-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hubble: bump proto deps for cmd/protoc-gen-go-grpc/v1.1.0 #13405
Conversation
Converted to draft as I have to understand and fix this build failure:
|
@@ -14,11 +14,12 @@ go mod init github.com/cilium/hubble/protoc | |||
|
|||
# latest tag at the time. For some reason `go get foo/bar/baz@vX.Y.Z` doesn't | |||
# work with nested go.mod definitions. | |||
go get google.golang.org/grpc/cmd/protoc-gen-go-grpc@cee815d | |||
# b2c5f4a == tag: cmd/protoc-gen-go-grpc/v1.0.0 | |||
go get google.golang.org/grpc/cmd/protoc-gen-go-grpc@b2c5f4a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we not using @1.0.0
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The label is literally cmd/protoc-gen-go-grpc/v1.0.0
, not v1.0.0
(which would point to an older release of grpc-go
, the most recent one being 1.32.0
). And this format does not work with go get
:
$ go get google.golang.org/grpc/cmd/protoc-gen-go-grpc@cmd/protoc-gen-go-grpc/v1.0.0: google.golang.org/grpc/cmd/protoc-gen-go-grpc@cmd/protoc-gen-go-grpc/v1.0.0: invalid version: version "cmd/protoc-gen-go-grpc/v1.0.0" invalid: disallowed version string
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The label is literally cmd/protoc-gen-go-grpc/v1.0.0
D:
go build google.golang.org/grpc/cmd/protoc-gen-go-grpc | ||
|
||
# protoc-gen-go-json doesn't have releases, this is the latest commit at the time | ||
go get github.com/mitchellh/protoc-gen-go-json@8fbb6f3 | ||
go get github.com/mitchellh/protoc-gen-go-json@364b693 | ||
go build github.com/mitchellh/protoc-gen-go-json | ||
|
||
go get github.com/golang/protobuf@v1.4.2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
may need to double check this version is compatible with 3.13.0
7340429
to
cc24518
Compare
@@ -6,6 +6,7 @@ | |||
|
|||
PROTOC ?= protoc | |||
|
|||
EXTERNAL_PROTO_SOURCE := /usr/local/include |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this path should be auto-inlcuded, no?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't seem to be the case when running as a regular user.
cc24518
to
18d5266
Compare
This compilation error actually relates to the problem reported in #12767:
As of today, etcd-io/etcd#12124 is still open, which in turn means we can't upgrade |
With a dial timeout, the error on failed dialing attempt always ends up being `context deadline exceeded` which helps very little in understand what the root cause might be. With `grpc.FailOnNonTempDialError(true)`, we get more descriptive errors "in some cases" (ie errors that are estimated to be non-temporary). Example: connection error: desc = "transport: error while dialing: dial tcp [::1]:4245: connect: connection refused" However, I tested to dial using TLS on a non-TLS target and in this case, the option above does not help. As of grpc-go v1.30.0, there is another option that is available: `WithReturnConnectionError()`. With this option, we'd finally get informative errors such as: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for goodname.example.com, not badname.example.com" However, we are currently stuck with grpc-go v1.29.1 due to breaking changes introduced by this version and that prevent Cilium (and Hubble CLI) to use a more recent version of grpc-go. For more details about this issue, see[0]. [0]: cilium/cilium#13405 (comment) Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
To connect to peers via gRPC, Hubble Relay uses `grpc.DialContext()` with a dial timeout. When a connection attempt to a peer fails, the following error message is returned: `context deadline exceeded`. This provides no value when trying to debug the issue. Is the peer unreachable? Is this a TLS configuration issue? etc. By using the dial option `grpc.FailOnNonTempDialError(true)`, we get better error messages on non-temporary dial errors, such as: connection error: desc = "transport: error while dialing: dial tcp 172.18.0.4:4244: connect: connection refused" Using the option `grpc.WithReturnConnectionError()`, we would get a message that contains both the last connection error that occurred and the `context.DeadlineExceeded` error. This greatly improves the situation for errors that are deemed transient. Example: context deadline exceeded: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for *.hubble-relay.cilium.io, not localhost" However, this is only available starting with grpc-go v1.30.0 and due to the issue described here[0], we are currently stuck with v1.29.1. Thus, this commit adds the option but comments it with a TODO note so that it can be caught up and uncommented when upgrading grpc-go becomes possible. [0]: #13405 (comment) Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
To connect to peers via gRPC, Hubble Relay uses `grpc.DialContext()` with a dial timeout. When a connection attempt to a peer fails, the following error message is returned: `context deadline exceeded`. This provides no value when trying to debug the issue. Is the peer unreachable? Is this a TLS configuration issue? etc. By using the dial option `grpc.FailOnNonTempDialError(true)`, we get better error messages on non-temporary dial errors, such as: connection error: desc = "transport: error while dialing: dial tcp 172.18.0.4:4244: connect: connection refused" Using the option `grpc.WithReturnConnectionError()`, we would get a message that contains both the last connection error that occurred and the `context.DeadlineExceeded` error. This greatly improves the situation for errors that are deemed transient. Example: context deadline exceeded: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for *.hubble-relay.cilium.io, not localhost" However, this is only available starting with grpc-go v1.30.0 and due to the issue described here[0], we are currently stuck with v1.29.1. Thus, this commit adds the option but comments it with a TODO note so that it can be caught up and uncommented when upgrading grpc-go becomes possible. [0]: #13405 (comment) Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
[ upstream commit e2e3661 ] To connect to peers via gRPC, Hubble Relay uses `grpc.DialContext()` with a dial timeout. When a connection attempt to a peer fails, the following error message is returned: `context deadline exceeded`. This provides no value when trying to debug the issue. Is the peer unreachable? Is this a TLS configuration issue? etc. By using the dial option `grpc.FailOnNonTempDialError(true)`, we get better error messages on non-temporary dial errors, such as: connection error: desc = "transport: error while dialing: dial tcp 172.18.0.4:4244: connect: connection refused" Using the option `grpc.WithReturnConnectionError()`, we would get a message that contains both the last connection error that occurred and the `context.DeadlineExceeded` error. This greatly improves the situation for errors that are deemed transient. Example: context deadline exceeded: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for *.hubble-relay.cilium.io, not localhost" However, this is only available starting with grpc-go v1.30.0 and due to the issue described here[0], we are currently stuck with v1.29.1. Thus, this commit adds the option but comments it with a TODO note so that it can be caught up and uncommented when upgrading grpc-go becomes possible. [0]: #13405 (comment) [ Backport note: Minor conflict when applying this patch. Only add grpc.FailOnNonTempDialError() and related message, do not remove grpc.WithInsecure() or add TLSConfig: to pool.GRPCClientConnBuilder, as those were changed in v1.9. ] Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit e2e3661 ] To connect to peers via gRPC, Hubble Relay uses `grpc.DialContext()` with a dial timeout. When a connection attempt to a peer fails, the following error message is returned: `context deadline exceeded`. This provides no value when trying to debug the issue. Is the peer unreachable? Is this a TLS configuration issue? etc. By using the dial option `grpc.FailOnNonTempDialError(true)`, we get better error messages on non-temporary dial errors, such as: connection error: desc = "transport: error while dialing: dial tcp 172.18.0.4:4244: connect: connection refused" Using the option `grpc.WithReturnConnectionError()`, we would get a message that contains both the last connection error that occurred and the `context.DeadlineExceeded` error. This greatly improves the situation for errors that are deemed transient. Example: context deadline exceeded: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for *.hubble-relay.cilium.io, not localhost" However, this is only available starting with grpc-go v1.30.0 and due to the issue described here[0], we are currently stuck with v1.29.1. Thus, this commit adds the option but comments it with a TODO note so that it can be caught up and uncommented when upgrading grpc-go becomes possible. [0]: #13405 (comment) [ Backport note: Minor conflict when applying this patch. Only add grpc.FailOnNonTempDialError() and related message, do not remove grpc.WithInsecure() or add TLSConfig: to pool.GRPCClientConnBuilder, as those were changed in v1.9. ] Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
18d5266
to
5cb3e27
Compare
5cb3e27
to
267ab44
Compare
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
We cannot update the grpc beyond 1.29.1 until we bump etcd to 3.04, see #13405 (comment), etcd-io/etcd#12124 and #14787 (comment) for more information. We also ignore github.com/miekg/dns because we use our own fork of it via replace and it seems the long-term plan is to replace the DNS proxy with Envoy, see #14790 (comment) Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
eb859cd
to
626ce23
Compare
Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
When run as root, the owner of newly generated files ends up being root. Run the container as a regular user to fix this issue. Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
See release notes: https://github.com/grpc/grpc-go/releases/tag/cmd%2Fprotoc-gen-go-grpc%2Fv1.0.1 https://github.com/grpc/grpc-go/releases/tag/cmd%2Fprotoc-gen-go-grpc%2Fv1.1.0 Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
626ce23
to
bdd32e7
Compare
We cannot update the grpc beyond 1.29.1 until we bump etcd to 3.04, see cilium#13405 (comment), etcd-io/etcd#12124 and cilium#14787 (comment) for more information. We also ignore github.com/miekg/dns because we use our own fork of it via replace and it seems the long-term plan is to replace the DNS proxy with Envoy, see cilium#14790 (comment) Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
05d6163
to
da41ef4
Compare
da41ef4
to
f087433
Compare
f087433
to
0e2fc97
Compare
a7a1c39
to
b7bdb41
Compare
c6282f5
to
cecf40d
Compare
cecf40d
to
2c469a7
Compare
Superseded by #16915, closing. |
No description provided.