conn_pool: add upstream_rq_active_overflow to distinguish max_requests CB from max_pending_requests CB#18
Closed
fl0Lec wants to merge 2276 commits into
Closed
conn_pool: add upstream_rq_active_overflow to distinguish max_requests CB from max_pending_requests CB#18fl0Lec wants to merge 2276 commits into
fl0Lec wants to merge 2276 commits into
Conversation
Bumps [actions/stale](https://github.com/actions/stale) from 10.1.1 to 10.2.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@9971854...b5d41d4) --- updated-dependencies: - dependency-name: actions/stale dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit e25df71)
Bumps [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) from 1.36.0 to 1.37.0. - [Release notes](https://github.com/envoyproxy/go-control-plane/releases) - [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md) - [Commits](envoyproxy/go-control-plane@envoy/v1.36.0...envoy/v1.37.0) --- updated-dependencies: - dependency-name: github.com/envoyproxy/go-control-plane/envoy dependency-version: 1.37.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 892268d)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.2 to 4.8.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@3c4e3dc...05fe457) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.8.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 85de030)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.0 to 4.32.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b20883b...89a39a4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 3aeab26)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.3 to 8.0.0. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4.1.3...v8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 44689b2)
Bumps [setuptools](https://github.com/pypa/setuptools) from 80.10.2 to 82.0.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v80.10.2...v82.0.0) --- updated-dependencies: - dependency-name: setuptools dependency-version: 82.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 2a64eed)
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 6.33.5 to 7.34.0. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Commits](https://github.com/protocolbuffers/protobuf/commits) --- updated-dependencies: - dependency-name: protobuf dependency-version: 7.34.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit dcb5c40)
Bumps [slack-sdk](https://github.com/slackapi/python-slack-sdk) from 3.39.0 to 3.40.1. - [Release notes](https://github.com/slackapi/python-slack-sdk/releases) - [Commits](slackapi/python-slack-sdk@v3.39.0...v3.40.1) --- updated-dependencies: - dependency-name: slack-sdk dependency-version: 3.40.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 3474773)
Bumps [icalendar](https://github.com/collective/icalendar) from 6.3.2 to 7.0.2. - [Release notes](https://github.com/collective/icalendar/releases) - [Changelog](https://github.com/collective/icalendar/blob/main/CHANGES.rst) - [Commits](collective/icalendar@v6.3.2...v7.0.2) --- updated-dependencies: - dependency-name: icalendar dependency-version: 7.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit efa0d24)
tested wf breakout from envoyproxy#43605 renames wfs for consistency (android tests etc are soon going to be ~merged into Mobile/Android eg) Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
…nvoyproxy#43575) <!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) !!!ATTENTION!!! Please check the [use of generative AI policy](https://github.com/envoyproxy/envoy/blob/main/CONTRIBUTING.md?plain=1#L41). You may use generative AI only if you fully understand the code. You need to disclose this usage in the PR description to ensure transparency. --> Commit Message: mcp: Support session negotiation in McpJsonRestBridge HTTP filter. Additional Description: Handle initialized, notification initialize Risk Level: Medium Testing: unit test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] API submitted in envoyproxy#43400 --------- Signed-off-by: Yilin Guo <guoyilin@google.com>
Commit Message: dym skd: add on destory event hook Additional Description: Risk Level: Testing: Docs Changes: Release Notes: Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] Signed-off-by: wbpcode/wangbaiping <wbphub@gmail.com>
…ig (envoyproxy#43522) Commit Message: watch-dog: fix worker-thread watch-dog threads using main-thread config Additional Description: In PR envoyproxy#30896 the watchdog instantiation was refactored, and a bug was introduced where both the main thread's and the worker threads' watch-dogs are configured [using the main-thread's config](https://github.com/envoyproxy/envoy/pull/30896/changes#diff-a39ff317d26d008f20bca53f5e3f4e171d169a5702f82409ca941bddaac46064L781-L784). This PR fixes the issue by passing the correct configuration. Risk Level: Medium - may change the behavior of systems where worker-threads' watch-dogs will trigger. Testing: Added unit and integration tests. Docs Changes: N/A Release Notes: Added. Platform Specific Features: N/A Runtime guard: Added `envoy.restart_features.worker_threads_watchdog_fix` that can temporarily disable the fix. --------- Signed-off-by: Adi Suissa-Peleg <adip@google.com>
…nvoyproxy#43392) ### Description: PR envoyproxy#33192 refactored SRDS to use a `SrdsFactory` interface for decoupling, but inadvertently changed the `init_manager` passed to `ScopedRoutesConfigProviderUtil::create()` from the listener-level init_manager to the server-level init_manager. When a listener with SRDS arrives via LDS after the server init_manager has already reached the `Initialized` state, the SRDS init target is silently discarded in release builds, and the SRDS subscription never starts. The fix adds an `Init::Manager&` parameter to `SrdsFactory::createConfigProvider()` and passes the listener's init_manager from the HCM config constructor, restoring the correct behavior that existed before PR envoyproxy#33192 and matching how RDS handles init_manager propagation. AI-assisted: Claude opus-4.6 was used to help write the unit test and PR description. The fix itself and root cause analysis were done manually. ### Risk Level: Low ### Testing: - `//test/common/router:scoped_rds_test` PASSED - `//test/extensions/filters/network/http_connection_manager:config_test` PASSED - `//test/integration:scoped_rds_integration_test` PASSED - Higress kind cluster integration test with Delta xDS + SRDS PASSED ### Docs Changes: N/A ### Release Notes: N/A ### Platform Specific Features: N/A --------- Signed-off-by: jingze <daijingze.djz@alibaba-inc.com> Signed-off-by: Jingze <52855280+Jing-ze@users.noreply.github.com>
Commit Message: This future-proofs Envoy and is needed to keep it building with later versions of BoringSSL. BoringSSL plans to const-correct these APIs and making ASN1_STRING opaque, in order to unblock some memory usage improvements in X509. See also http://github.com/envoyproxy/envoy/pull/41022 for more details. This PR has no behavior change. It is purely to fix some const issues in Envoy. Additional Description: Risk Level: none Testing: CI checks it compiles Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a Signed-off-by: David Benjamin <davidben@google.com>
Follow up on envoyproxy#43673 Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
adding downstreamSslConnection to have 1:1 matching with Lua features Commit Message: adding downstreamSslConnection to have 1:1 matching with Lua features Additional Description: Risk Level: Low Testing: Integration test Docs Changes: No Release Notes: Yes Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Florent Lecoultre <florent.lecoultre@datadoghq.com>
…st (envoyproxy#43691) Commit Message: use a common test setup function in ext_authz_http_impl_test.cc Additional Description: `std::make_shared()` is often marked `[[nodiscard]]`, so using it as a statement without checking its value may lead to compilation warnings. `createConfig()` is already present and conveniently does the right things, so we may as well use it. Risk Level: none Testing: ran the test being modified Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a Signed-off-by: Eugene Chan <eugenechan@google.com>
…ommands (envoyproxy#42915) Fixes: envoyproxy#43396 Commit Message: grpc access logs: include passed in command parsers when validating commands Additional Description: Risk Level: Testing: Docs Changes: Release Notes: Platform Specific Features: Fixes listener initializing errors when using custom tag substitution for dns filter logs. > delta config for type.googleapis.com/envoy.config.listener.v3.Listener rejected: Error adding/updating listener(s) listener: Not supported field in StreamInfo: QUERY_NAME --------- Signed-off-by: Anton Kanugalawattage <antondilon@gmail.com> Co-authored-by: Wesley Hung <whung@palantir.com>
…envoyproxy#43701) Commit Message: dym: improve the stream callout to handle the reset on initialization Additional Description: In the previous implementation, the reset on initialization will be propagate to module by event hook and the status of `startHttpStream` will be `Success`. In the new implementation, all failures on initialization will not trigger the event hook but will result in error status of `startHttpStream`. The failure on initialization is very tricky and hard to process in practice of Envoy extension. It's hard to change current implementation of Envoy because it's used everywhere, but we still have chance to make the better usability for dynamic module. Risk Level: low. Testing: unit. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. Signed-off-by: wbpcode/wangbaiping <wbphub@gmail.com>
…connection IDs attempted (envoyproxy#43215) Adds new access log formatters to track all upstream hosts and connection IDs attempted during request processing: - `%UPSTREAM_HOSTS_ATTEMPTED%` - Comma-separated list of upstream host addresses (ip:port) - `%UPSTREAM_HOSTS_ATTEMPTED_WITHOUT_PORT%` - Upstream host addresses without port - `%UPSTREAM_HOST_NAMES_ATTEMPTED%` - Upstream host names - `%UPSTREAM_HOST_NAMES_ATTEMPTED_WITHOUT_PORT%` - Upstream host names without port - `%UPSTREAM_CONNECTION_IDS_ATTEMPTED%` - Connection IDs used during request processing Extended `StreamInfo::UpstreamInfo` interface with methods to track attempted hosts and connection IDs. Implemented tracking in HTTP router, TCP proxy, and UDP proxy. __Risk Level:__ Low __Testing:__ Unit tests added for all new formatters. Mocks updated for new interface methods. __Docs Changes:__ Updated `docs/root/configuration/advanced/substitution_formatter.rst` with documentation for all new formatters. __Release Notes:__ Added entry in `changelogs/current.yaml`. __Platform Specific Features:__ N/A --------- Signed-off-by: Issa Abu Kalbein <iabukalbein@microsoft.com> Signed-off-by: Issa Abu Kalbein <86603440+IssaAbuKalbein@users.noreply.github.com> Co-authored-by: Issa Abu Kalbein <iabukalbein@microsoft.com>
…oxy#43614) <!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) !!!ATTENTION!!! Please check the [use of generative AI policy](https://github.com/envoyproxy/envoy/blob/main/CONTRIBUTING.md?plain=1#L41). You may use generative AI only if you fully understand the code. You need to disclose this usage in the PR description to ensure transparency. --> Commit Message: Tenant ID from reverse tunnel handshake validation support added in upstream reverse tunnel. Additional Description: Risk Level: Testing: Docs Changes: Release Notes: Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Krishna Sharma <krishnagpl2001@gmail.com>
…37 behavior under Protobuf 30+) (envoyproxy#43508) Commit Message: Envoy 1.37.0 updated protobuf from 29.3 to 33.2. That dependency change altered debug-string output semantics and broke behavior that worked in 1.36.x for ext_proc consumers parsing `xds.virtual_host_metadata`. This behavior change was introduced in envoyproxy#42435 and envoyproxy#42827. This PR switches message serialization from debug-string APIs to protobuf text-format APIs so message-valued CEL attributes are machine-parseable again, as recommended by protobuf programming guides. https://protobuf.dev/programming-guides/deserialize-debug **What broke in 1.37.0** - In both 1.36.x and 1.37.0, message-valued CEL results were stringified via ShortDebugString(). - In 1.36.x (protobuf 29.3), that output was parseable. - In 1.37.0 (protobuf 33.2), debug strings are now prefixed with `goo.gle/debugonly` / `goo.gle/debugstr`, which is intentionally non-parseable as textproto. - Result: ext_proc implementations that parse `xds.virtual_host_metadata` as textproto started failing after upgrading to 1.37.0. **Note**: xds metadata attributes in ext_proc requests are **not diagnostic log fields**; they are machine-to-machine payload data consumed by external processors. External processors parse these values to make policy and routing decisions, so serialization must be stable and machine-readable by standard protobuf tooling. `DebugString` is a diagnostic format with no compatibility contract, and in protobuf 30+ it may include `goo.gle/debug...` prefixes that intentionally break parsing. For this path, protobuf `TextFormat` is the correct format, not debug serialization. **Example** Given virtual host metadata: ```yaml { "metadata": { "filterMetadata": { "envoy-gateway": { "resources": [ { "kind": "Gateway", "name": "eg", "namespace": "default", "sectionName": "http" } ] } } } } ``` Before (1.37.0 + protobuf 30+ path), ext_proc may receive: `goo.gle/debugonly filter_metadata { key: "envoy-gateway" value { ... } }` Parsing fails at token 1. After this PR: `filter_metadata { key: "envoy-gateway" value { ... } }` This is protobuf text format and parses via TextFormat::ParseFromString(...). **Compatibility notes** - This restores 1.36.x-like effective behavior for ext_proc users (parseable metadata strings), while using the correct serialization API. - Minor formatting differences vs 1.36.x debug output are possible (whitespace/order), but output is now stable machine-readable textproto. - Scope includes other call sites using Expr::print(...) for message-valued CEL results (for example rate-limit descriptor CEL stringification). Additional Description: Risk Level: low Testing: unit and integration test Docs Changes: Release Notes: yes Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit envoyproxy#43466] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
…th buffered body (envoyproxy#43663) Commit Message: dym module: new ABI to check whether the new received body is same with buffered body Additional Description: With the ABI, we needn't to check the buffer chunks to determine whether the received body is same with the buffered body. Risk Level: low. Testing: unit. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wbpcode/wangbaiping <wbphub@gmail.com>
…addresses (envoyproxy#43653) Commit Message: Hot restart socket handoff fails when a listener has `network_namespace_filepath` configured. The `PassListenSocket` request only carries the address string (e.g. `tcp://0.0.0.0:80`), the network namespace is lost. On the parent side, `resolveUrl` produces an address with `networkNamespace() == nullopt`, which never matches the listener's namespaced address (since `operator==` checks namespace equality). The result is `fd == -1`, the child falls back to binding a new socket, breaking handoff. This PR fixes it by passing the network namespace hot restart socket handoff path in child and parent handling. Risk Level: Low, only affects listeners with `network_namespace_filepath` set, which were already broken during hot restart. Testing: Updated and added unit tests in `hot_restarting_parent_test.cc` covering namespace match, mismatch, and mixed (namespace vs no-namespace) cases. Docs Changes: Updated Changelog Release Notes: NA Platform Specific Features: NA --------- Signed-off-by: Ronak Jain <ronakjainc@gmail.com>
…nvoyproxy#43697) Fixes a crash introduced by envoyproxy#43346. When a thread-aware load balancer is initialized mid-batch, the per-priority panic tracking vectors have not been resized yet because the batch member update callback hasn't fired. This causes an out-of-bounds read during the LB refresh loop. 1. Process any dirty priorities to properly size vectors if the load balancer is initialized mid-batch. 2. Add a bounds check `ASSERT` to prevent silent out-of-bounds bit vector reads. 3. Add an initialization regression test to prevent this pattern from breaking in the future. Commit Message: Additional Description: Risk Level: low (already guarded by `envoy.reloadable_features.coalesce_lb_rebuilds_on_batch_update`). Testing: Docs Changes: Release Notes: Signed-off-by: Boteng Yao <boteng@google.com>
) Commit Message: dynamic_modules: support for statically linked modules Additional Description: This commit allows statically linked dynamic modules though in that case it is not really a "dynamic". This allows downstream users who build their own Envoy binary to statically link their modules using bazel natively. This will also set the foundation for our discussed direction of the project: allowing new core extensions written as a dynamic module. The idea is that these statically linked modules must prefix Envoy->DM callbacks (envoy_dynamic_module_on_*) with their own module names, and at the dynamic_modules loading phase, Envoy try to find the init symbol like foo_envoy_dynamic_module_on_init. If found, it is a statically linked module, and otherwise it will try to load the shared library normally. Since this functionality is very low-level and not available for normal end users (i.e. anyone using official binaries), i intentionally did not add the release note. Risk Level: low Testing: done Docs Changes: n/a Release Notes: n/a Platform Specific Features: --------- Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
…43648) Commit Message: sds: reduce copy of a structure by returning a const-ref Additional Description: Internal refactor to return a const-ref instead of a copy in the `secretData()` method. Risk Level: low - internal change Testing: N/A Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Adi Suissa-Peleg <adip@google.com>
…fo() (envoyproxy#44068) Commit Message: http: prefer to return reference rather than shared ptr for clusterInfo() Additional Description: See envoyproxy#44025 for more detail. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wbpcode/wangbaiping <wbphub@gmail.com>
…hain (envoyproxy#44034) Adding some debug logs when inject data into filter chain --------- Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
…voyproxy#43315) Signed-off-by: nick <nickshokri@google.com> Signed-off-by: Kuat <kyessenov@users.noreply.github.com> Co-authored-by: Kuat <kyessenov@users.noreply.github.com>
<!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) !!!ATTENTION!!! Please check the [use of generative AI policy](https://github.com/envoyproxy/envoy/blob/main/CONTRIBUTING.md?plain=1#L41). You may use generative AI only if you fully understand the code. You need to disclose this usage in the PR description to ensure transparency. --> Commit Message: Additional Description: Risk Level: Testing: Docs Changes: Release Notes: Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: tyxia <tyxia@google.com>
…43647) ## Description --- **Commit Message:** dynamic_modules: add generic accessors for access logger **Additional Description:** **Risk Level:** Low **Testing:** CI **Docs Changes:** Added **Release Notes:** N/A --------- Signed-off-by: Rohit Agrawal <rohit.agrawal@databricks.com>
…ompressing (envoyproxy#43755) **Commit Message:** compressor: add weaken_etag_on_compress to weaken strong ETags when compressing **Additional Description:** Adds a new option ``weaken_etag_on_compress`` to the compressor filter's ``response_direction_config``. When enabled, strong ``ETag`` response headers are weakened by prepending ``W/`` to the value (e.g. ``"abc123"`` becomes ``W/"abc123"``) instead of being removed when compression is applied. Weak ETags (already starting with ``W/``) are left unchanged. This allows caches and conditional requests to keep working while indicating that the representation was modified by compression, matching behavior used in other proxies (e.g. Varnish). The default remains ``false``, preserving existing behavior (strong ETags are removed when compressing). Fixes envoyproxy#35152 Signed-off-by: Rafael Antunes <rafael.gaspar@me.com>
…proxy#44106) It was removed somewhere between 1.18 and 1.19. Signed-off-by: Ian Kerins <git@isk.haus>
) Commit Message: dym: make metrics ID inner field publish for test/debug Additional Description: Otherwise, we cannot mock the logic with the metrics ID without using transmute unsage stuff Risk Level: n/a Testing: n/a Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
…nvoyproxy#43938) Commit Message: stream info: return reference rather than copy of shared pointer Additional Description: See envoyproxy#44025 This pr update previous `route()` as `routeSharedPtr()` and add a new `route()` which will return `OptRef<const Route>`. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wbpcode/wangbaiping <wbphub@gmail.com>
Commit Message: Add enriching metadata for HDS response Additional Description: This adds a new field to store metadata in HDS response where we can serve more rich information back to the control plane. Currently, only HealthStatus is provided to the endpoint status Risk Level: low Testing: done Docs Changes: done in API Release Notes: Platform Specific Features: n/a --------- Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
…y#44026) Commit Message: xds: update trace log to only print non-nullptr exceptions Additional Description: Upon an xDS-error, trace-logs output the exception details. However there are a few cases where an exception is created with nullptr passed. This PR introduces defensive coding in the cases where the exception details are printed out to the trace logs. Risk Level: low - only trace-logs are impacted Testing: Added unit test to avoid regression in this case. Docs Changes: N/A Release Notes: N/A - not user facing (trace logs) Platform Specific Features: N/A --------- Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
Commit Message: dym: make EnvoyBuffer easier to use in test Additional Description: Risk Level: none (only impacts unit tests with mocks) Testing: done Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a --------- Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com>
<!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) !!!ATTENTION!!! Please check the [use of generative AI policy](https://github.com/envoyproxy/envoy/blob/main/CONTRIBUTING.md?plain=1#L41). You may use generative AI only if you fully understand the code. You need to disclose this usage in the PR description to ensure transparency. --> Commit Message: refactor: upstream host override struct Additional Description: Refactor is required for a subsequent change proposed to add a status to return if strict destination is missing. Risk Level: Low (internal refactor) Testing: Unit tests Docs Changes: No Release Notes: No Related envoyproxy#42686 --------- Signed-off-by: Rudrakh Panigrahi <rudrakh97@gmail.com>
Signed-off-by: wbpcode/wangbaiping <wbphub@gmail.com>
…oxy#44143) Signed-off-by: Hossein Sokhandan <iamsokhandan@gmail.com>
Commit Message: config_dump: use new clusters iterator Additional Description: Prior to this PR the config dump created a temp map data-structure, and iterated over that. In envoyproxy#44015 a new iterator was introduced in the cluster-manager to iterate over the active-clusters. This PR uses the new iterator to achieve the same result. Risk Level: low - no external impact. Testing: N/A Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Adi Suissa-Peleg <adip@google.com>
## Description This PR adds a new Dynamic Modules extension for Tracing. --- **Commit Message:** dynamic_modules: add a new extension for tracing **Additional Description:** Added a new Dynamic Modules extension for Tracing. **Risk Level:** Low **Testing:** Added Tests **Docs Changes:** Added **Release Notes:** Added --------- Signed-off-by: Rohit Agrawal <rohit.agrawal@databricks.com>
…#44113) Signed-off-by: Takeshi Yoneda <tyoneda@netflix.com> Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
…roxy#44078) Commit Message: stream info: prefer reference rather than shared pointer for route() Additional Description: See new style envoyproxy#44025 for more detail Risk Level: n/a. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wbpcode/wangbaiping <wbphub@gmail.com> Signed-off-by: code <wbphub@gmail.com>
) <!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) !!!ATTENTION!!! Please check the [use of generative AI policy](https://github.com/envoyproxy/envoy/blob/main/CONTRIBUTING.md?plain=1#L41). You may use generative AI only if you fully understand the code. You need to disclose this usage in the PR description to ensure transparency. --> **Commit Message:** dynamic_modules: add nack_on_cache_miss for remote module sources **Additional Description:** This PR adds support for nacking a configuration if the dynamic module is not fetched and start a background fetch. The module may become available in the next config push and ready to use from cache. Entries are keyed by sha256 so that multiple listeners can use the same fetch. The cache lives inside the factory and is safe to be used across listeners. Completed entries are cleaned up on the next `createFilterFactory()` and not during a fetch callback. So that the `RemoteDataFetcher` is not destroyed mid-fetch. **Risk Leve**l: Low **Testing:** Unit tests added. Manually validated **Docs Changes**: Proto changes included **Release Notes:** Added [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Anurag Aggarwal <kanurag94@gmail.com>
…verflow from max_pending_requests overflow In attachStreamToClient(), when the max_requests circuit breaker is exhausted the new upstream_rq_active_overflow counter is incremented instead of upstream_rq_pending_overflow. This makes the two circuit breakers observable via distinct metrics. The old behavior (both counters fire) is preserved when runtime flag envoy.reloadable_features.upstream_rq_active_overflow_counter is set to false. FEG-2433
fl0Lec
force-pushed
the
fl/feg-2433-upstream-rq-active-overflow
branch
from
26d6af4 to
9d3a8cb
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes a misleading metric:
upstream_rq_pending_overflowwas incremented in two distinct failure modes insideconn_pool_base.cc:newStreamImpl→pendingRequests().canCreate()returns false) — request rejected before queuingattachStreamToClient→requests().canCreate()returns false) — request rejected while being attached to a ready upstream connectionPath 2 is not a pending overflow at all. This made the metric ambiguous and actively misleading during incident investigations (high overflow with near-zero pending active).
Changes
upstream_rq_active_overflowcounter toClusterTrafficStats(envoy/upstream/upstream.h)attachStreamToClient()now incrementsupstream_rq_active_overflowfor the max_requests path (source/common/conn_pool/conn_pool_base.cc)envoy.reloadable_features.upstream_rq_active_overflow_counter(defaulttrue) — whenfalse, both counters fire (legacy behavior)source/common/runtime/runtime_features.ccBackward compatibility
With the runtime flag defaulting to
true, onlyupstream_rq_active_overflowfires for the max_requests path andupstream_rq_pending_overflowbecomes exclusive to the pending queue path. Set the flag tofalseto restore legacy behavior (both counters fire).Tests
test/common/conn_pool/conn_pool_base_test.cc(MaxActiveRequestsOverflow,MaxActiveRequestsOverflowLegacy)test/integration/circuit_breakers_integration_test.ccupdated to assertupstream_rq_active_overflow == 1andupstream_rq_pending_overflow == 0Docs & Changelog
docs/root/configuration/upstream/cluster_manager/cluster_stats.rst: new stat row addeddocs/root/intro/arch_overview/upstream/circuit_breaking.rst: max_requests section updatedchangelogs/current.yaml: bug_fix entry addedJira: FEG-2433