profile
viewpoint
Dave Cheney davecheney CSRF for social change Sydney, Australia http://dave.cheney.net/

davecheney/autobench 90

Go benchmark harness.

davecheney/avr11 43

PDP11/40 simulator for atmega2560

constabulary/kodos 33

This is my sister, Kodos

bketelsen/gablog 30

Gopher Academy Blog -- fork of go.blog

davecheney/ccode 25

Example code for blog post

davecheney/badidea 23

Package bad idea contains no good ideas

4ad/go.arm64 18

Go development tree for the arm64 port (historical).

4ad/go 12

Go development tree for the sparc64 port

davecheney/airstream 12

airstream is a network pipe that automatically discovers its peer via multicast DNS.

davecheney/arduino6502 10

Retrochallenge 2017/04 Arduino 6502 simulator

issue commentprojectcontour/contour

HTTPProxy routes aren't validated

There are two bugs here

  1. We should adjust our validation such that each route field has at least one route.services subway.

  2. The spec above would have generated a route with no backend services, and should have been filtered out at the dag Builder and rds visitor level. We need to figure out why that didn't happen.

rbankston

comment created time in 2 days

CommitCommentEvent

issue commentprojectcontour/contour

HTTPProxy routes aren't validated

So that equates to a route with no preconditions and no backend services. We could probably resolve this by making services a required field.

On 22 Feb 2020, at 09:01, Steve Sloka notifications@github.com wrote:

What happened was Contour got a route that looked like this and that got passed off to Envoy, but its missing the cluster bits to match up:

routes:

  • timeoutPolicy: idle: 1800s response: 1800s

I bet we could tweak the validations to possibly assist with validation, but ideally, Contour should also detect (and I'm surprised it didn't) that there are no services referenced and set the route and set the proxy to an error state.

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprojectcontour%2Fcontour%2Fissues%2F2270%3Femail_source%3Dnotifications%26email_token%3DAAABYAYSHXFIU65Z2LHDYYLREBFLHA5CNFSM4KZJVUFKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMUHWJI%23issuecomment-589855525&data=02|01|cheneyd%40vmware.com|3549afee190a4e19465d08d7b7199821|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637179192876363012&sdata=TsfQAucHZc%2F%2BL%2F9dVWhbnklzk4jb%2F3eXxPsazlH4Ytw%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAABYA6EBLWQGKK4T75K43DREBFLHANCNFSM4KZJVUFA&data=02|01|cheneyd%40vmware.com|3549afee190a4e19465d08d7b7199821|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637179192876363012&sdata=jlPPuF05rIKDxeN%2FppW%2Fj2lmAxYQ2nrg%2FKELVbXLM3M%3D&reserved=0.

rbankston

comment created time in 2 days

issue commentprojectcontour/contour

HTTPProxy routes aren't validated

From reading yaml on my phone the invalid part is the misplaced timeoutPolicy stanza.

From contours point of view this information is invisible to contour as it is never deserialised from the api server. We rely on the crd schema validations. Did the validations we supplied with 1.2.0 catch this?

On 22 Feb 2020, at 07:10, Ralph Bankston notifications@github.com wrote:

What steps did you take and what happened: Invalid routes are allowed on an HTTPProxy and cause HTTP/2" 404 NR in the envoy logs but the httpproxy output shows as valid.

NAMESPACE NAME FQDN TLS SECRET STATUS STATUS DESCRIPTION 85028-sp-vfs-dev vfshttpproxy 00000-dev.apps.dev.home.vmw.example.com ingress-contour/ingress-contour-default-ssl-cert valid valid HTTPProxy

What did you expect to happen: Would expect an invalid route to cause HTTPProxy to be listed as invalid when doing kubectl get httpproxy -A or manifest validation and rejection of the manifest

Anything else you would like to add: https://kubernetes.slack.com/archives/C8XRH2R4J/p1582314181482900https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkubernetes.slack.com%2Farchives%2FC8XRH2R4J%2Fp1582314181482900&data=02|01|cheneyd%40vmware.com|4e325e742af24ae98c2708d7b70a246c|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637179126502435357&sdata=VmM9LLQkxQXogOiqsvHYUe%2B%2FMrwf2zr4ryQd7%2FzZc3I%3D&reserved=0 is the slack thread that found this bug. Adding valid and invalid yaml for testing purposes.

Invalid Yaml:

apiVersion: v1 items:

  • apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: annotations: ingress.kubernetes.io/force-ssl-redirect: "true" name: vfshttpproxy namespace: 85028-sp-vfs-dev spec: routes:
    • conditions:
      • prefix: / services:
      • name: vfs-service port: 8080
    • timeoutPolicy: idle: 1800s response: 1800s virtualhost: fqdn: 00000-dev.apps.dev.home.vmw.example.com tls: secretName: ingress-contour/ingress-contour-default-ssl-cert kind: List

Valid Yaml:

apiVersion: v1 items:

  • apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: annotations: ingress.kubernetes.io/force-ssl-redirect: "true" name: vfshttpproxy namespace: 85028-sp-vfs-dev spec: routes:
    • conditions:
      • prefix: / services:
      • name: vfs-service port: 8080 timeoutPolicy: idle: 1800s response: 1800s virtualhost: fqdn: 00000-dev.apps.dev.home.vmw.example.com tls: secretName: ingress-contour/ingress-contour-default-ssl-cert kind: List

Environment:

  • Contour version: 1.2
  • Kubernetes version: (use kubectl version):v1.15.7
  • Kubernetes installer & version: kubeadm 1.15.7
  • Cloud provider or hardware configuration: VCP
  • OS (e.g. from /etc/os-release):Ubuntu 18.04.3 LTS

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprojectcontour%2Fcontour%2Fissues%2F2270%3Femail_source%3Dnotifications%26email_token%3DAAABYA2O3OKJQ3R4IXVZ7ATREAYMRA5CNFSM4KZJVUFKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IPMWREA&data=02|01|cheneyd%40vmware.com|4e325e742af24ae98c2708d7b70a246c|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637179126502445349&sdata=69W4r68Fr5Piaf%2BkyCl82ZnWojxVJkL1edR0Adkkr1M%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAABYAZZLTXKMH3T74NNVI3REAYMRANCNFSM4KZJVUFA&data=02|01|cheneyd%40vmware.com|4e325e742af24ae98c2708d7b70a246c|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637179126502445349&sdata=EHwG58aAwYcGMCHBJEbcjv0J%2FCHqU8tUlUGq0RPV7dU%3D&reserved=0.

rbankston

comment created time in 2 days

issue commentprojectcontour/contour

HTTPProxy routes aren't validated

Unrelated, but that annotation doesn’t do anything in HTTPProxy objects.

On 22 Feb 2020, at 07:10, Ralph Bankston notifications@github.com wrote:

What steps did you take and what happened: Invalid routes are allowed on an HTTPProxy and cause HTTP/2" 404 NR in the envoy logs but the httpproxy output shows as valid.

NAMESPACE NAME FQDN TLS SECRET STATUS STATUS DESCRIPTION 85028-sp-vfs-dev vfshttpproxy 00000-dev.apps.dev.home.vmw.example.com ingress-contour/ingress-contour-default-ssl-cert valid valid HTTPProxy

What did you expect to happen: Would expect an invalid route to cause HTTPProxy to be listed as invalid when doing kubectl get httpproxy -A or manifest validation and rejection of the manifest

Anything else you would like to add: https://kubernetes.slack.com/archives/C8XRH2R4J/p1582314181482900https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkubernetes.slack.com%2Farchives%2FC8XRH2R4J%2Fp1582314181482900&data=02|01|cheneyd%40vmware.com|4e325e742af24ae98c2708d7b70a246c|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637179126502435357&sdata=VmM9LLQkxQXogOiqsvHYUe%2B%2FMrwf2zr4ryQd7%2FzZc3I%3D&reserved=0 is the slack thread that found this bug. Adding valid and invalid yaml for testing purposes.

Invalid Yaml:

apiVersion: v1 items:

  • apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: annotations: ingress.kubernetes.io/force-ssl-redirect: "true" name: vfshttpproxy namespace: 85028-sp-vfs-dev spec: routes:
    • conditions:
      • prefix: / services:
      • name: vfs-service port: 8080
    • timeoutPolicy: idle: 1800s response: 1800s virtualhost: fqdn: 00000-dev.apps.dev.home.vmw.example.com tls: secretName: ingress-contour/ingress-contour-default-ssl-cert kind: List

Valid Yaml:

apiVersion: v1 items:

  • apiVersion: projectcontour.io/v1 kind: HTTPProxy metadata: annotations: ingress.kubernetes.io/force-ssl-redirect: "true" name: vfshttpproxy namespace: 85028-sp-vfs-dev spec: routes:
    • conditions:
      • prefix: / services:
      • name: vfs-service port: 8080 timeoutPolicy: idle: 1800s response: 1800s virtualhost: fqdn: 00000-dev.apps.dev.home.vmw.example.com tls: secretName: ingress-contour/ingress-contour-default-ssl-cert kind: List

Environment:

  • Contour version: 1.2
  • Kubernetes version: (use kubectl version):v1.15.7
  • Kubernetes installer & version: kubeadm 1.15.7
  • Cloud provider or hardware configuration: VCP
  • OS (e.g. from /etc/os-release):Ubuntu 18.04.3 LTS

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprojectcontour%2Fcontour%2Fissues%2F2270%3Femail_source%3Dnotifications%26email_token%3DAAABYA2O3OKJQ3R4IXVZ7ATREAYMRA5CNFSM4KZJVUFKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IPMWREA&data=02|01|cheneyd%40vmware.com|4e325e742af24ae98c2708d7b70a246c|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637179126502445349&sdata=69W4r68Fr5Piaf%2BkyCl82ZnWojxVJkL1edR0Adkkr1M%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAABYAZZLTXKMH3T74NNVI3REAYMRANCNFSM4KZJVUFA&data=02|01|cheneyd%40vmware.com|4e325e742af24ae98c2708d7b70a246c|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637179126502445349&sdata=EHwG58aAwYcGMCHBJEbcjv0J%2FCHqU8tUlUGq0RPV7dU%3D&reserved=0.

rbankston

comment created time in 2 days

issue openedprojectcontour/contour

Metrics: contour should ship with dashboard for envoy metrics

Specifically we need to capture envoy memory starts and the number of active and draining xds configurations.

created time in 2 days

delete branch davecheney/contour

delete branch : fixedbugs/2257

delete time in 2 days

push eventprojectcontour/contour

Dave Cheney

commit sha b40292b056a715f8b6e96546779985df5c35ec51

site: add Contour 1.1.0 to 1.2.0 upgrade notes Fixes #2257 Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 2 days

PR merged projectcontour/contour

site: add Contour 1.1.0 to 1.2.0 upgrade notes

Fixes #2257

Signed-off-by: Dave Cheney dave@cheney.net

+189 -6

3 comments

5 changed files

davecheney

pr closed time in 2 days

issue closedprojectcontour/contour

Contour 1.2.0 release notes

Write Contour 1.2.0 release notes.

closed time in 2 days

davecheney

push eventdavecheney/contour

Dave Cheney

commit sha dd523e9f81533a60ee8f5d54167115a0cd0c0e1b

site: add Contour 1.1.0 to 1.2.0 upgrade notes Fixes #2257 Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 2 days

push eventdavecheney/contour

Dave Cheney

commit sha 389341fce74c85d7fdc409ef86d3fe981bd8baf7

site: add Contour 1.1.0 to 1.2.0 upgrade notes Fixes #2257 Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 2 days

push eventdavecheney/contour

Dave Cheney

commit sha a960a0137726a8b62ee9003288e4229f03ed59f0

site: add Contour 1.1.0 to 1.2.0 upgrade notes Fixes #2257 Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 2 days

push eventdavecheney/contour

Steve Sloka

commit sha df71a1e6392e6e39ce886897645b335effc3d210

Implement envoy shutdown manager Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Steve Sloka

commit sha 2caa7f36d42c0e9ade313fed3b2d3b5b0ddc7359

Add Envoy open connections dashboard to Grafana Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Steve Sloka

commit sha bac6a5d163827258c26aa92ff3ed914f94ef5215

Update rendered quickstart example utilizing the shutdown-manager Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Steve Sloka

commit sha c438eb83d682a0dd4a02700487056c5b6d83925a

Add docs for Envoy shutdown manager Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Steve Sloka

commit sha 5e2b2d8c5500d29c19ee50c0081a5428244988ee

site: Update list of Envoy extensions required for Contour Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Steve Sloka

commit sha 5952b7e25242dd3a8e48ed26a2be91a7ad69f4e0

site: Add Contour v1.2.0 to the Kubernetes support matrix Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Nick Young

commit sha 0f0fb5ef64b129159c4d1218d8f823379dc75513

Add Contour APIserver stats Grafana dashboard Fixes #2248 Signed-off-by: Nick Young <ynick@vmware.com>

view details

Dave Cheney

commit sha 6000b224c7f0801255ba00cd1c6b57deacfe5915

site: add docs/v1.2.0 Fixes #2258 Signed-off-by: Dave Cheney <dave@cheney.net>

view details

Dave Cheney

commit sha caaa2b2b82d9c33380c89e98481546d157620c53

site: add Contour 1.1.0 to 1.2.0 upgrade notes Fixes #2257 Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 3 days

delete branch davecheney/contour

delete branch : fixedbugs/2258

delete time in 3 days

push eventprojectcontour/contour

Dave Cheney

commit sha 6000b224c7f0801255ba00cd1c6b57deacfe5915

site: add docs/v1.2.0 Fixes #2258 Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 3 days

PR merged projectcontour/contour

Reviewers
site: add docs/v1.2.0

Fixes #2258

Signed-off-by: Dave Cheney dave@cheney.net

+4674 -0

1 comment

14 changed files

davecheney

pr closed time in 3 days

issue closedprojectcontour/contour

site: fork docs for contour 1.2.0 and update :latest tags

Ensure versioned docs for Contour 1.2.0 exist.

closed time in 3 days

davecheney

push eventdavecheney/contour

Dave Cheney

commit sha c3646992f716dba1a3c9d0bdcbe4f2c7878e32a8

site: fix broken html in resources/upgrading.md Fixes #2252 Jekyll 4.0 is sentitive to janky html. Signed-off-by: Dave Cheney <dave@cheney.net>

view details

Steve Sloka

commit sha df71a1e6392e6e39ce886897645b335effc3d210

Implement envoy shutdown manager Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Steve Sloka

commit sha 2caa7f36d42c0e9ade313fed3b2d3b5b0ddc7359

Add Envoy open connections dashboard to Grafana Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Steve Sloka

commit sha bac6a5d163827258c26aa92ff3ed914f94ef5215

Update rendered quickstart example utilizing the shutdown-manager Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Steve Sloka

commit sha c438eb83d682a0dd4a02700487056c5b6d83925a

Add docs for Envoy shutdown manager Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Steve Sloka

commit sha 5e2b2d8c5500d29c19ee50c0081a5428244988ee

site: Update list of Envoy extensions required for Contour Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Steve Sloka

commit sha 5952b7e25242dd3a8e48ed26a2be91a7ad69f4e0

site: Add Contour v1.2.0 to the Kubernetes support matrix Signed-off-by: Steve Sloka <slokas@vmware.com>

view details

Nick Young

commit sha 0f0fb5ef64b129159c4d1218d8f823379dc75513

Add Contour APIserver stats Grafana dashboard Fixes #2248 Signed-off-by: Nick Young <ynick@vmware.com>

view details

Dave Cheney

commit sha a0a3586a226cabe4cae7979cc23f720fe50c38a9

site: add docs/v1.2.0 Fixes #2258 Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 3 days

push eventdavecheney/contour

Dave Cheney

commit sha 5b6f8f6b6a1d4cd1fb1c91a355a76285aae950d3

site: add Contour 1.1.0 to 1.2.0 upgrade notes Fixes #2257 Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 3 days

Pull request review commentprojectcontour/contour

cmd/contour: Envoy Shutdown Manager

+# Redeploying Envoy++The Envoy process, the data path component of Contour, at times needs to be re-deployed.+This could be due to an upgrade, a change in configuration, or a node-failure forcing a redeployment.++When implementing this roll out, the following steps should be taken: ++1. Stop Envoy from accepting new connections +2. Start draining existing connections in Envoy by sending a `POST` request to `/healthcheck/fail` endpoint+3. Wait for connections to drain before allowing Kubernetes to `SIGTERM` the pod++## Overview++Contour implements a new `envoy` sub-command which has a `shutdown-manager` whose job is to manage a single Envoy instances lifecycle for Kubernetes.+The `shutdown-maanger` runs as a new container alongside the Envoy container in the same pod.+It exposes two HTTP endpoints which are used for `livenessProbe` as well as to handle the Kubernetes `preStop` event hook.++- **livenessProbe**: This is used to validate the shutdown manager is still running properly. If requests to `/healthz` fail, the container will be restarted.+- **preStop**: This is used to keep the container running while waiting for Envoy to drain connections. The `/shutdown` endpoint blocks until the connections are drained.++```yaml+ - name: shutdown-manager+   command:+   - /bin/contour+   args:+     - envoy+     - shutdown-manager+   image: docker.io/projectcontour/contour:master

should be versioned or :latest

stevesloka

comment created time in 3 days

pull request commentprojectcontour/contour

Add Contour APIserver stats Grafana dashboard

My only question is on the Y-axis for the ops/s, should the units be fractions?

yeah, I commented on this myself but its a Grafana limitation, which is annoying, but not something we can fix as a user.

youngnick

comment created time in 3 days

issue commentgolang/go

proposal: Immutable data

If a and b have the same address, are there contents equal?

It sounds like you’re proposing C’s static storage class. I don’t think that is what most people think of when they think immutable nor something which makes a lot of sense in a multi threaded program.

embeddedgo

comment created time in 3 days

pull request commentprojectcontour/contour

site: Update list of Envoy extensions required for Contour

In an ideal world, I guess we should version it, but in the world where there is only one supported version of envoy and and even tighter constraint that the current version of contour may not support it, we can probably just say this extension list applies to the current stable contour version’s envoy.

I’d like to table this until if/when we have a discussion about extending the number of supported contour versions.

On 21 Feb 2020, at 07:01, Steve Sloka notifications@github.com wrote:

@stevesloka commented on this pull request.


In site/_resources/envoy.mdhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprojectcontour%2Fcontour%2Fpull%2F2265%23discussion_r382227530&data=02|01|cheneyd%40vmware.com|fc339b97ba3a4c6d91c908d7b63fb7ed|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637178257089841538&sdata=j%2B5w96HbOaXxHgCRe4SeYf3zHHcVD1FNtjy8Ccprz1g%3D&reserved=0:

@@ -34,13 +34,12 @@ Contour requires the following extensions. If you are using the image recommended in our [example deployment][4] no action is required. If you are providing your own Envoy it must be compiled with the following extensions:

-- access_loggers: envoy.file_access_log,envoy.http_grpc_access_log,envoy.tcp_grpc_access_log -- filters.http: envoy.buffer,envoy.cors,envoy.csrf,envoy.ext_authz,envoy.fault,envoy.filters.http.adaptive_concurrency,envoy.filters.http.dynamic_forward_proxy,envoy.filters.http.grpc_http1_reverse_bridge,envoy.filters.http.grpc_stats,envoy.filters.http.header_to_metadata,envoy.filters.http.jwt_authn,envoy.filters.http.original_src,envoy.filters.http.rbac,envoy.filters.http.tap,envoy.grpc_http1_bridge,envoy.grpc_json_transcoder,envoy.grpc_web,envoy.gzip,envoy.health_check,envoy.ip_tagging,envoy.rate_limit,envoy.router,envoy.squash +- access_loggers: envoy.file,envoy.http_grpc,envoy.tcp_grpc

There were some others that I updated. Do we need to version this extension list?

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprojectcontour%2Fcontour%2Fpull%2F2265%3Femail_source%3Dnotifications%26email_token%3DAAABYA6O2Q7PQBWMU22APKTRD3OSXA5CNFSM4KYUSGV2YY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOCWLKMPY%23discussion_r382227530&data=02|01|cheneyd%40vmware.com|fc339b97ba3a4c6d91c908d7b63fb7ed|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637178257089851533&sdata=IYeVTqxRspQ0Op1uY%2BbsAZfVARWC0PrJPk%2FPxN0dYcE%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAABYA2HRKSVEFBAY6D7LQDRD3OSXANCNFSM4KYUSGVQ&data=02|01|cheneyd%40vmware.com|fc339b97ba3a4c6d91c908d7b63fb7ed|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637178257089851533&sdata=DsldJK6X5rSM9u%2FRGK11Hyydhjlo6YnplLCHRpDguXA%3D&reserved=0.

stevesloka

comment created time in 3 days

Pull request review commentprojectcontour/contour

site: Update list of Envoy extensions required for Contour

 Contour requires the following extensions. If you are using the image recommended in our [example deployment][4] no action is required. If you are providing your own Envoy it must be compiled with the following extensions: -- `access_loggers`: `envoy.file_access_log`,`envoy.http_grpc_access_log`,`envoy.tcp_grpc_access_log`-- `filters.http`: `envoy.buffer`,`envoy.cors`,`envoy.csrf`,`envoy.ext_authz`,`envoy.fault`,`envoy.filters.http.adaptive_concurrency`,`envoy.filters.http.dynamic_forward_proxy`,`envoy.filters.http.grpc_http1_reverse_bridge`,`envoy.filters.http.grpc_stats`,`envoy.filters.http.header_to_metadata`,`envoy.filters.http.jwt_authn`,`envoy.filters.http.original_src`,`envoy.filters.http.rbac`,`envoy.filters.http.tap`,`envoy.grpc_http1_bridge`,`envoy.grpc_json_transcoder`,`envoy.grpc_web`,`envoy.gzip`,`envoy.health_check`,`envoy.ip_tagging`,`envoy.rate_limit`,`envoy.router`,`envoy.squash`+- `access_loggers`: `envoy.file`,`envoy.http_grpc`,`envoy.tcp_grpc`

I think these have been renamed to

“envoy.access_loggers.file”

“envoy.access_loggers.http_grpc”

“envoy.access_loggers.tcp_grpc”

https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/accesslog/v2/accesslog.proto

stevesloka

comment created time in 3 days

issue commentprojectcontour/contour

Unable to change connect_timeout in Envoy config

15 seconds is too long, I'm worried if we allow users to make settings like this we have created a support footgun which allows people to continue to raise their timeouts in unhealthy clusters, potentially masking more serious issues.

Can we compromise and raise the default for everyone? I think 1000ms, 1200ms tops is the most that is reasonably supportable noting that this is the TCP handshake time, not the time it takes for the higher layers to send the initial request, its literally a timer around socket(2) && bind(2)

krisdock

comment created time in 3 days

Pull request review commentprojectcontour/contour

site: Add Contour v1.2.0 to the Kubernetes support matrix

 The `client-go` package includes a [compatibility matrix][2] as to what Kubernet  ## Supported Kubernetes versions -| Kubernetes version | Contour v1.0.0 | Contour v1.0.1 | Contour v1.1.0 |-| ------------ | :-----------: | :-----------: | :----------: | -| 1.15.x | Supported | Supported | Supported | -| 1.16.x | Supported | Supported | Supported |-| 1.17.x | Supported | Supported | Supported | -| 1.18.x | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup> | Not Supported <sup>1</sup> |+| Kubernetes version | Contour v1.0.0 | Contour v1.0.1 | Contour v1.1.0 | Contour v1.2.0 |+| ------------ | :-----------: | :-----------: | :----------: | :--------: |+| 1.13.x | Supported | Supported | Supported | Not Supported<sup>1</sup> |+| 1.14.x | Supported | Supported | Supported | Not Supported<sup>1</sup> |+| 1.15.x | Supported | Supported | Supported | Supported |+| 1.16.x | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup> | Supported |+| 1.17.x | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup> | Supported |+| 1.18.x | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup> | Not Supported <sup>1</sup> | Not Supported <sup>1</sup> |

I'd prefer that we don't list versions that don't exist yet, then we don't have to say if they are supported or not. It's a Heisenberg thing.

stevesloka

comment created time in 3 days

Pull request review commentprojectcontour/contour

site: Add Contour v1.2.0 to the Kubernetes support matrix

 DEPENDENCIES   jekyll-titles-from-headings (~> 0.5.3)  BUNDLED WITH-   2.0.2

please revert this noop change

stevesloka

comment created time in 3 days

Pull request review commentprojectcontour/contour

site: Add Contour v1.2.0 to the Kubernetes support matrix

 The `client-go` package includes a [compatibility matrix][2] as to what Kubernet  ## Supported Kubernetes versions -| Kubernetes version | Contour v1.0.0 | Contour v1.0.1 | Contour v1.1.0 |-| ------------ | :-----------: | :-----------: | :----------: | -| 1.15.x | Supported | Supported | Supported | -| 1.16.x | Supported | Supported | Supported |-| 1.17.x | Supported | Supported | Supported | -| 1.18.x | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup> | Not Supported <sup>1</sup> |+| Kubernetes version | Contour v1.0.0 | Contour v1.0.1 | Contour v1.1.0 | Contour v1.2.0 |+| ------------ | :-----------: | :-----------: | :----------: | :--------: |+| 1.15.x | Supported | Supported | Supported | Supported |+| 1.16.x | Supported | Supported | Supported | Supported |+| 1.17.x | Supported | Supported | Supported | Supported |+| 1.18.x | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup> | Not Supported <sup>1</sup> | Not Supported <sup>1</sup> | +<br>

Also <br> adds a line break inside html, did you mean <hr>?

stevesloka

comment created time in 3 days

Pull request review commentprojectcontour/contour

site: Add Contour v1.2.0 to the Kubernetes support matrix

 The `client-go` package includes a [compatibility matrix][2] as to what Kubernet  ## Supported Kubernetes versions -| Kubernetes version | Contour v1.0.0 | Contour v1.0.1 | Contour v1.1.0 |-| ------------ | :-----------: | :-----------: | :----------: | -| 1.15.x | Supported | Supported | Supported | -| 1.16.x | Supported | Supported | Supported |-| 1.17.x | Supported | Supported | Supported | -| 1.18.x | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup> | Not Supported <sup>1</sup> |+| Kubernetes version | Contour v1.0.0 | Contour v1.0.1 | Contour v1.1.0 | Contour v1.2.0 |+| ------------ | :-----------: | :-----------: | :----------: | :--------: |+| 1.15.x | Supported | Supported | Supported | Supported |+| 1.16.x | Supported | Supported | Supported | Supported |+| 1.17.x | Supported | Supported | Supported | Supported |+| 1.18.x | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup> | Not Supported <sup>1</sup> | Not Supported <sup>1</sup> | +<br>

See #2234 #2252

stevesloka

comment created time in 3 days

push eventdavecheney/contour

Dave Cheney

commit sha 171da00b1ccb16822a4d0fe268c3614597da9a81

site: add Contour 1.1.0 to 1.2.0 upgrade notes Fixes #2257 Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 3 days

pull request commentprojectcontour/contour

site: add Contour 1.1.0 to 1.2.0 upgrade notes

Oops the gem file commit is a mistake, I'll remove it from the commit. thanks for spotting it

davecheney

comment created time in 3 days

pull request commentprojectcontour/contour

site: Add Contour v1.2.0 to the Kubernetes support matrix

Assigning @youngnick as the reviewer

stevesloka

comment created time in 3 days

Pull request review commentprojectcontour/contour

site: Add Contour v1.2.0 to the Kubernetes support matrix

 The `client-go` package includes a [compatibility matrix][2] as to what Kubernet  ## Supported Kubernetes versions -| Kubernetes version | Contour v1.0.0 | Contour v1.0.1 | Contour v1.1.0 |-| ------------ | :-----------: | :-----------: | :----------: | -| 1.15.x | Supported | Supported | Supported | -| 1.16.x | Supported | Supported | Supported |-| 1.17.x | Supported | Supported | Supported | -| 1.18.x | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup> | Not Supported <sup>1</sup> |+| Kubernetes version | Contour v1.0.0 | Contour v1.0.1 | Contour v1.1.0 | Contour v1.2.0 |+| ------------ | :-----------: | :-----------: | :----------: | :--------: |+| 1.15.x | Supported | Supported | Supported | Supported |+| 1.16.x | Supported | Supported | Supported | Supported |+| 1.17.x | Supported | Supported | Supported | Supported |+| 1.18.x | Not Supported<sup>1</sup>  | Not Supported<sup>1</sup> | Not Supported <sup>1</sup> | Not Supported <sup>1</sup> | +<br>

please delete this, mixing html and markdown makes Jekyll sad.

stevesloka

comment created time in 3 days

issue commentgolang/go

proposal: Immutable data

Consider this example

var n int

func f() *int { n++ const var N = &n return N }

a, b := f(), f()

are a and b the same address?

On Thu, 20 Feb 2020 at 22:31, Embedded Go notifications@github.com wrote:

Why it must go on the heap? In case of immutable object it can definitely be placed in read-only data section. The f() will always return the same address.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/golang/go/issues/37303?email_source=notifications&email_token=AAABYAYC22RMB3U62EEMYXDRDZS2ZA5CNFSM4KYDCSG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMNQZ7Q#issuecomment-588975358, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAABYA53RMYJ776RYJBM7ZDRDZS2ZANCNFSM4KYDCSGQ .

embeddedgo

comment created time in 3 days

issue commentgolang/go

proposal: Immutable data

But how? the storage class for these allocations must go on the heap, not ro-data.

On Thu, 20 Feb 2020 at 22:24, Embedded Go notifications@github.com wrote:

Yes it is. The write access will be detected at runtime and the program will abort.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

embeddedgo

comment created time in 3 days

issue commentgolang/go

proposal: Immutable data

What about this example

func f() *int { const var i int return &i }

var n *int for i := 0; i < 20; i++ { n = f() } *n++

is this permissable?

On Thu, 20 Feb 2020 at 22:18, Embedded Go notifications@github.com wrote:

The immutable data will be placed by compiler in .rodata section which is a part of TEXT segment. The most (all?) of current operating systems make the TEXT segment read-only using read-only pages for it. This was described in the first post.

The example code you provided is some corner case of this proposal.

Let's show more general example:

type S struct {i int} const var ( A = &S{} B = new(S) )

The A = &S{} definitely should compile and both A and S{} should be placed in .rodata section.

But what about B = new(S)? Should the compiler treat new(S) as the other form of &S{0} or simply return an error because there is a function call on right-hand side? I opt for the second choice.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/golang/go/issues/37303?email_source=notifications&email_token=AAABYA2AQDXXM5WDSJFS6L3RDZRIVA5CNFSM4KYDCSG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMNPQLA#issuecomment-588970028, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAABYA3IDK54Y6YJE5UJ4GLRDZRIVANCNFSM4KYDCSGQ .

embeddedgo

comment created time in 3 days

issue commentgolang/go

proposal: Immutable data

This code will compile but the write access will be detected at runtime and the program will abort with stack trace (the OS will send SIGSEGV or SIGBUS).

How will this happen, because the data is in a page marked read only?

What about this case

const var C = new(int)

func f(p *int) { *p++ }

is this permissible ?

f(C)
embeddedgo

comment created time in 3 days

issue commentgolang/go

fatal: morestack on g0 while running a server for half-year

Cool. Thanks for confirming.

On 20 Feb 2020, at 19:56, Vincent Lee notifications@github.com wrote:

This looks like memory corruption. Have you tried running your program under the race detector? See https://blog.golang.org/race-detector .

I have many unit tests running in race mode and found no race currently.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

absolute8511

comment created time in 3 days

issue commentgolang/go

proposal: Immutable data

If I do

const var C int = 1

func f(p *int) { *p++ }

is this permissible?

f(&C)

On 20 Feb 2020, at 18:30, Embedded Go notifications@github.com wrote:

If you have:

const A = 3

const B int = 3

const var C int = 3

//go:immutable var D int = 3 you can't take address of A or B but you can in case of C or D.

I agree that a new compiler directive is something magic but it does its job and has the advantage that it doesn't introduce changes in the language specification.

In my opinion, const and const var suggests that the immutability is guaranteed by the language specification and should be ensured at compile time what would be desirable but not required by this proposal.

But of course the const var can also be considered because it can do its job and doesn't introduce any new keyword.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

embeddedgo

comment created time in 3 days

pull request commentprojectcontour/contour

site: add Contour 1.1.0 to 1.2.0 upgrade notes

np. I’ll fix it tomorrow morning.

On 20 Feb 2020, at 18:54, James Peach notifications@github.com wrote:

@jpeach commented on this pull request.


In site/_resources/upgrading.mdhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprojectcontour%2Fcontour%2Fpull%2F2259%23discussion_r381831727&data=02|01|cheneyd%40vmware.com|c46fe807375d42a7e73208d7b5da20dd|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637177820806786132&sdata=KknsjrwRL%2F5GqxUsPivox5sIw8enJmyBvtNfIXNlD3k%3D&reserved=0:

+Please see the [Envoy Release Notes][17] for information about issues fixed in Envoy 1.13.0.

+## The easy way to upgrade + +If the following are true for you: +

    • Your installation is in the projectcontour namespace.
    • You are using one of the [example][1] deployments.
    • Your cluster can take few minutes of downtime.

+Then the simplest way to upgrade to 1.2.0 is to delete the projectcontour namespace and reapply one of the example configurations. +From the root directory of the repository: + +``` +$ kubectl delete namespace projectcontour +$ kubectl apply -f examples/<your-desired-deployment>

I didn't previously notice that we recommended this. The only thing you can apply here is examples/contour, it's likely to be confusing to suggest otherwise.

I think this should advise https://projectcontour.io/quickstart/contour.yaml, like we do elsewhere.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprojectcontour%2Fcontour%2Fpull%2F2259%3Femail_source%3Dnotifications%26email_token%3DAAABYA7SGPAKCSGH2BVOX4DRDYZLVA5CNFSM4KYIJMW2YY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOCWHPFQY%23pullrequestreview-361689795&data=02|01|cheneyd%40vmware.com|c46fe807375d42a7e73208d7b5da20dd|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637177820806796127&sdata=AhKMLAU6TclJJoRkjeBLiz%2FXycyMFdzMIW0he6uh34I%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAABYAZ2NQY4GERFNUTVGHTRDYZLVANCNFSM4KYIJMWQ&data=02|01|cheneyd%40vmware.com|c46fe807375d42a7e73208d7b5da20dd|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637177820806796127&sdata=ZPOxhG%2F01%2BESdHazDMI9F7ozoUsGXiijkaG5ShvUaLw%3D&reserved=0.

davecheney

comment created time in 3 days

issue commentgolang/go

fatal: morestack on g0 while running a server for half-year

This looks like memory corruption. Have you tried running your program under the race detector? See https://blog.golang.org/race-detector .

absolute8511

comment created time in 3 days

PR opened projectcontour/contour

Reviewers
site: add docs/v1.2.0

Fixes #2258

Signed-off-by: Dave Cheney dave@cheney.net

+4667 -1

0 comment

14 changed files

pr created time in 3 days

create barnchdavecheney/contour

branch : fixedbugs/2258

created branch time in 3 days

push eventdavecheney/contour

Dave Cheney

commit sha c3646992f716dba1a3c9d0bdcbe4f2c7878e32a8

site: fix broken html in resources/upgrading.md Fixes #2252 Jekyll 4.0 is sentitive to janky html. Signed-off-by: Dave Cheney <dave@cheney.net>

view details

Dave Cheney

commit sha 0daa0524a6a75c2c61f6b81bf024a2b700601a70

site: add Contour 1.1.0 to 1.2.0 upgrade notes Fixes #2257 Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 3 days

PR opened projectcontour/contour

Reviewers
site: add Contour 1.1.0 to 1.2.0 upgrade notes

Fixes #2257

Signed-off-by: Dave Cheney dave@cheney.net

+72 -26

0 comment

2 changed files

pr created time in 3 days

create barnchdavecheney/contour

branch : fixedbugs/2257

created branch time in 3 days

issue openedprojectcontour/contour

site: fork docs for contour 1.2.0 and update :latest tags

Ensure versioned docs for Contour 1.2.0 exist.

created time in 3 days

issue openedprojectcontour/contour

Contour 1.2.0 release notes

Write Contour 1.2.0 release notes.

created time in 3 days

issue openedprojectcontour/contour

site: https://projectcontour.io/resources/upgrading/ needs to be updated for contour 1.2.0

Update https://projectcontour.io/resources/upgrading/ for the 1.1.0 to 1.2.0 upgrade path.

created time in 3 days

pull request commentprojectcontour/contour

WIP External client certificate validation

Oops, I am terribly sorry I mistook the discussion for the other auth discussions in fly at the moment. Please ignore me

tsaarni

comment created time in 3 days

pull request commentprojectcontour/contour

WIP External client certificate validation

Thank you all for your discussion. With my tech lead hat on I do need to remind everyone that the policy of this project is to talk, then code. We should not be designing features by duking it out in PR comments, that is not how we work on this project.

Thank you

tsaarni

comment created time in 3 days

delete branch davecheney/contour

delete branch : fixedbugs/2252

delete time in 3 days

push eventprojectcontour/contour

Dave Cheney

commit sha c3646992f716dba1a3c9d0bdcbe4f2c7878e32a8

site: fix broken html in resources/upgrading.md Fixes #2252 Jekyll 4.0 is sentitive to janky html. Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 3 days

PR merged projectcontour/contour

Reviewers
site: fix broken html in resources/upgrading.md

Fixes #2252

Jekyll 4.0 is sentitive to janky html.

+4 -7

1 comment

1 changed file

davecheney

pr closed time in 3 days

issue closedprojectcontour/contour

site: https://projectcontour.io/resources/upgrading/ is borked

I think the Jekyll 4.0 upgrade broke this.

closed time in 3 days

davecheney

push eventdavecheney/contour

Dave Cheney

commit sha 302faeeb3e5c7c9bf3303603108d78097399ef63

site: fix broken html in resources/upgrading.md Fixes #2252 Jekyll 4.0 is sentitive to janky html. Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 4 days

PR opened projectcontour/contour

Reviewers
site: fix broken html in resources/upgrading.md

Fixes #2252

Jekyll 4.0 is sentitive to janky html.

+4 -7

0 comment

1 changed file

pr created time in 4 days

create barnchdavecheney/contour

branch : fixedbugs/2252

created branch time in 4 days

issue commentprojectcontour/contour

update https://projectcontour.io/resources/kubernetes/ for 1.2.0 release

@stevesloka the page needs to be updated to include Contour 1.2.0 and resolve the question of k8s 1.18 support from the last community meeting.

davecheney

comment created time in 4 days

issue openedprojectcontour/contour

site: https://projectcontour.io/resources/upgrading/ is borked

I think the Jekyll 4.0 upgrade broke this.

created time in 4 days

issue openedprojectcontour/contour

update https://projectcontour.io/resources/kubernetes/ for 1.2.0 release

Please update https://projectcontour.io/resources/kubernetes/ to include the versions of k8s supported by Contour 1.2.0

created time in 4 days

delete branch davecheney/contour

delete branch : issue/2235

delete time in 4 days

push eventprojectcontour/contour

Dave Cheney

commit sha f5dc6cb92d8aadabf76b4a230297c8678338cb84

internal/contour: record EventHandler operation metrics Fixes #2235 Introduce a new handler in the EventHandler chain which emits prometheus metrics for the various API operations and kinds observed from informers which sink to the EventHandler chain. Inserting the EventRecorded between the DynamicClientHandler and the EventHandler will make this PR easier to backport to Contour versions which don't use the dynamic client. Signed-off-by: Dave Cheney <dave@cheney.net>

view details

Dave Cheney

commit sha 0f4af824eca5b615a56ed02f4b2c0259fa505902

internal/metrics: use Counter for EventHandler operations Signed-off-by: Dave Cheney <dave@cheney.net>

view details

Dave Cheney

commit sha ee78b32bb63780f48228a8a3adac6dbefa0e2d5f

site: update metrics docs Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 4 days

PR merged projectcontour/contour

internal/contour: record EventHandler operation metrics

Fixes #2235

Introduce a new handler in the EventHandler chain which emits prometheus metrics for the various API operations and kinds observed from informers which sink to the EventHandler chain.

Inserting the EventRecorded between the DynamicClientHandler and the EventHandler will make this PR easier to backport to Contour versions which don't use the dynamic client.

Signed-off-by: Dave Cheney dave@cheney.net

+90 -38

3 comments

4 changed files

davecheney

pr closed time in 4 days

issue closedprojectcontour/contour

metrics: contour should report statistics on objects injected, update, deleted via the k8s api

Contour should produce prometheus metrics that track onadd/update/delete metrics for each class of object contour watches.

closed time in 4 days

davecheney

push eventdavecheney/contour

Dave Cheney

commit sha ea05bcd0884bf594b17cb99af051b9fb1d78ef1f

site: update metrics docs Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 4 days

Pull request review commentprojectcontour/contour

internal/contour: record EventHandler operation metrics

 func NewMetrics(registry *prometheus.Registry) *Metrics { 			Help:       "Histogram for the runtime of xDS cache regeneration.", 			Objectives: map[float64]float64{0.5: 0.05, 0.9: 0.01, 0.99: 0.001}, 		}),+		EventHandlerOperations: prometheus.NewCounterVec(+			prometheus.CounterOpts{+				Name: eventHandlerOperations,+				Help: "Total number of ResourceEventHandler operations by operation and object kind",

done

davecheney

comment created time in 4 days

pull request commentprojectcontour/contour

cmd/contour: Envoy Shutdown Manager

I think that’s technically v0.9.1 upstream, but for whatever reason go modules doesn’t want to use that version number and is reverting to the hash.

On 19 Feb 2020, at 11:57 am, James Peach notifications@github.com wrote:

@jpeach commented on this pull request.

In go.mod:

@@ -19,6 +19,7 @@ require ( github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect github.com/prometheus/client_golang v1.1.0 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4

  • github.com/prometheus/common v0.6.0

Yeh, there doesn't seem to be any version numbering consistency across these packages 🤷‍♂

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

stevesloka

comment created time in 4 days

issue commentprojectcontour/contour

Exposing more Envoy configuration knobs

I don’t know much, but I do know they tightly focused issues and PRs are easier to find agreement on and land.

On 19 Feb 2020, at 09:35, Tim Bart notifications@github.com wrote:

@davecheneyhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdavecheney&data=02|01|cheneyd%40vmware.com|a3e3166f0f36419f2a1e08d7b4c2e04e|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637176621393901682&sdata=6gkR6QU9Om59m%2BOzmU4Ihh4wOBWY08BMYmntoX%2FxZjg%3D&reserved=0 we’ve configured most of our timeouts to have a value of limit(annotationValue, 300s) with a drainTimeouthttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.envoyproxy.io%2Fdocs%2Fenvoy%2Flatest%2Fapi-v2%2Fconfig%2Ffilter%2Fnetwork%2Fhttp_connection_manager%2Fv2%2Fhttp_connection_manager.proto%23envoy-api-field-config-filter-network-http-connection-manager-v2-httpconnectionmanager-drain-timeout&data=02|01|cheneyd%40vmware.com|a3e3166f0f36419f2a1e08d7b4c2e04e|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637176621393901682&sdata=7cVLZQhcyeOSBfACPCgeWvlJ9Td3WbnJ%2BSm3VhmfoTE%3D&reserved=0 of 30s.

Let me know if you'd like to move this conversation to a dedicated issue. And we can close this one.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fprojectcontour%2Fcontour%2Fissues%2F2225%3Femail_source%3Dnotifications%26email_token%3DAAABYA2B47P6KX7KGP7DER3RDRPDNA5CNFSM4KUHPHJ2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMFTWSQ%23issuecomment-587938634&data=02|01|cheneyd%40vmware.com|a3e3166f0f36419f2a1e08d7b4c2e04e|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637176621393911676&sdata=fVGj3LwNkOddeKp1I1uaCLAN0W1MKq7xTyAIs4NwJfE%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAABYAYBD47SGCPWOPXDOYTRDRPDNANCNFSM4KUHPHJQ&data=02|01|cheneyd%40vmware.com|a3e3166f0f36419f2a1e08d7b4c2e04e|b39138ca3cee4b4aa4d6cd83d9dd62f0|0|0|637176621393911676&sdata=qirhtcaLoipnd3PjAJtMUI%2FhlitHvrhnISgBrSPbHa4%3D&reserved=0.

pims

comment created time in 5 days

issue commentprojectcontour/contour

Exposing more Envoy configuration knobs

@pims thanks for the information. What would be a good value for you?

pims

comment created time in 5 days

pull request commentprojectcontour/contour

Add kustomization.yaml

I’m afraid I don’t have any experience with kustomize so can only speak extemporaniously.

On 18 Feb 2020, at 6:16 pm, Alex SZAKALY notifications@github.com wrote:

@davecheney: Do you have any proposal? My idea:

• Optioan A: modify the script to write those 2 lines • Option B: move file into examples directory to and list all manifest in contour directory. I am little bit confused now. Your HTTP 302 points the same rendered file as l pointed in this PR. I am glad to modify it once we found the ideal solution

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

alex1989hu

comment created time in 5 days

push eventdavecheney/contour

Dave Cheney

commit sha f8c49e0904a7ecdeb83b774bc7e2b9e80cb6ca40

site: update metrics docs Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 5 days

push eventdavecheney/contour

Dave Cheney

commit sha a58a0e812e2e17869d395da64b2b63084e410201

internal/metrics: use Counter for EventHandler operations Signed-off-by: Dave Cheney <dave@cheney.net>

view details

Dave Cheney

commit sha 7c0a070d8bc2f66dcddcb0ea9457bce4db8359fb

site: update metrics docs Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 5 days

pull request commentprojectcontour/contour

internal/contour: record EventHandler operation metrics

ok, this is ready for another pass.

davecheney

comment created time in 5 days

Pull request review commentprojectcontour/contour

internal/contour: record EventHandler operation metrics

+---+name: 'contour_eventhandler_operation_total'+type: '[COUNTER](https://prometheus.io/docs/concepts/metric_types/#counter)'+labels: 'kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op, kind, op'

bugger

davecheney

comment created time in 5 days

push eventdavecheney/contour

Dave Cheney

commit sha ce383486b395642d0f1706155e2f4428a45a8292

site: update metrics docs Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 5 days

push eventdavecheney/contour

Dave Cheney

commit sha 40b4724a372a61bff78e5289e335635d2fe29d1e

internal/metrics: use Counter for EventHandler operations Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 5 days

push eventdavecheney/contour

Dave Cheney

commit sha d17c8e9b245444b4d009195d7d240a21ff2fed3c

internal/k8s: move dynamic client translation to k8s package Updates #2235 Contour 1.2.x is moving to the k8s dynamic client for deserialising Contour's CRD objects. To make #2244 easier to backport to Contour's 1.1 branch, which does not support the dynamic client, break this logic out into its own ResourceEventHandler wrapper which returns the current contour.EventHandler logic to Contour 1.1 spec. As a side effect, we only need to use the DynamicClientHandler wrapper in cases where we know the resources are coming from the DynamicClient. Specifically we don't need to use this path for Core.v1 and Extension objects. Also, we don't need to use the DynamicClientHandler wrapper in e2e/feature tests as there is no k8s API server connected to those tests -- we construct the final k8s object as a fixture and call contour.EventHandler.OnAdd/Update/Delete directly. Signed-off-by: Dave Cheney <dave@cheney.net>

view details

Dave Cheney

commit sha 7b6983e965bfda46e428c62e5145e761f0cf1927

internal/contour: record EventHandler operation metrics Fixes #2235 Introduce a new handler in the EventHandler chain which emits prometheus metrics for the various API operations and kinds observed from informers which sink to the EventHandler chain. Inserting the EventRecorded between the DynamicClientHandler and the EventHandler will make this PR easier to backport to Contour versions which don't use the dynamic client. Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 5 days

delete branch davecheney/contour

delete branch : unstructuredconverter

delete time in 5 days

push eventprojectcontour/contour

Dave Cheney

commit sha d17c8e9b245444b4d009195d7d240a21ff2fed3c

internal/k8s: move dynamic client translation to k8s package Updates #2235 Contour 1.2.x is moving to the k8s dynamic client for deserialising Contour's CRD objects. To make #2244 easier to backport to Contour's 1.1 branch, which does not support the dynamic client, break this logic out into its own ResourceEventHandler wrapper which returns the current contour.EventHandler logic to Contour 1.1 spec. As a side effect, we only need to use the DynamicClientHandler wrapper in cases where we know the resources are coming from the DynamicClient. Specifically we don't need to use this path for Core.v1 and Extension objects. Also, we don't need to use the DynamicClientHandler wrapper in e2e/feature tests as there is no k8s API server connected to those tests -- we construct the final k8s object as a fixture and call contour.EventHandler.OnAdd/Update/Delete directly. Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 5 days

PR merged projectcontour/contour

Reviewers
internal/k8s: move dynamic client translation to k8s package

Updates #2235

Contour 1.2.x is moving to the k8s dynamic client for deserialising Contour's CRD objects. To make #2244 easier to backport to Contour's 1.1 branch, which does not support the dynamic client, break this logic out into its own ResourceEventHandler wrapper which returns the current contour.EventHandler logic to Contour 1.1 spec.

As a side effect, we only need to use the DynamicClientHandler wrapper in cases where we know the resources are coming from the DynamicClient. Specifically we don't need to use this path for Core.v1 and Extension objects. Also, we don't need to use the DynamicClientHandler wrapper in e2e/feature tests as there is no k8s API server connected to those tests -- we construct the final k8s object as a fixture and call contour.EventHandler.OnAdd/Update/Delete directly.

Signed-off-by: Dave Cheney dave@cheney.net

+78 -48

1 comment

7 changed files

davecheney

pr closed time in 5 days

push eventdavecheney/contour

Dave Cheney

commit sha 22631bf6ef0334c6cb05d6f2817a1df736c90c38

internal/k8s: move dynamic client translation to k8s package Updates #2235 Contour 1.2.x is moving to the k8s dynamic client for deserialising Contour's CRD objects. To make #2244 easier to backport to Contour's 1.1 branch, which does not support the dynamic client, break this logic out into its own ResourceEventHandler wrapper which returns the current contour.EventHandler logic to Contour 1.1 spec. As a side effect, we only need to use the DynamicClientHandler wrapper in cases where we know the resources are coming from the DynamicClient. Specifically we don't need to use this path for Core.v1 and Extension objects. Also, we don't need to use the DynamicClientHandler wrapper in e2e/feature tests as there is no k8s API server connected to those tests -- we construct the final k8s object as a fixture and call contour.EventHandler.OnAdd/Update/Delete directly. Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 5 days

push eventdavecheney/contour

Dave Cheney

commit sha e9542e2390b5749542d38b4770b9c48055dbb8c5

internal/k8s: move dynamic client translation to k8s package Updates #2235 Contour 1.2.x is moving to the k8s dynamic client for deserialising Contour's CRD objects. To make #2244 easier to backport to Contour's 1.1 branch, which does not support the dynamic client, break this logic out into its own ResourceEventHandler wrapper which returns the current contour.EventHandler logic to Contour 1.1 spec. As a side effect, we only need to use the DynamicClientHandler wrapper in cases where we know the resources are coming from the DynamicClient. Specifically we don't need to use this path for Core.v1 and Extension objects. Also, we don't need to use the DynamicClientHandler wrapper in e2e/feature tests as there is no k8s API server connected to those tests -- we construct the final k8s object as a fixture and call contour.EventHandler.OnAdd/Update/Delete directly. Signed-off-by: Dave Cheney <dave@cheney.net>

view details

push time in 5 days

Pull request review commentprojectcontour/contour

internal/k8s: move dynamic client translation to k8s package

 package k8s  import ( 	"fmt"-	"reflect"  	ingressroutev1 "github.com/projectcontour/contour/apis/contour/v1beta1" 	projectcontour "github.com/projectcontour/contour/apis/projectcontour/v1"+	"github.com/sirupsen/logrus" 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" 	"k8s.io/apimachinery/pkg/runtime"+	"k8s.io/client-go/tools/cache" ) +// DynamicClientHandler converts *unstructured.Unstructured from the+// k8s dynamic client to the types registered with the supplied Converter+// and forwards them to the next Handler in the chain.+type DynamicClientHandler struct {++	// Next is the next handler in the chain.+	Next cache.ResourceEventHandler++	// Converter is the registered converter.+	Converter Converter++	Logger logrus.FieldLogger+}+

done

davecheney

comment created time in 5 days

PR opened projectcontour/contour

Reviewers
internal/k8s: move dynamic client translation to k8s package

Updates #2235

Contour 1.2.x is moving to the k8s dynamic client for deserialising Contour's CRD objects. To make #2244 easier to backport to Contour's 1.1 branch, which does not support the dynamic client, break this logic out into its own ResourceEventHandler wrapper which returns the current contour.EventHandler logic to Contour 1.1 spec.

As a side effect, we only need to use the DynamicClientHandler wrapper in cases where we know the resources are coming from the DynamicClient. Specifically we don't need to use this path for Core.v1 and Extension objects. Also, we don't need to use the DynamicClientHandler wrapper in e2e/feature tests as there is no k8s API server connected to those tests -- we construct the final k8s object as a fixture and call contour.EventHandler.OnAdd/Update/Delete directly.

Signed-off-by: Dave Cheney dave@cheney.net

+75 -48

0 comment

6 changed files

pr created time in 5 days

create barnchdavecheney/contour

branch : unstructuredconverter

created branch time in 5 days

Pull request review commentprojectcontour/contour

internal/contour: record EventHandler operation metrics

 func (m *Metrics) SetDAGLastRebuilt(ts time.Time) { 	m.dagRebuildGauge.WithLabelValues().Set(float64(ts.Unix())) } +// RecordOnAdd records a successful onAdd event for obj's kind.+func (m *Metrics) RecordOnAdd(obj interface{}) {+	m.recordOp("onAdd", obj)+}++// RecordOnUpdate records a successful onUpdate event for obj's kind.+func (m *Metrics) RecordOnUpdate(obj interface{}) {+	m.recordOp("onUpdate", obj)+}++// RecordOnDelete records a successful onDelete event for obj's kind.+func (m *Metrics) RecordOnDelete(obj interface{}) {+	m.recordOp("onDelete", obj)+}++func (m *Metrics) recordOp(op string, obj interface{}) {+	m.eventHandlerOperationGauge.WithLabelValues(op, getKind(obj)).Inc()+}++// getKind returns the obj's kind, or "unknown" if the object+// does not have a kind.+func getKind(obj interface{}) string {+	type typeMetaAccessor interface {+		GroupVersionKind() schema.GroupVersionKind+	}+	switch obj := obj.(type) {+	case typeMetaAccessor:+		gvk := obj.GroupVersionKind()+		kind := fmt.Sprintf("%s/%s%s", gvk.Group, gvk.Kind, gvk.Version)

I really f'ing hate the k8s client. Its inconsistencies are legion

davecheney

comment created time in 5 days

Pull request review commentprojectcontour/contour

internal/contour: record EventHandler operation metrics

 func (m *Metrics) SetDAGLastRebuilt(ts time.Time) { 	m.dagRebuildGauge.WithLabelValues().Set(float64(ts.Unix())) } +// RecordOnAdd records a successful onAdd event for obj's kind.+func (m *Metrics) RecordOnAdd(obj interface{}) {+	m.recordOp("onAdd", obj)+}++// RecordOnUpdate records a successful onUpdate event for obj's kind.+func (m *Metrics) RecordOnUpdate(obj interface{}) {+	m.recordOp("onUpdate", obj)+}++// RecordOnDelete records a successful onDelete event for obj's kind.+func (m *Metrics) RecordOnDelete(obj interface{}) {+	m.recordOp("onDelete", obj)+}++func (m *Metrics) recordOp(op string, obj interface{}) {+	m.eventHandlerOperationGauge.WithLabelValues(op, getKind(obj)).Inc()+}++// getKind returns the obj's kind, or "unknown" if the object+// does not have a kind.+func getKind(obj interface{}) string {

I've always been super frustrated that getting the group and kind of an object is hard in k8s. In the past I've worked around this with type assertions, but in this case I don't want to limit this to type assertions.

davecheney

comment created time in 5 days

Pull request review commentprojectcontour/contour

internal/contour: record EventHandler operation metrics

 type opDelete struct { }  func (e *EventHandler) OnAdd(obj interface{}) {+	e.Metrics.RecordOnAdd(obj)

yup, I can do that.

davecheney

comment created time in 5 days

Pull request review commentprojectcontour/contour

internal/contour: record EventHandler operation metrics

 func NewMetrics(registry *prometheus.Registry) *Metrics { 			Help:       "Histogram for the runtime of xDS cache regeneration.", 			Objectives: map[float64]float64{0.5: 0.05, 0.9: 0.01, 0.99: 0.001}, 		}),+		eventHandlerOperationGauge: prometheus.NewGaugeVec(+			prometheus.GaugeOpts{

I have several thoughts about this whole . I think for this change, following the pattern is better than being inconsistent or making a large stylistic change.

davecheney

comment created time in 5 days

Pull request review commentprojectcontour/contour

internal/contour: record EventHandler operation metrics

 func (m *Metrics) Zero() { 	m.SetIngressRouteMetric(zeroes) 	m.SetHTTPProxyMetric(zeroes) +	m.eventHandlerOperationGauge.WithLabelValues("onAdd", "unknown").Set(0)+	m.eventHandlerOperationGauge.WithLabelValues("onUpdate", "unknown").Set(0)+	m.eventHandlerOperationGauge.WithLabelValues("onDelete", "unknown").Set(0)

will do on both counts

davecheney

comment created time in 5 days

Pull request review commentprojectcontour/contour

internal/contour: record EventHandler operation metrics

 func (m *Metrics) SetDAGLastRebuilt(ts time.Time) { 	m.dagRebuildGauge.WithLabelValues().Set(float64(ts.Unix())) } +// RecordOnAdd records a successful onAdd event for obj's kind.+func (m *Metrics) RecordOnAdd(obj interface{}) {+	m.recordOp("onAdd", obj)+}++// RecordOnUpdate records a successful onUpdate event for obj's kind.+func (m *Metrics) RecordOnUpdate(obj interface{}) {+	m.recordOp("onUpdate", obj)+}++// RecordOnDelete records a successful onDelete event for obj's kind.+func (m *Metrics) RecordOnDelete(obj interface{}) {+	m.recordOp("onDelete", obj)+}++func (m *Metrics) recordOp(op string, obj interface{}) {+	m.eventHandlerOperationGauge.WithLabelValues(op, getKind(obj)).Inc()+}++// getKind returns the obj's kind, or "unknown" if the object+// does not have a kind.+func getKind(obj interface{}) string {+	type typeMetaAccessor interface {+		GroupVersionKind() schema.GroupVersionKind+	}+	switch obj := obj.(type) {+	case typeMetaAccessor:+		gvk := obj.GroupVersionKind()+		kind := fmt.Sprintf("%s/%s%s", gvk.Group, gvk.Kind, gvk.Version)

yeah, that looks like crap. What about group/version.kind ?

davecheney

comment created time in 5 days

pull request commentprojectcontour/contour

internal/contour: record EventHandler operation metrics

% curl -s 127.0.0.1:8000/metrics |  grep eventhandler
# HELP contour_eventhandler_operation_total Total number of eventHandler operations received by operation and object kind
# TYPE contour_eventhandler_operation_total gauge
contour_eventhandler_operation_total{kind="contour.heptio.com/IngressRoutev1beta1",op="onAdd"} 2
contour_eventhandler_operation_total{kind="contour.heptio.com/TLSCertificateDelegationv1beta1",op="onAdd"} 1
contour_eventhandler_operation_total{kind="projectcontour.io/HTTPProxyv1",op="onAdd"} 1
contour_eventhandler_operation_total{kind="unknown",op="onAdd"} 76
davecheney

comment created time in 5 days

PR opened projectcontour/contour

Reviewers
internal/contour: record EventHandler operation metrics

Fixes #2235

Record EventHandler metrics by operation and kind. Extracting the kind is very annoying and subtle because the kind is promoted to the object's type after the dynamic client unmarshals the object. By hooking into the ResourceEventHandler's callback early enough we can grab the object before the kind information is stripped.

This PR also records objects which land on the event handler which are not handled or do not have kind information as these consume cycles on the contour side and we probably want to reduce them over time.

Signed-off-by: Dave Cheney dave@cheney.net

+58 -0

0 comment

2 changed files

pr created time in 5 days

create barnchdavecheney/contour

branch : issue/2235

created branch time in 5 days

Pull request review commentprojectcontour/contour

Add support for service-apis types

 data: apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata:+  annotations:

That’s kinda obnoxious but c’est la vie

youngnick

comment created time in 6 days

issue commentprojectcontour/contour

internal/metrics: contour_dagrebuild_timestamp should not be defined as a GaugeVec

For clarity, the current metrics is a GuageVec, a Guage with a label dimension. However we define the current metric as a GuageVec with an empty slice of labels

https://github.com/projectcontour/contour/blob/master/internal/metrics/metrics.go#L167

and update the metrics with a blank label

https://github.com/projectcontour/contour/blob/master/internal/metrics/metrics.go#L223

We should just stop doing this.

davecheney

comment created time in 6 days

issue commentpkg/errors

Unwrap doesn't return the base error

Unwrap is just a wrapper around the stdlib errors package's Unwrap.

YassineE

comment created time in 6 days

more