Skip to content

unhide faults from virtual service #405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

unhide faults from virtual service #405

wants to merge 3 commits into from

Conversation

rshriram
Copy link
Member

Fault filter can be implemented with the current API spec, with a small loss of perf (repeated header matching). It is independent of the work involving route-local filter stacks.

We need to enable it in the LDSv2 and v1alpha3, so as not to cause a regression in current feature set.

The semantics are as follows:

  1. fault filter must be configured with the same set of HTTP header match conditions (and URL, authority, etc.) as the route match
  2. The fault filter must be configured with the same upstream cluster that is used by the route.
  3. If the route uses a weighted destination, we need to add N fault filters to envoy listener (one per destination), where the only difference between each filter is the upstream cluster name. This has minimal perf implication because the upstream cluster is matched first in the fault filter code.
  4. IF multiple routes have different fault filters, we need to add a fault filter for each. Since each route has a different match condition, the correct fault filter will automatically get selected.
  5. If a route with a source match condition precedes a route without a source match condition, but has the same HTTP match conditions (header/url/authority, etc.), the latter must be ignored when supplying RDS and (LDS /faults) to the source.

cc @kyessenov @ostromart @ijsnellf @louiscryan

@rshriram rshriram requested a review from ZackButcher March 13, 2018 20:04
@googlebot googlebot added the cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA. label Mar 13, 2018
This was referenced Mar 13, 2018
Closed
Closed
@kyessenov
Copy link
Contributor

The rules are too complicated IMHO. I think we all agree that faults must be per route in v1alpha3 APIs. We can have a window during which faults are only supported by v1alpha1, until we update envoy to bind fault filter config to RDS, and then we unhide faults from v1alpha3.

destination.name to destination.host
b73161f 
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
@rshriram rshriram closed this Mar 29, 2018
nacx pushed a commit to nacx/api that referenced this pull request Apr 15, 2020
@tetrate-ci
Add zone field, tweak states, adapt to GUI changes (istio#405)
cf1249b 
Mirrored from https://github.com/tetrateio/tetrate @ 14f7654d7f6006e25b67d090c734589dd2602f0f
nacx pushed a commit to nacx/api that referenced this pull request Feb 23, 2022
@morepork
Add option to CP resource whether MP uses self signed certs (istio#405)
6ec5a08 
This is for control plane token rotation, where the control plane
operator will make a request to the MP to get new tokens, and needs to
know whether to use the system (public) root CAs, or user specified
ones.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ZackButcher ZackButcher Awaiting requested review from ZackButcher

@douglas-reid douglas-reid Awaiting requested review from douglas-reid

@geeknoid geeknoid Awaiting requested review from geeknoid

1 more reviewer

@frankbu frankbu frankbu approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rshriram @kyessenov @frankbu @googlebot