Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document aggregation keyer rules #110

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Document aggregation keyer rules #110

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
154 changes: 154 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,157 @@ Caching, aggregation, and relaying for xDS compliant clients and origin servers
To get started:

* [Contributing guide](CONTRIBUTING.md)

## Design
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this supposed to be a TODO?


## Aggregation Rules

xds-relay uses aggregation rules to determine how to aggregate inbound connections to the origin
management server ([example](https://github.com/envoyproxy/xds-relay/blob/c83a956952c3e9762a08420ffc1c6bda5e0fff04/integration/testdata/keyer_configuration_e2e.yaml)
).

xDS requests that match under the same set of aggregation rules will fall into the same cache
bucket. The cache is a mapping of a aggregation key to a xDS [DiscoveryResponse](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/discovery.proto#discoveryresponse)
. This implies that all inbound xDS requests that map to the same aggregation key will retrieve the
same DiscoveryResponse. This is useful in multi-cluster scenarios where xDS configuration does not
differ greatly between clusters. For example, a service application scaled across 100 hosts will
likely require the same data plane configurations across all hosts.

At a high level, an aggregation rule is formed from `fragments`, `rules`, `match`, and `result`s.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should give a better description of how each one of these 4 components interact. For example, aggregations rules are composed of fragments, and a single fragment is composed of a list of rules where and each rule is composed of a pair composed of a match predicate and a result predicate.

Do you think it's too much to try to specify this using EBNF? It might be, I'm just wondering if having that could alleviate the problem of being total in this document.


#### Fragments
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why straight to heading level 4?

A final aggregation key may look like `fooservice_production_lds`. Each of those identifiers
separated by `_` is what we call a fragment. _fooservice_, _production_, and _lds_ are 3
fragments in the previous example.

#### Rules
Each `fragment` can have multiple `rule`s ([example](https://github.com/envoyproxy/xds-relay/blob/c83a956952c3e9762a08420ffc1c6bda5e0fff04/integration/testdata/keyer_configuration_e2e.yaml#L28-L52)
). A rule defines how to generate a fragment from an xDS [DiscoveryRequest](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/discovery.proto#discoveryrequest)
. The first matching rule applies, and the rest are ignored.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is true, i.e. we can have multiple matches in a list of rules. The mapper currently matches fragments for all rules, not only the first one (as this comment implies).


A rule is formed from a `match` and a `result`. `match` takes a DiscoveryRequest and matches on
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we enclose DiscoveryRequest in backticks? Or maybe link it to the envoy docs (like we're doing in line 39)?

some condition. `result` indicates how to generate the fragment. The snippet below illustrates
possible fragment rules:
```
fragments:
- rules:
- match:
request_type_match:
types:
- "type.googleapis.com/envoy.api.v2.Listener"
- "type.googleapis.com/envoy.api.v2.Cluster"
result:
request_node_fragment:
field: 1
Copy link
Contributor

@eapolinario eapolinario Jul 22, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should clarify what those fields are about. They map to the enum values defined in https://github.com/envoyproxy/xds-relay/blob/master/api/protos/aggregation/v1/aggregation.proto#L35-L41. edit: I saw that we specify the possible values in a section below.

As an aside: now that I read it again, we should find a way to use intelligible names instead of the enum values. Not in this PR obviously. Also, why didn't we name this field type? :-)

action:
regex_action: { pattern: "^*-(.*)-*$", replace: "$1" }
```
This example specifies that if the DiscoveryRequest type matches LDS or CDS, to generate the first
fragment from the DiscoveryRequest node ID field by performing a regex replace operation using the
pattern: `"^(.*)-*$"`, and replacing it with the first regex group match `"$1"`. More concretely,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: should be "^-(.)-*$"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you also define field here? does that correspond to "$1"?

if the DiscoveryRequest had a node ID `1a-fooservice-production`, this would create a fragment with
the string value `fooservice`.

#### Match Predicates
xds-relay current support a limited set of match predicates for rules. More will be added in the
future on a as needed basis. Refer to the [API protos](https://github.com/envoyproxy/xds-relay/blob/master/api/protos/aggregation/v1/aggregation.proto)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: "on an as-needed..."

for the source of truth.

##### `request_type_match`
- Match on the string value of the xDS request type URL.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why use lists in the description?

- Ex:
```
request_type_match:
types:
- "type.googleapis.com/envoy.api.v2.Listener"
```

##### `request_node_match`
- Match on fields from the [Node](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/core/base.proto#envoy-api-msg-core-node)
object of a DiscoveryRequest.
- Currently supported Node field types and identifiers:
```
id = 0
cluster = 1
locality.region = 2
locality.zone = 3;
locality.subzone = 4;
```
- Ex:
```
request_node_match:
field: 0
exact_match: "canary"
```
- _Note:_ match can be of type _exact_match_ or _regex_match_. The latter expects a regex pattern.

##### `and_match`
- Conditionally matches on 2 or more predicates. Match condition only applies if all predicates match.
- Ex:
```
and_match:
rules:
- request_type_match:
types:
- "type.googleapis.com/envoy.api.v2.Listener"
- request_node_match:
field: 0
exact_match: "canary"
```

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how about the other types of matches?

#### Result Predicates
xds-relay current support a limited set of result predicates for rules. More will be added in the
future on a as needed basis. Refer to the [API protos](https://github.com/envoyproxy/xds-relay/blob/master/api/protos/aggregation/v1/aggregation.proto)
for the source of truth.

##### Actions
- Actions can be either a `regex_action` or `exact`. Exact uses the result predicate as is, and
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about we don't use lists? It is a different style than the first sections of this document.

regex is a match and replace operation on the predicate.
- Ex:
```
action:
regex_action: { pattern: "^(.*)-*$", replace: "$1" }
```
- Ex 2:
```
action: { exact: true }
```

##### `request_node_fragment`
- Rules for generating the resulting fragment from a xDS DiscoveryRequest [Node](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/core/base.proto#envoy-api-msg-core-node).
- Currently supported Node field types and identifiers:
```
id = 0
cluster = 1
locality.region = 2
locality.zone = 3;
locality.subzone = 4;
```
- Ex:
```
request_node_fragment:
field: 0
action:
regex_action: { pattern: "^(.*)-*$", replace: "$1" }
```

##### `resource_names_fragment`
- Rules for generating the resulting fragment from xDS DiscoveryRequest resource names.
- _Note:_ We currently only support single resource elements.
- Ex:
```
resource_names_fragment:
element: 0
action: { exact: true }
```

##### `string_fragment`
- A simple string fragment.
- Ex:
```
string_fragment: lds
```

##### `and_result`
- A set that describes a logical AND. The result is a non-separated append operation between two or
more fragments.