Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

envoy: update to latest version and fix typed proto usage #4834

Merged
merged 1 commit into from
Jun 22, 2022

Conversation

shashankram
Copy link
Member

@shashankram shashankram commented Jun 20, 2022

Description:
envoy: update to latest version and fix typed proto usage

Testing done:
CI, unit tests

Affected area:

Functional Area
Control Plane [X]

Please answer the following questions with yes/no.

  1. Does this change contain code from or inspired by another project? no

    • Did you notify the maintainers and provide attribution?
  2. Is this a breaking change? no

  3. Has documentation corresponding to this change been updated in the osm-docs repo (if applicable)? will be updated once this change is merged

@shashankram shashankram added the wip Work-in-Progress label Jun 20, 2022
@shashankram shashankram force-pushed the envoy-filtername branch 4 times, most recently from 5d03d3f to a45e2b5 Compare June 21, 2022 17:10
- Updates Envoy to its latest available version
  (v1.22.2 for Linux, v1.22.1 for Windows).
  The latest version includes the latest released
  security fix.
  We could not update Envoy previously due to a blocking bug:
  envoyproxy/envoy#20113

- Updates filter names to custom names as wellknown
  names are deprecated in Envoy (with 1 exception
  for the http.rbac filter). Envoy will use the
  TypeURL in the proto to determine which filter
  to use instead. Wellknown names are not required
  and using them is confusing because not all filters
  are defined in the legacy wellknown pkg (e.g.
  http.local_ratelimit).
  See:
  envoyproxy/envoy#21759
  envoyproxy/envoy#21763
  envoyproxy/go-control-plane#293
  envoyproxy/go-control-plane#552

- Uses the distroless image as the alpine image has been
  discontinued: envoyproxy/envoy#21758

- Updates tests to use custom filter names

- Adds `proto_types.go` to aid dynamic proto resolution
  for typed configs using `any.Any()`. This helps resolve
  protos where dynamic resolution is necessary.

- Updated Prometheus' ConfigMap to reflect changes to
  Envoy metrics prefixes

Signed-off-by: Shashank Ram <shashr2204@gmail.com>
@shashankram shashankram changed the title WIP: do not review envoy: update to latest version and fix typed proto usage Jun 21, 2022
@shashankram shashankram removed the wip Work-in-Progress label Jun 21, 2022
@shashankram shashankram marked this pull request as ready for review June 21, 2022 21:16
@keithmattix
Copy link
Contributor

The distroless envoy image scares me a bit; I understand Envoy dropped support for alpine (which is kind of shocking to me tbh), but I wonder about users looking to debug their envoy sidecars who now are left without a shell

@shashankram
Copy link
Member Author

The distroless envoy image scares me a bit; I understand Envoy dropped support for alpine (which is kind of shocking to me tbh), but I wonder about users looking to debug their envoy sidecars who now are left without a shell

That's a fair concern that would be better addressed by resolving #682, similar to Linkerd's approach.

@jaellio
Copy link
Contributor

jaellio commented Jun 22, 2022

The distroless envoy image scares me a bit; I understand Envoy dropped support for alpine (which is kind of shocking to me tbh), but I wonder about users looking to debug their envoy sidecars who now are left without a shell

That's a fair concern that would be better addressed by resolving #682, similar to Linkerd's approach.

Will #682 be a part of v1.2?

@shashankram
Copy link
Member Author

The distroless envoy image scares me a bit; I understand Envoy dropped support for alpine (which is kind of shocking to me tbh), but I wonder about users looking to debug their envoy sidecars who now are left without a shell

That's a fair concern that would be better addressed by resolving #682, similar to Linkerd's approach.

Will #682 be a part of v1.2?

No it won't, but I think that would be the best way to go for debugging purpose, vs bundling all tools into the default Envoy image. Alternatively, we could use the Envoy Ubuntu image, but that goes against the idea to use security hardened images. We already use distroless images for the control planes, so I am fine to use the same for Envoy.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants