Upgrade to Envoy 1.13.0

[LukeShu]

Description

This upgrades our copy of Envoy from 1.12.2+a few patches to 1.13.0+a few patches. The specific commit updated to is currently the tip of the lukeshu/1.13 branch in github.com/datawire/envoy.

Envoy builds, everything generated from Envoy builds. I've pushed the Envoy build as
quay.io/datawire/ambassador-base:envoy-7.4f6ae4e71699d1c7ee1a6dd8be55e65bfd085b3d.opt which will be downloaded for others building from this PR so they won't have to build Envoy themselves.

It probably makes the most sense to review this commit-by-commit. The reviewer should also verify that there has been no loss of fidelity to the Datawire patches from envoy.git tag ambassador-1.0.0 to lukeshu/1.13.

Testing

It builds.

Todos

I have not (yet):

• make check-envoy
• make test KAT_RUN_MODE=envoy
• Verified whether apro.git needs adjustments

[LukeShu]

I got make check-envoy to pass:

out of 550 tests: 550 tests pass.

It's taking 211GB, but when I had it on a 250GB drive, about half of the tests refused to run (and 1 failed), because There were tests whose specified size is too big.. The passing run came from a 400GB drive.

$ sudo du -h --max-depth 0 /var/lib/docker/volumes/envoy-build
206G	/var/lib/docker/volumes/envoy-build

$ df -h /var/lib/docker
Filesystem      Size  Used Avail Use% Mounted on
/dev/vdb        400G  211G  190G  53% /var/lib/docker

[LukeShu]

It looks like KAT passing with this is blocked by https://github.com/datawire/apro/issues/713 ?

[LukeShu]

WTAF. How is CI passing? It shouldn't be passing.

Edit: Oh, because of gold, and CI running without KAT_RUN_MODE=envoy.

[alphashr]

Getting 2 test failures on both master and also on lukeshu/envoy-1.13 running on Kubernaut which I think is completely unrelated to Envoy upgrade:

• FAILED python/tests/test_ambassador.py::main[ConsulTest] - AssertionError: http://consultest/consultest_consul/: expected status code 503, got 200 instead with error None
• FAILED python/tests/test_scout.py::test_scout - AssertionError: test failed

[LukeShu]

Getting 2 test failures on both master and also on lukeshu/envoy-1.13 running on Kubernaut which I think is completely unrelated to Envoy upgrade:

* FAILED python/tests/test_ambassador.py::main[ConsulTest] - AssertionError: http://consultest/consultest_consul/: expected status code 503, got 200 instead with error None

* FAILED python/tests/test_scout.py::test_scout - AssertionError: test failed

Both of those are tests that can't be run multiple times in a row, because they don't clean up after themselves.

[LukeShu]

Assuming you ran the tests with KAT_RUN_MODE=envoy after merging master, looks good to me!

[alphashr]

Envoy tests report:

Three tests failed:

1. //test/extensions/filters/common/ratelimit:ratelimit_impl_test           FAILED in 2.0s
  /root/.cache/bazel/_bazel_root/4e47b77d977b209382cf04b3ae32963e/execroot/envoy/bazel-out/k8-dbg/testlogs/test/extensions/filters/common/ratelimit/ratelimit_impl_test/test.log


2. //test/integration:ratelimit_integration_test                            FAILED in 14.5s
  /root/.cache/bazel/_bazel_root/4e47b77d977b209382cf04b3ae32963e/execroot/envoy/bazel-out/k8-dbg/testlogs/test/integration/ratelimit_integration_test/test.log


3. //test/integration:vhds_integration_test                                 FAILED in 7.8s
  /root/.cache/bazel/_bazel_root/4e47b77d977b209382cf04b3ae32963e/execroot/envoy/bazel-out/k8-dbg/testlogs/test/integration/vhds_integration_test/test.log

ratelimit_integration_test and ratelimit_impl_test is expected to break because of the hard coded legacy code that we already have for ratelimit. It is expected to be fixed when we migrate to Envoy v1.14.

Ran only vhds_integration_test for the second time: PASSED

root@92ce1f18c3ce:~/envoy# time bazel test --test_env=ENVOY_IP_TEST_VERSIONS=v4only //test/integration:vhds_integration_test; 

INFO: 243 processes: 243 linux-sandbox.
INFO: Build completed successfully, 249 total actions
//test/integration:vhds_integration_test                                 PASSED in 3.4s

Executed 1 out of 1 test: 1 test passes.
INFO: Build completed successfully, 249 total actions

real    1m30.908s
user    0m0.011s
sys     0m0.037s

[LukeShu]

Agree on the RLS tests. The VirtualHosts Discovery Service test flake concerns me a bit. I don't suppose you still have the log file referred to by the failing run?

[alphashr]

Agree on the RLS tests. The VirtualHosts Discovery Service test flake concerns me a bit. I don't suppose you still have the log file referred to by the failing run?

Because it passed on the 2nd tun, I didn't grab the log failure file offline.
This test flakiness is seen [1], [2] and [3]: failure on thread sanitizer run

[kflynn]

Looks reasonable overall? I do have some questions though...

[kflynn]

WTAF. This feels like something that'll burn us repeatedly. 🙁

[kflynn]

Shouldn't we keep that comment about go mod tidy? Or is it no longer relevant?

[alphashr]

@LukeShu any opinion on this?

[LukeShu]

Good question

[LukeShu]

Yes, the comment is still applicable. It seems that it was dropped in the 8918d35 merge.

[LukeShu]

Or maybe a (and I can't believe I'm saying this, after last week's rants against replace) a replace line could effectively pin it.

[LukeShu]

No, I tried that; it didn't work right 🤷

[LukeShu]

And also between the fixed RLS patch and the bump to google.golang.org/grpc from master, this is due for another make generate.

[kflynn]

Hit it! 🙂 😱 🙂

Realized that there's a release question.

[kflynn]

I just revoked my approval not because of a sudden issue with the PR, but because I need to resolve a question around its release vehicle. Hold one. :)

[kflynn]

OK -- hit it!