xds: implement extension config discovery for HCM (envoyproxy#11826)

Signed-off-by: Kuat Yessenov <kuat@google.com>
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>

api/BUILD

@@ -245,6 +245,7 @@ proto_library(
         "//envoy/service/discovery/v3:pkg",
         "//envoy/service/endpoint/v3:pkg",
         "//envoy/service/event_reporting/v3:pkg",
+        "//envoy/service/extension/v3:pkg",
         "//envoy/service/health/v3:pkg",
         "//envoy/service/listener/v3:pkg",
         "//envoy/service/load_stats/v3:pkg",

api/envoy/config/accesslog/v3/accesslog.proto

@@ -242,6 +242,7 @@ message ResponseFlagFilter {
         in: "DPE"
         in: "UMSDR"
         in: "RFCF"
+        in: "NFCF"
       }
     }
   }];

api/envoy/config/core/v3/extension.proto

@@ -2,6 +2,8 @@ syntax = "proto3";
 
 package envoy.config.core.v3;
 
+import "envoy/config/core/v3/config_source.proto";
+
 import "google/protobuf/any.proto";
 
 import "udpa/annotations/status.proto";
@@ -28,3 +30,32 @@ message TypedExtensionConfig {
   // <config_overview_extension_configuration>` for further details.
   google.protobuf.Any typed_config = 2 [(validate.rules).any = {required: true}];
 }
+
+// Configuration source specifier for a late-bound extension configuration. The
+// parent resource is warmed until all the initial extension configurations are
+// received, unless the flag to apply the default configuration is set.
+// Subsequent extension updates are atomic on a per-worker basis. Once an
+// extension configuration is applied to a request or a connection, it remains
+// constant for the duration of processing. If the initial delivery of the
+// extension configuration fails, due to a timeout for example, the optional
+// default configuration is applied. Without a default configuration, the
+// extension is disabled, until an extension configuration is received. The
+// behavior of a disabled extension depends on the context. For example, a
+// filter chain with a disabled extension filter rejects all incoming streams.
+message ExtensionConfigSource {
+  ConfigSource config_source = 1 [(validate.rules).any = {required: true}];
+
+  // Optional default configuration to use as the initial configuration if
+  // there is a failure to receive the initial extension configuration or if
+  // `apply_default_config_without_warming` flag is set.
+  google.protobuf.Any default_config = 2;
+
+  // Use the default config as the initial configuration without warming and
+  // waiting for the first discovery response. Requires the default configuration
+  // to be supplied.
+  bool apply_default_config_without_warming = 3;
+
+  // A set of permitted extension type URLs. Extension configuration updates are rejected
+  // if they do not match any type URL in the set.
+  repeated string type_urls = 4 [(validate.rules).repeated = {min_items: 1}];
+}

api/envoy/data/accesslog/v3/accesslog.proto

@@ -186,7 +186,7 @@ message AccessLogCommon {
 }
 
 // Flags indicating occurrences during request/response processing.
-// [#next-free-field: 22]
+// [#next-free-field: 23]
 message ResponseFlags {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.data.accesslog.v2.ResponseFlags";
@@ -269,6 +269,9 @@ message ResponseFlags {
 
   // Indicates the response was served from a cache filter.
   bool response_from_cache_filter = 21;
+
+  // Indicates that a filter configuration is not available.
+  bool no_filter_config_found = 22;
 }
 
 // Properties of a negotiated TLS connection.

api/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto

@@ -5,6 +5,7 @@ package envoy.extensions.filters.network.http_connection_manager.v3;
 import "envoy/config/accesslog/v3/accesslog.proto";
 import "envoy/config/core/v3/base.proto";
 import "envoy/config/core/v3/config_source.proto";
+import "envoy/config/core/v3/extension.proto";
 import "envoy/config/core/v3/protocol.proto";
 import "envoy/config/core/v3/substitution_format_string.proto";
 import "envoy/config/route/v3/route.proto";
@@ -797,47 +798,24 @@ message HttpFilter {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.network.http_connection_manager.v2.HttpFilter";
 
-  // [#not-implemented-hide:] Configuration source specifier for the late-bound
-  // filter configuration. The HTTP Listener is warmed until all the initial
-  // filter configurations are received, unless the flag to apply the default
-  // configuration is set. Subsequent filter updates are atomic on a per-worker
-  // basis, and apply to new streams while the active streams continue using
-  // the older filter configurations. If the initial delivery of the filter
-  // configuration fails, due to a timeout for example, the optional default
-  // configuration is applied. Without a default configuration, the filter is
-  // disabled, and the HTTP listener responds with 500 immediately. After the
-  // failure, the listener continues subscribing to the subsequent filter
-  // configurations.
-  message HttpFilterConfigSource {
-    config.core.v3.ConfigSource config_source = 1;
-
-    // Optional default configuration to use as the initial configuration if
-    // there is a failure to receive the initial filter configuration or if
-    // `apply_default_config_without_warming` flag is set.
-    google.protobuf.Any default_config = 2;
-
-    // Use the default config as the initial configuration without warming and
-    // waiting for the first xDS response. Requires the default configuration
-    // to be supplied.
-    bool apply_default_config_without_warming = 3;
-  }
-
   reserved 3, 2;
 
   reserved "config";
 
   // The name of the filter configuration. The name is used as a fallback to
   // select an extension if the type of the configuration proto is not
-  // sufficient. It also serves as a resource name in FilterConfigDS.
+  // sufficient. It also serves as a resource name in ExtensionConfigDS.
   string name = 1 [(validate.rules).string = {min_bytes: 1}];
 
   // Filter specific configuration which depends on the filter being instantiated. See the supported
   // filters for further documentation.
   oneof config_type {
     google.protobuf.Any typed_config = 4;
 
-    // [#not-implemented-hide:] Configuration source specifier for FilterConfigDS.
-    HttpFilterConfigSource filter_config_ds = 5;
+    // Configuration source specifier for an extension configuration discovery service.
+    // In case of a failure and without the default configuration, the HTTP listener responds with 500.
+    // Extension configs delivered through this mechanism are not expected to require warming (see https://github.com/envoyproxy/envoy/issues/12061).
+    config.core.v3.ExtensionConfigSource config_discovery = 5;
   }
 }
 

api/envoy/service/filter/v3/filter_config_discovery.proto → api/envoy/service/extension/v3/config_discovery.proto

@@ -1,6 +1,6 @@
 syntax = "proto3";
 
-package envoy.service.filter.v3;
+package envoy.service.extension.v3;
 
 import "envoy/service/discovery/v3/discovery.proto";
 
@@ -10,28 +10,29 @@ import "envoy/annotations/resource.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 
-option java_package = "io.envoyproxy.envoy.service.filter.v3";
-option java_outer_classname = "FilterConfigDiscoveryProto";
+option java_package = "io.envoyproxy.envoy.service.extension.v3";
+option java_outer_classname = "ConfigDiscoveryProto";
 option java_multiple_files = true;
 option java_generic_services = true;
 option (udpa.annotations.file_status).package_version_status = ACTIVE;
 
-// [#protodoc-title: FilterConfigDS]
+// [#protodoc-title: ExtensionConfigDS]
 
-// Return filter configurations.
-service FilterConfigDiscoveryService {
+// Return extension configurations.
+service ExtensionConfigDiscoveryService {
   option (envoy.annotations.resource).type = "envoy.config.core.v3.TypedExtensionConfig";
 
-  rpc StreamFilterConfigs(stream discovery.v3.DiscoveryRequest)
+  rpc StreamExtensionConfigs(stream discovery.v3.DiscoveryRequest)
       returns (stream discovery.v3.DiscoveryResponse) {
   }
 
-  rpc DeltaFilterConfigs(stream discovery.v3.DeltaDiscoveryRequest)
+  rpc DeltaExtensionConfigs(stream discovery.v3.DeltaDiscoveryRequest)
       returns (stream discovery.v3.DeltaDiscoveryResponse) {
   }
 
-  rpc FetchFilterConfigs(discovery.v3.DiscoveryRequest) returns (discovery.v3.DiscoveryResponse) {
-    option (google.api.http).post = "/v3/discovery:filter_configs";
+  rpc FetchExtensionConfigs(discovery.v3.DiscoveryRequest)
+      returns (discovery.v3.DiscoveryResponse) {
+    option (google.api.http).post = "/v3/discovery:extension_configs";
     option (google.api.http).body = "*";
   }
 }

api/versioning/BUILD

@@ -128,7 +128,7 @@ proto_library(
         "//envoy/service/discovery/v3:pkg",
         "//envoy/service/endpoint/v3:pkg",
         "//envoy/service/event_reporting/v3:pkg",
-        "//envoy/service/filter/v3:pkg",
+        "//envoy/service/extension/v3:pkg",
         "//envoy/service/health/v3:pkg",
         "//envoy/service/listener/v3:pkg",
         "//envoy/service/load_stats/v3:pkg",

docs/root/api-v3/service/service.rst

@@ -16,3 +16,4 @@ Services
   tap/v3/*
   ../config/tap/v3/*
   trace/v3/*
+  extension/v3/*

docs/root/configuration/overview/extension.rst

@@ -61,3 +61,25 @@ follows:
           "@type": type.googleapis.com/udpa.type.v1.TypedStruct
           type_url: type.googleapis.com/envoy.extensions.filters.http.router.v3Router
 
+Discovery service
+^^^^^^^^^^^^^^^^^
+
+Extension configuration can be supplied dynamically from a :ref:`an xDS
+management server<xds_protocol>` using :ref:`ExtensionConfiguration discovery
+service<envoy_v3_api_file_envoy/service/extension/v3/config_discovery.proto>`.
+The name field in the extension configuration acts as the resource identifier.
+For example, HTTP connection manager supports :ref:`dynamic filter
+re-configuration<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.config_discovery>`
+for HTTP filters.
+
+Extension config discovery service has a :ref:`statistics
+<subscription_statistics>` tree rooted at
+*<stat_prefix>.extension_config_discovery.<extension_config_name>.*. In addition
+to the common subscription statistics, it also provides the following:
+
+.. csv-table::
+  :header: Name, Type, Description
+  :widths: 1, 1, 2
+
+  config_reload, Counter, Total number of successful configuration updates
+  config_fail, Counter, Total number of failed configuration updates

docs/root/version_history/current.rst

@@ -52,6 +52,8 @@ New Features
   that track headers and body sizes of requests and responses.
 * stats: allow configuring histogram buckets for stats sinks and admin endpoints that support it.
 * tap: added :ref:`generic body matcher<envoy_v3_api_msg_config.tap.v3.HttpGenericBodyMatch>` to scan http requests and responses for text or hex patterns.
+* tcp: switched the TCP connection pool to the new "shared" connection pool, sharing a common code base with HTTP and HTTP/2. Any unexpected behavioral changes can be temporarily reverted by setting `envoy.reloadable_features.new_tcp_connection_pool` to false.
+* xds: added :ref:`extension config discovery<envoy_v3_api_msg_config.core.v3.ExtensionConfigSource>` support for HTTP filters.
 
 Deprecated
 ----------