Fixes oss-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13327
For ring hash lb, move all configuration parsing from Ring's ctor to the LB's ctor, where it's safe to throw exceptions from. Also, re-add proto field constraints to guard against extreme inputs from clusterfuzz and other actors of questionable intent.
Risk Level: Low
Testing: Added clusterfuzz testcase; existing tests still pass.
Signed-off-by: Dan Rosen <mergeconflict@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 99696cda3336af26fe0b048d91e0d6eb279bb81c
Add support of Any as opaque config for extensions. Deprecates Struct configs. Fixes#4475.
Risk Level: Low
Testing: CI
Docs Changes: Added.
Release Notes: Added.
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 851f591f4ed84594e5e5041e7ada4167a4f3a273
* api: add proto options for java
* add ci for checking proto options
Signed-off-by: Penn (Dapeng) Zhang <zdapeng@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 02659d411332e9f20d229f482931c15304ea17fd
Signed-off-by: Daniel Hochman <danielhochman@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9388c05db87ddaf1c2afe45d9b72ec4d8601f380
Adds an option that allows smoothing out the locality weights when used
with subset lb: weights are scaled by the number of hosts that were
removed due to the subset filter. This allows for less of a step
function when a small number of hosts in a locality are updated to be
included in the subset.
Fixes#4837
Signed-off-by: Snow Pettersen snowp@squareup.com
Risk Level: Low, new optional feature
Testing: UTs
Docs Changes: Inline in protos
Release Notes: added release note
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ b094017026ce57d52762513bd5c0f774da0fc39e
We've been using this in production for over 3 months now and it's
been very useful to prevent CPU spikes when we get a stream of
updates.
This enables update merging every 1s.
Fixes#4018.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ fad993e5aed40fba95897e9017afd19bdf170ed0
API for #4475.
Risk Level: Low (not implemented)
Testing: CI
Docs Changes: Added but hided
Release Notes: N/A, will add when adding impl.
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 45a460fabf34698a875060482de96f7f618bdc9f
In preparation for removing std::hash for LB (a deprecated v1 option)
Risk Level: Medium (changing existing code where default config was used)
Testing: Tweaked existing unit tests
Docs Changes: updated API docs
Release Notes: Noted in release notes
Deprecated*: std::hash in LB (already deprecated, but might as well get the bugs auto-filed for 1.9.0)
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ db793ca15cfa9a500e76172c1011fa7baa4327ef
This change introduces a new configuration parameter for clusters,
`time_between_updates`.
If this is set, all cluster updates — membership changes, metadata
changes on endpoints, or healtcheck state changes — that happen
within a `time_between_updates` duration will be merged and delivered
at once when the duration ends.
This is useful for big clusters (> 1k endpoints) using the subset LB.
Partially addresses https://github.com/envoyproxy/envoy/issues/3929.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 62441f9fe2933d4846cfc3d166e52a9178be755f
This patch implements load_assigment field in CDS' Cluster.
This change specifically adds the implementation of the new load_assigment field
for clusters with discovery-type: STATIC, STRICT_DNS and LOGICAL_DNS.
While adding this load_assigment field implementation to Cluster,
this patch also allows specifying optional (active) health check config per specified upstream host.
Risk Level: medium
Testing: unit tests
Docs Changes:
This unhides docs for endpoint health check config
Release Notes: N/A
Fixes#439
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
Mirrored from https://github.com/envoyproxy/envoy @ b32eabfc141760ec14622a4a2a2f0ab0a741cd6c
Adds a flag to the subset lb config which will cause the subset
lb to respect the locality weights of the original host set. This allows
subset matching on clusters that are configured with locality weights.
Risk Level: Low, new optional feature
Testing: Unit tests
Docs Changes: Added documentation to proto definition
Release Notes: Added note about new configuration option to release notes
Fixes#3123
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0a0914e9a1c18c94dc7a02faac1e8b1903d4e2e5
Add load_assignment field in Cluster
This patch introduces load_assigment field in CDS' Cluster. This is an API change only.
This is part of effort on breaking #3261 into multiple PRs.
Risk Level:
Low, since it is hidden.
Testing:
Build api and envoy-static without error
Docs Changes:
Add load_assignment in Cluster of cds.proto.
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
Mirrored from https://github.com/envoyproxy/envoy @ 79bce5fe1cd8d1ab03dc6085497fcda653320a67
This PR adds a configuration flag that allows disabling the "eventually consistent" aspect of endpoint updates: instead of waiting for the endpoints to go unhealthy before removing them from the cluster, do so immediately. This gives greater control to the control plane in cases where one might want to divert traffic from an endpoint
without having it go unhealthy. The flag goes on the cluster and so applies to all endpoints within that cluster.
Risk Level:
Low: Small configurable feature which reuses existing behavior (identical to the behavior when no health checker is configured). Defaults to disabled, so should have no impact on existing configurations.
Testing:
Added unit test for the case when endpoints are healthy then removed from the ClusterLoadAssignment in a subsequent config update.
Docs Changes:
Docs were added to the proto field.
Release Notes:
Added cluster: Add :ref:`option <envoy_api_field_Clister.drain_connections_on_eds_removal>` to drain endpoints after they are removed through EDS, despite health status. to the release notes.
[Optional Fixes #Issue]
#440 and #3276 (note that this last issue also asks for more fine grained control over endpoint removal. The solution this PR provides was brought up as a partial solution to #3276).
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 08712e93b07695f53d192a2601cfa2ccc7a20f33
* cluster: Add option to close tcp_proxy connections when health checks fail.
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 908231ed28d4f619e24c8c46a837cc3f914d173d
Adds TCP Keepalive support for upstream connections. This can be configured on the cluster manager level, and overridden on the cluster level.
Risk Level: Medium
Testing:
Unit tests have been added. It appears to run and work.
Docs Changes:
envoyproxy/data-plane-api#614Fixesenvoyproxy/envoy#3028
API Changes:
envoyproxy/data-plane-api#614
Signed-off-by: Jonathan Oddy <jonathan.oddy@transferwise.com>
Mirrored from https://github.com/envoyproxy/envoy @ dd953f99945bb7c6b3251f71bffe252a5f6e9e62
Found via proto fuzzing of the server config, unbounded ring sizes can lead to resource exhaustion.
Also bumped PGV version, since even with the bound added to cds.proto, the constraint validation was
skipped due to the bug fixed in https://github.com/lyft/protoc-gen-validate/pull/73.
Risk Level: Medium (PGV bump might result in some configs that passed before failing).
Testing: server_fuzz_test regression.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 176e565eaec82d79ebf28d3f2bd0493f68a95180
Introduce the concept of locality weighted LB (as distinct from zone
aware LB) in the docs and a new field in Cluster, locality_weighted_lb,
for configuring this behavior.
Signed-off-by: Harvey Tuch <htuch@google.com>
1) Add ability to runtime filter to configure default, divisor, and
whether independent randomness is used.
2) Also add LE to the comparison filter.
Signed-off-by: Matt Klein <mklein@lyft.com>
This enables generating generic service stubs for all the data-plane-api
proto services when generating Java classes with protoc.
This is generally not needed when implementing a gRPC server but in our case we're implementing
it behind our legacy protobuf RPC framework which rely on these stubs. As far as I know the only negative
with enabling these is generating some potentially unnecessary Java classes.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
This adds ability to configure settings for zone aware load balancing settings as config options.
solves envoyproxy/envoy#1344
Changes : Added min_cluster_size and enabled_percentage to commonLbConfig which enables them to used directly in load_balancer_impl.cc.
Signed-off-by: sri kailash <sri.gandebathula@booking.com>
There are several main changes in this PR:
Create envoy.api.v2.core packages to break circular dependencies from xDS on to subpackages on to base protos.
Create individual packages for each filter and add independent versioning to each filter.
Add visibility constraints to prevent formation of dependency cycles.
Add gogoproto annotations to improve go code generation.
After moving xDS service definitions and top-level resource protos back to envoy.core.api.v2, cycles were created, since the second-level definitions depend on base protobuf definitions, and are in turn included from xDS; however xDS and base definitions are in the same package.
The solution is to split the base protos into another package, envoy.api.v2.core. That eliminates dependency cycles (validated using go-control-plane).
Added a few gogoproto annotations to improve golang code generation.
Signed-off-by: Kuat Yessenov <kuat@google.com>
Currently clusters can not open both HTTP1.1 and HTTP2 upstream
connections at the same time. When the new cluster option
"auto_http2" is set to "true", the cluster must open an HTTP2 upstream
connection if the downstream connection is HTTP2, and an HTTP1.1
upstream connection if the downstream connection is HTTP1.1. This option
is to have no effect if there is no corresponding downstream
connection.
This functionality removes the need to operate multiple clusters and
routing rules for them when the backends accept both HTTP1.1 and HTTP2
connections, and when the choice of the HTTP protocol is significant,
as with gRPC.
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
In support of https://github.com/envoyproxy/envoy/issues/2200 and some
Google internal needs, we are planning on adding support to Envoy to
allow a configuration (or possibly build) driven decision on whether to
using the existing Envoy in-built Grpc::AsyncClient or
the Google C++ gRPC client library (https://grpc.io/grpc/cpp/index.html).
To move in this direction, the idea is we have the xDS ApiConfigSources,
rate limit service config and other filter configurations point at a
GrpcService object. This can be configured to use an Envoy cluster,
where Grpc::AsyncClient will orchestrate communication, or to contain
the config needed to establish a channel in Google C++ gRPC client
library.
Signed-off-by: Harvey Tuch <htuch@google.com>
CertificateValidationContext.trusted_ca is not only for client
certificates, but also for server certs. Change the wording to "peer
certificates".
Also mention that verification is not enabled by default in docs for
UpstreamTlsContext.
Signed-off-by: Peter Schultz <peter.schultz@classmarkets.com>
data-plane-api(CircleCI)
htuch
Matt Klein
Rama Chavali
Snow Pettersen
Daniel Hochman
srikailash
Kuat
Matt Rice
jrajahalme
Peter Schultz