Converting envoy configs to V2

[srikailash]

This is work in progress PR for converting envoy configs to v2. (#2139)
Signed-off-by: sri kailash [email protected]

title: Converting envoy configs to v2.

Description:
added yaml files for envoy_front_proxy.template, envoy_double_proxy.template, envoy_router.template, routing_helper.template and added a temporary generate_v2_config file which will be removed later on.
Used json2yaml.com to transform json files to yaml.

Risk Level: Low

Testing:
Need to test with generated configs. this is under todo list.

Docs Changes:
TODO

TODO:

1. Add v2 config for envoy_service_to_service.template.yaml
2. Need to clean up formatting issues for generated configs
3. Test the configs generated.

[mattklein123]

@srikailash this looks on the right track. Can you ping us when this is ready for review? (Basically we just want to replace all the JSON stuff with pure v2 and get similar configs).

[ccaraman]

@srikailash Please merge master. That has a fix for the failing ipv6 tests.

[srikailash]

@ccaraman done, thanks.
@mattklein123, Sure, will ping here when this is ready for review.

[srikailash]

will remove this file before final merging.

[srikailash]

@mattklein123 , this is ready for review.
I tested generated yaml configs with json converted to yaml configs and looked right to me.
Need to trim some extra lines being generated. Thanks!

[mattklein123]

Nice!!!

@junr03 can you review as this is related to what you have done internally?

@srikailash we should remove the v1 config generators as part of this change. Can you also make sure the new files are being config tested as part of tests? Thanks!!!

[srikailash]

@mattklein123 , please elaborate on this 'Can you also make sure the new files are being config tested as part of tests?'. Does that mean starting envoy with generated yaml and manually testing? Thanks!

[mattklein123]

@srikailash take a look at https://github.com/envoyproxy/envoy/blob/master/configs/BUILD. We test all the configs that are output by configgen. So the result of this change should be to delete all the JSON output and instead test all of the YAML output v2 configs.

[junr03]

@srikailash thanks for doing this! I got you started with all my comments for one of the templates. However, what I noticed is that you did a 1:1 translation of the templates from JSON to yaml. Unfortunately the transition from v1 to v2 is also structural and a lot of the configuration is different.

I gave you all the pointers I found in one of the templates. Please take that, and the docs for the v2 format https://www.envoyproxy.io/docs/envoy/latest/api-v2/api to rewrite the remaining templates. I can take a look again after you go through them.

[junr03]

this address needs to follow https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/core/address.proto#envoy-api-msg-core-address

[junr03]

Needs to look akin to:

- address:
    socket_address:
      address: {{ address }}
      protocol: {{ protocol }}
      port_value: {{ port }}

[junr03]

this field has changed a lot. It now hangs of off the filter_chains field and its organization has changed quite a bit: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto#envoy-api-msg-auth-downstreamtlscontext

[junr03]

this also hangs off of filter_chains

[junr03]

This also hangs off of filter_chains. Take a looks at the listener fields: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/lds.proto#envoy-api-msg-listener and also the filter_chains field: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener/listener.proto#envoy-api-msg-listener-filterchain

[junr03]

values that are enums should be all upper case. ex: AUTO

[junr03]

same as comment above about duration fields

[junr03]

the field name is now lb_policy. enums need to be all upper case

[junr03]

the host list needs to follow the address msg type: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/core/address.proto#envoy-api-msg-core-address

[junr03]

this field is quite different now follow: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto#envoy-api-msg-auth-upstreamtlscontext

[junr03]

both this, and the above cluster have the same comments as the statsd cluster

[srikailash]

@junr03 ,thanks for detailed comments. Will let you know after updating.

[srikailash]

@junr03 mind having a quick look at above commit changes.
TODO: need to update access_log, tls related configs.(probably need some help regarding adding tls config, gonna read that up again).
Thanks!

[junr03]

@srikailash looking better. There are still some problems, but heading in the right direction. Let me know when you have updated

[junr03]

this field and the two below are not needed

[junr03]

protocol here is TCP

[junr03]

the address should just be 127.0.0.1

[junr03]

nit: not sure why, but there are many fields like this that have two spaces, can you fix?

[junr03]

This field is an array

[junr03]

same comment as above on the address. The protocol should be in its own field, and the address part should only be the 127.0.0.1 part

[junr03]

same comments as the ones above for this cluster and the one below

[srikailash]

@junr03, fixed problems mentioned by you. please take a look.

[junr03]

@srikailash do you mind solving the CI issues first, then I'll take a look at the whole change. Thanks!

[srikailash]

@junr03 should this line be enough to import yaml in configgen.py? I see tests are failing because of "import yaml" in configgen.py. Thanks!

[junr03]

@srikailash you need to add it to the python deps like jinja2. Take a look at how that is done

envoy/bazel/repositories.bzl

Line 125 in a328bc5

# Python dependencies. If these become non-trivial, we might be better off using a virtualenv to

,

envoy/bazel/external/jinja.BUILD

Line 1 in a328bc5

py_library(

,

envoy/bazel/repository_locations.bzl

Line 65 in a328bc5

com_github_pallets_jinja = dict(

[srikailash]

@junr03, please have a quick look at (a87dfe1). //test/config_test:example_configs_test seems to be failing still.(pyyaml has a cmake build type) . Thanks!

[srikailash]

@junr03, friendly ping. :)

[junr03]

Sorry, didn't see this comment before. I'm away at a conference. Do you mind going to the #bazel channel on the envoy slack to ask for advice on this case?

[srikailash]

@junr03, tried asking in #bazel channel and had some discussion with Kuat. Couldn't solve the issue. Any thoughts on how to fix this? Thanks!

[kyessenov]

I think the actual name should be @com_github_yaml_pyyaml//:yaml. The external workspace binds only top-level names.

[srikailash]

@kyessenov, thanks for checking. I guess that should be the directory after cloning from com_github_yaml_pyyaml defined in repository_locations.bzl. I made that change and couldn't fix build. Could be please take a look again? Thanks in advance!

[kyessenov]

Hm, This name resolves to the py_library in pyyaml.BUILD. You can rename that library to lib/yaml or use :yaml here, either way is fine, I think.

[srikailash]

@kyessenov , changed with 5602eed

[srikailash]

@kyessenov, friendly ping. :)

[kyessenov]

Sorry, missed notifications :( Bazel stuff looks fine to me.

[junr03]

@srikailash coming back to this. What do you need from us to move this forward? Should I do another review? Did we resolve all the bazel/build issues?

[srikailash]

@junr03, thanks for checking this again. I need help with two things

1. Need to fix importing yaml build issue
2. Add ssl context to templates in v2 api.
   Regarding 1: tried asking in #bazel , had some discussion with kuat but couldn't fix it

[junr03]

@jmillikin-stripe do you have a cycle to help @srikailash with his dependency issue?

[junr03]

@srikailash for 2. DM me on the envoy slack and we can iterate on that if you have specific questions

[kyessenov]

Let me pull your fork and try out bazel build locally.

[kyessenov]

Can you try this:

diff --git a/bazel/external/pyyaml.BUILD b/bazel/external/pyyaml.BUILD
index d4e8e1d..6e203e9 100644
--- a/bazel/external/pyyaml.BUILD
+++ b/bazel/external/pyyaml.BUILD
@@ -1,5 +1,6 @@
 py_library(
     name = "yaml",
     srcs = glob(["lib/yaml/**/*.py"]),
+    imports = ["lib"],
     visibility = ["//visibility:public"],
 )

[srikailash]

@kyessenov, thanks for the fix. importing error is fixed, now it is for me to fix other tests.

[srikailash]

will update this once other configs are up-to-date.

[zuercher]

@srikailash is this ready for review again or are more changes forthcoming?

[srikailash]

@zuercher i asked Jose for a review just to make sure it is in the right path, but yeah there are some updates that needs to be done in service_to_service template.

[zuercher]

@srikailash Thanks for the update. Please give him a mention here when you're ready for another look.

[srikailash]

@junr03, this is ready for review now.
I probably need help with following things:

1. Add sds clusters to internal_cluster_definition in envoy_front_proxy.v2.template
2. Add dynamic_resources to envoy_front_proxy
3. Add access_log config with or_filters to service_to_service envoy
4. Add rds to service_to_service envoy
   Thanks in advance!

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 7 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[srikailash]

Will update and reopen the PR. Thanks :)

[srikailash]

Hello, building upstream envoy fails with

envoy/bazel/repositories.bzl:10:1: file '@bazel_tools//tools/cpp:windows_cc_configure.bzl' does not contain symbol 'setup_vc_env_vars'
ERROR: error loading package '': Extension file 'bazel/repositories.bzl' has errors
ERROR: error loading package '': Extension file 'bazel/repositories.bzl' has errors
INFO: Elapsed time: 0.187s
FAILED: Build did NOT complete successfully (0 packages loaded)
ERROR: Couldn't start the build. Unable to run tests

couldn't get a response in slack. please let me know how to resolve this blocker. Thanks

[dio]

Hi @srikailash, what version of bazel do you use? Are you on osx or linux?

[srikailash]

@dio , thanks and this is the version : 0.11.0-homebrew and i am on osx.

[dio]

@srikailash I think it's worth to do brew upgrade bazel now 🙂.

[srikailash]

@dio, build still fails with
External dependency build failed, check above log for errors and ensure all prerequisites at https://github.com/envoyproxy/envoy/blob/master/bazel/README.md#quick-start-bazel-build-for-developers are met. ERROR: /Users/sgandebathul/opensource/upstream_envoy/envoy/bazel/repositories.bzl:264:13: no such package '@envoy_deps//': External dep build failed and referenced by '//external:ares' ERROR: Analysis of target '//test/common/network:dns_impl_test' failed; build aborted: Analysis failed . How can i resolve that?

[srikailash]

bazel run //tools:v1_to_bootstrap envoy_double_proxy.json fails to build on upstream with this error
no such package '@envoy_deps//': External dep build failed and referenced by '//external:tcmalloc_and_profiler' ERROR: Analysis of target '//tools:v1_to_bootstrap' failed; build aborted: Analysis failed.
@junr03 @dio how can i fix this?

[mattklein123]

@srikailash can you please blow away your entire dev environment and setup from scratch along with having the most recent versions of all the packages? If it still doesn't work I would get in Slack and ask there either in the OSX room if you are using OSX or in the normal dev room if you are using Linux.

[srikailash]

@mattklein123, tried with new dev environment. Still have the same issue.

[junr03]

just a few more comments, thanks!

[junr03]

I think this must be a merge problem, right?

[junr03]

These names are still off

[junr03]

not needed.

[junr03]

this should be cds_cluster

[srikailash]

@junr03 , this is ready for another pass.

[mattklein123]

@junr03 @danielhochman friendly ping PTAL. I would love to land this next week.

[junr03]

Sorry for the delay, was coming back from vacation.

Alright, I can't see anything else missing here at plain sight, and we have gone through the due diligence of comparing with the conversion tool. I think we should check in. And if there are needed changes by the community deal with them in small PRs.

Thanks for your hard work here @srikailash

[mattklein123]

Epic! Thank you!!!!!!! 💯

[srikailash]

Thanks for merging and review process, this helped to learn about envoy more.