Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable Envoy removing TE request header #6288

Merged
merged 5 commits into from
Mar 18, 2024
Merged

Disable Envoy removing TE request header #6288

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
73f2513
Disable Envoy removing TE request header
sunjayBhatia Mar 18, 2024
9574c55
spelling
sunjayBhatia Mar 18, 2024
7ac9069
changelog
sunjayBhatia Mar 18, 2024
c8a0b31
codespell ignore
sunjayBhatia Mar 18, 2024
5ecd204
fix comment
sunjayBhatia Mar 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .codespell.ignorewords
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@ als
wit
aks
immediatedly
te
7 changes: 7 additions & 0 deletions changelogs/unreleased/6288-sunjayBhatia-minor.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
## Disable Envoy removing TE header

As of version v1.29.0, Envoy removes the hop-by-hop TE header.
However, this causes issues with HTTP/2, particularly gRPC, with implementations expecting the header to be present (and set to `trailers`).
Contour disables this via Envoy runtime setting and reverts to the v1.28.x and prior behavior of allowing the header to be proxied.

Once [this Envoy PR that enables the TE header including `trailers` to be forwarded](https://github.com/envoyproxy/envoy/pull/32255) is backported to a release or a new minor is cut, Contour will no longer set the aforementioned runtime key.
9 changes: 7 additions & 2 deletions internal/envoy/v3/runtime.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,13 @@ func RuntimeLayers(configurableRuntimeFields map[string]*structpb.Value) []*envo
func baseRuntimeLayer() *structpb.Struct {
return &structpb.Struct{
Fields: map[string]*structpb.Value{
"re2.max_program_size.error_level": structpb.NewNumberValue(maxRegexProgramSizeError),
"re2.max_program_size.warn_level": structpb.NewNumberValue(maxRegexProgramSizeWarn),
// Disable Envoy removing the client TE request header. Removing
// the header was added by default in Envoy v1.29.0.
// Can remove once https://github.com/envoyproxy/envoy/pull/32255 is
// backported or present in a new release of Envoy.
"envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false),
"re2.max_program_size.error_level": structpb.NewNumberValue(maxRegexProgramSizeError),
"re2.max_program_size.warn_level": structpb.NewNumberValue(maxRegexProgramSizeWarn),
},
}
}
5 changes: 3 additions & 2 deletions internal/envoy/v3/runtime_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,9 @@ func TestRuntimeLayers(t *testing.T) {
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
expectedFields := map[string]*structpb.Value{
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
"envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false),
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
}
for k, v := range tc.configurableFields {
expectedFields[k] = v
Expand Down
23 changes: 15 additions & 8 deletions internal/xdscache/v3/runtime_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,9 @@ func TestRuntimeCacheContents(t *testing.T) {
t.Run(name, func(t *testing.T) {
rc := NewRuntimeCache(tc.runtimeSettings)
fields := map[string]*structpb.Value{
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
"envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false),
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
}
for k, v := range tc.additionalFields {
fields[k] = v
Expand All @@ -83,8 +84,9 @@ func TestRuntimeCacheQuery(t *testing.T) {
Name: "dynamic",
Layer: &structpb.Struct{
Fields: map[string]*structpb.Value{
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
"envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false),
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
},
},
},
Expand Down Expand Up @@ -149,8 +151,9 @@ func TestRuntimeVisit(t *testing.T) {
Name: "dynamic",
Layer: &structpb.Struct{
Fields: map[string]*structpb.Value{
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
"envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false),
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
},
},
},
Expand Down Expand Up @@ -188,6 +191,7 @@ func TestRuntimeVisit(t *testing.T) {
Name: "dynamic",
Layer: &structpb.Struct{
Fields: map[string]*structpb.Value{
"envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false),
"envoy.resource_limits.listener.ingress_http.connection_limit": structpb.NewNumberValue(100),
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
Expand Down Expand Up @@ -232,6 +236,7 @@ func TestRuntimeVisit(t *testing.T) {
Name: "dynamic",
Layer: &structpb.Struct{
Fields: map[string]*structpb.Value{
"envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false),
"envoy.resource_limits.listener.ingress_http.connection_limit": structpb.NewNumberValue(100),
"envoy.resource_limits.listener.ingress_https.connection_limit": structpb.NewNumberValue(100),
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
Expand Down Expand Up @@ -299,6 +304,7 @@ func TestRuntimeCacheOnChangeDelete(t *testing.T) {
Name: "dynamic",
Layer: &structpb.Struct{
Fields: map[string]*structpb.Value{
"envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false),
"envoy.resource_limits.listener.ingress_http.connection_limit": structpb.NewNumberValue(100),
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
Expand All @@ -313,8 +319,9 @@ func TestRuntimeCacheOnChangeDelete(t *testing.T) {
Name: "dynamic",
Layer: &structpb.Struct{
Fields: map[string]*structpb.Value{
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
"envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false),
"re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20),
"re2.max_program_size.warn_level": structpb.NewNumberValue(1000),
},
},
},
Expand Down