Routing proto revision

[kyessenov]

Goal:

• remove all mentions of clusters, tags, "source"
• align with existing service model.

[kyessenov]

Responded to feedback from @rshriram:

• not all destination policies can be applied to service versions; for now, we apply policies to all service instances
• added fault injection policy back
• renamed to service version, origin to source
• clarified multi-port service situation; match attributes are specific to each protocol in the rule
• added precedence field to rules

[rshriram]

Kuat, thinking more about this, the problem with the current t destination is that its equivalent to envoy's virtual host. All routes under that host get the same policy. This might not be okay in several cases, especially in cases of retries. The retry policy is very much dependent on the API being called. Payments/checkcredit can be retried for any error code but payments/makepayment can't be retried if destination returns a 500 or example. That's why Envoy has retry policy per route entry. (Timeout as well). In your previous version, iirc destination was equivalent to the upstream cluster with tag based qualifiers and destination name. Right? Why was this removed here?

[kyessenov]

Brought it back. I don't like the inconsistency that some policies apply per cluster while others apply per virtual host. Seems like Envoy-specific problem.

[rshriram]

One of here? Either a http_fault or l4_fault. Not both

[kyessenov]

We don't apply L7 fault injection to L4 service ports and vice versa?
Service must declare all its ports and the protocol on each port.

[rshriram]

Isn't that the case?
And yes, we don't do L7 fault injection on L4. or vice versa. Envoy or nginx clearly separate stream connections (UDP/TCP) from HTTP and handle HTTP separately.

[kyessenov]

We don't need oneof constraint since the fault injection policies don't apply to the same traffic. If you have L4 service, you write L4 fault policy; if you have both L4 and L7 ports, you write both fault policies?

[rshriram]

Also one of here? As per yesterday's discussion.

[kyessenov]

Same thing here. If my service declares L4 and L7 ports, I shouldn't be writing two rules for them since destinations are likely to be the same.

[rshriram]

This is nice. The rules format is evolving into the existing amalgam8 constructs @frankb. We can't escape precedence.

I would also add a version field to the rule. So that it gives the end user the ability to rollback to a stable rule if they mess up something. this would certainly mean that manager needs to provide a rollback API. (Even if you don't want to do this now, can we just add this comment so that we can track this issue. Matter of fact, a CDN company I spoke to actually wanted this capability).

I would add twl more lines here.
E.g. for http, routes under a virtual host need to be ordered. Here precedence is priority.

Secondly, depending on the platform, the storage for the rules format may not support atomic replace (and concurrently will be a bigger mess). The easiest way to tackle this is to ask the user to create a new rule with higher priority and delete the old rule with lower priority. Priority essentially here becomes a rule version of some sort. E.g. send all traffic to helloworld/hello to v1. Then next rule is split traffic to helloworld/hello between v1 and v2. Both rules apply to same service and same route and virtual host.

To provide atomic update semantics to the user, the platform must support a transactional storage and patch/edit semantics as well. K8s may have etcd but unsure if mesos has.

[kyessenov]

There are no transactions in k8s, there's only optimistic concurrency. Hence, we should be dealing with revision at a higher-level than this proto. Every proto has its etcd revision number implicitly. That way we can provide optimistic apply/edit like kubctl. I don't think Manager can provide strong guarantees about rollouts though, given how k8s is structured.
The priority can be used for this too, and there's nothing wrong with that. I'll add a comment.

[rshriram]

Please add a TODO to add all Envoy CB features.

[kyessenov]

Done

[frankbu]

This seems confusing. I would say service instances share only one thing - they are all implementing some variation of the same service. I also think that before defining the concept of Service instances, we need to clearly define the term "Service" itself. Specifically, explain that a service is a name (string) of some functionality (e.g., ServiceA) representing part of an application, and point out that clients use this name to refer to the functionality being called.

[kyessenov]

Yes, deleted the old phrasing.

[frankbu]

Wouldn't "service" be a better that "destination" for this field?

[kyessenov]

"service" is a keyword in protos. In the routing context, service name is the routing destination that the rules modify.

[frankbu]

I see. Maybe it's not a big deal, but it just seems strange to have a field name "destination" inside the "Destination" structure. Given that service is a reserved word, I understand the problem, although I would prefer something like "service_name", myself, but that's just a personal nit, so feel free to ignore.

[frankbu]

From the Destination structure, it looks more like Policies are applicable to all versions of a service. How are Policies applicable per individual service version, given that the Destination structure only identifies the service and does not include any specific version info?

[frankbu]

Never mind. I see this has been fixed already.

[kyessenov]

Ack

[frankbu]

s/can/use to/

[kyessenov]

Done

[frankbu]

s/comprise/implement/ ?

[kyessenov]

Done

[kyessenov]

I have a question about ingress: are we planning to represent ingress resource as a routing rule or should we keep them separate?

[frankbu]

Version should be = 2, and the following fields bumped by 1

[frankbu]

/using/d

[kyessenov]

An attempt to capture ingress routing as well:

• add optional destination to destination-weight for ingress
• add "cluster.local" destination option for the route rule
• clarify that service names are fully qualified

[kyessenov]

Made up examples:

destination: svc.cluster.local
match:
  http:
    uri:
      prefix: /service/v1/
route:
  - destination: service.default.svc.cluster.local
    version:
     env: staging

destination: a.default.cluster.local
route:
  - version:
       env: staging
    weight: 5
  - version:
       env: prod
    weight: 95

[kyessenov]

Changes:

• add CB policies
• replace all uints with ints
• qualify policies by HTTP prefix when they only apply to HTTP traffic
• replace HTTP match attributes with just a map