Add new tracing configuration

This commit is contained in:
Jorge Marey 2022-08-02 08:52:48 +02:00 committed by Jorge Marey
parent 70bb6a2abd
commit ed7b34128f
2 changed files with 70 additions and 1 deletions

View File

@ -27,6 +27,12 @@ type ProxyConfig struct {
// Note: This escape hatch is compatible with the discovery chain. // Note: This escape hatch is compatible with the discovery chain.
PublicListenerJSON string `mapstructure:"envoy_public_listener_json"` PublicListenerJSON string `mapstructure:"envoy_public_listener_json"`
// LstenerTracingJSON is a complete override ("escape hatch") for the
// listeners tracing configuration.
//
// Note: This escape hatch is compatible with the discovery chain.
LstenerTracingJSON string `mapstructure:"envoy_listener_tracing_json"`
// LocalClusterJSON is a complete override ("escape hatch") for the // LocalClusterJSON is a complete override ("escape hatch") for the
// local application cluster. // local application cluster.
// //

View File

@ -3,7 +3,6 @@ package xds
import ( import (
"errors" "errors"
"fmt" "fmt"
envoy_extensions_filters_listener_http_inspector_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/http_inspector/v3"
"net" "net"
"net/url" "net/url"
"regexp" "regexp"
@ -12,6 +11,8 @@ import (
"strings" "strings"
"time" "time"
envoy_extensions_filters_listener_http_inspector_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/http_inspector/v3"
envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
@ -107,6 +108,19 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
} }
} }
proxyCfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
if err != nil {
// Don't hard fail on a config typo, just warn. The parse func returns
// default config if there is an error so it's safe to continue.
s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
}
var tracing *envoy_http_v3.HttpConnectionManager_Tracing
if proxyCfg.LstenerTracingJSON != "" {
if tracing, err = makeTracingFromUserConfig(proxyCfg.LstenerTracingJSON); err != nil {
s.Logger.Warn("failed to parse LstenerTracingJSON config", "error", err)
}
}
for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain { for uid, chain := range cfgSnap.ConnectProxy.DiscoveryChain {
upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid] upstreamCfg := cfgSnap.ConnectProxy.UpstreamConfig[uid]
@ -153,6 +167,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
filterName: filterName, filterName: filterName,
protocol: cfg.Protocol, protocol: cfg.Protocol,
useRDS: useRDS, useRDS: useRDS,
tracing: tracing,
}) })
if err != nil { if err != nil {
return nil, err return nil, err
@ -178,6 +193,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
filterName: filterName, filterName: filterName,
protocol: cfg.Protocol, protocol: cfg.Protocol,
useRDS: useRDS, useRDS: useRDS,
tracing: tracing,
}) })
if err != nil { if err != nil {
return nil, err return nil, err
@ -249,6 +265,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
filterName: routeName, filterName: routeName,
protocol: svcConfig.Protocol, protocol: svcConfig.Protocol,
useRDS: true, useRDS: true,
tracing: tracing,
}) })
if err != nil { if err != nil {
return err return err
@ -265,6 +282,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
clusterName: clusterName, clusterName: clusterName,
filterName: clusterName, filterName: clusterName,
protocol: svcConfig.Protocol, protocol: svcConfig.Protocol,
tracing: tracing,
}) })
if err != nil { if err != nil {
return err return err
@ -376,6 +394,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
protocol: cfg.Protocol, protocol: cfg.Protocol,
useRDS: false, useRDS: false,
statPrefix: "upstream_peered.", statPrefix: "upstream_peered.",
tracing: tracing,
}) })
if err != nil { if err != nil {
return nil, err return nil, err
@ -533,6 +552,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg.
filterName: uid.EnvoyID(), filterName: uid.EnvoyID(),
routeName: uid.EnvoyID(), routeName: uid.EnvoyID(),
protocol: cfg.Protocol, protocol: cfg.Protocol,
tracing: tracing,
}) })
if err != nil { if err != nil {
return nil, err return nil, err
@ -1188,12 +1208,20 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot
l = makePortListener(name, addr, port, envoy_core_v3.TrafficDirection_INBOUND) l = makePortListener(name, addr, port, envoy_core_v3.TrafficDirection_INBOUND)
var tracing *envoy_http_v3.HttpConnectionManager_Tracing
if cfg.LstenerTracingJSON != "" {
if tracing, err = makeTracingFromUserConfig(cfg.LstenerTracingJSON); err != nil {
s.Logger.Warn("failed to parse LstenerTracingJSON config", "error", err)
}
}
filterOpts := listenerFilterOpts{ filterOpts := listenerFilterOpts{
protocol: cfg.Protocol, protocol: cfg.Protocol,
filterName: name, filterName: name,
routeName: name, routeName: name,
cluster: LocalAppClusterName, cluster: LocalAppClusterName,
requestTimeoutMs: cfg.LocalRequestTimeoutMs, requestTimeoutMs: cfg.LocalRequestTimeoutMs,
tracing: tracing,
} }
if useHTTPFilter { if useHTTPFilter {
filterOpts.httpAuthzFilter, err = makeRBACHTTPFilter( filterOpts.httpAuthzFilter, err = makeRBACHTTPFilter(
@ -1310,6 +1338,7 @@ func (s *ResourceGenerator) makeExposedCheckListener(cfgSnap *proxycfg.ConfigSna
statPrefix: "", statPrefix: "",
routePath: path.Path, routePath: path.Path,
httpAuthzFilter: nil, httpAuthzFilter: nil,
// in the exposed check listener de don't set the tracing configuration
} }
f, err := makeListenerFilter(opts) f, err := makeListenerFilter(opts)
if err != nil { if err != nil {
@ -1542,6 +1571,19 @@ func (s *ResourceGenerator) makeFilterChainTerminatingGateway(cfgSnap *proxycfg.
filterChain.Filters = append(filterChain.Filters, authFilter) filterChain.Filters = append(filterChain.Filters, authFilter)
} }
proxyCfg, err := ParseProxyConfig(cfgSnap.Proxy.Config)
if err != nil {
// Don't hard fail on a config typo, just warn. The parse func returns
// default config if there is an error so it's safe to continue.
s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err)
}
var tracing *envoy_http_v3.HttpConnectionManager_Tracing
if proxyCfg.LstenerTracingJSON != "" {
if tracing, err = makeTracingFromUserConfig(proxyCfg.LstenerTracingJSON); err != nil {
s.Logger.Warn("failed to parse LstenerTracingJSON config", "error", err)
}
}
// Lastly we setup the actual proxying component. For L4 this is a straight // Lastly we setup the actual proxying component. For L4 this is a straight
// tcp proxy. For L7 this is a very hands-off HTTP proxy just to inject an // tcp proxy. For L7 this is a very hands-off HTTP proxy just to inject an
// HTTP filter to do intention checks here instead. // HTTP filter to do intention checks here instead.
@ -1552,6 +1594,7 @@ func (s *ResourceGenerator) makeFilterChainTerminatingGateway(cfgSnap *proxycfg.
cluster: tgtwyOpts.cluster, cluster: tgtwyOpts.cluster,
statPrefix: "upstream.", statPrefix: "upstream.",
routePath: "", routePath: "",
tracing: tracing,
} }
if useHTTPFilter { if useHTTPFilter {
@ -1798,6 +1841,7 @@ type filterChainOpts struct {
statPrefix string statPrefix string
forwardClientDetails bool forwardClientDetails bool
forwardClientPolicy envoy_http_v3.HttpConnectionManager_ForwardClientCertDetails forwardClientPolicy envoy_http_v3.HttpConnectionManager_ForwardClientCertDetails
tracing *envoy_http_v3.HttpConnectionManager_Tracing
} }
func (s *ResourceGenerator) makeUpstreamFilterChain(opts filterChainOpts) (*envoy_listener_v3.FilterChain, error) { func (s *ResourceGenerator) makeUpstreamFilterChain(opts filterChainOpts) (*envoy_listener_v3.FilterChain, error) {
@ -1813,6 +1857,7 @@ func (s *ResourceGenerator) makeUpstreamFilterChain(opts filterChainOpts) (*envo
statPrefix: opts.statPrefix, statPrefix: opts.statPrefix,
forwardClientDetails: opts.forwardClientDetails, forwardClientDetails: opts.forwardClientDetails,
forwardClientPolicy: opts.forwardClientPolicy, forwardClientPolicy: opts.forwardClientPolicy,
tracing: opts.tracing,
}) })
if err != nil { if err != nil {
return nil, err return nil, err
@ -1955,6 +2000,7 @@ type listenerFilterOpts struct {
httpAuthzFilter *envoy_http_v3.HttpFilter httpAuthzFilter *envoy_http_v3.HttpFilter
forwardClientDetails bool forwardClientDetails bool
forwardClientPolicy envoy_http_v3.HttpConnectionManager_ForwardClientCertDetails forwardClientPolicy envoy_http_v3.HttpConnectionManager_ForwardClientCertDetails
tracing *envoy_http_v3.HttpConnectionManager_Tracing
} }
func makeListenerFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error) { func makeListenerFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error) {
@ -2014,6 +2060,19 @@ func makeStatPrefix(prefix, filterName string) string {
return fmt.Sprintf("%s%s", prefix, strings.Replace(filterName, ":", "_", -1)) return fmt.Sprintf("%s%s", prefix, strings.Replace(filterName, ":", "_", -1))
} }
func makeTracingFromUserConfig(configJSON string) (*envoy_http_v3.HttpConnectionManager_Tracing, error) {
// Type field is present so decode it as a any.Any
var any any.Any
if err := jsonpb.UnmarshalString(configJSON, &any); err != nil {
return nil, err
}
var t envoy_http_v3.HttpConnectionManager_Tracing
if err := proto.Unmarshal(any.Value, &t); err != nil {
return nil, err
}
return &t, nil
}
func makeHTTPFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error) { func makeHTTPFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error) {
router, err := makeEnvoyHTTPFilter("envoy.filters.http.router", &envoy_http_router_v3.Router{}) router, err := makeEnvoyHTTPFilter("envoy.filters.http.router", &envoy_http_router_v3.Router{})
if err != nil { if err != nil {
@ -2034,6 +2093,10 @@ func makeHTTPFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error)
}, },
} }
if opts.tracing != nil {
cfg.Tracing = opts.tracing
}
if opts.useRDS { if opts.useRDS {
if opts.cluster != "" { if opts.cluster != "" {
return nil, fmt.Errorf("cannot specify cluster name when using RDS") return nil, fmt.Errorf("cannot specify cluster name when using RDS")