feat(app/inbound): count inbound requests by cratelyn · Pull Request #4127 · linkerd/linkerd2-proxy

cratelyn · 2025-09-02T20:33:57Z

this branch introduces a telemetry layer to the inbound proxy's connection-level stack.

when running emojivoto, and port-forwarding to the voting service, we
can see a labeled metric shaped like so:

 curl localhost:4191/metrics --silent | rg 'inbound_requests'
 # HELP inbound_requests The total number of requests dispatched.
 # TYPE inbound_requests counter
 inbound_requests_total{parent_group="",parent_kind="default",parent_name="all-unauthenticated",parent_port="8080"} 148

linkerd/app/inbound/src/http/router/metrics.rs

#4127 (comment) Signed-off-by: katelyn martin <kate@buoyant.io>

linkerd/app/inbound/src/http/router/metrics.rs

#4127 (comment) Signed-off-by: katelyn martin <kate@buoyant.io>

cratelyn · 2025-09-03T19:40:18Z

pull request description has been updated to reflect the labels emitted after review.

with this now approved, i'm going to enable auto-merge!

cratelyn · 2025-09-03T22:00:49Z

we talked about this proposal directly. to summarize some points from that conversation:

we would ideally like to include some additional label information about the associated route, as well as the parent. this will require refining the metrics layer slightly, such that it works across Permitted<T> specifically, so we can fetch the route labels as well.

we would ideally like to provide a family of metrics with names like inbound_http_*, inbound_grpc_*, and so on. our inbound stacks do not represent protocols via generic targets like our outbound stack does however, so this may require some thought. we will investigate this briefly, and see if this scheme might be possible to recreate on the inbound stack.

while i address the first point, and investigate the latter, this branch will remain marked as a draft.

Signed-off-by: katelyn martin <kate@buoyant.io>

this will allow us to refer to metrics types, and invoke a `layer()`. Signed-off-by: katelyn martin <kate@buoyant.io>

this commit introduces a new `metrics::layer<N>()` function, and installs it in our inbound http router. Signed-off-by: katelyn martin <kate@buoyant.io>

Signed-off-by: katelyn martin <kate@buoyant.io>

this will provide us with a way to manage `inbound_http_request_total` and `inbound_grpc_request_total` families based upon route authorization. Signed-off-by: katelyn martin <kate@buoyant.io>

Signed-off-by: katelyn martin <kate@buoyant.io>

cratelyn · 2025-09-05T20:16:15Z

@olix0r i've pushed some changes to this branch, such that we now manage distinct inbound_http_requests_total and inbound_grpc_requests_total families. Permitted<T> (see #4119) is extended to reflect the route that authorized the request.

i'll move on to the response counting middleware next, but wanted to solicit a spot check from you that this seems like a sufficiently elegant way of going about this. 🙂 it struck me as a promising sign that most of the work needed in 4f0b45b was extending Permitted<T>, rather than extending any of the stacks it is used in.

see #4127. this is a speculative prototype, with `todo!()` stubs for certain trait implementations, to demonstrate that the telemetry layer introduced in #4127 will be a suitable foundation for other metrics middleware. Signed-off-by: katelyn martin <kate@buoyant.io>

cratelyn · 2025-09-09T16:58:49Z

re-requested a review before i merge this 🧙‍♀️ 🔎

cratelyn · 2025-09-11T14:35:37Z

@olix0r do you mind taking another look at this before i merge?

linkerd/app/inbound/src/http/router/metrics.rs

linkerd/app/inbound/src/policy/http.rs

we remove the `encode_label` closure, so that we do not have concurrent mutable references to `enc`. Signed-off-by: katelyn martin <kate@buoyant.io>

Signed-off-by: katelyn martin <kate@buoyant.io>

this is a work in progress. see #4127 for previous work in this vein. Signed-off-by: katelyn martin <kate@buoyant.io>

this commit introduces an additional layer of telemetry to the inbound proxy's http router. either http and grpc metrics are used, depending upon the policy that authorized a given request. this is based upon #4174, which refactored the request body telemetry middleware to be metrics agnostic. see: * #4165 * #4166 * #4174 * #4127 Signed-off-by: katelyn martin <kate@buoyant.io>

this commit introduces an additional layer of telemetry to the inbound proxy's http router. either http and grpc metrics are used, depending upon the policy that authorized a given request. this is based upon #4174, which refactored the request body telemetry middleware to be metrics agnostic. see: * #4165 * #4166 * #4174 * #4127 * #4186 Signed-off-by: katelyn martin <kate@buoyant.io>

this commit introduces an additional layer of telemetry to the inbound proxy's http router. either http and grpc metrics are used, depending upon the policy that authorized a given request. this is based upon #4174, which refactored the request body telemetry middleware to be metrics agnostic. see: * #4188 * #4187 * #4186 * #4174 * #4165 * #4166 * #4127 Signed-off-by: katelyn martin <kate@buoyant.io>

this commit introduces an additional layer of telemetry to the inbound proxy's http router. either http and grpc metrics are used, depending upon the policy that authorized a given request. this is based upon #4174, which refactored the request body telemetry middleware to be metrics agnostic. see: * #4189 * #4188 * #4187 * #4186 * #4174 * #4165 * #4166 * #4127 Signed-off-by: katelyn martin <kate@buoyant.io>

in #4298, we introduced a new metrics telemetry layer that can measure and report status codes, in a protocol-agnostic fashion. this commit integrates this status code telemtry into the inbound proxy, so that HTTP and gRPC traffic can be observed. a new family of metrics is introduced to the `InboundMetrics` structure, and the inbound http\* router's metrics layer is accordingly updated to thread this metrics family into an extractor, which is in turn provided to the `NewRecordStatusCode` layer. \* as a note for reviewers, the inbound proxy does not model the http and grpc protocols as distinct concepts in the network stack's type system, unlike the outbound proxy. this means that while target types in the outbound proxy like `Http<()>` are specific to HTTP, the inbound proxy's distinction of HTTP/gRPC is determined by obtaining and inspecting the `PermitVariant`. #### 🔗 related some previous pull requests related to this change: * #4298 * #4180 * #4203 * #4127 * #4119 Signed-off-by: katelyn martin <kate@buoyant.io>

this commit introduces documentation for the inbound proxy metrics that have been added in recent edge releases. see these commits for more information: * linkerd/linkerd2-proxy#4420 * linkerd/linkerd2-proxy#4313 * linkerd/linkerd2-proxy#4180 * linkerd/linkerd2-proxy#4165 * linkerd/linkerd2-proxy#4127 Signed-off-by: katelyn martin <kate@buoyant.io>

* feat(docs): add new inbound proxy metrics this commit introduces documentation for the inbound proxy metrics that have been added in recent edge releases. see these commits for more information: * linkerd/linkerd2-proxy#4420 * linkerd/linkerd2-proxy#4313 * linkerd/linkerd2-proxy#4180 * linkerd/linkerd2-proxy#4165 * linkerd/linkerd2-proxy#4127 Signed-off-by: katelyn martin <kate@buoyant.io> * chore(docs): add no-duplicate-heading linter directives this commit adds some linter directives to silence warnings related to duplicate headers. in this case, it's valid to have duplicate labels, because different families of metrics, naturally, both have labels. Signed-off-by: katelyn martin <kate@buoyant.io> --------- Signed-off-by: katelyn martin <kate@buoyant.io> Co-authored-by: Flynn <kflynn@users.noreply.github.com>

cratelyn self-assigned this Sep 2, 2025

cratelyn mentioned this pull request Sep 2, 2025

xxx(app/inbound): inbound metrics prototype #4121

Closed

cratelyn commented Sep 2, 2025

View reviewed changes

linkerd/app/inbound/src/http/router/metrics.rs Outdated Show resolved Hide resolved

cratelyn commented Sep 2, 2025

View reviewed changes

linkerd/app/inbound/src/http/router/metrics.rs Outdated Show resolved Hide resolved

cratelyn force-pushed the kate/app-inbound.metrics-layer-count-inbound-reqs branch from 108e616 to 25193a3 Compare September 3, 2025 15:18

cratelyn marked this pull request as ready for review September 3, 2025 15:21

cratelyn requested a review from a team as a code owner September 3, 2025 15:21

cratelyn commented Sep 3, 2025

View reviewed changes

linkerd/app/inbound/src/http/router/metrics.rs Outdated Show resolved Hide resolved

cratelyn requested a review from olix0r September 3, 2025 16:18

olix0r reviewed Sep 3, 2025

View reviewed changes

linkerd/app/inbound/src/http/router/metrics.rs Outdated Show resolved Hide resolved

cratelyn added a commit that referenced this pull request Sep 3, 2025

review(app/inbound): remove protocol label

481a953

#4127 (comment) Signed-off-by: katelyn martin <kate@buoyant.io>

olix0r reviewed Sep 3, 2025

View reviewed changes

linkerd/app/inbound/src/http/router/metrics.rs Outdated Show resolved Hide resolved

cratelyn added a commit that referenced this pull request Sep 3, 2025

review(app/inbound): use a meshtls_client_id label

ea1f919

#4127 (comment) Signed-off-by: katelyn martin <kate@buoyant.io>

cratelyn requested a review from olix0r September 3, 2025 17:46

olix0r approved these changes Sep 3, 2025

View reviewed changes

cratelyn enabled auto-merge (squash) September 3, 2025 19:40

cratelyn disabled auto-merge September 3, 2025 19:44

cratelyn marked this pull request as draft September 3, 2025 20:02

cratelyn added 3 commits September 4, 2025 10:26

refactor(app/inbound): add linkerd-http-prom dependency

d678a36

Signed-off-by: katelyn martin <kate@buoyant.io>

refactor(app/inbound): http::router is pub(crate)

fee7dcc

this will allow us to refer to metrics types, and invoke a `layer()`. Signed-off-by: katelyn martin <kate@buoyant.io>

feat(app/inbound): count inbound requests

adbd4fe

this commit introduces a new `metrics::layer<N>()` function, and installs it in our inbound http router. Signed-off-by: katelyn martin <kate@buoyant.io>

cratelyn force-pushed the kate/app-inbound.metrics-layer-count-inbound-reqs branch from c5983aa to adbd4fe Compare September 4, 2025 14:59

cratelyn added 3 commits September 5, 2025 15:20

refactor(app/inbound): fully qualified RequestCountFamilies

dfea6b8

Signed-off-by: katelyn martin <kate@buoyant.io>

refactor(app/inbound): introduce a RequestCountFamilies struct

fe47795

this will provide us with a way to manage `inbound_http_request_total` and `inbound_grpc_request_total` families based upon route authorization. Signed-off-by: katelyn martin <kate@buoyant.io>

feat(app/inbound): count inbound http and grpc requests

4f0b45b

Signed-off-by: katelyn martin <kate@buoyant.io>

cratelyn marked this pull request as ready for review September 8, 2025 21:20

olix0r reviewed Sep 11, 2025

View reviewed changes

linkerd/app/inbound/src/http/router/metrics.rs Outdated Show resolved Hide resolved

olix0r reviewed Sep 11, 2025

View reviewed changes

linkerd/app/inbound/src/policy/http.rs Show resolved Hide resolved

cratelyn added 2 commits September 11, 2025 13:25

review(app/inbound): group parent_ labels

6b49c75

we remove the `encode_label` closure, so that we do not have concurrent mutable references to `enc`. Signed-off-by: katelyn martin <kate@buoyant.io>

nit(app/inbound): use Permitted<T> accessors

2ead016

Signed-off-by: katelyn martin <kate@buoyant.io>

cratelyn force-pushed the kate/app-inbound.metrics-layer-count-inbound-reqs branch from 619768d to 2ead016 Compare September 11, 2025 17:49

cratelyn enabled auto-merge (squash) September 11, 2025 17:54

cratelyn merged commit 3ff3793 into main Sep 11, 2025
15 checks passed

cratelyn deleted the kate/app-inbound.metrics-layer-count-inbound-reqs branch September 11, 2025 17:56

cratelyn added a commit that referenced this pull request Sep 12, 2025

wip(app/inbound): sketch NewRecordResponse addition

540360f

this is a work in progress. see #4127 for previous work in this vein. Signed-off-by: katelyn martin <kate@buoyant.io>

cratelyn mentioned this pull request Sep 12, 2025

wip(app/inbound): sketch NewRecordResponse addition #4152

Closed

cratelyn added a commit that referenced this pull request Sep 15, 2025

wip(app/inbound): sketch NewRecordResponse addition

ed79b68

this is a work in progress. see #4127 for previous work in this vein. Signed-off-by: katelyn martin <kate@buoyant.io>

cratelyn added a commit that referenced this pull request Sep 15, 2025

wip(app/inbound): sketch NewRecordResponse addition

824f78a

this is a work in progress. see #4127 for previous work in this vein. Signed-off-by: katelyn martin <kate@buoyant.io>

cratelyn mentioned this pull request Sep 22, 2025

feat(app/inbound): request body frame size metrics #4180

Merged

cratelyn mentioned this pull request Dec 1, 2025

feat(app/inbound): http and grpc status code metrics #4313

Merged

cratelyn mentioned this pull request Feb 17, 2026

feat(docs): add new inbound proxy metrics linkerd/website#2093

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(app/inbound): count inbound requests#4127

feat(app/inbound): count inbound requests#4127
cratelyn merged 8 commits intomainfrom
kate/app-inbound.metrics-layer-count-inbound-reqs

cratelyn commented Sep 2, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

cratelyn commented Sep 3, 2025

Uh oh!

cratelyn commented Sep 3, 2025

Uh oh!

cratelyn commented Sep 5, 2025

Uh oh!

cratelyn commented Sep 9, 2025

Uh oh!

cratelyn commented Sep 11, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

cratelyn commented Sep 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

cratelyn commented Sep 3, 2025

Uh oh!

cratelyn commented Sep 3, 2025

Uh oh!

cratelyn commented Sep 5, 2025

Uh oh!

cratelyn commented Sep 9, 2025

Uh oh!

cratelyn commented Sep 11, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

cratelyn commented Sep 2, 2025 •

edited

Loading