Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api: ext-proc attributes #4747

Closed
wants to merge 14 commits into from
Closed

api: ext-proc attributes #4747

wants to merge 14 commits into from

Conversation

guydc
Copy link
Contributor

@guydc guydc commented Nov 20, 2024
edited
Loading

What type of PR is this?

Following the discussion at KubeCon NA : https://docs.google.com/document/d/1PS5xLA0IDbj6McHIXXhShn51Zq37WvuistaidBPeHoE/edit?tab=t.0

Scope and Motivation

This API will allow users to define which attributes are sent to the external processor as context for requests/responses.

Attributes provide HTTP extensions with additional context (e.g. TCP, TLS and XDS attributes) that can be relevant inputs for the extension logic.

Comparison to other extension options

Many Envoy extensions are inherently capable of interaction with context attributes:

For out-of-process extensions like ext-proc, Envoy must be explicitly configured to allow access to attributes and and define the scope of access. With the increase in ext-proc use cases, such as the llm-instance-gateway, envoy-ai-gateway and externally-deployed WAFs, there is a greater need to provide Connection/Stream context.

Security Considerations

Most attributes are scoped to the current connection or stream by their prefix (connection.*, request.*, response.*), with the exception of xds.* attributes such as xds.listener_metadata, xds.upstream_host_metadata, xds.node and generic metadata and filter state access attributes.

Related Work

Release Notes: Yes

@guydc
api: ext-proc metadata an attributes
c69524e 
Signed-off-by: Guy Daich <guy.daich@sap.com>
@guydc guydc requested a review from a team as a code owner November 20, 2024 20:51
guydc added 2 commits November 20, 2024 15:21
@guydc
Merge branch 'main' into extproc-metadata-attrs
ffc8afa
@guydc
fix api
b6588d3 
Signed-off-by: Guy Daich <guy.daich@sap.com>
@codecov Codecov
Copy link

codecov bot commented Nov 20, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 61.76471% with 13 lines in your changes missing coverage. Please review.

Project coverage is 65.60%. Comparing base (48a0310) to head (4d2d71e).
Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
internal/provider/kubernetes/status_updater.go 60.60% 12 Missing and 1 partial ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #4747   +/-   ##
=======================================
  Coverage   65.60%   65.60%           
=======================================
  Files         211      211           
  Lines       31961    31989   +28     
=======================================
+ Hits        20968    20987   +19     
- Misses       9753     9762    +9     
  Partials     1240     1240

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

zirain
zirain reviewed Nov 20, 2024
View reviewed changes
api/v1alpha1/ext_proc_types.go
Comment on lines +81 to +89
// MetadataOptions defines options related to the sending and receiving of dynamic metadata.
// These options define which metadata namespaces would be sent to the processor and which dynamic metadata
// namespaces the processor would be permitted to emit metadata to.
// Users can specify custom namespaces or well-known envoy metadata namespace (such as envoy.filters.http.ext_authz)
// documented here: https://www.envoyproxy.io/docs/envoy/latest/configuration/advanced/well_known_dynamic_metadata#well-known-dynamic-metadata
// Default: no metadata context is sent or received from the external processor
//
// +optional
MetadataOptions *ExtProcMetadataOptions `json:"metadataOptions,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 on this

zirain
zirain previously approved these changes Nov 20, 2024
View reviewed changes
@zhaohuabing
Copy link
Member

@guydc Can we add a short description to the release note? Or you pland to modify the release not in the implementation PR?

@guydc
add release note
734d33b 
Signed-off-by: Guy Daich <guy.daich@sap.com>
guydc added 2 commits November 25, 2024 06:55
@guydc
fix lint
08fd205 
Signed-off-by: Guy Daich <guy.daich@sap.com>
@guydc
Merge branch 'main' into extproc-metadata-attrs
2e191c5
@guydc
Copy link
Contributor Author

guydc commented Nov 25, 2024

@guydc Can we add a short description to the release note? Or you pland to modify the release not in the implementation PR?

added

@guydc guydc requested review from zirain and zhaohuabing November 25, 2024 13:46
@guydc guydc requested review from mathetake and Xunzhuo November 26, 2024 23:42
zirain
zirain previously approved these changes Nov 27, 2024
View reviewed changes
zirain and others added 6 commits November 27, 2024 13:44
@zirain @guydc
xds: use V4_PREFERRED dnsLookupFamily by default (envoyproxy#4745)
7041a79 
* use Cluster_V4_PREFERRED

Signed-off-by: zirain <zirain2009@gmail.com>

* release notes

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>
@arkodg @dboslee @guydc
[docs] Add Teleport as an Adopter (envoyproxy#4785)
7cccabc 
* [docs] Add Teleport as an Adopter

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* Update site/data/adopters.yaml

Co-authored-by: David Boslee <dboslee@gmail.com>
Signed-off-by: Arko Dasgupta <arkodg@users.noreply.github.com>

---------

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
Signed-off-by: Arko Dasgupta <arkodg@users.noreply.github.com>
Co-authored-by: David Boslee <dboslee@gmail.com>
@Xunzhuo @guydc
community: add tencent cloud as an adopter (envoyproxy#4786)
8d9412f 
Signed-off-by: bitliu <bitliu@tencent.com>
@zhaohuabing @guydc
Fix: frequent 503 errors when connecting to a Service experiencing hi…
85bdea0 
…gh Pod churn (envoyproxy#4754)

* Revert "fix: some status updates are discarded by the status updater (envoyproxy#4337)"

This reverts commit 14830c7.

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* store update events and process it later

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* rename method

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* add release note

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

---------

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
@Xunzhuo @guydc
chore: remove adopters.md (envoyproxy#4787)
2afdf50 
Signed-off-by: bitliu <bitliu@tencent.com>
@guydc
remove metadata
4d2d71e 
Signed-off-by: Guy Daich <guy.daich@sap.com>
@guydc guydc changed the title api: ext-proc metadata an attributes api: ext-proc attributes Nov 27, 2024
@guydc guydc force-pushed the extproc-metadata-attrs branch from 7e1b44c to 4d2d71e Compare November 27, 2024 20:00
@guydc guydc closed this Nov 27, 2024
@guydc
Copy link
Contributor Author

guydc commented Nov 27, 2024

closed in favor of: #4794

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zirain zirain zirain left review comments

@zhaohuabing zhaohuabing Awaiting requested review from zhaohuabing

@mathetake mathetake Awaiting requested review from mathetake

@Xunzhuo Xunzhuo Awaiting requested review from Xunzhuo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@guydc @zhaohuabing @zirain @arkodg @Xunzhuo