outlier_detector: accept large base_ejection_time when max_ejection_time not specified#14962
outlier_detector: accept large base_ejection_time when max_ejection_time not specified#14962snowp merged 5 commits intoenvoyproxy:mainfrom
Conversation
…ecified and base_ejection_time is larger than max_ejection_time's default. Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
|
@lizan Can we backport this to 1.17 once it is merged? |
antoniovicente
left a comment
antoniovicente
left a comment
There was a problem hiding this comment.
Drive by review as I look at the status of PRs pending review.
| // max_ejection_time was not specified in the config. Apply the default or base_ejection_time | ||
| // whatever is larger. | ||
| max_ejection_time_ms_ = DEFAULT_MAX_EJECTION_TIME_MS; | ||
| max_ejection_time_ms_ = std::max(max_ejection_time_ms_, base_ejection_time_ms_); |
There was a problem hiding this comment.
max_ejection_time_ms_ = std::max(DEFAULT_MAX_EJECTION_TIME_MS, base_ejection_time_ms_);
| PROTOBUF_GET_WRAPPED_OR_DEFAULT(config, enforcing_local_origin_success_rate, | ||
| DEFAULT_ENFORCING_LOCAL_ORIGIN_SUCCESS_RATE))), | ||
| max_ejection_time_ms_(static_cast<uint64_t>( | ||
| PROTOBUF_GET_MS_OR_DEFAULT(config, max_ejection_time, DEFAULT_MAX_EJECTION_TIME_MS))) {} |
There was a problem hiding this comment.
Alternate implementation:
PROTOBUF_GET_MS_OR_DEFAULT(
config, max_ejection_time,
std::max(DEFAULT_MAX_EJECTION_TIME_MS, base_ejection_time_ms_))
There was a problem hiding this comment.
That is good idea. Implemented like that but the change required conversion of DEFAULT_MAX_EJECTION_TIME_MS from const to constexpr.
| max_ejection_time_ms_(static_cast<uint64_t>( | ||
| PROTOBUF_GET_MS_OR_DEFAULT(config, max_ejection_time, DEFAULT_MAX_EJECTION_TIME_MS))) {} | ||
| DEFAULT_ENFORCING_LOCAL_ORIGIN_SUCCESS_RATE))) { | ||
| // Check if max_ejection_time is specified. |
There was a problem hiding this comment.
cc @envoyproxy/api-shepherds
Please update API comments since default behavior after this change is more complex than currently documented. There were some comments in the original PR about the change being technically breaking behavior; was the bad interaction with configured base ejection time the concern or something else? https://github.com/envoyproxy/envoy/pull/14235/files#r539583484
There was a problem hiding this comment.
Updated the description of the parameter in proto file. Normally outlier detector checks if max_ejection is larger than base_ejection time. If max_ is smaller, the config is rejected. The corner case was when max_ejection was not specified (legacy config was used from before the max_ejection was introduced) and base_ejection time was larger than max_ejection default. The config was rejected and broke upgrade path in istio.
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
|
/retest |
|
Retrying Azure Pipelines: |
|
@markdroth Would you mind approving api? Syntax was not changed - just updated the comment. Thanks! |
snowp
left a comment
snowp
left a comment
There was a problem hiding this comment.
Seems good to me, just one nit.
@envoyproxy/api-shepherds ptal
| // for more information. If not specified, the default value or | ||
| // :ref:`base_ejection_time<envoy_api_field_config.cluster.v3.OutlierDetection.base_ejection_time>` value is applied, whatever is larger. | ||
| // Defaults to 300000ms or 300s. |
There was a problem hiding this comment.
I would inline the default here instead of referring to the default on L154 and defining it on L156
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
| // for more information. If not specified, the default value or | ||
| // :ref:`base_ejection_time<envoy_api_field_config.cluster.v3.OutlierDetection.base_ejection_time>` value is applied, whatever is larger. | ||
| // Defaults to 300000ms or 300s. |
outlier_detector: accept large base_ejection_time when max_ejection_time not specified (envoyproxy#14962) Changed logic in config verification when max_ejection_time is not specified and base_ejection_time is larger than max_ejection_time's default. Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
outlier_detector: accept large base_ejection_time when max_ejection_time not specified (#14962) Changed logic in config verification when max_ejection_time is not specified and base_ejection_time is larger than max_ejection_time's default. Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
7 participants
Commit Message:
accept large base_ejection_time when max_ejection_time not specified
Additional Description:
PR #14235 broke compatibility with istio. Istio sets large base_ejection_time and configs where max_jection_time was not specified were rejected. That scenario happened during upgrade from istio 1.8 to 1.9. See #14235 (comment).
This PR changes the logic to following:
Risk Level: Low
Testing: Added unit test to simulate receiving config without max_ejection_time and with large base_ejection_time.
Docs Changes: No
Release Notes: No
Platform Specific Features: