upstream: allow excluding hosts from lb calculations until initial health check (#6794)

This adds an option to allow hosts to be excluded in lb calculations until they have been health checked for the first time. This will make it possible to scale up the number of hosts quickly (ie large increase relative to current host set size) without triggering panic mode/spillover (as long as the initial health check is succeeds). While these hosts are excluded from the lb calculations, they are still eligible for routing when panic mode is triggered. Signed-off-by: Snow Pettersen <snowp@squareup.com> Mirrored from https://github.com/envoyproxy/envoy @ 4c80194bf82193261aa52a4ca64c4e6a461881c0
6 years ago · cfb75b48b7
parent 2d56868487
commit cfb75b48b7
2 changed files with 24 additions and 0 deletions
--- a/envoy/admin/v2alpha/clusters.proto
+++ b/envoy/admin/v2alpha/clusters.proto
@ -82,6 +82,9 @@ message HostHealthStatus {
  // health checking.
  bool pending_dynamic_removal = 5;

+  // The host has not yet been health checked.
+  bool pending_active_hc = 6;
+
  // Health status as reported by EDS. Note: only HEALTHY and UNHEALTHY are currently supported
  // here.
  // TODO(mrice32): pipe through remaining EDS health status possibilities.
--- a/envoy/api/v2/cds.proto
+++ b/envoy/api/v2/cds.proto
@ -526,6 +526,27 @@ message Cluster {
    // because merging those updates isn't currently safe. See
    // https://github.com/envoyproxy/envoy/pull/3941.
    google.protobuf.Duration update_merge_window = 4;
+
+    // If set to true, Envoy will not consider new hosts when computing load balancing weights until
+    // they have been health checked for the first time. This will have no effect unless
+    // active health checking is also configured.
+    //
+    // Ignoring a host means that for any load balancing calculations that adjust weights based
+    // on the ratio of eligible hosts and total hosts (priority spillover, locality weighting and
+    // panic mode) Envoy will exclude these hosts in the denominator.
+    //
+    // For example, with hosts in two priorities P0 and P1, where P0 looks like
+    // {healthy, unhealthy (new), unhealthy (new)}
+    // and where P1 looks like
+    // {healthy, healthy}
+    // all traffic will still hit P0, as 1 / (3 - 2) = 1.
+    //
+    // Enabling this will allow scaling up the number of hosts for a given cluster without entering
+    // panic mode or triggering priority spillover, assuming the hosts pass the first health check.
+    //
+    // If panic mode is triggered, new hosts are still eligible for traffic; they simply do not
+    // contribute to the calculation when deciding whether panic mode is enabled or not.
+    bool ignore_new_hosts_until_first_hc = 5;
  }

  // Common configuration for all load balancer implementations.