diff --git a/changelog/unreleased/kong/dedicated_config_processing.yml b/changelog/unreleased/kong/dedicated_config_processing.yml new file mode 100644 index 000000000000..6b78ded49b42 --- /dev/null +++ b/changelog/unreleased/kong/dedicated_config_processing.yml @@ -0,0 +1,4 @@ +message: | + rename `privileged_agent` to `dedicated_config_processing. Enable `dedicated_config_processing` by default +type: feature +scope: Core diff --git a/kong.conf.default b/kong.conf.default index a99ca54d83e2..401c0c52f8ad 100644 --- a/kong.conf.default +++ b/kong.conf.default @@ -182,6 +182,15 @@ # cache (i.e. when the configured # `mem_cache_size`) is full. +#dedicated_config_processing = on # Enables or disables a special worker + # process for configuration processing. This process + # increases memory usage a little bit while + # allowing to reduce latencies by moving some + # background tasks, such as CP/DP connection + # handling, to an additional worker process specific + # to handling these background tasks. + # Currently this has effect only on data planes. + #pluginserver_names = # Comma-separated list of names for pluginserver # processes. The actual names are used for # log messages and to relate the actual settings. @@ -746,7 +755,7 @@ # the pattern defined by `openssl ciphers`. # This value is ignored if `ssl_cipher_suite` # is not `custom`. - # If you use DHE ciphers, you must also + # If you use DHE ciphers, you must also # configure the `ssl_dhparam` parameter. #ssl_protocols = TLSv1.1 TLSv1.2 TLSv1.3 diff --git a/kong/clustering/utils.lua b/kong/clustering/utils.lua index 4d831ceacefe..f463c83755cf 100644 --- a/kong/clustering/utils.lua +++ b/kong/clustering/utils.lua @@ -157,7 +157,7 @@ end function _M.is_dp_worker_process() - if kong.configuration.privileged_agent then + if kong.configuration.dedicated_config_processing then return process_type() == "privileged agent" end diff --git a/kong/conf_loader/init.lua b/kong/conf_loader/init.lua index f990521da0b2..69a92c3d4af2 100644 --- a/kong/conf_loader/init.lua +++ b/kong/conf_loader/init.lua @@ -434,7 +434,18 @@ local CONF_PARSERS = { dns_not_found_ttl = { typ = "number" }, dns_error_ttl = { typ = "number" }, dns_no_sync = { typ = "boolean" }, - privileged_agent = { typ = "boolean" }, + privileged_worker = { + typ = "boolean", + deprecated = { + replacement = "dedicated_config_processing", + alias = function(conf) + if conf.dedicated_config_processing == nil and + conf.privileged_worker ~= nil then + conf.dedicated_config_processing = conf.privileged_worker + end + end, + }}, + dedicated_config_processing = { typ = "boolean" }, worker_consistency = { enum = { "strict", "eventual" }, -- deprecating values for enums deprecated = { diff --git a/kong/init.lua b/kong/init.lua index 426bcec551aa..06a22517e036 100644 --- a/kong/init.lua +++ b/kong/init.lua @@ -743,7 +743,7 @@ function Kong.init() require("resty.kong.var").patch_metatable() - if config.privileged_agent and is_data_plane(config) then + if config.dedicated_config_processing and is_data_plane(config) then -- TODO: figure out if there is better value than 2048 local ok, err = process.enable_privileged_agent(2048) if not ok then diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua index 40aae4f00c3c..c28245192924 100644 --- a/kong/templates/kong_defaults.lua +++ b/kong/templates/kong_defaults.lua @@ -161,7 +161,7 @@ dns_not_found_ttl = 30 dns_error_ttl = 1 dns_no_sync = off -privileged_agent = off +dedicated_config_processing = on worker_consistency = eventual worker_state_update_frequency = 5 @@ -203,5 +203,5 @@ wasm_filters_path = NONE wasm_dynamic_module = NONE request_debug = on -request_debug_token = +request_debug_token = ]] diff --git a/spec/01-unit/03-conf_loader_spec.lua b/spec/01-unit/03-conf_loader_spec.lua index f9854c7abc66..ad41d52ea8bd 100644 --- a/spec/01-unit/03-conf_loader_spec.lua +++ b/spec/01-unit/03-conf_loader_spec.lua @@ -64,6 +64,8 @@ describe("Configuration loader", function() assert.same({}, conf.admin_gui_ssl_cert_key) assert.same({}, conf.status_ssl_cert) assert.same({}, conf.status_ssl_cert_key) + assert.same(nil, conf.privileged_agent) + assert.same(true, conf.dedicated_config_processing) assert.same(false, conf.allow_debug_header) assert.is_nil(getmetatable(conf)) end) @@ -2013,6 +2015,48 @@ describe("Configuration loader", function() assert.equal(nil, err) end) + it("privileged_agent -> dedicated_config_processing", function() + local conf, err = assert(conf_loader(nil, { + privileged_agent = "on", + })) + assert.same(nil, conf.privileged_agent) + assert.same(true, conf.dedicated_config_processing) + assert.equal(nil, err) + + -- no clobber + conf, err = assert(conf_loader(nil, { + privileged_agent = "on", + dedicated_config_processing = "on", + })) + assert.same(true, conf.dedicated_config_processing) + assert.same(nil, conf.privileged_agent) + assert.equal(nil, err) + + conf, err = assert(conf_loader(nil, { + privileged_agent = "off", + dedicated_config_processing = "on", + })) + assert.same(true, conf.dedicated_config_processing) + assert.same(nil, conf.privileged_agent) + assert.equal(nil, err) + + conf, err = assert(conf_loader(nil, { + privileged_agent = "on", + dedicated_config_processing = "off", + })) + assert.same(false, conf.dedicated_config_processing) + assert.same(nil, conf.privileged_agent) + assert.equal(nil, err) + + conf, err = assert(conf_loader(nil, { + privileged_agent = "off", + dedicated_config_processing = "off", + })) + assert.same(false, conf.dedicated_config_processing) + assert.same(nil, conf.privileged_agent) + assert.equal(nil, err) + end) + it("opentelemetry_tracing", function() local conf, err = assert(conf_loader(nil, { opentelemetry_tracing = "request,router", diff --git a/spec/kong_tests.conf b/spec/kong_tests.conf index 4afb45a0985f..f7c101f231ea 100644 --- a/spec/kong_tests.conf +++ b/spec/kong_tests.conf @@ -25,6 +25,8 @@ anonymous_reports = off worker_consistency = strict +dedicated_config_processing = on + dns_hostsfile = spec/fixtures/hosts nginx_main_worker_processes = 1