From cfc6e55bd249ac6a507ac430d08212dd460020c5 Mon Sep 17 00:00:00 2001 From: Istio Automation Date: Wed, 24 Apr 2024 07:33:22 -0700 Subject: [PATCH 1/4] Automator: update proxy@master in istio/istio@master (#50665) --- istio.deps | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/istio.deps b/istio.deps index 8f190d907d1c..b91086d1f6c8 100644 --- a/istio.deps +++ b/istio.deps @@ -4,7 +4,7 @@ "name": "PROXY_REPO_SHA", "repoName": "proxy", "file": "", - "lastStableSHA": "015a976db904b2a3830872e405e2184ae00025c8" + "lastStableSHA": "22f0f1295c038d8336576455836c420ed2d8d906" }, { "_comment": "", From dd9793c72544437c7cc74eaffb8eb8c6329a1951 Mon Sep 17 00:00:00 2001 From: Aidan Date: Thu, 25 Apr 2024 01:04:22 +0900 Subject: [PATCH 2/4] Add retry on EXIT_ON_ZERO_ACTIVE_CONNECTIONS loop (#50586) * Add retry count on activeConn * Add exponentail backoff on graceful loop * Increase activeProxyConnections timeout default 1s to 2s * Add release notes * Remove exponential backoff retry on ticker loop --- pkg/envoy/agent.go | 18 ++++++++++++++---- releasenotes/notes/50596.yaml | 9 +++++++++ 2 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/50596.yaml diff --git a/pkg/envoy/agent.go b/pkg/envoy/agent.go index 659f9e0371dc..a5da5f6e5ea5 100644 --- a/pkg/envoy/agent.go +++ b/pkg/envoy/agent.go @@ -169,6 +169,8 @@ func (a *Agent) terminate() { log.Infof("Checking for active connections...") ticker := time.NewTicker(activeConnectionCheckDelay) defer ticker.Stop() + + retryCount := 0 graceful_loop: for range ticker.C { ac, err := a.activeProxyConnections() @@ -180,9 +182,15 @@ func (a *Agent) terminate() { default: if err != nil { log.Errorf(err.Error()) - a.abortCh <- errAbort - log.Infof("Graceful termination logic ended prematurely, error while obtaining downstream_cx_active stat") - break graceful_loop + retryCount++ + // Max retry 5 times + if retryCount > 4 { + a.abortCh <- errAbort + log.Warnf("Graceful termination logic ended prematurely, error while obtaining downstream_cx_active stat (Max retry %d exceeded)", retryCount) + break graceful_loop + } + log.Warnf("Retrying (%d attempt) to obtain active connections...", retryCount) + continue graceful_loop } if ac == -1 { log.Info("downstream_cx_active are not available. This either means there are no downstream connection established yet" + @@ -196,6 +204,8 @@ func (a *Agent) terminate() { break graceful_loop } log.Infof("There are still %d active connections", ac) + // reset retry count + retryCount = 0 } } } else { @@ -222,7 +232,7 @@ func (a *Agent) terminate() { func (a *Agent) activeProxyConnections() (int, error) { adminHost := net.JoinHostPort(a.localhost, strconv.Itoa(a.adminPort)) activeConnectionsURL := fmt.Sprintf("http://%s/stats?usedonly&filter=downstream_cx_active$", adminHost) - stats, err := http.DoHTTPGet(activeConnectionsURL) + stats, err := http.DoHTTPGetWithTimeout(activeConnectionsURL, 2*time.Second) if err != nil { return -1, fmt.Errorf("unable to get listener stats from Envoy : %v", err) } diff --git a/releasenotes/notes/50596.yaml b/releasenotes/notes/50596.yaml new file mode 100644 index 000000000000..6d84800f8f27 --- /dev/null +++ b/releasenotes/notes/50596.yaml @@ -0,0 +1,9 @@ +apiVersion: release-notes/v2 +kind: bug-fix +area: traffic-management +issue: + - 50596 + +releaseNotes: +- | + **Fixed** Added retry logic to make getting envoy metrics more safety on EXIT_ON_ZERO_ACTIVE_CONNECTIONS mode. From ee8354fb49fbb1c6e590050477fe4ce4c89f1cf3 Mon Sep 17 00:00:00 2001 From: Kuat Date: Wed, 24 Apr 2024 14:03:23 -0700 Subject: [PATCH 3/4] proxy: fix package names (#50669) Change-Id: I276ce58ff0a35b1db29b285ebe38c2f72efc84eb Signed-off-by: Kuat Yessenov --- security/pkg/nodeagent/caclient/providers/citadel/client.go | 2 +- .../pkg/nodeagent/caclient/providers/citadel/client_test.go | 2 +- security/pkg/nodeagent/caclient/providers/citadel/leak_test.go | 2 +- security/pkg/nodeagent/caclient/providers/google-cas/client.go | 2 +- .../pkg/nodeagent/caclient/providers/google-cas/client_test.go | 2 +- security/pkg/nodeagent/caclient/providers/google/client.go | 2 +- security/pkg/nodeagent/caclient/providers/google/client_test.go | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/security/pkg/nodeagent/caclient/providers/citadel/client.go b/security/pkg/nodeagent/caclient/providers/citadel/client.go index 86b43f98e470..e3dda125d572 100644 --- a/security/pkg/nodeagent/caclient/providers/citadel/client.go +++ b/security/pkg/nodeagent/caclient/providers/citadel/client.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package caclient +package citadel import ( "context" diff --git a/security/pkg/nodeagent/caclient/providers/citadel/client_test.go b/security/pkg/nodeagent/caclient/providers/citadel/client_test.go index f261a7e9d07e..f664412da347 100644 --- a/security/pkg/nodeagent/caclient/providers/citadel/client_test.go +++ b/security/pkg/nodeagent/caclient/providers/citadel/client_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package caclient +package citadel import ( "context" diff --git a/security/pkg/nodeagent/caclient/providers/citadel/leak_test.go b/security/pkg/nodeagent/caclient/providers/citadel/leak_test.go index 44a19a560c05..bf5034251c67 100644 --- a/security/pkg/nodeagent/caclient/providers/citadel/leak_test.go +++ b/security/pkg/nodeagent/caclient/providers/citadel/leak_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package caclient +package citadel import ( "testing" diff --git a/security/pkg/nodeagent/caclient/providers/google-cas/client.go b/security/pkg/nodeagent/caclient/providers/google-cas/client.go index b8ef0261aa58..d56402784430 100644 --- a/security/pkg/nodeagent/caclient/providers/google-cas/client.go +++ b/security/pkg/nodeagent/caclient/providers/google-cas/client.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package caclient +package googlecas import ( "context" diff --git a/security/pkg/nodeagent/caclient/providers/google-cas/client_test.go b/security/pkg/nodeagent/caclient/providers/google-cas/client_test.go index c1513d310a1e..5af39a5dd1d2 100644 --- a/security/pkg/nodeagent/caclient/providers/google-cas/client_test.go +++ b/security/pkg/nodeagent/caclient/providers/google-cas/client_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package caclient +package googlecas import ( "reflect" diff --git a/security/pkg/nodeagent/caclient/providers/google/client.go b/security/pkg/nodeagent/caclient/providers/google/client.go index ee4aa7452c95..aeea305795ff 100644 --- a/security/pkg/nodeagent/caclient/providers/google/client.go +++ b/security/pkg/nodeagent/caclient/providers/google/client.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package caclient +package google import ( "context" diff --git a/security/pkg/nodeagent/caclient/providers/google/client_test.go b/security/pkg/nodeagent/caclient/providers/google/client_test.go index 49861fedc063..108148b43161 100644 --- a/security/pkg/nodeagent/caclient/providers/google/client_test.go +++ b/security/pkg/nodeagent/caclient/providers/google/client_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package caclient +package google import ( "fmt" From dea2efb0a3b9e86d9b0a826a3658a694804f0f10 Mon Sep 17 00:00:00 2001 From: John Howard Date: Wed, 24 Apr 2024 19:16:06 -0700 Subject: [PATCH 4/4] istioctl: update ztunnel log examples and config dump API (#50666) The log examples were invalid/misleading, and config dump was missing a field. --- istioctl/pkg/writer/ztunnel/configdump/api.go | 38 +++++++++++-------- istioctl/pkg/ztunnelconfig/ztunnelconfig.go | 4 +- 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/istioctl/pkg/writer/ztunnel/configdump/api.go b/istioctl/pkg/writer/ztunnel/configdump/api.go index e344b9e0afa4..f0624ebff91b 100644 --- a/istioctl/pkg/writer/ztunnel/configdump/api.go +++ b/istioctl/pkg/writer/ztunnel/configdump/api.go @@ -21,22 +21,28 @@ type Locality struct { } type ZtunnelWorkload struct { - WorkloadIPs []string `json:"workloadIps"` - Waypoint *Waypoint `json:"waypoint"` - Protocol string `json:"protocol"` - Name string `json:"name"` - Namespace string `json:"namespace"` - ServiceAccount string `json:"serviceAccount"` - WorkloadName string `json:"workloadName"` - WorkloadType string `json:"workloadType"` - CanonicalName string `json:"canonicalName"` - CanonicalRevision string `json:"canonicalRevision"` - ClusterID string `json:"clusterId"` - TrustDomain string `json:"trustDomain,omitempty"` - Locality Locality `json:"locality,omitempty"` - Node string `json:"node"` - Network string `json:"network,omitempty"` - Status string `json:"status"` + WorkloadIPs []string `json:"workloadIps"` + Waypoint *Waypoint `json:"waypoint,omitempty"` + Protocol string `json:"protocol"` + Name string `json:"name"` + Namespace string `json:"namespace"` + ServiceAccount string `json:"serviceAccount"` + WorkloadName string `json:"workloadName"` + WorkloadType string `json:"workloadType"` + CanonicalName string `json:"canonicalName"` + CanonicalRevision string `json:"canonicalRevision"` + ClusterID string `json:"clusterId"` + TrustDomain string `json:"trustDomain,omitempty"` + Locality Locality `json:"locality,omitempty"` + Node string `json:"node"` + Network string `json:"network,omitempty"` + Status string `json:"status"` + ApplicationTunnel ApplicationTunnel `json:"applicationTunnel,omitempty"` +} + +type ApplicationTunnel struct { + Protocol string `json:"protocol"` + Port *uint16 `json:"port,omitempty"` } type Waypoint struct { diff --git a/istioctl/pkg/ztunnelconfig/ztunnelconfig.go b/istioctl/pkg/ztunnelconfig/ztunnelconfig.go index 9eca266b5759..1202d1fd056a 100644 --- a/istioctl/pkg/ztunnelconfig/ztunnelconfig.go +++ b/istioctl/pkg/ztunnelconfig/ztunnelconfig.go @@ -395,10 +395,10 @@ func logCmd(ctx cli.Context) *cobra.Command { istioctl ztunnel-config log # Update levels of the all loggers for a specific Ztunnel pod - istioctl ztunnel-config log --level none + istioctl ztunnel-config log --level off # Update levels of the specified loggers for all Ztunnl pods - istioctl ztunnel-config log --level http:debug,redis:debug + istioctl ztunnel-config log --level access:debug,info # Reset levels of all the loggers to default value (warning) for a specific Ztunnel pod. istioctl ztunnel-config log -r