upstream: add load_assigment field to Cluster

[dio]

upstream: add load_assigment field to CDS' Cluster

This patch introduces load_assigment field in CDS' Cluster.
This change specifically adds the implementation of the new load_assigment field
for clusters with discovery-type: STATIC, STRICT_DNS and LOGICAL_DNS.

Risk Level: medium.

Testing: unit tests.

Docs Changes:

• This unhides docs for endpoint health check config
• This adds docs for Cluster's load_assigment field.

Release Notes:

• upstream: added a new load_assigment field to CDS' Cluster.

Fixes #439

[zuercher]

Some small stuff, but that looks pretty good to me. Thanks for taking this on.

[zuercher]

From my reading of #439, the suggestion was to deprecate this field in favor of the endpoints field you added. Please add a comment on this field that says as much. Also, I believe hosts should have the [deprecated = true] annotation. (@mattklein123/@htuch is that right?)

You'll also need to add an entry in DEPRECATED.md.

[zuercher]

Also I think you can remove the [:not-implemented-hide:] tag on HealthCheckConfig in this change.

[zuercher]

I think you can remove from here down.

[zuercher]

This should describe endpoints as a required field for specifying members of STATIC, STRICT_DNS, or LOGICAL_DNS clusters and that it supersedes hosts. I would move discussion of per-member health check to a new section in docs/root/intro/arch_overview/health_checking.rst (basically saying you can configure some aspects of health check configuration on a per-member basis via HealthCheckConfig).

[zuercher]

Note that Cluster.hosts is deprecated.

[zuercher]

You can remove your TODO

[zuercher]

This isn't quite right (it allows an arbitrary number of hosts or endpoints as long as the other only has 1 element).

Maybe if ((endpoints.empty() && hosts.size() != 1) || endpoints.size() != 1)? That at least makes certain that the vector you'll use has exactly one element.

[zuercher]

You might consider some utility function to convert Cluster.hosts to endpoints (with default HealthCheckConfigs) that could be used here in and in the static and strict dns implementations. I'm not exactly sure where you'd put it, but I think it'll make the hosts/endpoints transition easier to maintain until hosts can be removed.

[zuercher]

Assign the result of tls_->getTyped<PerThreadCurrentHostData>() to local reference and then assign the fields.

[htuch]

Can you update the [#comment:next free field: 31] comment above?

[htuch]

I have a higher level API issue I'd like to raise if we're going to add this. From time-to-time, folks wonder if we can provide the full set of EDS capabilities embedded in a CDS response (i.e. in a Cluster). To do this, we would effectively need to have a LocalityLbEndpoints here, rather than repeated Endpoint. It would close one weird inconsistency in the Envoy API, where you can basically get all the behaviors with a static bootstrap config except for some EDS special ones (e.g. locality balancing). @mattklein123 for thoughts as well.

[dio]

@htuch @mattklein123 could we keep both of them ((core.Address) hosts and (endpoint.LocalityLbEndpoints) endpoints)?

Reason is, I'm not sure if it makes sense: by having hosts will be easier to digest for e.g. a newcomer like me. It's simple and the depth of the config is shallow for specifying cluster members "statically".

A config accommodating endpoint.LocalityLbEndpoints will be something like:

    endpoints:
      lb_endpoints:
      - endpoint:
          address:
            socket_address:
              address: localhost1
              port_value: 11001
          health_check_config:
            port_value: 8000

Which is not only deep but it also has that lb_endpoints. IMO, not super obvious at the first glance for defining cluster members statically.

[mattklein123]

Agree with @htuch that this is a good opportunity to fix this inconsistency. In general, I agree with @dio that the lb_endpoints construct is more confusing, however, we also optimize for machine generated config. My feeling is to support lb_endpoints, and just have a good example in the docs of a sample configuration. I think with that it should be pretty straightforward for people to use.

[dio]

Changed to LocalityLbEndpoints in e92c5e5.

About the docs (e.g. example in getting started etc), should I update it together in this PR or I can do that later?

[zuercher]

@htuch/@mattklein123 should it be repeated LocalityLbEndpoints as in eds?

[dio]

@htuch can we consider this, in EDS context, as a config update (onConfigUpdate)?

[htuch]

@dio not sure if I fully grok the question. Are you asking if we can use onConfigUpdate to process the ClusterLoadAssignment when embedded in a Cluster? If so, I don't think you use exactly that method, but you can factor out the logic to somewhere shared between EDS and Cluster load, sure, it's the same code in both cases.

[dio]

@htuch yes, I meant to take out the logic from eds and use that for other clusters.

I have another question, while refactoring the StaticClusterImpl, I failed to satisfy these conditions: https://github.com/envoyproxy/envoy/blob/master/test/common/upstream/upstream_impl_test.cc#L646-L648. Could you enlight me about those assertions a bit more (why they have to be zero)? Thanks!

[mattklein123]

@dio those assertions are just an artifact of the old code not supporting localities. If you add support the expectations are likely to change.

[htuch]

An interesting aspect of this PR is that we now support logical DNS in embedded ClusterLoadAssignments. This didn't use to work, we had a number of questions about this IIRC.

[zuercher]

nit: s/as/is/

[zuercher]

End the sentence after the LOGICAL_DNS reference. And then just "This field is deprecated. Set..."

[zuercher]

nit: remove the

[zuercher]

I think just "in the cluster can be" -- the HealtchCheckConfig applies to cluster members obtained via EDS as well.

[zuercher]

nit: remove "of each of them"

[zuercher]

@htuch/@mattklein123 should it be repeated LocalityLbEndpoints as in eds?

[htuch]

@dio friendly ping.

[dio]

@htuch sorry for the lag in here. I’ll try to update it today. 🙂

[htuch]

@dio sure, let me know when you'd like another pass.

[mattklein123]

@dio thanks this is really great. When we land this we will have lots of consistency. I added some comments from a first pass. I will take another pass once these are resolved.

Also, I would definitely call the regression risk on this change "medium." This is editing a lot of core/scary code and we should definitely give this a very thorough review.

[mattklein123]

"CDS assignments" -> "CDS static/DNS assignments"
"to have contained" -> "to contain"

[mattklein123]

"allows to use logical DNS for CDS" -> kind of confusing? Maybe word similarly to what I recommended in DEPRECATED.md?

[mattklein123]

maybe add "in the ... message ..." ? (Basically guide the user and link to where this would be defined as part of the load assignment?) An example would be even better. :)

[mattklein123]

Technically you are storing reference to temporary here.

[mattklein123]

nit: del newline

[mattklein123]

nit: del empty destructor.

[mattklein123]

I'm a little confused about why we need context_. Isn't locality_lb_endpoint and lb_endpoint effectively constant? Can't we just refer to them directly as constance references?

[mattklein123]

See my other comment. I'm a little confused why we need this class.

[mattklein123]

nit: del newline

[mattklein123]

In general, expectations like these don't add much test value since we aren't really testing any actual behavior. Can you instead convert to NiceMock<> so they don't error and then remove these expectations? (Same comment applies everywhere).

[dio]

@mattklein123 @htuch I think I have addressed all of the comments. PTAL, especially on how to "hold" the ref to load assignment data, currently I make a copy of it and I think I can force it to by-ref when we don't need to translate hosts() to load_assignment().

Also, I would definitely call the regression risk on this change "medium." This is editing a lot of core/scary code and we should definitely give this a very thorough review.

Yes, I'm thinking to add more tests. Do you think it's worth to split upstream_impl_test and put static and strict_dns to their own dedicated test files?

[htuch]

Can you update

envoy/api/envoy/api/v2/endpoint/endpoint.proto

Line 21 in 71c0fd6

// The upstream host address.

to indicate that the interpretation of the Address depends on the cluster type. For static, it will be expected to be a direct IP address (or something resolvable by the specified resolver in the Address). For logical/static DNS, it will be expected to be a hostname, resolved via DNS.

This is actually a bit more complicated thinking about it. See the wording at

envoy/api/envoy/api/v2/core/address.proto

Line 36 in 71c0fd6

// hostname to be resolved via DNS. If it is a hostname, :ref:`resolver_name

. I think we should try and get clear in the API (with some implementation TODOs) what the final relationship is going to be between the custom resolvers (which can apply to listener addresses as well, and act on port values/names) and the DNS resolvers for Clusters. @mattklein123 WDYT on this? Seems a rough edge in the API.

[mattklein123]

Yeah I don't know. That's a good question. Should we just say that custom resolvers can't be used at all with DNS discovery types and block it? I don't think it really makes sense and is confusing. If we do that, I think we can have error checking / error messages to guide people in the right direction...

[htuch]

This would be reasonable. I think if we had the custom resolvers able to operate async, and some hooks to detect DNS changes, we could replace the hardcoded DNS cluster types with just resolver extensions. But, moving the resolver extension model to be expressive enough and then plumbing this would be a fair chunk of work.

[htuch]

Looks good, some nice potential consolidation/generalization of the EDS behavior here. @alyssawilk probably should take a look w.r.t priority handling.

[htuch]

Is this code from eds.cc? Should there be some refactoring?

[alyssawilk]

If there is, I'd suggest pulling the refactor into its own PR - I'm leery of mixing large refactors and functional changes. I think pulling the eds code into its own reusuable class makes total sense but would be easier to consume as a standalone change.

[mattklein123]

Big +1 on multiple changes. @dio I think this change is great but the size/complexity is scaring me. Can we break up into multiple PRs? The first PRs can just be code movement / adding new utility classes? Then we can merge that PR into this one?

[dio]

While still missing some tests, I took out the utility class and refactor EDS here: #3783

[htuch]

Ditto.

[htuch]

Is there a test for this?

[alyssawilk]

If I were using the deprecated hosts I'd be really confused at Envoy throwing an error message about there needing to be a single lb_endpoint. I'd encourage switching on the configuration type so for we still have helpful error messages during the transition.

[htuch]

Can you add a comment explaining this is checked in the constructor (at config load time)?

[htuch]

registerHostForPriority?

[htuch]

Maybe add some comments explaining the contract/relationship between this and the above two methods.

[htuch]

initializePriorityFor?

[htuch]

Is this really used at runtime once state is loaded, or just as a temporary holding ground for priority/host/locality information prior to an update (via updateClusterPrioritySet)?

[alyssawilk]

+1 - this is going to be great for adding flexibility to backend config. At first pass I think I agree with htuch@ I'd like to avoid the code duplication from eds into upstream - I'll take another pass once we've decided if it's worth splitting this up or not.

[alyssawilk]

If I were using the deprecated hosts I'd be really confused at Envoy throwing an error message about there needing to be a single lb_endpoint. I'd encourage switching on the configuration type so for we still have helpful error messages during the transition.

[alyssawilk]

Do we comment what the PriorityState of a cluster is anywhere? I don't see comments on the typedef and I'd encourage explaining in a bit more depth here or there.

[alyssawilk]

If there is, I'd suggest pulling the refactor into its own PR - I'm leery of mixing large refactors and functional changes. I think pulling the eds code into its own reusuable class makes total sense but would be easier to consume as a standalone change.

[alyssawilk]

@htuch what's our policy on docs and deprecation? I'd be inclined to say when we deprecate a field we should update the relevant docs (i.e. updating use of hosts in v2_overview.html) so folks cribbing configuration will be cribbing the new way of doing things and not the deprecated way of doing things.

[htuch]

Ideally, yes.

[alyssawilk]

I think this line is untested. I think this PR might benefit from some tests aimed at PriorityStateManager - bounds checking, making sure it handles ill formed updates gracefully and has comments and ASSERTs for cases we believe can't be hit) etc. The decoupling of resizing and adding hosts with priorities, for example, makes me a bit concerned a future user might end up with out of bounds crashes so commenting up the functions could be helpful theer

[dio]

@mattklein123 @htuch @alyssawilk thank you for all the reviews! I will continue to work on this in the morning. Yes, I agree this is too big (the first intention was to allow adding custom HealthCheckConfig for each host, but it seems it evolved this far 😄). Seems like I'll create another PR to take out some utilities as @mattklein123 suggested.

Thanks!

[zuercher]

Should we close this in favor of replacement PRs in smaller chunks?

[dio]

@zuercher Yes, I'm closing it. Thanks for the reminder.

I have several tasks on my plate lately, will update again on weekend. Thanks!

[dio]

This PR is resurrected as #3864.