proxy

Commit Graph

Author	SHA1	Message	Date
Kuat	ce6565612a	stats: utilize expiration (#6529 ) Change-Id: I97c10eac08443566eca6f53dc73b86c2e51fa095 Signed-off-by: Kuat Yessenov <kuat@google.com>	2025-09-03 22:20:00 -07:00
Keith Mattix II	3d2512a4cc	Use cluster metadata for destination_service_name (#5617 ) * Use cluster metadata for destination_service_name Signed-off-by: Keith Mattix II <keithmattix@microsoft.com> * Fallback to peer namespace Signed-off-by: Keith Mattix II <keithmattix@microsoft.com> * Fix format Signed-off-by: Keith Mattix II <keithmattix@microsoft.com> * Add cluster metadata precedence test Signed-off-by: Keith Mattix II <keithmattix@microsoft.com> * Remove duplicate test case Signed-off-by: Keith Mattix II <keithmattix@microsoft.com> --------- Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>	2024-06-19 11:04:34 -04:00
Kuat	3f23703e47	use DELTA_GRPC (#5164 ) Signed-off-by: Kuat Yessenov <kuat@google.com>	2023-11-21 15:31:50 -08:00
Kuat	7be3b1afd3	test: use 127.0.0.3 for backend (#5110 ) Signed-off-by: Kuat Yessenov <kuat@google.com>	2023-10-31 11:21:28 -07:00
Kuat	daaf77a639	tcp mx: implement WDS fallback (#4994 ) Signed-off-by: Kuat Yessenov <kuat@google.com>	2023-10-05 15:15:24 -07:00
Kuat	410f647e6b	test: use 127.0.0.2 for server IP to support WDS lookup (#4904 ) Signed-off-by: Kuat Yessenov <kuat@google.com>	2023-08-21 16:21:49 -07:00
Kuat	931c5d0ca8	otel: sample metric test (#4782 ) * add otel Signed-off-by: Kuat Yessenov <kuat@google.com> * wip Signed-off-by: Kuat Yessenov <kuat@google.com> * wip Signed-off-by: Kuat Yessenov <kuat@google.com> * wip Signed-off-by: Kuat Yessenov <kuat@google.com> * remove stale Signed-off-by: Kuat Yessenov <kuat@google.com> * missing file Signed-off-by: Kuat Yessenov <kuat@google.com> * lint Signed-off-by: Kuat Yessenov <kuat@google.com> --------- Signed-off-by: Kuat Yessenov <kuat@google.com>	2023-07-06 17:47:35 -07:00
Kuat	9e045964da	waypoint: metadata discovery service client (#4255 ) * wip Signed-off-by: Kuat Yessenov <kuat@google.com> * complete Signed-off-by: Kuat Yessenov <kuat@google.com> * lint Signed-off-by: Kuat Yessenov <kuat@google.com> --------- Signed-off-by: Kuat Yessenov <kuat@google.com>	2023-02-27 21:45:14 -08:00
Kuat	5928a517f3	Ambient branch merge (#4058 ) * Automator: update envoy@ in istio/proxy@master (#3817) switched envoy commit to fork with L7 PEP changes testing wrong SHA added internal listener and transport_socket * Use new envoy Change-Id: I80a834b7b995973ead80f3f1e1e8e795ca95c4a5 * telemetry: add workload_metadata filter (#2) * telemetry: add workload_metadata filter This PR is intended to establish a basic framework for a Listener filter that will be used to lookup client/server metadata for workload instances. If metadata can be found (based on IP addresses), the metadata will be written into FilterState, where it can be exploited by subsequent filters (for reporting, protocol encoding, etc.). It is expected that this filter will need to undergo significant modification as we flesh out the implementation (and relationship to other filters in the chain). For instance, ECDS support will need to be added. * update to match control plane PR * add support for baggage generation * fix errors from clang-format * address code review comments * clean up consts, etc. * rebase ambient changes on envoy main Change-Id: I2cc0960342f2e7e0d48b69f4bdf85db78cbcdbaf * bazel: use envoy newly declared python toolchain Signed-off-by: Yuchen Dai <lambdai@google.com> Change-Id: I84d69936b4bdaf10a0e325e2d64d1a074be6fd1d * fixed syntax err Change-Id: I36d6ff42d9d8c397e015b4d8647b277662b5c6cb * sha Change-Id: I234c56c8889a0921df65ca03b64e9598a4e2721d * try fix filter Change-Id: Ib528be1d24609422afc5d66ca2d66b38eaabff8c * more fix filter Change-Id: Ia08f1498d10ccba0677409a1a2c55367eb3f912d * try again Change-Id: Id954d72f04c2823ea1dac235485e604e9cdfab50 * thank god for clion Change-Id: Ibceaa1a916cd4236021643088c6f5feb2f468f8a * format Change-Id: If4cc136a1839f044b5cc709d3db645d50e207858 * add dynamic metadata * convert str * fix keys * fmt * telemetry: add filter to move baggage header to filter state object This PR creates a new HTTP filter that is intended to live in the inbound_CONNECT_terminate chain. It will take the received baggage header and build a WorkloadMetadataObject filter state object to match. This filter state object can then be passed to the internal listener chain for processing by a subsequent filter that can (a) set the SSL connection info appropriately and (b) create a PeerInfo CEL filter state object for use in the stats filter. It is modeled after the header_to_metadata filter. If/once this is working, it can be likewise expanded to be a more general purpose (if warranted). * address initial comments * Automator: update envoy@ in istio/proxy@master (#3817) switched envoy commit to fork with L7 PEP changes testing wrong SHA added internal listener and transport_socket * Use new envoy Change-Id: I80a834b7b995973ead80f3f1e1e8e795ca95c4a5 * telemetry: add workload_metadata filter (#2) * telemetry: add workload_metadata filter This PR is intended to establish a basic framework for a Listener filter that will be used to lookup client/server metadata for workload instances. If metadata can be found (based on IP addresses), the metadata will be written into FilterState, where it can be exploited by subsequent filters (for reporting, protocol encoding, etc.). It is expected that this filter will need to undergo significant modification as we flesh out the implementation (and relationship to other filters in the chain). For instance, ECDS support will need to be added. * update to match control plane PR * add support for baggage generation * fix errors from clang-format * address code review comments * clean up consts, etc. * rebase ambient changes on envoy main Change-Id: I2cc0960342f2e7e0d48b69f4bdf85db78cbcdbaf * bazel: use envoy newly declared python toolchain Signed-off-by: Yuchen Dai <lambdai@google.com> Change-Id: I84d69936b4bdaf10a0e325e2d64d1a074be6fd1d * fixed syntax err Change-Id: I36d6ff42d9d8c397e015b4d8647b277662b5c6cb * sha Change-Id: I234c56c8889a0921df65ca03b64e9598a4e2721d * try fix filter Change-Id: Ib528be1d24609422afc5d66ca2d66b38eaabff8c * more fix filter Change-Id: Ia08f1498d10ccba0677409a1a2c55367eb3f912d * try again Change-Id: Id954d72f04c2823ea1dac235485e604e9cdfab50 * thank god for clion Change-Id: Ibceaa1a916cd4236021643088c6f5feb2f468f8a * format Change-Id: If4cc136a1839f044b5cc709d3db645d50e207858 * add dynamic metadata * convert str * fix keys * fmt * pull in envoy upstream changes * update date * checksum * fmt * more review changes * telemetry: add support in stats filter for ambient server pep mode This PR establishes an extra config parameter for the stats mode to allow local node info mapping on a per request basis (pulling from host metadata set on the target endpoint). This is required for Ambient Server PEP operation because upstream metadata will not be available entirely from the Envoy node metadata (as it was with sidecar operations). The control plane _should_ still provide the required metadata for the endpoint. Note: at present, there is no mapping support for other pod labels or even 'app' and 'version' labels, as those are not supplied in the host metadata. if more upstream metadata is required, beyond what is currently available, more work is likely necessary. There may also be work required to properly convey service account info, etc. * add copyright header * telemetry: add filter to create peer info obj for internal chain This PR is meant to pull the WorkloadMetadataObject created by the CONNECT_terminate filter and create the peer info FBB objects expected by the existing stats filter in the internal listener filter chain. This filter also transfers the SSL connection across to the internal listener connection info as well. * address review comments * cleanup config doc comment * fix config build breakage * telemetry: set SharedWithUpstreamConnection on workload meta obj * telemetry: add new extensions to envoy build * listener filter: set original dst from metadata Signed-off-by: Kuat Yessenov <kuat@google.com> * reformat Signed-off-by: Kuat Yessenov <kuat@google.com> * comments Signed-off-by: Kuat Yessenov <kuat@google.com> * telemetry: make filter interaction more debuggable * address review comments * telemetry: add support for cluster id in baggage * update Signed-off-by: Kuat Yessenov <kuat@google.com> * fix go checks * telemetry: pass in SSL info to internal listener This PR adds a network filter to setting the SSL connection on the internal listener connection. This new filter can be configured in the chain on internal VIP listeners to allow telemetry (and other) inspection. This has been manually tested and validated with a locally-modified control plane. The updated Envoy reference includes the set of two outstanding PRs as well as the functionality needed to unblock setting SSL on a socket in a listener filter. * add basic test * reintroduce fork for orig dest port override * directly on top of last commit * lint: run buildifier * fix eds dedupe * add back internal upstream hack * Create filter state with string accessor * Lint fixes * Lint fix for BUILD * Targeting review comment and updated test * test with upstream envoy * add to inventory * update envoy * update commit * update internal listener and envoy * go control plane doesnt have endpoint_id * explicit * internal * refactor Signed-off-by: Kuat Yessenov <kuat@google.com> * testing Signed-off-by: Kuat Yessenov <kuat@google.com> * modify test Signed-off-by: Kuat Yessenov <kuat@google.com> * disable load Signed-off-by: Kuat Yessenov <kuat@google.com> * lint Signed-off-by: Kuat Yessenov <kuat@google.com> * revert internal transport hack * switch forks (#29) * Added uProxy metadata mode * Lint fix * Another lint fix * Wrong metadata attribute name * Set filter state with baggage from header * fixes Signed-off-by: Kuat Yessenov <kuat@google.com> * add tls passthrough Signed-off-by: Kuat Yessenov <kuat@google.com> * remove load Signed-off-by: Kuat Yessenov <kuat@google.com> * remove Signed-off-by: Kuat Yessenov <kuat@google.com> * wrap up Signed-off-by: Kuat Yessenov <kuat@google.com> * clean up Signed-off-by: Kuat Yessenov <kuat@google.com> * lint Signed-off-by: Kuat Yessenov <kuat@google.com> * fix assertion Signed-off-by: Kuat Yessenov <kuat@google.com> * half-close fix * fix build * fix optref in tests * rename ambient components * even better names * Switch to istio/envoy repo * format Signed-off-by: Kuat Yessenov <kuat@google.com> * status note Signed-off-by: Kuat Yessenov <kuat@google.com> * style Signed-off-by: Kuat Yessenov <kuat@google.com> Signed-off-by: Yuchen Dai <lambdai@google.com> Signed-off-by: Kuat Yessenov <kuat@google.com> Co-authored-by: Istio Automation <istio-testing-bot@google.com> Co-authored-by: John Howard <howardjohn@google.com> Co-authored-by: Douglas Reid <douglas-reid@users.noreply.github.com> Co-authored-by: Steven Landow <landow@google.com> Co-authored-by: Yuchen Dai <lambdai@google.com> Co-authored-by: Douglas Reid <dougreid@google.com> Co-authored-by: Yossi Mesika <yossi.mesika@solo.io> Co-authored-by: Yuval Kohavi <yuval.kohavi@gmail.com>	2022-09-13 19:29:54 -07:00
Kuat	d81804c50e	deflake: bump connect timeout for slow builds (#4054 ) Signed-off-by: Kuat Yessenov <kuat@google.com> Signed-off-by: Kuat Yessenov <kuat@google.com>	2022-09-08 14:27:21 -07:00
Kuat	47b3151bca	build fixes (#3801 ) * fixes Signed-off-by: Kuat Yessenov <kuat@google.com> * bump abseil Signed-off-by: Kuat Yessenov <kuat@google.com> * fast forward Signed-off-by: Kuat Yessenov <kuat@google.com>	2022-04-09 01:51:46 -07:00
Pengyuan Bian	0537846dff	Update Envoy SHA to 07-12. (#3395 ) * Update Envoy SHA to 06-30. * fix * clean up connection pool. * format * update sha again	2021-07-12 15:10:27 -07:00
Kuat	baf58ffb3b	update envoy (#3376 ) * update envoy Signed-off-by: Kuat Yessenov <kuat@google.com> * fix format Signed-off-by: Kuat Yessenov <kuat@google.com>	2021-06-14 22:51:39 -07:00
Douglas Reid	81f2d6c9fa	use canonical name as fallback for destination_service (#3339 ) * use canonical name as fallback for destination_service * only for inbound * use direct extraction from local node * update test * fixup * fix tests * use string instead of string_view	2021-05-13 15:54:45 -07:00
Pengyuan Bian	1584a4c373	Codify cluster id in stats filter. (#3229 ) * Codify cluster id in stats filter. * fix * distinguish client and server cluster id	2021-03-03 17:10:45 -08:00
Pengyuan Bian	58f07a7722	Parse workload and service from resource labels (#3051 ) * update sha * parse workload and service from resource labels * add test * clean up * fix * clean up * skip looking at localhost endpoint * fix * fix * update cluster name	2020-10-15 17:55:12 -07:00
Kuat	ddfda5e37a	validate route_name (#3042 ) Signed-off-by: Kuat Yessenov <kuat@google.com>	2020-10-14 12:41:20 -07:00
Kuat	788c3200bc	tests: fix parallel testing (#2986 ) * tests: fix parallel testing Signed-off-by: Kuat Yessenov <kuat@google.com> * disable a test Signed-off-by: Kuat Yessenov <kuat@google.com>	2020-08-17 09:48:43 -07:00
Pengyuan Bian	7771aefa2a	Consolidate proxy tests to use step based framework (#2806 ) * consolidate proxy tests to use step based framework * lint * extend latency boundary for asan tsan build * sleep one sec before sending request in access log test * prolong export period for stackdriver test to bear asan/tsan initial loading time * address comment * sleep a bit after envoy starting up	2020-04-16 18:04:24 -07:00
Kuat	e81fea14d6	deps: update go-control-plane, switch to v3 xDS (#2787 ) * update go-control-plane Signed-off-by: Kuat Yessenov <kuat@google.com> * more v2 xDS Signed-off-by: Kuat Yessenov <kuat@google.com> * more v2 xDS Signed-off-by: Kuat Yessenov <kuat@google.com> * fix up version Signed-off-by: Kuat Yessenov <kuat@google.com> * fix test Signed-off-by: Kuat Yessenov <kuat@google.com>	2020-04-01 11:58:23 -07:00
Pengyuan Bian	6fee8ca5dc	Improve Wasm plugins stats (#2783 ) * fix plugin metrics * format * move stats to a common place * add test * fix format * fix test * fix * rename stats * rewrite comments	2020-03-31 14:01:21 -07:00
Kuat	c2c64d4da7	revert of https://github.com/istio/proxy/pull/2591 (#2714 ) Signed-off-by: Kuat Yessenov <kuat@google.com>	2020-02-26 19:00:32 -08:00
Douglas Reid	06edc927f3	feat(stats): add canonical rev labels (#2711 ) * feat(stats): add caonical rev labels Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * format + regen Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * update missed metrics templates Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * update custom metrics template Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com>	2020-02-24 19:04:41 -08:00
Kuat	1a319ffd17	cleanup files (#2670 ) Signed-off-by: Kuat Yessenov <kuat@google.com>	2020-02-11 22:46:00 -08:00
Kuat	140abe4c10	configurable metrics (part 2): refactor dimensions to be a vector, permit overriding (#2655 ) * refactor dimensions Signed-off-by: Kuat Yessenov <kuat@google.com> * fix tests Signed-off-by: Kuat Yessenov <kuat@google.com> * add integration test Signed-off-by: Kuat Yessenov <kuat@google.com> * update ABI Signed-off-by: Kuat Yessenov <kuat@google.com> * add metric definitions Signed-off-by: Kuat Yessenov <kuat@google.com> * reformat Signed-off-by: Kuat Yessenov <kuat@google.com> * merge #2659 Signed-off-by: Kuat Yessenov <kuat@google.com> * fix test Signed-off-by: Kuat Yessenov <kuat@google.com> * update wasm files Signed-off-by: Kuat Yessenov <kuat@google.com>	2020-02-08 12:59:25 -08:00
Douglas Reid	ec424de207	feat(stats): add support for canonical service labels (#2658 ) * feat(stats): add support for canonical service labels Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * clang-format, because of course Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com>	2020-02-07 10:20:10 -08:00
Douglas Reid	044008dfae	fix(stats): remove policy-related dimensions (#2647 ) * fix(stats): remove policy-related dimensions Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * clean up common context Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * run clang-format -i Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * cleanup unused variables Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com>	2020-02-06 13:04:30 -08:00
Kuat	b53267e4e1	configurable metrics in stats plugin (#2640 ) * prototype configurable metrics Signed-off-by: Kuat Yessenov <kuat@google.com> * fix license Signed-off-by: Kuat Yessenov <kuat@google.com> * format and regenerate Signed-off-by: Kuat Yessenov <kuat@google.com> * fix non-det config Signed-off-by: Kuat Yessenov <kuat@google.com> * generalize metric overrides Signed-off-by: Kuat Yessenov <kuat@google.com> * merge fix Signed-off-by: Kuat Yessenov <kuat@google.com> * wip Signed-off-by: Kuat Yessenov <kuat@google.com> * update PR Signed-off-by: Kuat Yessenov <kuat@google.com> * update Signed-off-by: Kuat Yessenov <kuat@google.com> * make example more complicated Signed-off-by: Kuat Yessenov <kuat@google.com> * asan debugging Signed-off-by: Kuat Yessenov <kuat@google.com> * stats golint Signed-off-by: Kuat Yessenov <kuat@google.com>	2020-02-05 19:45:09 -08:00
Douglas Reid	cdf36928ee	feat(stats): support grpc status codes in metrics (#2624 ) * feat(stats): support grpc status codes in metrics * wip * add tests and fix up context * set empty grpc_response_code * use latest envoyproxy/envoy-wasm Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * add license/copyright banner Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * fix lint / format / malign issues Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * fix up alpn_test.cc Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * fix lint Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * more tests needed updating with envoy update Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * stackdriver fix Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * fix stackdriver onConfigure Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * remove unused using clause Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com> * clang-format Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com>	2020-02-05 16:54:33 -08:00
Yan Xue	39398c218d	expose service port in stats (#2591 ) * expose service port * fix? * fix?? * fix * last fix * typo * port * hard code * use server port * last fix * remove spaces	2019-12-06 17:12:59 -08:00
Kuat	07b66567d6	add stats XDS test (#2507 ) * add stats XDS test Signed-off-by: Kuat Yessenov <kuat@google.com> * test slow drain Signed-off-by: Kuat Yessenov <kuat@google.com>	2019-11-05 14:02:44 -08:00
Kuat	6a8fc0d5dd	test: add TLS SD validation (#2503 ) * basic TLS test Signed-off-by: Kuat Yessenov <kuat@google.com> * basic TLS test Signed-off-by: Kuat Yessenov <kuat@google.com> * fix a unit test Signed-off-by: Kuat Yessenov <kuat@google.com> * add mTLS certs Signed-off-by: Kuat Yessenov <kuat@google.com> * add principals Signed-off-by: Kuat Yessenov <kuat@google.com>	2019-11-01 02:32:04 -07:00
Kuat	61ff543b7d	test: add xDS framework to test SD extension reloads (#2472 ) * adding new tests Signed-off-by: Kuat Yessenov <kuat@google.com> * update go mod Signed-off-by: Kuat Yessenov <kuat@google.com> * add stackdriver test Signed-off-by: Kuat Yessenov <kuat@google.com> * test: add xDS test framework for SD Signed-off-by: Kuat Yessenov <kuat@google.com> * add concurrent xds and data path Signed-off-by: Kuat Yessenov <kuat@google.com> * fix lint Signed-off-by: Kuat Yessenov <kuat@google.com> * bump up the duration Signed-off-by: Kuat Yessenov <kuat@google.com> * dont run in parallel yet Signed-off-by: Kuat Yessenov <kuat@google.com> * add delay to avoid CPU bomb Signed-off-by: Kuat Yessenov <kuat@google.com> * add delays Signed-off-by: Kuat Yessenov <kuat@google.com> * slow down activation Signed-off-by: Kuat Yessenov <kuat@google.com> * fix envoy binary path Signed-off-by: Kuat Yessenov <kuat@google.com> * update base envoy Signed-off-by: Kuat Yessenov <kuat@google.com> * use ports from env Signed-off-by: Kuat Yessenov <kuat@google.com> * merge fix Signed-off-by: Kuat Yessenov <kuat@google.com> * re-organize Signed-off-by: Kuat Yessenov <kuat@google.com> * re-organize Signed-off-by: Kuat Yessenov <kuat@google.com> * CI... Signed-off-by: Kuat Yessenov <kuat@google.com> * CI... Signed-off-by: Kuat Yessenov <kuat@google.com> * CI... Signed-off-by: Kuat Yessenov <kuat@google.com> * annoying CI Signed-off-by: Kuat Yessenov <kuat@google.com> * force fastbuild Signed-off-by: Kuat Yessenov <kuat@google.com> * ugh Signed-off-by: Kuat Yessenov <kuat@google.com> * fix bazel arch Signed-off-by: Kuat Yessenov <kuat@google.com> * ugh Signed-off-by: Kuat Yessenov <kuat@google.com> * ugh Signed-off-by: Kuat Yessenov <kuat@google.com> * ugh Signed-off-by: Kuat Yessenov <kuat@google.com>	2019-10-31 10:53:38 -07:00

33 Commits