listener: allow overriding static listeners via LDS#44940
Conversation
Signed-off-by: Anton Kanugalawattage <antondilon@gmail.com>
AntonKanug
force-pushed
the
antonk/dynamic-override
branch
from
3bae7ab to
2bf0f37
Compare
| // Until LDS delivers a listener with a matching name the listener remains static, and an | ||
| // LDS state-of-the-world response that omits this name will not remove it. Once LDS does | ||
| // deliver a matching listener the static instance is replaced, and the replacement is | ||
| // thereafter treated as a regular dynamic listener (subject to LDS updates and removals). |
There was a problem hiding this comment.
let me know if this behaviour makes sense, other option is give LDS SOTW response remove the listener if its not in the response.
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
|
Waiting for API review before code review. |
|
Overriding a static resource (not necessarily a listener) with a dynamic one is discouraged due to the edge cases that it introduces. Can you please add an explanation about the lifetime of the listeners. |
|
Thanks for this contribution. I am also be very curious about the actual scenarios that require this feature, could you add more background context about that? If dynamic updating is necessary, why not just use the dynamic listener directly? You can mark the Envoy instance be ready until the necessary listeners are ready? |
|
Our exact usecase is we run envoy as a sidecar and route a pod's DNS to envoy and use envoys DNS filter. We want the ability to override DNS resolutions to some known IPs. These resolution overrides can change at runtime so it needs to be set via the control plane. As a result this DNS listener is dynamic, if envoy cant reach the control plane, pod's DNS fails entirely since its routed to a listener that doesnt exist. If we have a static config, we lose the resolution overrides but DNS doesnt fail entirely which is a better failure mode. One option is making that iptables routing to listener dynamic so that we can gate the routing on envoy having the listener setup and other is always having a static config and overriding it to a dynamic listener. |
4 participants
Fixes #39510
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]