Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make outbound router honor l5d-dst-override header #173

Merged
merged 8 commits into from
Jan 19, 2019
Merged

Make outbound router honor l5d-dst-override header #173

merged 8 commits into from
Jan 19, 2019

Conversation

kleimkuhler
Copy link
Contributor

Problem

It is valuable to inject an ingress controller with LD2. As ingress, the host
header tends to be the external host and most controllers just route directly
back to the IP address of an endpoint. Unfortunately, this makes it so that
Linkerd cannot discover the destination (as that works off the host header).

Solution

The outbound router now recognizes request destinations by preferrentially
choosing the l5d-dst-override header if it present. This header takes
precedent over the Host header, original dest, etc.

In addition, both the inbound and outbound routers strip this header. The
outbound router strips it after it has used it to determine the authority.
This is done with the strip_header layer that was added to the stack.

Validation

There are integration tests for this behavior in the discovery tests. There
are tests for http1 and http2. The tests test the following scenarios:

  • the outbound router routes based on the header when it is present
  • the override header applies to only requests with the override header
  • the inbound router never honors the override header
  • both routers strip the header before forwarding the request

Fixes linkerd/linkerd2#1998

Co-Authored-By: Eliza Weisman eliza@buoyant.io
Signed-off-by: Kevin Leimkuhler kevin@kleimkuhler.com

hawkw and others added 4 commits January 15, 2019 11:44
@hawkw
Add failing tests for dst override header
1d6ea6a 
Signed-off-by: Eliza Weisman <eliza@buoyant.io>
@kleimkuhler
Use the override header on the outbound router
2493c85 
Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
@kleimkuhler
Strip l5d-dst-override header
b361e7d 
Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
@kleimkuhler
Add log line
6d955a3 
Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
@hawkw hawkw self-assigned this Jan 17, 2019
@hawkw hawkw added the enhancement New feature or request label Jan 17, 2019
@hawkw
Copy link
Member

hawkw commented Jan 17, 2019

🙌 🙌

@kleimkuhler
Only compute pre-override header if logging it
c3c55b9 
Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
hawkw
hawkw reviewed Jan 17, 2019
View reviewed changes
src/app/main.rs Outdated Show resolved Hide resolved
@kleimkuhler
debug! args are not eagerly evaluated
d0816b5 
Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
@kleimkuhler
Make outbound addr= always reference route addr
b5987e9 
Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
seanmonstar
seanmonstar approved these changes Jan 18, 2019
View reviewed changes
Copy link
Contributor

@seanmonstar seanmonstar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙌

olix0r
olix0r approved these changes Jan 18, 2019
View reviewed changes
src/app/main.rs Outdated Show resolved Hide resolved
@kleimkuhler
Simplify call chain
3dd57cd 
Signed-off-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
hawkw
hawkw approved these changes Jan 19, 2019
View reviewed changes
Copy link
Member

@hawkw hawkw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@hawkw hawkw merged commit 486dd13 into linkerd:master Jan 19, 2019
@kleimkuhler kleimkuhler deleted the eliza/dst-override-header branch January 19, 2019 00:48
@hawkw hawkw mentioned this pull request Jan 19, 2019
Closed
@grampelberg grampelberg mentioned this pull request Jan 22, 2019
Open
4 tasks
@hawkw hawkw mentioned this pull request Jan 23, 2019
Closed
hawkw added a commit to linkerd/linkerd2 that referenced this pull request Jan 24, 2019
@hawkw
Signed-off-by: Eliza Weisman <eliza@buoyant.io>
128a3fb 
proxy: update pinned version to 5b507a9

This picks up the following proxy commits:

* eaabc48 Update tower-grpc
* e9561de Update h2 to 0.1.16
* 28fd5e7 Add Route timeouts (linkerd/linkerd2-proxy#165)
* 5637372 Re-flag tcp_duration tests as flaky
* 20cbd18 Revise several log levels and messages (linkerd/linkerd2-proxy##177)
* ae16978 Remove flakiness from 'profiles' tests
* 49c29cd canonicalize: Only log errors at the WARN level when falling back (linkerd/linkerd2-proxy#174)
* 486dd13 Make outbound router honor `l5d-dst-override` header (linkerd/linkerd2-proxy#173)
* 7adc50d Make timeouts for canonicalization DNS queries tuneable (linkerd/linkerd2-proxy#175)
* 3188179 Try reducing CI flakiness by reducing RUST_TEST_THREADS to 1

Some of these changes will probably need changelog entries:

* Improve logging when rejecting malformed HTTP/2 pseudo-headers
  (hyperium/h2#347)
* Improve logging for gRPC errors (tower-rs/tower-grpc#111)
* Add Route timeouts (linkerd/linkerd2-proxy#165)
* Downgrade several of the noisiest log messages to TRACE
  (linkerd/linkerd2-proxy##177)
* Add an environment variable for configuring the DNS canonicalization
  timeout (linkerd/linkerd2-proxy#175)
* Make outbound router honor `l5d-dst-override` header
  (linkerd/linkerd2-proxy#173)

Perhaps all the logging related changes can be grouped into one
changelog entry, though...

Signed-off-by: Eliza Weisman <eliza@buoyant.io>
@hawkw hawkw mentioned this pull request Jan 24, 2019
Merged
hawkw added a commit to linkerd/linkerd2 that referenced this pull request Jan 24, 2019
@hawkw
proxy: update pinned version to 5b507a9
3a5d506 
This picks up the following proxy commits:

* eaabc48 Update tower-grpc
* e9561de Update h2 to 0.1.16
* 28fd5e7 Add Route timeouts (linkerd/linkerd2-proxy#165)
* 5637372 Re-flag tcp_duration tests as flaky
* 20cbd18 Revise several log levels and messages (linkerd/linkerd2-proxy##177)
* ae16978 Remove flakiness from 'profiles' tests
* 49c29cd canonicalize: Only log errors at the WARN level when falling back (linkerd/linkerd2-proxy#174)
* 486dd13 Make outbound router honor `l5d-dst-override` header (linkerd/linkerd2-proxy#173)
* 7adc50d Make timeouts for canonicalization DNS queries tuneable (linkerd/linkerd2-proxy#175)
* 3188179 Try reducing CI flakiness by reducing RUST_TEST_THREADS to 1

Some of these changes will probably need changelog entries:

* Improve logging when rejecting malformed HTTP/2 pseudo-headers
  (hyperium/h2#347)
* Improve logging for gRPC errors (tower-rs/tower-grpc#111)
* Add Route timeouts (linkerd/linkerd2-proxy#165)
* Downgrade several of the noisiest log messages to TRACE
  (linkerd/linkerd2-proxy##177)
* Add an environment variable for configuring the DNS canonicalization
  timeout (linkerd/linkerd2-proxy#175)
* Make outbound router honor `l5d-dst-override` header
  (linkerd/linkerd2-proxy#173)

Perhaps all the logging related changes can be grouped into one
changelog entry, though...

Signed-off-by: Eliza Weisman <eliza@buoyant.io>
sprt pushed a commit to sprt/linkerd2-proxy that referenced this pull request Aug 30, 2019
@siggy
Replace shelling out with kubernetes proxy (linkerd#249)
9a40d98 
The conduit dashboard command asychronously shells out and runs "kubectl
proxy".

This change replaces the shelling out with calls to kubernetes proxy
APIs. It also allows us to enable race detection in our go tests, as the
shell out code tests did not pass race detection.

Fixes linkerd#173

Signed-off-by: Andrew Seigner <siggy@buoyant.io>
sprt pushed a commit to sprt/linkerd2-proxy that referenced this pull request Aug 30, 2019
@siggy
Enable race detection in ci (linkerd#259)
4156af7 
We previously did not have race detection enabled because our tests
would fail. Following linkerd#249, this is no longer the case.

Enable race detection in ci and build instructions. This change also
fixes client_test.go attempting to allocate a 2GB buffer due to bad test
input.

Fixes linkerd#173

Signed-off-by: Andrew Seigner <siggy@buoyant.io>
@daxmc99 daxmc99 mentioned this pull request Sep 23, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seanmonstar seanmonstar seanmonstar approved these changes

@olix0r olix0r olix0r approved these changes

@hawkw hawkw hawkw approved these changes

Assignees

@hawkw hawkw

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
4 participants
@kleimkuhler @hawkw @seanmonstar @olix0r