hubble: bump proto deps for cmd/protoc-gen-go-grpc/v1.1.0 #13405
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rolinh
added
release-note/misc
|
Converted to draft as I have to understand and fix this build failure: |
glibsm
reviewed
Oct 5, 2020
| @@ -14,11 +14,12 @@ go mod init github.com/cilium/hubble/protoc | |||
|
|
|||
| # latest tag at the time. For some reason `go get foo/bar/baz@vX.Y.Z` doesn't | |||
| # work with nested go.mod definitions. | |||
| go get google.golang.org/grpc/cmd/protoc-gen-go-grpc@cee815d | |||
| # b2c5f4a == tag: cmd/protoc-gen-go-grpc/v1.0.0 | |||
| go get google.golang.org/grpc/cmd/protoc-gen-go-grpc@b2c5f4a | |||
There was a problem hiding this comment.
Why are we not using @1.0.0 here?
There was a problem hiding this comment.
The label is literally cmd/protoc-gen-go-grpc/v1.0.0, not v1.0.0 (which would point to an older release of grpc-go, the most recent one being 1.32.0). And this format does not work with go get:
$ go get google.golang.org/grpc/cmd/protoc-gen-go-grpc@cmd/protoc-gen-go-grpc/v1.0.0: google.golang.org/grpc/cmd/protoc-gen-go-grpc@cmd/protoc-gen-go-grpc/v1.0.0: invalid version: version "cmd/protoc-gen-go-grpc/v1.0.0" invalid: disallowed version string
There was a problem hiding this comment.
The label is literally cmd/protoc-gen-go-grpc/v1.0.0
D:
| go build google.golang.org/grpc/cmd/protoc-gen-go-grpc | ||
|
|
||
| # protoc-gen-go-json doesn't have releases, this is the latest commit at the time | ||
| go get github.com/mitchellh/protoc-gen-go-json@8fbb6f3 | ||
| go get github.com/mitchellh/protoc-gen-go-json@364b693 | ||
| go build github.com/mitchellh/protoc-gen-go-json | ||
|
|
||
| go get github.com/golang/protobuf@v1.4.2 |
There was a problem hiding this comment.
may need to double check this version is compatible with 3.13.0
rolinh
force-pushed
the
pr/rolinh/hubble-proto-gen-go-grpc-v1.0.0
branch
from
7340429
to
cc24518
Compare
glibsm
reviewed
Oct 6, 2020
| @@ -6,6 +6,7 @@ | |||
|
|
|||
| PROTOC ?= protoc | |||
|
|
|||
| EXTERNAL_PROTO_SOURCE := /usr/local/include | |||
There was a problem hiding this comment.
this path should be auto-inlcuded, no?
There was a problem hiding this comment.
It doesn't seem to be the case when running as a regular user.
rolinh
force-pushed
the
pr/rolinh/hubble-proto-gen-go-grpc-v1.0.0
branch
from
cc24518
to
18d5266
Compare
rolinh
added
the
dont-merge/waiting-for-upstream
This compilation error actually relates to the problem reported in #12767:
As of today, etcd-io/etcd#12124 is still open, which in turn means we can't upgrade |
rolinh
added a commit
to cilium/hubble
that referenced
this pull request
Oct 8, 2020
With a dial timeout, the error on failed dialing attempt always ends up
being `context deadline exceeded` which helps very little in understand
what the root cause might be.
With `grpc.FailOnNonTempDialError(true)`, we get more descriptive errors
"in some cases" (ie errors that are estimated to be non-temporary).
Example:
connection error: desc = "transport: error while dialing: dial tcp [::1]:4245: connect: connection refused"
However, I tested to dial using TLS on a non-TLS target and in this
case, the option above does not help.
As of grpc-go v1.30.0, there is another option that is available:
`WithReturnConnectionError()`. With this option, we'd finally get
informative errors such as:
connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for goodname.example.com, not badname.example.com"
However, we are currently stuck with grpc-go v1.29.1 due to breaking
changes introduced by this version and that prevent Cilium (and Hubble
CLI) to use a more recent version of grpc-go. For more details about
this issue, see[0].
[0]: cilium/cilium#13405 (comment)
Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
rolinh
added a commit
that referenced
this pull request
Oct 9, 2020
To connect to peers via gRPC, Hubble Relay uses `grpc.DialContext()`
with a dial timeout. When a connection attempt to a peer fails, the
following error message is returned: `context deadline exceeded`.
This provides no value when trying to debug the issue. Is the peer
unreachable? Is this a TLS configuration issue? etc.
By using the dial option `grpc.FailOnNonTempDialError(true)`, we get
better error messages on non-temporary dial errors, such as:
connection error: desc = "transport: error while dialing: dial tcp 172.18.0.4:4244: connect: connection refused"
Using the option `grpc.WithReturnConnectionError()`, we would get a
message that contains both the last connection error that occurred and
the `context.DeadlineExceeded` error. This greatly improves the
situation for errors that are deemed transient. Example:
context deadline exceeded: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for *.hubble-relay.cilium.io, not localhost"
However, this is only available starting with grpc-go v1.30.0 and due to
the issue described here[0], we are currently stuck with v1.29.1. Thus,
this commit adds the option but comments it with a TODO note so that it
can be caught up and uncommented when upgrading grpc-go becomes
possible.
[0]: #13405 (comment)
Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
gandro
pushed a commit
that referenced
this pull request
Oct 12, 2020
To connect to peers via gRPC, Hubble Relay uses `grpc.DialContext()`
with a dial timeout. When a connection attempt to a peer fails, the
following error message is returned: `context deadline exceeded`.
This provides no value when trying to debug the issue. Is the peer
unreachable? Is this a TLS configuration issue? etc.
By using the dial option `grpc.FailOnNonTempDialError(true)`, we get
better error messages on non-temporary dial errors, such as:
connection error: desc = "transport: error while dialing: dial tcp 172.18.0.4:4244: connect: connection refused"
Using the option `grpc.WithReturnConnectionError()`, we would get a
message that contains both the last connection error that occurred and
the `context.DeadlineExceeded` error. This greatly improves the
situation for errors that are deemed transient. Example:
context deadline exceeded: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for *.hubble-relay.cilium.io, not localhost"
However, this is only available starting with grpc-go v1.30.0 and due to
the issue described here[0], we are currently stuck with v1.29.1. Thus,
this commit adds the option but comments it with a TODO note so that it
can be caught up and uncommented when upgrading grpc-go becomes
possible.
[0]: #13405 (comment)
Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
qmonnet
pushed a commit
that referenced
this pull request
Oct 12, 2020
[ upstream commit e2e3661 ] To connect to peers via gRPC, Hubble Relay uses `grpc.DialContext()` with a dial timeout. When a connection attempt to a peer fails, the following error message is returned: `context deadline exceeded`. This provides no value when trying to debug the issue. Is the peer unreachable? Is this a TLS configuration issue? etc. By using the dial option `grpc.FailOnNonTempDialError(true)`, we get better error messages on non-temporary dial errors, such as: connection error: desc = "transport: error while dialing: dial tcp 172.18.0.4:4244: connect: connection refused" Using the option `grpc.WithReturnConnectionError()`, we would get a message that contains both the last connection error that occurred and the `context.DeadlineExceeded` error. This greatly improves the situation for errors that are deemed transient. Example: context deadline exceeded: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for *.hubble-relay.cilium.io, not localhost" However, this is only available starting with grpc-go v1.30.0 and due to the issue described here[0], we are currently stuck with v1.29.1. Thus, this commit adds the option but comments it with a TODO note so that it can be caught up and uncommented when upgrading grpc-go becomes possible. [0]: #13405 (comment) [ Backport note: Minor conflict when applying this patch. Only add grpc.FailOnNonTempDialError() and related message, do not remove grpc.WithInsecure() or add TLSConfig: to pool.GRPCClientConnBuilder, as those were changed in v1.9. ] Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
tklauser
pushed a commit
that referenced
this pull request
Oct 12, 2020
[ upstream commit e2e3661 ] To connect to peers via gRPC, Hubble Relay uses `grpc.DialContext()` with a dial timeout. When a connection attempt to a peer fails, the following error message is returned: `context deadline exceeded`. This provides no value when trying to debug the issue. Is the peer unreachable? Is this a TLS configuration issue? etc. By using the dial option `grpc.FailOnNonTempDialError(true)`, we get better error messages on non-temporary dial errors, such as: connection error: desc = "transport: error while dialing: dial tcp 172.18.0.4:4244: connect: connection refused" Using the option `grpc.WithReturnConnectionError()`, we would get a message that contains both the last connection error that occurred and the `context.DeadlineExceeded` error. This greatly improves the situation for errors that are deemed transient. Example: context deadline exceeded: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for *.hubble-relay.cilium.io, not localhost" However, this is only available starting with grpc-go v1.30.0 and due to the issue described here[0], we are currently stuck with v1.29.1. Thus, this commit adds the option but comments it with a TODO note so that it can be caught up and uncommented when upgrading grpc-go becomes possible. [0]: #13405 (comment) [ Backport note: Minor conflict when applying this patch. Only add grpc.FailOnNonTempDialError() and related message, do not remove grpc.WithInsecure() or add TLSConfig: to pool.GRPCClientConnBuilder, as those were changed in v1.9. ] Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
aanm
added
the
dont-merge/wait-until-release
rolinh
force-pushed
the
pr/rolinh/hubble-proto-gen-go-grpc-v1.0.0
branch
from
18d5266
to
5cb3e27
Compare
rolinh
changed the title
aanm
removed
the
dont-merge/wait-until-release
rolinh
force-pushed
the
pr/rolinh/hubble-proto-gen-go-grpc-v1.0.0
branch
from
5cb3e27
to
267ab44
Compare
tklauser
reviewed
Dec 8, 2020
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
stale
bot
added
the
stale
rolinh
removed
the
stale
aanm
pushed a commit
that referenced
this pull request
Jan 30, 2021
We cannot update the grpc beyond 1.29.1 until we bump etcd to 3.04, see #13405 (comment), etcd-io/etcd#12124 and #14787 (comment) for more information. We also ignore github.com/miekg/dns because we use our own fork of it via replace and it seems the long-term plan is to replace the DNS proxy with Envoy, see #14790 (comment) Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
rolinh
force-pushed
the
pr/rolinh/hubble-proto-gen-go-grpc-v1.0.0
branch
2 times, most recently
from
eb859cd
to
626ce23
Compare
Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
When run as root, the owner of newly generated files ends up being root. Run the container as a regular user to fix this issue. Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
See release notes: https://github.com/grpc/grpc-go/releases/tag/cmd%2Fprotoc-gen-go-grpc%2Fv1.0.1 https://github.com/grpc/grpc-go/releases/tag/cmd%2Fprotoc-gen-go-grpc%2Fv1.1.0 Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
rolinh
force-pushed
the
pr/rolinh/hubble-proto-gen-go-grpc-v1.0.0
branch
from
626ce23
to
bdd32e7
Compare
lyveng
pushed a commit
to lyveng/cilium
that referenced
this pull request
Mar 4, 2021
We cannot update the grpc beyond 1.29.1 until we bump etcd to 3.04, see cilium#13405 (comment), etcd-io/etcd#12124 and cilium#14787 (comment) for more information. We also ignore github.com/miekg/dns because we use our own fork of it via replace and it seems the long-term plan is to replace the DNS proxy with Envoy, see cilium#14790 (comment) Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
rolinh
force-pushed
the
pr/rolinh/vendor-grpc-etcd
branch
3 times, most recently
from
05d6163
to
da41ef4
Compare
rolinh
force-pushed
the
pr/rolinh/vendor-grpc-etcd
branch
from
da41ef4
to
f087433
Compare
rolinh
force-pushed
the
pr/rolinh/vendor-grpc-etcd
branch
from
f087433
to
0e2fc97
Compare
rolinh
force-pushed
the
pr/rolinh/vendor-grpc-etcd
branch
3 times, most recently
from
a7a1c39
to
b7bdb41
Compare
rolinh
force-pushed
the
pr/rolinh/vendor-grpc-etcd
branch
3 times, most recently
from
c6282f5
to
cecf40d
Compare
rolinh
force-pushed
the
pr/rolinh/vendor-grpc-etcd
branch
from
cecf40d
to
2c469a7
Compare
|
Superseded by #16915, closing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.