarget.SectionName != nil { |
There was a problem hiding this comment.
nit: maybe a comment like "If the target is not a gateway, then it's an xRoute. If the section name is defined, then it's a route rule", or maybe a function like "isRouteRule(currTarget)". Here and in other places.
| status.SetConditionForPolicyAncestors(&policy.Status, | ||
| ancestorRefs, | ||
| parentPolicy := gwPolicy | ||
| if listenerPolicy != nil { |
There was a problem hiding this comment.
Maybe mention in the feature doc under current.yaml the order for merging logic, e.g. only one of "GW/Listener would be selected for merge, with listener taking precedence".
| status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName, policy.Generation) | ||
|
|
||
| // Check if this policy is overridden by other policies targeting at route rule levels | ||
| key := policyTargetRouteKey{ |
There was a problem hiding this comment.
Can we skip this when the current target is a route rule?
| route RouteContext, xdsIR resource.XdsIRMap, resources *resource.Resources, | ||
| policy, parentPolicy *egv1a1.BackendTrafficPolicy, | ||
| target gwapiv1a2.LocalPolicyTargetReferenceWithSectionName, | ||
| gatewayNN types.NamespacedName, listenerName *gwapiv1a2.SectionName, route RouteContext, |
There was a problem hiding this comment.
Can we use more descriptive names here, like policyTargetGatewayNN, PolicyTargetListener? Do we need these additional parameters, or can they be taken from target?
There was a problem hiding this comment.
I’ve updated the variable names. 14c2a2b
Since translateBackendTrafficPolicyForRouteWithMerge is called by processBTPolicyForRoute, the target at that time refers to xRoute, so my understanding is that we need additional parameters.
| r.DNS = tf.DNS | ||
| // only set attributes which weren't already set by a more | ||
| // specific policy | ||
| setIfNil(&r.LoadBalancer, tf.LoadBalancer) |
There was a problem hiding this comment.
Is this (and in other places) required? A lot of the test files have traffic: {} removed, and I'm not sure what the xds implication of that would be...
Do we expect the final resolved configuration to be ambiguous and need to let the first win?
There was a problem hiding this comment.
thanks, good catch!
yeah, to prioritize more specific target policies, the setting is only applied when it hasn’t been set yet.
(process order : route rule -> route -> listener -> gateway)
In previous code, setIfNil was only used in the function corresponding to translateBackendTrafficPolicyForGateway.
but since we now need to consider the route rule level as well, setIfNil is also used in applyTrafficFeatureToRoute.
The issue this time was...
since was also skipping cases where r.DirectResponse was not nil, the behavior ended up differing from the previous output.
I’ve fixed it so that it now matches the previous behavior.
if r.Traffic != nil || r.UseClientProtocol != nil || r.DirectResponse != nil {
continue
}Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
|
@guydc |
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
| status.Error2ConditionMsg(err), | ||
| ) | ||
| } | ||
| func (t *Translator) processBTPolicyForRoute( |
There was a problem hiding this comment.
nit: let's use full name in function.
| func (t *Translator) processBTPolicyForRoute( | |
| func (t *Translator) processBackendTrafficPolicyForRoute( |
zirain
left a comment
There was a problem hiding this comment.
LGTM, a small nit could be fixed in following PR.
|
/retest |
What this PR does / why we need it:
Support section name policy attachment (Gateway Listener/xRoute Rule) for BackendTrafficPolicy.
For simplicity, the merge strategy of policy attachments (include section name) is as follows:
Which issue(s) this PR fixes:
Fixes #6607
Release Notes: Yes