outbound: Report concrete authorities for policies#2313
Merged
Conversation
The new policy router currently reports a numeric authority when using policy routes. In some cases, we have a named concrete address for the load balancer. In the vast majority of cases, this address is the same as the logical service's. For now, let's use concrete addresses for telemetry. This will help minimize regressions while we figure how to move telemetry forward.
hawkw
approved these changes
Mar 12, 2023
olix0r
added a commit
to linkerd/linkerd2
that referenced
this pull request
Mar 12, 2023
The new policy router currently reports a numeric authority when using policy routes. In some cases, we have a named concrete address for the load balancer. In the vast majority of cases, this address is the same as the logical service's. For now, let's use concrete addresses for telemetry. This will help minimize regressions while we figure how to move telemetry forward. --- * just: Fix docker tag formatting (linkerd/linkerd2-proxy#2312) * outbound: Report concrete authorities for policies (linkerd/linkerd2-proxy#2313) Signed-off-by: Oliver Gould <ver@buoyant.io>
olix0r
added a commit
to linkerd/linkerd2
that referenced
this pull request
Mar 13, 2023
To support Gateway API-style routes in the outbound proxy, we need to begin discovering this route configuration from the control plane (via the new `OutboundPolicies` API). This change updates the proxy as follows: 1. Policy controller configuration is now required for the proxy. Previously, the policy API was optionally configured for the inbound proxy. 2. The sidecar and ingress proxies are updated to use client policies. Service profile configurations continue to be used when they include HTTP routes and/or traffic split. Otherwise, a client policy is used to route traffic. Outbound policies are currently discovered for *all* outbound IP addresses. Over time, the policy controller will assume responsibility to make *all* routing decisions. It does not yet serve responses for all cases, however, so some fallback behavior exists to use endpoint metadata from profile discovery, if it exists. The multi-cluster gateway configuration does not yet use policies for outbound routing. Furthermore, the proxy reports an IP logical address for policy routes (instead of a named address, as is done with profiles). There are no new metrics or labels introduced in this PR. Metrics changes will be made in follow-up changes. --- * outbound: Decouple backend caching from request distribution (linkerd/linkerd2-proxy#2284) * build(deps): bump socket2 from 0.4.7 to 0.4.9 (linkerd/linkerd2-proxy#2290) * README: comment just-cargo and make it more clear (linkerd/linkerd2-proxy#2292) * build(deps): bump prettyplease from 0.1.23 to 0.1.24 (linkerd/linkerd2-proxy#2293) * build(deps): bump tokio from 1.25.0 to 1.26.0 (linkerd/linkerd2-proxy#2286) * build(deps): bump petgraph from 0.6.2 to 0.6.3 (linkerd/linkerd2-proxy#2285) * client-policy: add protobuf conversion (linkerd/linkerd2-proxy#2289) * integration: add test policy controller (linkerd/linkerd2-proxy#2288) * outbound: change `push_discover` to take a `Service` (linkerd/linkerd2-proxy#2291) * build(deps): bump rustix from 0.36.7 to 0.36.9 (linkerd/linkerd2-proxy#2295) * build(deps): bump serde_json from 1.0.93 to 1.0.94 (linkerd/linkerd2-proxy#2296) * build(deps): bump async-trait from 0.1.64 to 0.1.66 (linkerd/linkerd2-proxy#2297) * build(deps): bump thiserror from 1.0.38 to 1.0.39 (linkerd/linkerd2-proxy#2298) * build(deps): bump mio from 0.8.5 to 0.8.6 (linkerd/linkerd2-proxy#2299) * separate policy client config from `inbound::Config` (linkerd/linkerd2-proxy#2307) * outbound: Require ClientPolicy discovery (linkerd/linkerd2-proxy#2265) * just: Fix docker tag formatting (linkerd/linkerd2-proxy#2312) * outbound: Report concrete authorities for policies (linkerd/linkerd2-proxy#2313) Signed-off-by: Oliver Gould <ver@buoyant.io>
hawkw
added a commit
that referenced
this pull request
Mar 15, 2023
PR #2313 changed client policies with the load balancer dispatch type to report the load balancer's destination address as the "authority" label, rather than the numeric authority the policy was discovered for. However, this change was accidentally undone when merging PR #2260, which moved the code where the authority label is generated to a different file. This PR changes it back, so that the discovered concrete destination address should still be reported as the "authority" metrics label.
hawkw
added a commit
that referenced
this pull request
Mar 15, 2023
PR #2313 changed client policies with the load balancer dispatch type to report the load balancer's destination address as the "authority" label, rather than the numeric authority the policy was discovered for. However, this change was accidentally undone when merging PR #2260, which moved the code where the authority label is generated to a different file. This PR changes it back, so that the discovered concrete destination address should still be reported as the "authority" metrics label.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The new policy router currently reports a numeric authority when using policy routes. In some cases, we have a named concrete address for the load balancer. In the vast majority of cases, this address is the same as the logical service's.
For now, let's use concrete addresses for telemetry. This will help minimize regressions while we figure how to move telemetry forward.