Skip to content

Commit

Permalink
Merge branch 'master' into remove_xds_support
Browse files Browse the repository at this point in the history 
# Conflicts:
#	CHANGELOG.md
#	envoy-control-tests/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/EndpointMetadataMergingTests.kt
  • Loading branch information
@KSmigielski
KSmigielski committed Feb 8, 2023
2 parents 3417e63 + aeb6b3c commit 7c3cd6f
Show file tree
Hide file tree
Showing 35 changed files with 1,686 additions and 273 deletions.
30 changes: 29 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,39 @@
Lists all changes with user impact.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).

## [Unreleased]
## [0.20.0]

### Changed
- Remove xds support

## [0.19.29]

### Changed
- add mechanism to store custom data in group

## [0.19.28]

### Changed
- update envoy version to 1.24.0

## [0.19.27]

### Changed
- flaky test fixed
- Auto service tags (proxy settings outgoing.routingPolicy
- remove duplicated routes

## [0.19.26]

### Changed
- Bump consul recipes to fix index handling behavior in edge cases

## [0.19.25]

### Changed
- Prefix for negating values from jwt token used in rbac
- Configurable default clients lists

## [0.19.24]

### Changed
Expand Down
6 changes: 3 additions & 3 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ allprojects {

project.ext.versions = [
kotlin : '1.6.10',
java_controlplane : '0.1.35',
java_controlplane : '1.0.37',
spring_boot : '2.3.4.RELEASE',
grpc : '1.48.1',
jaxb : '2.3.1',
Expand All @@ -58,12 +58,12 @@ allprojects {
awaitility : '4.0.3',
embedded_consul : '2.0.0',
junit : '5.6.2',
assertj : '3.16.1',
assertj : '3.17.2',
jackson : '2.11.2',
toxiproxy : '2.1.3',
testcontainers : '1.16.0',
reactor : '3.3.10.RELEASE',
consul_recipes : '0.9.0',
consul_recipes : '0.9.1',
mockito : '3.3.3',
cglib : '3.2.9',
logback : '1.2.3',
Expand Down
22 changes: 13 additions & 9 deletions docs/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,8 @@ Property
**envoy-control.envoy.snapshot.outgoing-permissions.all-services-dependencies.identifier** | Special value (wildcard) that signifies that the service depends on all other services | *
**envoy-control.envoy.snapshot.outgoing-permissions.all-services-dependencies.not-included-by-prefix** | Services not included in dependencies for services with wildcard in outgoing.dependency field. Matched by service name prefix. | empty list
**envoy-control.envoy.snapshot.outgoing-permissions.services-allowed-to-use-wildcard** | Services that are allowed to have wildcard in outgoing.dependency field | empty set
**envoy-control.envoy.snapshot.outgoing-permissions.rbac.clients-lists.default-clients-list** | List of clients which will be applied to each rbac policy, if none of the lists defined in `custom-clients-lists` have been matched | empty list
**envoy-control.envoy.snapshot.outgoing-permissions.rbac.clients-lists.custom-clients-lists** | Lists of clients which will be applied to each rbac policy, only if key for defined list is present in clients for defined endpoint | empty map

## Load Balancing
Property | Description | Default value
Expand All @@ -135,15 +137,16 @@ Property
**envoy-control.envoy.snapshot.load-balancing.use-keys-subset-fallback-policy** | KEYS_SUBSET fallback policy is used by default when canary and service-tags are enabled. It is not supported in Envoy <= 1.12.x. Set to false for compatibility with Envoy 1.12.x | true

## Routing
Property | Description | Default value
------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------
**envoy-control.envoy.snapshot.routing.service-tags.enabled** | If set to true, service tags routing will be enabled | false
**envoy-control.envoy.snapshot.routing.service-tags.metadata-key** | What key to use in endpoint metadata to store its service tags | tag
**envoy-control.envoy.snapshot.routing.service-tags.header** | What header to use in service tag rules | x-service-tag
**envoy-control.envoy.snapshot.routing.service-tags.routing-excluded-tags** | List of tags predicates that cannot be used for routing. This supports an exact matching (just "string" - EXACT matching) prefixes (PREFIX matching) and regexes (REGEX matching) | empty list
**envoy-control.envoy.snapshot.routing.service-tags.allowed-tags-combinations** | List of rules, which tags can be conbined together and requested together. Details below | empty list
**(...).allowed-tags-combinations[].service-name** | The rule will apply only for this service | ""
**(...).allowed-tags-combinations[].tags** | List of tag patterns, that can be combined and requested together | empty list
Property | Description | Default value
------------------------------------------------------------------------------------------- |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ---------
**envoy-control.envoy.snapshot.routing.service-tags.enabled** | If set to true, service tags routing will be enabled | false
**envoy-control.envoy.snapshot.routing.service-tags.metadata-key** | What key to use in endpoint metadata to store its service tags | tag
**envoy-control.envoy.snapshot.routing.service-tags.header** | What header to use in service tag rules | x-service-tag
**envoy-control.envoy.snapshot.routing.service-tags.routing-excluded-tags** | List of tags predicates that cannot be used for routing. This supports an exact matching (just "string" - EXACT matching) prefixes (PREFIX matching) and regexes (REGEX matching) | empty list
**envoy-control.envoy.snapshot.routing.service-tags.allowed-tags-combinations** | List of rules, which tags can be conbined together and requested together. Details below | empty list
**(...).allowed-tags-combinations[].service-name** | The rule will apply only for this service | ""
**(...).allowed-tags-combinations[].tags** | List of tag patterns, that can be combined and requested together | empty list
**envoy-control.envoy.snapshot.routing.service-tags.auto-service-tag-enabled** | Enable auto service tag feature. (`enabled` needs also be true) | false

## Outlier detection
Property | Description | Default value
Expand Down Expand Up @@ -180,6 +183,7 @@ Where `<selector>` is one of the following:
### Outgoing traffic
Property | Description | Default value
--------------------------------------------------------------------------------------------------------| ----------------------------------------------------------------------------------------------------------------------------- | ---------
**envoy-control.envoy.snapshot.retryPolicy.enabled** | Flag which enables default retries | true
**envoy-control.envoy.snapshot.retryPolicy.numberOfRetries** | Number of retries | 1
**envoy-control.envoy.snapshot.retryPolicy.hostSelectionRetryMaxAttempts** | The maximum number of times host selection will be reattempted before request being routed to last selected host | 3
**envoy-control.envoy.snapshot.retryPolicy.retryHostPredicate** | Specifies a collection of RetryHostPredicates that will be consulted when selecting a host for retries | a list with one entry "envoy.retry_host_predicates.previous_hosts"
Expand Down
68 changes: 68 additions & 0 deletions docs/features/service_tags.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,3 +94,71 @@ Use this feature with caution, because tags combinations require a lot
of additional memory for Envoy.


## Automatic service tags with fallback support using "routingPolicy"

The mode described above is very flexible.
It allows using a different service tag for each request via a http header specified manually by the client.
When such flexibility is not needed, the client might configure it once for all
via `proxy_settings.outgoing.routingPolicy`.

Another advantage of `routingPolicy` over manual, per-request service-tags, is a fallback mechanism.
The client lists possible service tags in preferred order and the best possible is going to be selected

### Example:

```yaml
metadata:
proxy_settings:
outgoing:
routingPolicy:
autoServiceTag: true
serviceTagPreference: ["ipsum", "lorem"]
dependencies:
- service: "echo"
```

* `outgoing.routingPolicy` applies to all `outgoing.dependencies`, unless overriden
on specific dependency level, like
below, where only a subset of `routingPolicy` fields is overridden for a service `echo`:

```yaml
metadata:
proxy_settings:
outgoing:
routingPolicy:
autoServiceTag: false
serviceTagPreference: ["dolom", "est"]
dependencies:
- service: "echo"
routingPolicy:
autoServiceTag: true
fallbackToAnyInstance: true
```

Then effective `routingPolicy` for service `echo` is:

```yaml
routingPolicy:
autoServiceTag: true
serviceTagPreference: ["dolom", "est"]
fallbackToAnyInstance: true
```

### `routingPolicy` fields

`autoServiceTag` - Enables automatic service tag routing.</br>
Type: boolean</br>
Default: `false`

`serviceTagPreference` - Service tag list in priority order. Instances with the
left-most service tag will be selected. If there is no instance with a preferred service-tag,
the next tag from the list is considered.</br>
Type: list of strings</br>
Default: empty list

`fallbackToAnyInstance` - When no instance with service-tag from the `serviceTagPreference` is found, selects any.</br>
Type: boolean</br>
Default: `false`

### Hints
`routingPolicy` tags can be combined with manual, per-request service-tags
Loading

0 comments on commit 7c3cd6f

Please sign in to comment.