Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

envoy: Keep track of proxy listeners separately #16834

Merged
merged 1 commit into from
Jul 12, 2021
Merged

envoy: Keep track of proxy listeners separately #16834

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
32 changes: 26 additions & 6 deletions pkg/envoy/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,12 @@ type XDSServer struct {
// Value holds the number of redirects using the listener named by the key.
listeners map[string]*Listener

// proxyListeners is the count of redirection proxy listeners in 'listeners'.
// When this is zero, cilium should not wait for NACKs/ACKs from envoy.
// This value is different from len(listeners) due to non-proxy listeners
// (e.g., prometheus listener)
proxyListeners int

// networkPolicyCache publishes network policy configuration updates to
// Envoy proxies.
networkPolicyCache *xds.Cache
Expand Down Expand Up @@ -440,21 +446,24 @@ func (s *XDSServer) AddMetricsListener(port uint16, wg *completion.WaitGroup) {
if err != nil {
log.WithField(logfields.Port, port).WithError(err).Debug("Envoy: Adding metrics listener failed")
// Remove the added listener in case of a failure
s.RemoveListener(metricsListenerName, nil)
s.removeListener(metricsListenerName, nil, false)
} else {
log.WithField(logfields.Port, port).Info("Envoy: Listening for prometheus metrics")
}
})
}, false)
}

// addListener either reuses an existing listener with 'name', or creates a new one.
// 'listenerConf()' is only called if a new listener is being created.
func (s *XDSServer) addListener(name string, port uint16, listenerConf func() *envoy_config_listener.Listener, wg *completion.WaitGroup, cb func(err error)) {
func (s *XDSServer) addListener(name string, port uint16, listenerConf func() *envoy_config_listener.Listener, wg *completion.WaitGroup, cb func(err error), isProxyListener bool) {
kkourt marked this conversation as resolved.
Show resolved Hide resolved
s.mutex.Lock()
listener := s.listeners[name]
if listener == nil {
listener = &Listener{}
s.listeners[name] = listener
if isProxyListener {
s.proxyListeners++
}
}
listener.count++
listener.mutex.Lock() // needed for other than 'count'
Expand Down Expand Up @@ -585,11 +594,16 @@ func (s *XDSServer) AddListener(name string, kind policy.L7ParserType, port uint

s.addListener(name, port, func() *envoy_config_listener.Listener {
return s.getListenerConf(name, kind, port, isIngress, mayUseOriginalSourceAddr)
}, wg, nil)
}, wg, nil, true)
}

// RemoveListener removes an existing Envoy Listener.
func (s *XDSServer) RemoveListener(name string, wg *completion.WaitGroup) xds.AckingResourceMutatorRevertFunc {
return s.removeListener(name, wg, true)
}

// removeListener removes an existing Envoy Listener.
func (s *XDSServer) removeListener(name string, wg *completion.WaitGroup, isProxyListener bool) xds.AckingResourceMutatorRevertFunc {
log.Debugf("Envoy: RemoveListener %s", name)

var listenerRevertFunc xds.AckingResourceMutatorRevertFunc
Expand All @@ -599,6 +613,9 @@ func (s *XDSServer) RemoveListener(name string, wg *completion.WaitGroup) xds.Ac
if ok && listener != nil {
listener.count--
if listener.count == 0 {
if isProxyListener {
s.proxyListeners--
}
delete(s.listeners, name)
listenerRevertFunc = s.listenerMutator.Delete(ListenerTypeURL, name, []string{"127.0.0.1"}, wg, nil)
}
Expand All @@ -612,6 +629,9 @@ func (s *XDSServer) RemoveListener(name string, wg *completion.WaitGroup) xds.Ac
s.mutex.Lock()
if listenerRevertFunc != nil {
listenerRevertFunc(completion)
if isProxyListener {
s.proxyListeners++
}
}
listener.count++
s.listeners[name] = listener
Expand Down Expand Up @@ -1395,7 +1415,7 @@ func (s *XDSServer) UpdateNetworkPolicy(ep logger.EndpointUpdater, policy *polic
// query for network policies and therefore will never ACK them, and we'd
// wait forever.
if !ep.HasSidecarProxy() {
if len(s.listeners) == 0 {
if s.proxyListeners == 0 {
wg = nil
}
}
Expand Down Expand Up @@ -1453,7 +1473,7 @@ func (s *XDSServer) UseCurrentNetworkPolicy(ep logger.EndpointUpdater, policy *p
// If there are no listeners configured, the local node's Envoy proxy won't
// query for network policies and therefore will never ACK them, and we'd
// wait forever.
if !ep.HasSidecarProxy() && len(s.listeners) == 0 {
if !ep.HasSidecarProxy() && s.proxyListeners == 0 {
return
}

Expand Down
1 change: 1 addition & 0 deletions pkg/proxy/envoyproxy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ func createEnvoyRedirect(r *Redirect, stateDir string, xdsServer *envoy.XDSServe
// Start Envoy on first invocation
envoyProxy = envoy.StartEnvoy(stateDir, option.Config.EnvoyLogPath, 0)

// Add Prometheus listener if the port is (properly) configured
if option.Config.ProxyPrometheusPort < 0 || option.Config.ProxyPrometheusPort > 65535 {
log.WithField(logfields.Port, option.Config.ProxyPrometheusPort).Error("Envoy: Invalid configured proxy-prometheus-port")
} else if option.Config.ProxyPrometheusPort != 0 {
Expand Down