Skip to content

Bootstrap flag for connection limit overload manager resource monitor #6794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
May 2, 2025
Merged

Bootstrap flag for connection limit overload manager resource monitor #6794

merged 18 commits into from
May 2, 2025

Conversation

seth-epps
Copy link
Contributor

@seth-epps seth-epps commented Dec 6, 2024
edited
Loading

Overview

Fixes #6309

Manual testing

Setting the configuration parameters for the enforced connection limit listener and the connection limits

diff --git a/examples/contour/01-contour-config.yaml b/examples/contour/01-contour-config.yaml
index 6eb7720b..d56b811c 100644
--- a/examples/contour/01-contour-config.yaml
+++ b/examples/contour/01-contour-config.yaml
@@ -184,3 +184,7 @@ data:
     #  socket-options:
     #    tos: 64
     #    traffic-class: 64
+    #
+    omEnforcedHealthListener:
+      address: 0.0.0.0
+      port: 8003
diff --git a/examples/contour/03-envoy.yaml b/examples/contour/03-envoy.yaml
index b9c71f39..6e4e474d 100644
--- a/examples/contour/03-envoy.yaml
+++ b/examples/contour/03-envoy.yaml
@@ -105,6 +105,7 @@ spec:
         - --envoy-cafile=/certs/ca.crt
         - --envoy-cert-file=/certs/tls.crt
         - --envoy-key-file=/certs/tls.key
+        - --overload-dowstream-max-conn=100 # arbitrary value
         command:
         - contour
         image: ghcr.io/projectcontour/contour:main

After running make install-contour-working

# kubectl -n projectcontour port-forward envoy-hq4bj 9001:9001
#
# check listener configs
#
# default stats listner (should ignore -- this is for liveness)
❯ curl -s localhost:9001/config_dump | jq '.configs[] |
  select(."@type" == "type.googleapis.com/envoy.admin.v3.ListenersConfigDump") |
  .dynamic_listeners[] | select(.name == "stats-health").active_state.listener |
  "port: \(.address.socket_address.port_value), ignore_conn_limit: \(.ignore_global_conn_limit)"'
"port: 8002, ignore_conn_limit: true"
#
# enforced connection limit listener (should enforce [null] -- this is for readiness)
#
❯ curl -s localhost:9001/config_dump | jq '.configs[] |
  select(."@type" == "type.googleapis.com/envoy.admin.v3.ListenersConfigDump") |
  .dynamic_listeners[] | select(.name == "health-om-enforced").active_state.listener |
  "port: \(.address.socket_address.port_value), ignore_conn_limit: \(.ignore_global_conn_limit)"'
"port: 8003, ignore_conn_limit: null"
#
# check bootstrap OM config
#
❯ curl -s localhost:9001/config_dump | jq '.configs[] | select(."@type" == "type.googleapis.com/envoy.admin.v3.BootstrapConfigDump") | .bootstrap.overload_manager'
{
  "refresh_interval": "0.250s",
  "resource_monitors": [
    {
      "name": "envoy.resource_monitors.global_downstream_max_connections",
      "typed_config": {
        "@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig",
        "max_active_downstream_connections": "100"
      }
    }
  ]
}

@seth-epps seth-epps requested a review from a team as a code owner December 6, 2024 19:27
@seth-epps seth-epps requested review from tsaarni and sunjayBhatia and removed request for a team December 6, 2024 19:27
@sunjayBhatia sunjayBhatia requested review from a team, rajatvig and izturn and removed request for a team December 6, 2024 19:28
@tsaarni tsaarni added the release-note/minor A minor change that needs about a paragraph of explanation in the release notes. label Dec 6, 2024
@codecov Codecov
Copy link

codecov bot commented Dec 6, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 96.72131% with 4 lines in your changes missing coverage. Please review.

Project coverage is 80.77%. Comparing base (f140c71) to head (45f46d4).
Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
cmd/contour/contour.go 0.00% 3 Missing ⚠️
cmd/contour/serve.go 0.00% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #6794      +/-   ##
==========================================
+ Coverage   80.74%   80.77%   +0.03%     
==========================================
  Files         131      131              
  Lines       19884    19936      +52     
==========================================
+ Hits        16055    16104      +49     
- Misses       3537     3540       +3     
  Partials      292      292
Files with missing lines Coverage Δ
cmd/contour/bootstrap.go 100.00% <100.00%> (ø)
cmd/contour/servecontext.go 84.94% <100.00%> (+0.03%) ⬆️
internal/envoy/bootstrap.go 57.14% <100.00%> (+4.87%) ⬆️
internal/envoy/v3/bootstrap.go 93.00% <100.00%> (+0.38%) ⬆️
internal/envoy/v3/stats.go 100.00% <100.00%> (ø)
internal/featuretests/v3/envoy.go 99.20% <100.00%> (+<0.01%) ⬆️
internal/featuretests/v3/featuretests.go 86.90% <100.00%> (+0.04%) ⬆️
internal/provisioner/controller/gateway.go 64.04% <100.00%> (+0.32%) ⬆️
internal/provisioner/model/model.go 100.00% <100.00%> (ø)
...nternal/provisioner/objects/dataplane/dataplane.go 85.78% <100.00%> (+0.03%) ⬆️
... and 4 more
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

This was referenced Dec 17, 2024
Open
Closed
@seth-epps seth-epps changed the title Add new bootstrap flag for connection limit Bootstrap flag for connection limit overload manager resource monitor Dec 19, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 9, 2025

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 14d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

  • Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
  • Mark this PR as fresh by commenting or pushing a commit
  • Close this PR
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jan 9, 2025
@sunjayBhatia sunjayBhatia modified the milestone: 1.31.0 Jan 13, 2025
@github-actions GitHub Actions
Copy link

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 14d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

  • Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
  • Mark this PR as fresh by commenting or pushing a commit
  • Close this PR
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 28, 2025
@github-actions GitHub Actions
Copy link

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 14d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

  • Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
  • Mark this PR as fresh by commenting or pushing a commit
  • Close this PR
  • Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

@github-actions github-actions bot closed this Feb 27, 2025
@sunjayBhatia sunjayBhatia removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 24, 2025
@sunjayBhatia sunjayBhatia reopened this Apr 24, 2025
@sunjayBhatia sunjayBhatia requested a review from a team April 24, 2025 19:20
@seth-epps
Add new bootstrap flag for connection limit
7195d2e 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
flag help fix
9d288b2 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
gci
be7c1ec 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
gci round2
5177a7a 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
update PR number
d6f5db9 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
🤦
fac6341 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps seth-epps force-pushed the globalconnections-overloadmanager branch from 1680909 to fac6341 Compare April 26, 2025 15:18
@seth-epps
fix after conflict
8316d7c 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
fix typo in flag
b18a2a9 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps seth-epps force-pushed the globalconnections-overloadmanager branch from ff3dd7c to b18a2a9 Compare April 26, 2025 15:29
sunjayBhatia
sunjayBhatia reviewed Apr 29, 2025
View reviewed changes
Copy link
Member

@sunjayBhatia sunjayBhatia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we'll have to add the new omEnforcedHealthListener config file param here:

contour/site/content/docs/main/configuration.md

Line 66 in 74c0c31

## Configuration File

lets also add documentation on the new bootstrap flag here as well:

contour/site/content/docs/main/configuration.md

Line 503 in 74c0c31

### Bootstrap Flags

@sunjayBhatia
Copy link
Member

Just messing around with the new health listener, set the overload manager max downstream connections to 1, port-forwarded to the new listener and sent some requests to it in quick succession, could see that the first goes through just fine and a second gets it's connection closed

I also see the failed_updates stat continually increasing, presumably from the readiness checks going to the normal health listener and requests to the admin listener which are both ignoring the global connection limit

@sunjayBhatia
Copy link
Member

Just messing around with the new health listener, set the overload manager max downstream connections to 1, port-forwarded to the new listener and sent some requests to it in quick succession, could see that the first goes through just fine and a second gets it's connection closed

I also see the failed_updates stat continually increasing, presumably from the readiness checks going to the normal health listener and requests to the admin listener which are both ignoring the global connection limit

verified the same with the http ingress listener as well

@seth-epps
feedback
f3ff004 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
reset 1.28 docs
343ffd5 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps seth-epps force-pushed the globalconnections-overloadmanager branch from 177bfa2 to 343ffd5 Compare May 1, 2025 02:48
@seth-epps
regenerate with updated comments
43d16be 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
missed docstring
36196ff 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
support connection limit with gateway provisioner
7642345 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps seth-epps force-pushed the globalconnections-overloadmanager branch from 0cc886d to 7642345 Compare May 2, 2025 01:08
seth-epps and others added 5 commits May 1, 2025 21:11
@seth-epps
make generate
5e8f3b3 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
I wish I could spell
ca0e21a 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
config docs
0d922ea 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@seth-epps
add example
87a0a83 
Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
@sunjayBhatia
gateway provisioner unit test
45f46d4 
Signed-off-by: Sunjay Bhatia <sunjay.bhatia@broadcom.com>
sunjayBhatia
sunjayBhatia approved these changes May 2, 2025
View reviewed changes
Copy link
Member

@sunjayBhatia sunjayBhatia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes covering the gateway provisioner!

we dont yet have any API surface in the provisioner to modify readiness/liveness checks on managed contour/envoy instances, but that can be a future feature where we also allow enabling the Overload Manager enforced health endpoint with a readiness check

@sunjayBhatia sunjayBhatia enabled auto-merge (squash) May 2, 2025 17:16
@sunjayBhatia sunjayBhatia merged commit 9f3f182 into projectcontour:main May 2, 2025
26 checks passed
YashNandwana pushed a commit to YashNandwana/contour that referenced this pull request Jul 13, 2025
@seth-epps @YashNandwana
Bootstrap flag for connection limit overload manager resource monitor (
f9b3179 
…projectcontour#6794)

Adds bootstrap flag for global downstream connection limit

If set, HTTP/HTTPS Listeners will respect this limit, connections to admin/health/metrics endpoints count toward this limit

Also adds ability to configure a health listener that will respect the connection limit (existing admin/health/metrics listeners are exempted) that can be used for readiness checks that desire to take this limit into account

Signed-off-by: Seth Epps <seth.d.epps@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sunjayBhatia sunjayBhatia sunjayBhatia approved these changes

@tsaarni tsaarni Awaiting requested review from tsaarni tsaarni is a code owner automatically assigned from projectcontour/maintainers

@rajatvig rajatvig Awaiting requested review from rajatvig rajatvig was automatically assigned from projectcontour/contour-reviewers

@izturn izturn Awaiting requested review from izturn izturn was automatically assigned from projectcontour/contour-reviewers

Assignees
No one assigned
Labels
release-note/minor A minor change that needs about a paragraph of explanation in the release notes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Overload Manager - Max Global Downstream Connections
3 participants
@seth-epps @sunjayBhatia @tsaarni