xds-server updates #437
xds-server updates #437
Conversation
- Adds health probes and configurable logging - Fixes a bug where we pass each endpoint as its own locality rather than all in the same locality - Add support for routing tokens - if a routing token annotation is set, then the server configures the proxy with a `CaptureBytes=>TokenRouter` in the filter chain. - Adds a simple dockerfile that can be used to build the server
There was a problem hiding this comment.
LGTM, though I'll obviously defer to @markmandel on the Go code.
xds/pkg/server/server.go
Outdated
| } | ||
| } | ||
|
|
||
| func (s *Server) startAdminServer(ctx context.Context, address string) { |
There was a problem hiding this comment.
| func (s *Server) startAdminServer(ctx context.Context, address string) { | |
| func (s *Server) Run(ctx context.Context) { |
Move address into New, and then this object matches the New/Run pattern as everywhere else.
There was a problem hiding this comment.
updated to create address within the function, this is a helper function that is already being called from Server.Run
| } | ||
|
|
||
| // NewServer returns a new Server | ||
| func New( | ||
| logger *log.Logger, | ||
| port int16, | ||
| xdsPort int16, |
There was a problem hiding this comment.
This should fail linting 🤔 , since the function name doesn't match the comment (and it should be NewServer)
There was a problem hiding this comment.
not sure how to configure it, golint fails as expected but golangci-lint doesn't do this check
There was a problem hiding this comment.
Here's the config we use for Agones:
https://github.com/googleforgames/agones/blob/97dbf4677ac1c5223e434bca8ffc84654f6ae851/.golangci.yml#L47-L65
There's lots more linters 😃 (want to do it here, or in aseparatee PR?)
There was a problem hiding this comment.
TIL (source)
When a function returns a value of type pkg.T, where T is not Pkg, the function name may include T to make client code easier to understand. A common situation is a package with multiple New-like functions:
So since this returns a Server, New is perfectly acceptable as a constructor name!
There was a problem hiding this comment.
Updated to use the same linters, (though none of those still catches the functionname/comment matching)
There was a problem hiding this comment.
Weird. 🤔 Seems fine now though.
| } | ||
|
|
||
| // NewServer returns a new Server | ||
| func New( | ||
| logger *log.Logger, | ||
| port int16, | ||
| xdsPort int16, |
There was a problem hiding this comment.
Here's the config we use for Agones:
https://github.com/googleforgames/agones/blob/97dbf4677ac1c5223e434bca8ffc84654f6ae851/.golangci.yml#L47-L65
There's lots more linters 😃 (want to do it here, or in aseparatee PR?)
| } | ||
|
|
||
| // NewServer returns a new Server | ||
| func New( | ||
| logger *log.Logger, | ||
| port int16, | ||
| xdsPort int16, |
There was a problem hiding this comment.
TIL (source)
When a function returns a value of type pkg.T, where T is not Pkg, the function name may include T to make client code easier to understand. A common situation is a package with multiple New-like functions:
So since this returns a Server, New is perfectly acceptable as a constructor name!
xds/ci/Dockerfile
Outdated
|
|
||
| RUN go build -o /server cmd/controller.go | ||
|
|
||
| FROM alpine:latest |
There was a problem hiding this comment.
This should run as a non-root user.
I would also recommend pinning an alpine version, I think major.minor is fine though, since alphine
Actually, if we are going down this path, our other image is distroless -- I would suggest keeping one base image rather than two. distroless has a very low surface area, and also makes it very easy to run as non root in an already setup best-practice environment.
Go example:
https://github.com/GoogleContainerTools/distroless/blob/main/examples/go/Dockerfile
Although we would want to run gcr.io/distroless/static:nonroot
Local example:
Line 17 in 6a0762f
xds/pkg/server/server.go
Outdated
|
|
||
| http.Handle("/metrics", promhttp.Handler()) | ||
|
|
||
| http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) { |
There was a problem hiding this comment.
Is this meant to be a liveness probe or a readiness probe?
It would be good if this was /live or /ready so that it was clear.
I'm assuming that it's a readiness probe, in that if the k8s control plane goes down, we don't want to keep restarting this process because the health check is failing.
In that vein, it's probably useful to have both, as if the process can't respond to a simple http response, it should probably be restarted.
But if the k8s api is down we should keep logging this via liveness, but not restart the process.
There was a problem hiding this comment.
Updated to /ready, I assume if folks want to use it for liveness they can point to the same endpoint as well?
There was a problem hiding this comment.
Yeah they could. But I don't think people will want to restart the container if the K8s control plane goes down (but it's a choice 😁)
Doesn't have to be this PR, but I'd be tempted to have a /live endpoint as well that was just a Http Handler that returns 200.
Reason being that if the process does freeze (and can't respond to just a simple http request) for whatever reason, then it will restart and hopefully recover again.
| } | ||
|
|
||
| // NewServer returns a new Server | ||
| func New( | ||
| logger *log.Logger, | ||
| port int16, | ||
| xdsPort int16, |
There was a problem hiding this comment.
Weird. 🤔 Seems fine now though.
Only a minor thought for me - so if you want to merge as is, please feel free. Just leaving it open if it resonated and you wanted to do it with this PR 👍🏻 |
iffyio
force-pushed
the
iu/xds-server-updates
branch
from
c37d1d4 to
7c650bb
Compare
markmandel
added
kind/bug
rather than all in the same locality
is set, then the server configures the proxy with a
CaptureBytes=>TokenRouterin the filter chain.