Vhds readme#7415
Conversation
|
Drive by: Can this instead be in the public docs vs. a markdown file? We should be talking about this probably in these locations: Thank you! |
|
BTW: IIRC we are moving docs to |
htuch
left a comment
htuch
left a comment
There was a problem hiding this comment.
Thanks. Agree with the other comments that this probably belongs as a peer or nested documented with https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol.
/wait
|
High level comment. Can we please add references to VHDS from the other places that I mentioned? There should be docs in the HTTP arch overview, etc. Basically I think anywhere we mention scoped RDS we should also mention this. Thank you. /wait |
htuch
left a comment
htuch
left a comment
There was a problem hiding this comment.
Thanks, a bunch of other feedback.
/wait
|
This pull request has been automatically marked as stale because it has not had activity in the last 7 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
stale
Bot
added
the
stale
AndresGuedez
left a comment
AndresGuedez
left a comment
There was a problem hiding this comment.
Reviewed SRDS section and left comments primarily related to adding context and clarifying implications.
There was a problem hiding this comment.
Both approaches
It's unclear which approaches this is referencing.
I agree VHDS doesn't conflict with SRDS; some :ref: pointers to SRDS documentation would be helpful to provide context.
I think it's worth pointing out in this section that using SRDS + RDS + VHDS means that two on-demand subscriptions per routing scope will be required; e.g., when a new ScopedRouteConfiguration is distributed via SRDS, an RDS subscription for the associated RouteConfiguration will be initiated, which may itself trigger a VHDS subscription.
stale
Bot
removed
the
stale
|
This pull request has been automatically marked as stale because it has not had activity in the last 7 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
stale
Bot
added
the
stale
|
This pull request has been automatically closed because it has not had activity in the last 14 days. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
|
/reopen |
stale
Bot
removed
the
stale
|
Closing, we can merge this into #8617 |
|
Reopening as it seems like we are going to finish this out. This should include arch docs, detailed config docs, etc. please look at all the places RDS, SRDS, routing, etc. are mentioned and make sure include VHDS also. Thanks! |
There was a problem hiding this comment.
What's the use-case for this? There currently isn't a way for Envoy to trigger an unsubscribe for a vhost.
Signed-off-by: Brian Avery <bavery@redhat.com>
| the active stream is paused while a :ref:`DeltaDiscoveryRequest <envoy_api_msg_DeltaDiscoveryRequest>` is sent. | ||
| When a :ref:`DeltaDiscoveryResponse <envoy_api_msg_DeltaDiscoveryResponse>` is | ||
| recieved where the host/authority header values exactly matches the | ||
| :ref:`aliases <envoy_api_field_resource.aliases>`, |
There was a problem hiding this comment.
The name and aliases fields will have values in the form <route configuration name>/<host entry>, right? Those are the names that are used in the VHDS request, so that's what the resources have to be named in order to match.
I think the check here should be that the name or aliases fields match the route configuration name and host/authority header value in the format specified above.
| :ref:`DeltaDiscoveryResponse <envoy_api_msg_DeltaDiscoveryResponse>` in which | ||
| the :ref:`resources <envoy_api_field_DeltaDiscoveryResponse.resources>` entry | ||
| for that virtual host has the :ref:`name <envoy_api_field_resource.name>` and | ||
| :ref:`aliases <envoy_api_field_resource.aliases>` set to the requested host |
There was a problem hiding this comment.
In this case, it seems like it should set name but would not need to set aliases.
There was a problem hiding this comment.
If the virtual host cannot be resolved, you know an alias that that virtual host could go by, but you don't the name of that virtual host since there is no virtual host.
There was a problem hiding this comment.
I think there should be no difference in content or semantics between the name and aliases fields -- if we didn't care about backward-compatibility, we could just change name to be a repeated field instead of adding the aliases field. But even though they're split, the set of all values in both fields should be treated as a single list: all names in the list should be unique for the resource type, and a query for any one of the names should return the same object.
In this case, there is exactly one name that the client will be looking for. So what's the value of putting that in the aliases field instead of in the name field? And if we do put it in the aliases field, what will we put into the name field instead?
There was a problem hiding this comment.
Every virtual host has a definitive name that populates the name field and aliases are other names that that resource can go by. I'm not sure that we want to mix the meanings of the names and aliases.
We also care about backwards compatibility of xDS, so I'm not sure we can change the API to combine names and aliases.
A resource can have any name that the management server wants to assign it and Envoy doesn't care. However, it does care about the contents of the alias field. In the case of a VHDS resource not being found, we know that the requested resource can go by a name matching /, but we don't know what name the management server assigned that resource since that resource could not be found.
There was a problem hiding this comment.
Every virtual host has a definitive name that populates the name field and aliases are other names that that resource can go by. I'm not sure that we want to mix the meanings of the names and aliases.
Why would the meanings be different? Are there any use-cases in which the client would care about the difference between them?
We also care about backwards compatibility of xDS, so I'm not sure we can change the API to combine names and aliases.
This PR is exposing the aliases fields in the Resource message, which was not previously exposed, so we can define its semantics to be anything we want. Why would this break backward compatibility any more than introducing the aliases field in the first place?
A resource can have any name that the management server wants to assign it and Envoy doesn't care. However, it does care about the contents of the alias field. In the case of a VHDS resource not being found, we know that the requested resource can go by a name matching /, but we don't know what name the management server assigned that resource since that resource could not be found.
Envoy may not care about the name, but it's not true that no client cares. The gRPC xDS client does in fact care about resource names; for example, in LDS and CDS requests, gRPC clients make non-wildcard requests, but for backward compatibility, it cannot assume that the server will honor the resource_names field in the request, so it looks for the specific resource name(s) that it asked for.
I think the right way to think about this case is that, because there is no match for the resource name that the client requested, the server is going to return the name that the client requested with no attached resource. This tells the client that the requested resource does not exist.
There was a problem hiding this comment.
Sure, let's take #9317 and see where this leads us. I feel that without another on-demand protocol, we don't have much in the way of examples to illustrate the utility of a canonical name, we can see how this plays out in v2 xDS to feed into UDPA.
There was a problem hiding this comment.
I don't think that we can both accept #9317 and say that VHDS detects unknown virtual hosts based on the aliases field instead of the name field. This is basically a contradiction. It would mean that in practice, every management server would need to do something in violation of the spec.
I think we have two choices here:
- Fix VHDS to check the
namefield instead ofaliasesfield, and update this PR accordingly. - Change Document incremental xDS semantics about resources that do not exist. #9317 to say that clients need to be prepared to match unknown resources on both the
nameandaliasesfields.
I would prefer option (1), since option (2) would impose additional requirements on all client implementations without actually adding any value.
There was a problem hiding this comment.
The code is already implemented as described in this doc. 9317 is proposing to change that. Whether that's right or wrong, I'm not sure. However, what's documented here is current functionality and agreed upon by @htuch @dmitri-d and myself. I'm proposing pushing protocol and docs changes to the other PR and we can update if we add these changes if we need to.
There was a problem hiding this comment.
It seems #9317 is a very recent PR and an attempt to change the requirements for work which has already been done and agreed to, this should ideally be handled through other PRs after this work is committed. IMHO this has been an enormous task and we need to draw a line under it so we can move forward with it being the basis for future changes.
|
|
||
| .. _on_demand_vhds_rds_protocol: | ||
|
|
||
| Virtual Host Discovery Service |
There was a problem hiding this comment.
This looks really good to me, but I'll let @htuch make the final call on this.
| entry and the resource unpopulated. This will allow Envoy to match the | ||
| requested resource to the response. | ||
|
|
||
| Updates to the route configuration entry to which a virtual host belongs will |
There was a problem hiding this comment.
This paragraph should be updated based on what we agreed in the other thread:
- VHDS subscriptions (and the corresponding locally cached resources) go away only when an RDS update changes the
vhdsfield. Other RDS updates do not affect the VHDS data. - Any given virtual host must be sent either via RDS or via VHDS; the same host cannot be handled in both places. This means that if an RDS update adds a virtual host that was previously obtained via VHDS, the client should unsubscribe from that virtual host via VHDS.
Signed-off-by: Brian Avery <bavery@redhat.com>
htuch
left a comment
htuch
left a comment
There was a problem hiding this comment.
LGTM modulo the aliases and virtual host orthogonality threads (and nits)
| fi | ||
| # Check the version_history.rst contains current release version. | ||
| grep --fixed-strings "$VERSION_NUMBER" docs/root/intro/version_history.rst \ | ||
| # Check the git tag matches the version number in the VERSION file. |
Signed-off-by: Brian Avery <bavery@redhat.com>
Signed-off-by: Brian Avery <bavery@redhat.com>
|
#9317 was merged earlier; this is a pretty reasonable way to handle missing resources. Can we update the implementation to match? This shouldn't be a huge change. |
Signed-off-by: Brian Avery <bavery@redhat.com>
|
This looks great to me! Thanks for making all of those changes. |
htuch
left a comment
htuch
left a comment
There was a problem hiding this comment.
Thanks! Really happy to see this land, this is our first on-demand spec.
|
Epic! Thank you every one for seeing this through! |
…envoyproxy#9317) Document incremental xDS semantics about resources that do not exist. Risk Level: Low Testing: N/A Docs Changes: Included in PR Release Notes: N/A This attempts to clarify the incremental xDS protocol semantics, as per discussion in envoyproxy#7415 Signed-off-by: Mark D. Roth <roth@google.com> Signed-off-by: Prakhar <prakhar_au@yahoo.com>
Adds documentation for on-demand VHDS/RDS. Signed-off-by: Brian Avery <bavery@redhat.com> Signed-off-by: Prakhar <prakhar_au@yahoo.com>
8 participants
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Description: Adds documentation for on-demand VHDS/RDS
Risk Level:
Testing:
Docs Changes:
Release Notes:
[Optional Fixes #Issue]
[Optional Deprecated:]