outbound: Apply filters to outbound requests#2260
Merged
Conversation
To support new outbound route types, this change adds an `outbound::http::Routes` type that is an enum of available logical router configurations. Accordingly, the Profile-specific routing stack is moved to a new `http::logical::profile` sub-module. This sets the stage to further adapt routing configurations.
To support per-request backend routing, this change adds a policy router to the outbound stack. No configurations currently cause the policy router to be used, but this change updates the configuration types to support HTTPRoute routing.
hawkw
reviewed
Mar 14, 2023
Contributor
hawkw
left a comment
There was a problem hiding this comment.
still trying to make sure i totally grok how this change is structured, but in the meantime here are some minor suggestions.
hawkw
reviewed
Mar 14, 2023
hawkw
approved these changes
Mar 14, 2023
Contributor
hawkw
left a comment
There was a problem hiding this comment.
after reading over this again, it makes a lot more sense to me --- the use of the Matched types was a little bit hard to navigate at first (type aliases with the same name in different modules did not really make it clearer) but after spending a little time with it, i get what's going on and it looks nice!
a few minor comments, but no blockers from me!
hawkw
added a commit
to linkerd/linkerd2
that referenced
this pull request
Mar 15, 2023
This proxy release changes the multicluster gateway to discover Gateway API routes via the `OutboundPolicy` API. This builds on the similar changes to the outbound proxy in v2.192. --- * gateway: discover client policies from the policy controller (linkerd/linkerd2-proxy#2315) * build(deps): bump windows_x86_64_msvc from 0.42.1 to 0.42.2 (linkerd/linkerd2-proxy#2319) * build(deps): bump proc-macro2 from 1.0.51 to 1.0.52 (linkerd/linkerd2-proxy#2320) * outbound: Apply filters to outbound requests (linkerd/linkerd2-proxy#2260) * test: add mock client policy resolver (linkerd/linkerd2-proxy#2314) * build(deps): bump tj-actions/changed-files from 35.6.4 to 35.7.0 (linkerd/linkerd2-proxy#2318) * build(deps): bump axum from 0.6.10 to 0.6.11 (linkerd/linkerd2-proxy#2321) * build(deps): bump ryu from 1.0.12 to 1.0.13 (linkerd/linkerd2-proxy#2322) * build(deps): bump windows_x86_64_gnullvm from 0.42.1 to 0.42.2 (linkerd/linkerd2-proxy#2323) * outbound: Eagerly cancel synthesized profile task (linkerd/linkerd2-proxy#2317) * outbound: Simplify discovery debug logging (linkerd/linkerd2-proxy#2316) * build(deps): bump tj-actions/changed-files from 35.6.1 to 35.6.4 (linkerd/linkerd2-proxy#2309)
hawkw
added a commit
that referenced
this pull request
Mar 15, 2023
PR #2313 changed client policies with the load balancer dispatch type to report the load balancer's destination address as the "authority" label, rather than the numeric authority the policy was discovered for. However, this change was accidentally undone when merging PR #2260, which moved the code where the authority label is generated to a different file. This PR changes it back, so that the discovered concrete destination address should still be reported as the "authority" metrics label.
hawkw
added a commit
that referenced
this pull request
Mar 15, 2023
PR #2313 changed client policies with the load balancer dispatch type to report the load balancer's destination address as the "authority" label, rather than the numeric authority the policy was discovered for. However, this change was accidentally undone when merging PR #2260, which moved the code where the authority label is generated to a different file. This PR changes it back, so that the discovered concrete destination address should still be reported as the "authority" metrics label.
olix0r
added a commit
to linkerd/linkerd2
that referenced
this pull request
Mar 21, 2023
* proxy: v2.193.0 This proxy release changes the multicluster gateway to discover Gateway API routes via the `OutboundPolicy` API. This builds on the similar changes to the outbound proxy in v2.192. --- * gateway: discover client policies from the policy controller (linkerd/linkerd2-proxy#2315) * build(deps): bump windows_x86_64_msvc from 0.42.1 to 0.42.2 (linkerd/linkerd2-proxy#2319) * build(deps): bump proc-macro2 from 1.0.51 to 1.0.52 (linkerd/linkerd2-proxy#2320) * outbound: Apply filters to outbound requests (linkerd/linkerd2-proxy#2260) * test: add mock client policy resolver (linkerd/linkerd2-proxy#2314) * build(deps): bump tj-actions/changed-files from 35.6.4 to 35.7.0 (linkerd/linkerd2-proxy#2318) * build(deps): bump axum from 0.6.10 to 0.6.11 (linkerd/linkerd2-proxy#2321) * build(deps): bump ryu from 1.0.12 to 1.0.13 (linkerd/linkerd2-proxy#2322) * build(deps): bump windows_x86_64_gnullvm from 0.42.1 to 0.42.2 (linkerd/linkerd2-proxy#2323) * outbound: Eagerly cancel synthesized profile task (linkerd/linkerd2-proxy#2317) * outbound: Simplify discovery debug logging (linkerd/linkerd2-proxy#2316) * build(deps): bump tj-actions/changed-files from 35.6.1 to 35.6.4 (linkerd/linkerd2-proxy#2309) * proxy: v2.193.1 * outbound: fix `Balance::Dispatch` "authority" labels (linkerd/linkerd2-proxy#2332) * outbound: refactor `discover::resolver` into a method (linkerd/linkerd2-proxy#2331) * proxy: v2.193.2 Both outbound and gateway proxies now resolve client policies from the OutboundPolicies API. When the outbound proxy attempts to discover a policy and the policy controller returns NotFound, it synthesizes a default policy from the discovered ServiceProfile. However, when the gateway proxy receives a NotFound, it will currently fail the connection, based on the assumption that only valid cluster DNS names are gatewayed (and not arbitrary IPs that might be forwards). Unfortunately, this is not quite true. Gateway proxies may attempt to discover cluster DNS names that are Pod DNS names, rather than Service DNS names, and the policy controller will return NotFound for those names. This branch therefore changes the gateway proxy to also synthesize default ClientPolicies based on the ServiceProfile when receiving a NotFound status. Some of the code for synthesizing a client policy from a ServiceProfile that's currently used in the outbound proxy was factored out so that it could be reused here. --- * gateway: move discovery resolver into its own file (linkerd/linkerd2-proxy#2343) * outbound: Fix incorrect l5d-proxy-connection logs (linkerd/linkerd2-proxy#2344) * gateway: synthesize ClientPolicies when the controller returns `NotFound` (linkerd/linkerd2-proxy#2333) Signed-off-by: Oliver Gould <ver@buoyant.io> --------- Signed-off-by: Oliver Gould <ver@buoyant.io> Co-authored-by: Oliver Gould <ver@buoyant.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The HTTPRoute and GRPCRoute types provide a set of filters that apply
for requests.
This change adds a new filter module to the outbound policy route stack.