extension: Add stateful session extension

[wbpcode]

Commit Message: "extension: new extensions for stateful session sticky"
Additional Description:

PR after #17848 ##17290.

In the #17290, we added new cross priority host map for fast host searching.
In the #17848, we extend LoadBalancerContext interface to provide override host and select upstream host by the override host.

Finally, in this PR, we expanded a new API to allow users to extract the state of the session from the request, and change the result of load balancing by setting the override host value.

Related doc: https://docs.google.com/document/d/1IU4b76AgOXijNa4sew1gfBfSiOMbZNiEt5Dhis8QpYg/edit?usp=sharing

Risk Level: Mid.
Testing: Added.
Docs Changes: Waiting.
Release Notes: Waiting.
Platform Specific Features: N/A.

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/envoy/.
envoyproxy/api-shepherds assignee is @adisuissa
CC @envoyproxy/api-watchers: FYI only for changes made to api/envoy/.

🐱

Caused by: #18207 was opened by wbpcode.

see: more, trace.

[wbpcode]

cc @mattklein123 @snowp

[wbpcode]

Some problems to be solved:

🤔 Should this new API route level or filter level ? In the current implementation, the new API is at the filter level, which is part of the router filter API. But should it be part of the route?

🤔 I added a new extension to support different types of session state, and provide cookie based session state as a basic implementation, which requires the support of maintainer.

[zuercher]

Thanks for taking this on.

I wonder if we'd be better off putting most of the stateful session implementation in an http filter? Certainly the cookie lookup and generation could be done there. We'd need a way for the session filter to pass an OverrideHost (or equivalent) to the LoadBalancerContext implementation in the router filter. We already have FilterState and dynamic metadata available in StreamInfo or we could introduce a method in Stream[Encoder]FilterCallbacks.

The advantage to using a separate filter would be to reuse the existing implementation of the route's typed_per_filter_config to allow stateful sessions to be enabled/disabled per route (and perhaps even to allow more advanced config difference across routes, like altering the allowed health or even the cookie name).

@snowp do you have any opinions on this?

(I added some grammar-related review comments below, but those are absolutely lower priority than this discussion. I just didn't want to lose track of them.)

[wbpcode]

The advantage to using a separate filter would be to reuse the existing implementation of the route's typed_per_filter_config to allow stateful sessions to be enabled/disabled per route (and perhaps even to allow more advanced config difference across routes, like altering the allowed health or even the cookie name).

Sounds great.

[wbpcode]

I agree with @zuercher 's opinion. But still waiting for @snowp 's feedback before revising this PR.

Also, it looks like the commit from the code review won't pass the DCO, so I might need a force push afterwards.

[snowp]

+1 from me if we can easily implement this as a filter + FS, I think that would make it easier to use this feature in various creative ways vs it being specifically for stateful load balancing

[wbpcode]

+1 from me if we can easily implement this as a filter + FS, I think that would make it easier to use this feature in various creative ways vs it being specifically for stateful load balancing

@snowp

Yes, based on this function, we can do more hacks on load balancing. If we hope that override host can have more various creative ways, will the filter + new StreamDecoderFilterCallbacks interface be better? In this way, our Router does not need to perceive the FS key and other developers can develop other filters according to their needs.

[wbpcode]

@zuercher Hi, I completed the refactoring of this PR. Now, I use a http filter to implement stateful session which gives us two new extensions.
Although they all are simple extensions, according to the requirements of the new extension, we should still need at least one maintainer to support it. Do you have extra free time to help me improve these extensions?

[zuercher]

Overall I think this looks pretty good. I took a first pass of comments below.

Unortunately, I don't have the bandwidth to take on maintainer-ship of this feature.

[wbpcode]

@zuercher Thanks for your detailed code review 🌹 . I will find a maintainer to help me sponsor this feature.

[htuch]

@wbpcode any progress here on finding an appropriate maintainer sponsor? Wondering if we should close this out or move forward with review.

[wbpcode]

@wbpcode any progress here on finding an appropriate maintainer sponsor? Wondering if we should close this out or move forward with review.

There is currently no clear progress. May be we can close this temporarily. If there is result later, I will reopen this PR. I still want to land this feature eventually.

[dio]

@htuch I would like to help (sponsoring) with this if that is not a problem. @wbpcode, let's do this!

[wbpcode]

@dio Thanks, dio, thanks 🌷. I will update this PR this Friday.

[htuch]

@zuercher since you've already been looking at this, assigning your way for senior maintainer approval/merge. Thanks.

[zuercher]

I wonder if we should include a note in this documentation that this type of sticky session is an anti-pattern and that operators should avoid using this feature when possible?

[wbpcode]

I think this function is not that special, and there are similar functions among other proxies. But I can add a note to let users use this feature with caution.

Similar function in other proxy: https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#enabling-session-persistence

[zuercher]

Let's add it. Something like:

.. note::

 Stateful sessions can result in imbalanced load across upstreams and allow external actors to direct requests to
 specific upstream hosts. Operators should carefully consider the security and reliability implications of stateful 
 sessions before enabling this feature.

[wbpcode]

Thanks for your detailed review. @zuercher

[zuercher]

Thanks. I think the code is good -- just some details to finish off.

[zuercher]

Sorry, this one as well.

Suggested change

	/*/extensions/http/stateful_session/cookie @wbpcode @dio @zuercher
	/*/extensions/http/stateful_session/cookie @wbpcode @dio

[wbpcode]

sorry, it's my negligence.

[zuercher]

Let's add it. Something like:

.. note::

 Stateful sessions can result in imbalanced load across upstreams and allow external actors to direct requests to
 specific upstream hosts. Operators should carefully consider the security and reliability implications of stateful 
 sessions before enabling this feature.

[wbpcode]

So may be this can be merged now ? cc @dio cc @zuercher cc @htuch

I think these were all addressed.

[zuercher]

@dio can you look at what's changed since your approval and if you're happy, go ahead and merge.

[wbpcode]

Hi, @dio , can you take a look again when you have free time? Thanks. 🌷

[dio]

Looks good! Thanks, @zuercher, @wbpcode!