Skip to content

Commit

Permalink
Merge pull request emissary-ingress#4292 from emissary-ingress/envoy-…
Browse files Browse the repository at this point in the history
…upgrade

[v3.0] upgrade envoy
Lance Austin authored Jun 22, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
2 parents 0910dc9 + 401c178 commit d78891f
Showing 1,900 changed files with 193,011 additions and 201,237 deletions.
5 changes: 0 additions & 5 deletions .github/workflows/execute-tests-and-promote.yml
Original file line number Diff line number Diff line change
@@ -135,11 +135,6 @@ jobs:
matrix:
test:
- integration
- kat-envoy2-1-of-5
- kat-envoy2-2-of-5
- kat-envoy2-3-of-5
- kat-envoy2-4-of-5
- kat-envoy2-5-of-5
- kat-envoy3-1-of-5
- kat-envoy3-2-of-5
- kat-envoy3-3-of-5
32 changes: 29 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -77,6 +77,11 @@ it will be removed; but as it won't be user-visible this isn't considered a brea

### Emissary-ingress and Ambassador Edge Stack

- Change: The envoy version included in Emissary-ingress has been upgraded from 1.17 to latest patch
release of 1.22. This provides $produceName$ with the latest security patches, performances
enhancments, and features offered by the envoy proxy. One notable change that will effect users is
the removal of support for V2 tranport protocol. See below for more information.

- Change: Emissary-ingress can no longer be made to configure Envoy using the v2 xDS configuration
API; it now always uses the v3 xDS API to configure Envoy. This change should be mostly invisible
to users, with one notable exception: It removes support for `regex_type: unsafe`.
@@ -88,9 +93,9 @@ it will be removed; but as it won't be user-visible this isn't considered a brea
Users who rely on the specific
ECMAScript Regex syntax will need to rewrite their regular expressions with RE2 syntax before
upgrading to Emissary-ingress 3.0.0.
Note that the `AMBASSADOR_ENVOY_API_VERSION` environment
variable is now a misnomer, as it no longer configures which xDS API version is used, but it still
affects what the default protocol used for a `TracingService` that points at Zipkin.
As the xDS version is no longer configurable and the range of
supported Zipkin protocols is reduced (see below), the AMBASSADOR_ENVOY_API_VERSION environment
variable has been removed.

- Change: With the ugprade to Envoy 1.22, Emissary-ingress no longer supports the V2 transport
protocol. The `AuthService`, `LogService` and the `RateLimitService` will only support the v3
@@ -99,6 +104,12 @@ it will be removed; but as it won't be user-visible this isn't considered a brea
from a previous version you will want to set it to "v3" and ensure it is working before upgrading
to Emissary-ingress 3.Y.

- Change: With the upgrade to Envoy 1.22, the `zipkin` driver for the `TraceService` no longer
supports setting the `collector_endpoint_version: HTTP_JSON_V1`. This was removed in Envoy 1.20 -
<a href="https://github.com/envoyproxy/envoy/commit/db74e313b3651588e59c671af45077714ac32cef" />.
The new default will be `collector_endpoint_version: HTTP_JSON`, regardless of the
`AMBASSADOR_ENVOY_API_VERSION` environment variable.

- Change: In the standard published `.yaml` files, now included is a `Module` resource that disables
the `/ambassador/v0/``127.0.0.1:8878` synthetic mapping. We have long recommended to turn
this off for production use; it is now off in the standard YAML. The associated Helm chart
@@ -113,6 +124,21 @@ it will be removed; but as it won't be user-visible this isn't considered a brea
migration instructions, and while the `*-agent.yaml` files remained part of the instructions they
were actually unnescessary.

- Change: The previous version of Emissary-ingress was based on Envoy 1.17 and when using grpc_stats
with `all_methods` or `services` set, it would output metrics in the following format
`envoy_cluster_grpc_{ServiceName}_{statname}`. When neither of these fields are set it would be
aggregated to `envoy_cluster_grpc_{statname}`.
The new behavior since Envoy 1.18 will produce
metrics in the following format `envoy_cluster_grpc_{MethodName}_statsname` and
`envoy_cluster_grpc_statsname`.
After further investigation we found that Envoy doesn't properly
parse service names such as `cncf.telepresence.Manager/Status`. In the future, we will work
upstream Envoy to get this parsing logic fixed to ensure consistent metric naming.

- Bugfix: Previously setting `grpc_stats` in the `ambassador` `Module` without setting either
`grpc_stats.services` or `grpc_stats.all_methods` would result in crashing. Now it behaves as if
`grpc_stats.all_methods=false`.

## [2.3.1] June 09, 2022
[2.3.1]: https://github.com/emissary-ingress/emissary/compare/v2.3.0...v2.3.1

2 changes: 1 addition & 1 deletion DEPENDENCIES.md
Original file line number Diff line number Diff line change
@@ -22,7 +22,6 @@ following Free and Open Source software:
github.com/armon/go-metrics v0.3.10 MIT license
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d MIT license
github.com/census-instrumentation/opencensus-proto v0.3.0 Apache License 2.0
github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe Apache License 2.0
github.com/cncf/xds/go v0.0.0-20220121163655-4a2b9fdd466b Apache License 2.0
github.com/datawire/dlib v1.2.5-0.20211116212847-0316f8d7af2b Apache License 2.0
github.com/datawire/dtest v0.0.0-20210928162311-722b199c4c2f Apache License 2.0
@@ -94,6 +93,7 @@ following Free and Open Source software:
github.com/spf13/pflag v1.0.5 3-clause BSD license
github.com/stretchr/testify v1.7.0 MIT license
github.com/xlab/treeprint v1.1.0 MIT license
go.opentelemetry.io/proto/otlp v0.7.0 Apache License 2.0
go.starlark.net v0.0.0-20220203230714-bb14e151c28f 3-clause BSD license
golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838 3-clause BSD license
golang.org/x/mod v0.5.1 3-clause BSD license
11 changes: 5 additions & 6 deletions _cxx/envoy.mk
Original file line number Diff line number Diff line change
@@ -13,7 +13,7 @@ RSYNC_EXTRAS ?=

# IF YOU MESS WITH ANY OF THESE VALUES, YOU MUST RUN `make update-base`.
ENVOY_REPO ?= $(if $(IS_PRIVATE),[email protected]:datawire/envoy-private.git,https://github.com/datawire/envoy.git)
ENVOY_COMMIT ?= 8151e9a87cde33721a1b1f864d0c54ae72e4aa78
ENVOY_COMMIT ?= f96adbeb45342bb8b37345df11fc395aa4b1fcda
ENVOY_COMPILATION_MODE ?= opt
# Increment BASE_ENVOY_RELVER on changes to `docker/base-envoy/Dockerfile`, or Envoy recipes.
# You may reset BASE_ENVOY_RELVER when adjusting ENVOY_COMMIT.
@@ -33,7 +33,7 @@ RSYNC_EXTRAS ?=
# which commits are ancestors, I added `make guess-envoy-go-control-plane-commit` to do that in an
# automated way! Still look at the commit yourself to make sure it seems sane; blindly trusting
# machines is bad, mmkay?
ENVOY_GO_CONTROL_PLANE_COMMIT = f1f47757da33f7507078cf7e9e60915418c7bd10
ENVOY_GO_CONTROL_PLANE_COMMIT = v0.10.1

# Set ENVOY_DOCKER_REPO to the list of mirrors that we should
# sanity-check that things get pushed to.
@@ -249,16 +249,16 @@ envoy-shell: $(ENVOY_BASH.deps)
# These targets are depended on by `make generate` in `build-aux/generate.mk`.

# Raw protobufs
$(OSS_HOME)/api/envoy $(OSS_HOME)/api/pb: $(OSS_HOME)/api/%: $(OSS_HOME)/_cxx/envoy
$(OSS_HOME)/api/envoy: $(OSS_HOME)/api/%: $(OSS_HOME)/_cxx/envoy
rsync --recursive --delete --delete-excluded --prune-empty-dirs --include='*/' --include='*.proto' --exclude='*' $</api/$*/ $@

# Go generated from the protobufs
$(OSS_HOME)/_cxx/envoy/build_go: $(ENVOY_BASH.deps) FORCE
$(call ENVOY_BASH.cmd, \
$(ENVOY_DOCKER_EXEC) python3 -c 'from tools.api.generate_go_protobuf import generateProtobufs; generateProtobufs("/root/envoy/build_go")'; \
$(ENVOY_DOCKER_EXEC) python3 -c 'from tools.api.generate_go_protobuf import generate_protobufs; generate_protobufs("@envoy_api//...", "/root/envoy/build_go", "envoy_api")'; \
)
test -d $@ && touch $@
$(OSS_HOME)/pkg/api/pb $(OSS_HOME)/pkg/api/envoy: $(OSS_HOME)/pkg/api/%: $(OSS_HOME)/_cxx/envoy/build_go
$(OSS_HOME)/pkg/api/envoy: $(OSS_HOME)/pkg/api/%: $(OSS_HOME)/_cxx/envoy/build_go
rm -rf $@
@PS4=; set -ex; { \
unset GIT_DIR GIT_WORK_TREE; \
@@ -269,7 +269,6 @@ $(OSS_HOME)/pkg/api/pb $(OSS_HOME)/pkg/api/envoy: $(OSS_HOME)/pkg/api/%: $(OSS_H
-exec chmod 644 {} + \
-exec sed -E -i.bak \
-e 's,github\.com/envoyproxy/go-control-plane/envoy,github.com/emissary-ingress/emissary/v3/pkg/api/envoy,g' \
-e 's,github\.com/envoyproxy/go-control-plane/pb,github.com/emissary-ingress/emissary/v3/pkg/api/pb,g' \
-- {} +; \
find "$$tmpdir" -name '*.bak' -delete; \
mv "$$tmpdir/$*" $@; \
1 change: 1 addition & 0 deletions api/envoy/admin/v2alpha/certs.proto
Original file line number Diff line number Diff line change
@@ -9,6 +9,7 @@ import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.admin.v2alpha";
option java_outer_classname = "CertsProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v2alpha";
option (udpa.annotations.file_status).package_version_status = FROZEN;

// [#protodoc-title: Certificates]
1 change: 1 addition & 0 deletions api/envoy/admin/v2alpha/clusters.proto
Original file line number Diff line number Diff line change
@@ -13,6 +13,7 @@ import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.admin.v2alpha";
option java_outer_classname = "ClustersProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v2alpha";
option (udpa.annotations.file_status).package_version_status = FROZEN;

// [#protodoc-title: Clusters]
1 change: 1 addition & 0 deletions api/envoy/admin/v2alpha/config_dump.proto
Original file line number Diff line number Diff line change
@@ -12,6 +12,7 @@ import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.admin.v2alpha";
option java_outer_classname = "ConfigDumpProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v2alpha";
option (udpa.annotations.file_status).package_version_status = FROZEN;

// [#protodoc-title: ConfigDump]
1 change: 1 addition & 0 deletions api/envoy/admin/v2alpha/listeners.proto
Original file line number Diff line number Diff line change
@@ -9,6 +9,7 @@ import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.admin.v2alpha";
option java_outer_classname = "ListenersProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v2alpha";
option (udpa.annotations.file_status).package_version_status = FROZEN;

// [#protodoc-title: Listeners]
1 change: 1 addition & 0 deletions api/envoy/admin/v2alpha/memory.proto
Original file line number Diff line number Diff line change
@@ -7,6 +7,7 @@ import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.admin.v2alpha";
option java_outer_classname = "MemoryProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v2alpha";
option (udpa.annotations.file_status).package_version_status = FROZEN;

// [#protodoc-title: Memory]
1 change: 1 addition & 0 deletions api/envoy/admin/v2alpha/metrics.proto
Original file line number Diff line number Diff line change
@@ -7,6 +7,7 @@ import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.admin.v2alpha";
option java_outer_classname = "MetricsProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v2alpha";
option (udpa.annotations.file_status).package_version_status = FROZEN;

// [#protodoc-title: Metrics]
1 change: 1 addition & 0 deletions api/envoy/admin/v2alpha/mutex_stats.proto
Original file line number Diff line number Diff line change
@@ -7,6 +7,7 @@ import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.admin.v2alpha";
option java_outer_classname = "MutexStatsProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v2alpha";
option (udpa.annotations.file_status).package_version_status = FROZEN;

// [#protodoc-title: MutexStats]
1 change: 1 addition & 0 deletions api/envoy/admin/v2alpha/server_info.proto
Original file line number Diff line number Diff line change
@@ -10,6 +10,7 @@ import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.admin.v2alpha";
option java_outer_classname = "ServerInfoProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v2alpha";
option (udpa.annotations.file_status).package_version_status = FROZEN;

// [#protodoc-title: Server State]
1 change: 1 addition & 0 deletions api/envoy/admin/v2alpha/tap.proto
Original file line number Diff line number Diff line change
@@ -10,6 +10,7 @@ import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.admin.v2alpha";
option java_outer_classname = "TapProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v2alpha";
option (udpa.annotations.file_status).package_version_status = FROZEN;

// [#protodoc-title: Tap]
1 change: 1 addition & 0 deletions api/envoy/admin/v3/certs.proto
Original file line number Diff line number Diff line change
@@ -10,6 +10,7 @@ import "udpa/annotations/versioning.proto";
option java_package = "io.envoyproxy.envoy.admin.v3";
option java_outer_classname = "CertsProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v3;adminv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;

// [#protodoc-title: Certificates]
27 changes: 19 additions & 8 deletions api/envoy/admin/v3/clusters.proto
Original file line number Diff line number Diff line change
@@ -15,6 +15,7 @@ import "udpa/annotations/versioning.proto";
option java_package = "io.envoyproxy.envoy.admin.v3";
option java_outer_classname = "ClustersProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v3;adminv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;

// [#protodoc-title: Clusters]
@@ -29,7 +30,7 @@ message Clusters {
}

// Details an individual cluster's current status.
// [#next-free-field: 7]
// [#next-free-field: 8]
message ClusterStatus {
option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v2alpha.ClusterStatus";

@@ -41,10 +42,10 @@ message ClusterStatus {

// The success rate threshold used in the last interval.
// If
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is *false*, all errors: externally and locally generated were used to calculate the threshold.
// If
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is *true*, only externally generated errors were used to calculate the threshold.
// The threshold is used to eject hosts based on their success rate. See
// :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for details.
@@ -64,7 +65,7 @@ message ClusterStatus {
// The success rate threshold used in the last interval when only locally originated failures were
// taken into account and externally originated errors were treated as success.
// This field should be interpreted only when
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is *true*. The threshold is used to eject hosts based on their success rate.
// See :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for
// details.
@@ -80,6 +81,9 @@ message ClusterStatus {

// :ref:`Circuit breaking <arch_overview_circuit_break>` settings of the cluster.
config.cluster.v3.CircuitBreakers circuit_breakers = 6;

// Observability name of the cluster.
string observability_name = 7;
}

// Current state of a particular host.
@@ -98,10 +102,10 @@ message HostStatus {

// Request success rate for this host over the last calculated interval.
// If
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is *false*, all errors: externally and locally generated were used in success rate
// calculation. If
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is *true*, only externally generated errors were used in success rate calculation.
// See :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for
// details.
@@ -124,7 +128,7 @@ message HostStatus {
// interval when only locally originated errors are taken into account and externally originated
// errors were treated as success.
// This field should be interpreted only when
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// :ref:`outlier_detection.split_external_local_origin_errors<envoy_v3_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is *true*.
// See :ref:`Cluster outlier detection <arch_overview_outlier_detection>` documentation for
// details.
@@ -139,7 +143,7 @@ message HostStatus {
}

// Health status for a host.
// [#next-free-field: 7]
// [#next-free-field: 9]
message HostHealthStatus {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.HostHealthStatus";
@@ -160,6 +164,13 @@ message HostHealthStatus {
// The host has not yet been health checked.
bool pending_active_hc = 6;

// The host should be excluded from panic, spillover, etc. calculations because it was explicitly
// taken out of rotation via protocol signal and is not meant to be routed to.
bool excluded_via_immediate_hc_fail = 7;

// The host failed active HC due to timeout.
bool active_hc_timeout = 8;

// Health status as reported by EDS. Note: only HEALTHY and UNHEALTHY are currently supported
// here.
// [#comment:TODO(mrice32): pipe through remaining EDS health status possibilities.]
Loading

0 comments on commit d78891f

Please sign in to comment.