Refactoring Envoy DNS resolution as extension #17479
Conversation
… class extension for issue: envoyproxy#14310. Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
yanjunxiang-google
requested review from
alyssawilk,
lizan,
mathetake,
mattklein123 and
PiotrSikora
as code owners
|
This PR is a work in progress. Sending it to start get comments about whether the direction wise look good. There are pending issues need to be done:
|
|
/assign @htuch @yanavlasov @jmarantz @adisuissa This PR is still working in progress as mentioned above. However, I would like to send out this preliminary version out to get comments. Thanks! |
|
I think this PR also closes #17335. |
yanjunxiang-google
changed the title
|
/assign krajshiva |
|
krajshiva cannot be assigned to this issue. |
|
/wait |
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
|
Ping when it's time again to take another look /wait |
thanks! |
I've just built linux envoy-static using |
|
I just looked through the code, and I think the problem must have to do with the extension registry h/cc files that exist in EM to force registration. I think this is missing for apple. IMO what you have is OK, and EM can add the new registry for the apple stuff, but can we make it fail in a more obvious way? For example, here: Instead of checking for null when you try to do a default setup, can you actually gate this on wdyt? Should be a very small change. cc @goaway |
|
HI, @mattklein123 , If adding a check something like below is purely to flag the extension build file issue, then is it really worthwhile? '#ifdef APPLE' #endif We have other means to easily spot this extension build file issue, e.g., check the bootstrapping logs: [2021-10-14 18:06:35.672][1889399][info][main] [source/server/server.cc:371] statically linked extensions: and: ccing @htuch for his opinion on adding back the "#ifdef APPLE". thanks, |
|
I don't want to actually check the logs, because it's going to fall back to c-ares in a non-obvious way. All I'm saying to do is in the checkApple function do:
|
…er extension is not included Envoy MacOS build file Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
|
HI, @mattklein123 , Thanks for the comments. I modified checkUseAppleApiForDnsLookups() function to add the #ifdef APPLE, RELEASE_ASSERT() logic you mentioned. PTAL. |
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
envoyproxy/envoy#17479 Signed-off-by: JP Simard <jp@jpsim.com>
envoyproxy/envoy#17479 Signed-off-by: JP Simard <jp@jpsim.com>
Followup to #17479 Signed-off-by: JP Simard <jp@jpsim.com>
- Update `.bazelrc` - Update `.bazelversion` - Update after DNS resolver changes in envoyproxy/envoy#17479 - Note: A DNS resolver factory layer has been added since earlier versions of the Envoy PR. - The reason `ProcessImpl` receives an injected DNS resolver factory instead of a DNS resolver is that the complicated `Api` the factory needs to work is only constructed later (in the `ProcessImpl` constructor). - Note: `createDefaultDnsResolverFactory()` creates the platform-specific factory and also has the *side effect* of populating the `TypedExtensionConfig`. - Note: The `createDnsResolver()` method on the DNS resolver factory *also* takes the `TypedExtensionConfig` as an input. So in addition to injecting the factory into `ProcessImpl`, we also need to inject the `TypedExtensionConfig` that was populated by `createDefaultDnsResolverFactory()`. Signed-off-by: eric846 <56563761+eric846@users.noreply.github.com>
Integrates envoyproxy/envoy#17479 & envoyproxy/envoy#17521 Envoy diff: envoyproxy/envoy@a5b3af2...c687308 This PR: * Creates a new `extension_registry_platform_additions` library where platform-specific additions to the extensions can be configured. Currently only registers the Apple DNS resolver extension factory and no-ops on non-Apple platforms but more can be added here in the future. * Implements the new `Stream::bytesMeter()` function on `DirectStream`. * Increases the max binary size from 7.2MB to 7.3MB. We were already within 1% of that on `main` so it didn't take much new code to go over this limit.
Integrates #17479 & #17521 Envoy diff: a5b3af2...c687308 This PR: * Creates a new `extension_registry_platform_additions` library where platform-specific additions to the extensions can be configured. Currently only registers the Apple DNS resolver extension factory and no-ops on non-Apple platforms but more can be added here in the future. * Implements the new `Stream::bytesMeter()` function on `DirectStream`. * Increases the max binary size from 7.2MB to 7.3MB. We were already within 1% of that on `main` so it didn't take much new code to go over this limit. Signed-off-by: JP Simard <jp@jpsim.com>
Integrates #17479 & #17521 Envoy diff: a5b3af2...c687308 This PR: * Creates a new `extension_registry_platform_additions` library where platform-specific additions to the extensions can be configured. Currently only registers the Apple DNS resolver extension factory and no-ops on non-Apple platforms but more can be added here in the future. * Implements the new `Stream::bytesMeter()` function on `DirectStream`. * Increases the max binary size from 7.2MB to 7.3MB. We were already within 1% of that on `main` so it didn't take much new code to go over this limit. Signed-off-by: JP Simard <jp@jpsim.com>
<!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) --> Commit Message: Additional Description: I believe it is stable now since we conduct a security review and improvement for dns filter like #18651 #20744 #22861 #17479 #34409 #34456 #34490 and so on Risk Level: low Testing: Docs Changes: Release Notes: Signed-off-by: Boteng Yao <boteng@google.com>
Problem Description:
This PR is the code changes for refactoring Envoy DNS resolution as first class extension for issue: #14310. This is a follow up PR of #17272.
Solution:
1 Move c-ares and Apple DNS resolvers to their own extensions.
2) Create a DnsResolver factory interface, and derive two sub factory classes from it: CaresDnsResolver and AppleDnsResolver, each implement the method to create the corresponding dns_resolver object.
3) Refactor the boostrap_, cluster, dns_cache and dns_filter configuration parsing code, removing the dns_resolution_config parsing logic from them, call a standalone template function to parse the configuration, get a typed configuration. In this, 2.1) if theTypedExtensionConfig is in the config, using it to get the corresponding factory.
2.2) if TypedExtensionConfig is missing, then : if this is MacOS, and the run time flag: envoy.restart_features.use_apple_api_for_dns_lookups is enabled, then have the Envoy config factory synthesize a apple DNS resolver TypedExtensionConfig, and using it to get the apple DNS resolver factory. In all other cases, have the Envoy Synthesize a pseudo-configuration for the c-ares TypedExtensionConfig, and using it to get the cares DNS resolver factory
4) The DNS resolver factory retrieved in 3) will create a corresponding DNS resolver object (cares or apple).
Build:
passed
Testing:
passed
Release Notes:
N/A
Issues: DNS resolver as an extension point #14310
Fix #14310
Signed-off-by: Yanjun Xiang yanjunxiang@google.com
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]
[Optional API Considerations:]