Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate config using STDIN and /dev/fd/0 #10296

Open
wants to merge 43 commits into
base: main
Choose a base branch
from
Open

Validate config using STDIN and /dev/fd/0 #10296

wants to merge 43 commits into from

Conversation

ryanrolds
Copy link

@ryanrolds ryanrolds commented Nov 14, 2024
edited
Loading

Description

To address an issue with large configs passed as arguments causing a arguments to long error during validation; This PR adjusts how the config is provided to Envoy. The config is now fed to the process via STDIN and the --config-yaml is set to the file descriptor for STDIN.

Code changes

  • Switch to STDIN for injecting the config during validation
  • Pass CLUSTER_NAME to kube2e test running
  • Adjusted instructions for running kube3e tests locally.
  • Added make target for kind setup
  • Increased timeout of validation webhook in tests and added note to docs

Context

A customer with a large config reported the error.

Interesting decisions

Initially there were discussions about saving a file inside of the container, but concerns about read-only root filesystems were raised. A volume would address that issue, but is a more complex solution. To avoid the need for a volume in some cases, I opted to use STDIN to provide the config to the program and read the STDIN FD to the config.

Testing steps

I've applied the large config yaml in the test with and without the fix confirming that is was broken and is now fixed.

% make kind-setup
% helm upgrade --install -n gloo-system --create-namespace gloo ./_test/gloo-1.0.0-ci1.tgz --values ./test/kubernetes/e2e/tests/manifests/common-recommendations.yaml
% make -B kind-reload-gloo
% kubectl create namespace full-envoy-validation-test
% kubectl apply -f test/kubernetes/e2e/features/validation/testdata/valid-resources/large-configuration.yaml

Notes for reviewers

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

ryanrolds and others added 27 commits November 11, 2024 13:00
@ryanrolds
Trying to validate config using STDIN and /dev/fd/0
44d133d
@soloio-bulldozer
Merge main into rolds/envoy_large_validation
83f05f1
@soloio-bulldozer
Merge refs/heads/main into rolds/envoy_large_validation
59a8257
@ryanrolds
Adding change log
43d5512
@ryanrolds
Merge branch 'rolds/envoy_large_validation' of ssh://github.com/solo-…
3af084f 
…io/gloo into rolds/envoy_large_validation
@soloio-bulldozer
Merge refs/heads/main into rolds/envoy_large_validation
d9c1429
@soloio-bulldozer
Merge refs/heads/main into rolds/envoy_large_validation
5857e78
@soloio-bulldozer
Merge refs/heads/main into rolds/envoy_large_validation
b3587da
@soloio-bulldozer
Merge refs/heads/main into rolds/envoy_large_validation
ec010fa
@ryanrolds
Fixed for tests and new test for large configs
4ee4b20
@ryanrolds
Merge branch 'rolds/envoy_large_validation' of ssh://github.com/solo-…
8493f69 
…io/gloo into rolds/envoy_large_validation
@ryanrolds
Minor adjustments
9f50557
@ryanrolds @nfuden
Update changelog/v1.18.0-beta34/validate-large-configs.yaml
81d9d2c 
Co-authored-by: Nathan Fudenberg <[email protected]>
@ryanrolds
Remove uneeded env var setting
3306ab1
@ryanrolds
Merge branch 'rolds/envoy_large_validation' of ssh://github.com/solo-…
2e45b4c 
…io/gloo into rolds/envoy_large_validation
@soloio-bulldozer
Merge refs/heads/main into rolds/envoy_large_validation
41ba11c
@ryanrolds
Adjsuted how we work out the cluster context in kube2e tests
32c8ab1
@ryanrolds
Moved kubernetes e2e test
7430975
@ryanrolds
Merge branch 'rolds/envoy_large_validation' of ssh://github.com/solo-…
d70b482 
…io/gloo into rolds/envoy_large_validation
@soloio-bulldozer
Merge refs/heads/main into rolds/envoy_large_validation
aee9427
@solo-changelog-bot
Adding changelog file to new location
127d879
@solo-changelog-bot
Deleting changelog file from old location
6044d43
@ryanrolds
Turned of strict mode for the full envoy tests
be5bb4f
@ryanrolds
Merge branch 'rolds/envoy_large_validation' of ssh://github.com/solo-…
6792374 
…io/gloo into rolds/envoy_large_validation
@ryanrolds
Added make target to help keep versions uniform
22fabd1
@ryanrolds
Removed an extra VS from large config test
34a71c1
@ryanrolds
Merge branch 'main' into rolds/envoy_large_validation
b772cb1
@nfuden nfuden changed the title Validate config using STDIN and /dev/fd/0 [Migrated] Update test HttpRequestBuilder DefaultHost from test.com to jsonplaceholder.typicode.com/ Nov 14, 2024
@nfuden nfuden closed this Nov 14, 2024
@ryanrolds ryanrolds changed the title [Migrated] Update test HttpRequestBuilder DefaultHost from test.com to jsonplaceholder.typicode.com/ Validate config using STDIN and /dev/fd/0 Nov 14, 2024
@ryanrolds ryanrolds reopened this Nov 14, 2024
@solo-changelog-bot
Copy link

Issues linked to changelog:
https://github.com/solo-io/solo-projects/issues/7089

1 similar comment
@solo-changelog-bot
Copy link

Issues linked to changelog:
https://github.com/solo-io/solo-projects/issues/7089

@ryanrolds ryanrolds requested a review from a team as a code owner November 14, 2024 18:19
jenshu pushed a commit that referenced this pull request Nov 15, 2024
@sheidkamp
Update test HttpRequestBuilder DefaultHost from test.com to jsonplace…
56f7e3d 
…holder.typicode.com/ (#10296)
@ryanrolds
Copy link
Author

I've made the changes that switch the full Envoy validation to being passed in via STDIN and /dev/fd/0. This changes appears to be working, but has uncovered an issue with the configuration becoming large and taking minutes to validate.

Steps to reproduce the timeout I'm seeing:

% ./ci/kind/setup-kind.sh
% helm upgrade --install -n gloo-system --create-namespace gloo ./_test/gloo-1.0.0-ci1.tgz --values ./test/kubernetes/e2e/tests/manifests/full-envoy-validation-helm.yaml
% kubectl create namespace full-envoy-validation-test
% SKIP_INSTALL=true TEAR_DOWN=false go test -v ./test/kubernetes/e2e/tests -run ^TestFullEnvoyValidation/FullEnvoyValidation$

Repeatedly running the test will cause the config size validated to grow to the point of taking longer than the timeout:

{"level":"info","ts":"2024-11-18T19:22:13.471Z","logger":"gloo.v1.event_loop.setup.gateway-validation-webhook.gateway-validator.proxy-validator.translator.compute_route_config.listener-::-8080-routes","caller":"runner/run.go:42","msg":"full envoy validation of 1340 size completed in 486.440292ms","version":"1.0.0-ci1","Kind":"gateway.solo.io/v1, Kind=VirtualService","Namespace":"full-envoy-validation-test","Name":"httpbin-1","UID":"9a8c7be7-f5ef-4089-9b7f-2652039f6d04","PatchOperation":"CREATE","UserInfo":{"username":"kubernetes-admin","groups":["kubeadm:cluster-admins","system:authenticated"]}}
{"level":"info","ts":"2024-11-18T19:22:13.924Z","logger":"gloo.v1.event_loop.setup.gateway-validation-webhook.gateway-validator.proxy-validator.translator.compute_route_config.listener-::-8080-routes","caller":"runner/run.go:42","msg":"full envoy validation of 1145 size completed in 452.091542ms","version":"1.0.0-ci1","Kind":"gateway.solo.io/v1, Kind=VirtualService","Namespace":"full-envoy-validation-test","Name":"httpbin-1","UID":"9a8c7be7-f5ef-4089-9b7f-2652039f6d04","PatchOperation":"CREATE","UserInfo":{"username":"kubernetes-admin","groups":["kubeadm:cluster-admins","system:authenticated"]}}
...
{"level":"info","ts":"2024-11-18T19:22:16.215Z","logger":"gloo.v1.event_loop.setup.gateway-validation-webhook.gateway-validator.proxy-validator.translator.compute_route_config.listener-::-8080-routes","caller":"runner/run.go:42","msg":"full envoy validation of 325160 size completed in 855.29125ms","version":"1.0.0-ci1","Kind":"gateway.solo.io/v1, Kind=VirtualService","Namespace":"full-envoy-validation-test","Name":"httpbin-2","UID":"2446a129-f09b-4074-8c67-08e687746c6f","PatchOperation":"CREATE","UserInfo":{"username":"kubernetes-admin","groups":["kubeadm:cluster-admins","system:authenticated"]}}
{"level":"info","ts":"2024-11-18T19:22:17.063Z","logger":"gloo.v1.event_loop.setup.gateway-validation-webhook.gateway-validator.proxy-validator.translator.compute_route_config.listener-::-8080-routes","caller":"runner/run.go:42","msg":"full envoy validation of 326810 size completed in 844.33175ms","version":"1.0.0-ci1","Kind":"gateway.solo.io/v1, Kind=VirtualService","Namespace":"full-envoy-validation-test","Name":"httpbin-2","UID":"2446a129-f09b-4074-8c67-08e687746c6f","PatchOperation":"CREATE","UserInfo":{"username":"kubernetes-admin","groups":["kubeadm:cluster-admins","system:authenticated"]}}
{"level":"info","ts":"2024-11-18T19:22:17.897Z","logger":"gloo.v1.event_loop.setup.gateway-validation-webhook.gateway-validator.proxy-validator.translator.compute_route_config.listener-::-8080-routes","caller":"runner/run.go:42","msg":"full envoy validation of 324965 size completed in 824.386709ms","version":"1.0.0-ci1","Kind":"gateway.solo.io/v1, Kind=VirtualService","Namespace":"full-envoy-validation-test","Name":"httpbin-2","UID":"2446a129-f09b-4074-8c67-08e687746c6f","PatchOperation":"CREATE","UserInfo":{"username":"kubernetes-admin","groups":["kubeadm:cluster-admins","system:authenticated"]}}
...
{"level":"info","ts":"2024-11-18T19:22:58.233Z","logger":"gloo.v1.event_loop.setup.gateway-validation-webhook.gateway-validator.proxy-validator.translator.compute_route_config.listener-::-8080-routes","caller":"runner/run.go:42","msg":"full envoy validation of 20710952 size completed in 23.977979095s","version":"1.0.0-ci1","Kind":"gateway.solo.io/v1, Kind=VirtualService","Namespace":"full-envoy-validation-test","Name":"httpbin-1","UID":"9af1e8ce-a9bf-4224-83e9-d36c370c2d48","PatchOperation":"DELETE","UserInfo":{"username":"kubernetes-admin","groups":["kubeadm:cluster-admins","system:authenticated"]}}
{"level":"info","ts":"2024-11-18T19:23:22.758Z","logger":"gloo.v1.event_loop.setup.gateway-validation-webhook.gateway-validator.proxy-validator.translator.compute_route_config.listener-::-8080-routes","caller":"runner/run.go:42","msg":"full envoy validation of 20712602 size completed in 24.223770011s","version":"1.0.0-ci1","Kind":"gateway.solo.io/v1, Kind=VirtualService","Namespace":"full-envoy-validation-test","Name":"httpbin-1","UID":"9af1e8ce-a9bf-4224-83e9-d36c370c2d48","PatchOperation":"DELETE","UserInfo":{"username":"kubernetes-admin","groups":["kubeadm:cluster-admins","system:authenticated"]}}
...
{"level":"info","ts":"2024-11-18T19:24:36.227Z","logger":"gloo.v1.event_loop.setup.gateway-validation-webhook.gateway-validator.proxy-validator.translator.compute_route_config.listener-::-8080-routes","caller":"runner/run.go:42","msg":"full envoy validation of 20710325 size completed in 24.106387803s","version":"1.0.0-ci1","Kind":"gateway.solo.io/v1, Kind=VirtualService","Namespace":"full-envoy-validation-test","Name":"httpbin-1","UID":"9af1e8ce-a9bf-4224-83e9-d36c370c2d48","PatchOperation":"DELETE","UserInfo":{"username":"kubernetes-admin","groups":["kubeadm:cluster-admins","system:authenticated"]}}
{"level":"info","ts":"2024-11-18T19:28:56.334Z","logger":"gloo.v1.event_loop.setup.gateway-validation-webhook.gateway-validator.proxy-validator","caller":"runner/run.go:42","msg":"full envoy validation of 227839355 size completed in 4m18.553049994s","version":"1.0.0-ci1","Kind":"gateway.solo.io/v1, Kind=VirtualService","Namespace":"full-envoy-validation-test","Name":"httpbin-1","UID":"9af1e8ce-a9bf-4224-83e9-d36c370c2d48","PatchOperation":"DELETE","UserInfo":{"username":"kubernetes-admin","groups":["kubeadm:cluster-admins","system:authenticated"]}}
{"level":"info","ts":"2024-11-18T19:29:01.345Z","logger":"gloo.v1.event_loop.setup.gloosnapshot.event_loop.envoyTranslatorSyncer","caller":"runner/run.go:42","msg":"full envoy validation of 3595643 size completed in 4.904727085s","version":"1.0.0-ci1"}

It looks like in some cases the timeout is a background process running during the tests that also causes a full envoy validation that holds the validating webhook for too long. I'm also seeing OOMKilled after running the tests several time without starting the controller.

I have heap dumps from before and after running the tests if they would be useful. Here a heap png output from after the tests have been run 2-3 times.

profile006

@ryanrolds
Copy link
Author

This archive contains heap dumps taken w/o validation and w/ validation.

Archive.zip

@ryanrolds ryanrolds mentioned this pull request Nov 18, 2024
Open
@ryanrolds
Copy link
Author

I'm handing this off to Nathan. I've taken it far as I can (I don't know the internals of Gloo well enough to address the config growth issue) which is blocking the tests from passing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nfuden nfuden Awaiting requested review from nfuden

@sam-heilbron sam-heilbron Awaiting requested review from sam-heilbron

At least 2 approving reviews are required to merge this pull request.

Assignees

@nfuden nfuden

Labels
keep pr updated work in progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ryanrolds @nfuden