Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support gRPC over proxy #949

Closed
wants to merge 3 commits into from
Closed

feat: support gRPC over proxy #949

wants to merge 3 commits into from

Conversation

pradeepbbl
Copy link
Member

@pradeepbbl pradeepbbl commented Sep 11, 2024
edited
Loading

This PR

Added a new config option AUTHORITY_OVERRIDE which will allow users to override system
generated authority. This will be useful when running gRPC sync service behind proxy e.g. envoy, istio etc

  • support gRPC over proxy

Related Issues

N/A

Notes

grpcurl sample using envoy proxy

$ grpcurl -vv -plaintext -format=json  -authority flagd-sync.service 127.0.0.1:9211 list flagd.sync.v1.FlagSyncService
flagd.sync.v1.FlagSyncService.FetchAllFlags
flagd.sync.v1.FlagSyncService.GetMetadata
flagd.sync.v1.FlagSyncService.SyncFlags

Flagd Provider Logs:

ERROR [2024-09-11 00:38:43,120] dev.openfeature.contrib.providers.flagd.resolver.process.storage.connector.grpc.GrpcStreamConnector: Error from grpc connection, retrying in 2000ms
! io.grpc.StatusRuntimeException: UNKNOWN: service not registered for this consumer
! at io.grpc.Status.asRuntimeException(Status.java:537)
! at io.grpc.stub.ClientCalls$StreamObserverToCallListenerAdapter.onClose(ClientCalls.java:481)
! at io.grpc.internal.DelayedClientCall$DelayedListener$3.run(DelayedClientCall.java:489)
! at io.grpc.internal.DelayedClientCall$DelayedListener.delayOrExecute(DelayedClientCall.java:453)
! at io.grpc.internal.DelayedClientCall$DelayedListener.onClose(DelayedClientCall.java:486)
! at io.grpc.internal.ClientCallImpl.closeObserver(ClientCallImpl.java:567)
! at io.grpc.internal.ClientCallImpl.access$300(ClientCallImpl.java:71)
! at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInternal(ClientCallImpl.java:735)
! at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInContext(ClientCallImpl.java:716)
! at io.grpc.internal.ContextRunnable.run(ContextRunnable.java:37)
! at io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:133)
! at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
! at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
! at java.base/java.lang.Thread.run(Thread.java:1583)
WARN  [2024-09-11 00:38:43,125] dev.openfeature.contrib.providers.flagd.resolver.process.storage.connector.grpc.GrpcStreamConnector: Stream failed, retrying in 2000ms
ERROR [2024-09-11 00:38:43,377] dev.openfeature.sdk.ProviderRepository: Exception when initializing feature provider dev.openfeature.contrib.providers.flagd.FlagdProvider

Follow-up Tasks

N/A

How to test

TBD

@pradeepbbl pradeepbbl requested a review from a team as a code owner September 11, 2024 00:23
@pradeepbbl pradeepbbl changed the title feat: support gRPC over proxy [DRAFT] feat: support gRPC over proxy Sep 11, 2024
@pradeepbbl pradeepbbl marked this pull request as draft September 11, 2024 00:35
@pradeepbbl
feat: support gRPC over proxy
ced0899 
Added a new config option `AUTHORITY_OVERRIDE`
which will allow users to override system
generated `authority`. This will be useful when
running gRPC sync service behind proxy e.g. envoy
istio etc

```
$ grpcurl -vv -plaintext -format=json  -authority flagd-sync.service 127.0.0.1:9211 list flagd.sync.v1.FlagSyncService
flagd.sync.v1.FlagSyncService.FetchAllFlags
flagd.sync.v1.FlagSyncService.GetMetadata
flagd.sync.v1.FlagSyncService.SyncFlags
```

Signed-off-by: Pradeep <[email protected]>
@pradeepbbl
doc updates and added test coverage
375c205 
Signed-off-by: Pradeep <[email protected]>
@pradeepbbl pradeepbbl force-pushed the pmishra/flagd_support_grpc_proxy branch from 56a0ea1 to 375c205 Compare September 11, 2024 09:13
@pradeepbbl pradeepbbl changed the title [DRAFT] feat: support gRPC over proxy feat: support gRPC over proxy Sep 11, 2024
@pradeepbbl pradeepbbl marked this pull request as ready for review September 11, 2024 19:41
@toddbaert
Copy link
Member

Devils advocate: should this be something that the intervening proxy in question re-writes in the response? I would suspect there's configuration support for this kind of thing in the proxy in question. I'm not 100% convinced adding it to flagd is really the correct path.

@pradeepbbl
Copy link
Member Author

Devils advocate: should this be something that the intervening proxy in question re-writes in the response? I would suspect there's configuration support for this kind of thing in the proxy in question. I'm not 100% convinced adding it to flagd is really the correct path.

as per my initial investigation I didn't find a way around .. but if it's big concerns will explore more

@toddbaert
Copy link
Member

toddbaert commented Sep 12, 2024
edited
Loading

Devils advocate: should this be something that the intervening proxy in question re-writes in the response? I would suspect there's configuration support for this kind of thing in the proxy in question. I'm not 100% convinced adding it to flagd is really the correct path.

as per my initial investigation I didn't find a way around .. but if it's big concerns will explore more

I think this is more of an infrastructural concern, and not something we want configured in the provider if possible. I would check if any of this doc can help you:

Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with Redirect primitive. Rewrite will be performed before forwarding.

Envoy updates the :authority header if a host rewrite option (one of host_rewrite_literal, auto_host_rewrite, host_rewrite_header, or host_rewrite_path_regex) is used and appends its original value to x-forwarded-host if append_x_forwarded_host is set.

If you can configure this in your proxy it will reduce maintenance burden for the flagd-provider, but also I think it will be a more efficient solution for you since it will keep this configuration close to the proxy it's related to.

If you can't get anywhere with this, please follow up here and we can merge this change.

@pradeepbbl
Copy link
Member Author

pradeepbbl commented Sep 12, 2024
edited
Loading

Devils advocate: should this be something that the intervening proxy in question re-writes in the response? I would suspect there's configuration support for this kind of thing in the proxy in question. I'm not 100% convinced adding it to flagd is really the correct path.

as per my initial investigation I didn't find a way around .. but if it's big concerns will explore more

I think this is more of an infrastructural concern, and not something we want configured in the provider if possible. I would check if any of this doc can help you:

Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with Redirect primitive. Rewrite will be performed before forwarding.

If you can configure this in your proxy it will reduce maintenance burden for the flagd-provider, but also I think it will be a more efficient solution for you since it will keep this configuration close to the proxy it's related to.

If you can't get anywhere with this, please follow up here and we can merge this change.

I completely agree with point and concerns raise, will try my best to convince our mesh team have global static mapping or some other way to map flagd path to sync service cluster.

@pradeepbbl pradeepbbl closed this Sep 13, 2024
@pradeepbbl
Copy link
Member Author

@beeme1mr and @toddbaert we manage to fix the mapping part of proxy config, so closing this PR :) thanks for all the help and support +100

@pradeepbbl pradeepbbl deleted the pmishra/flagd_support_grpc_proxy branch September 13, 2024 10:01
@toddbaert
Copy link
Member

Thank you @pradeepbbl !

Hopefully this PR and discussion will help people in the future with similar challenges!

This was referenced Sep 24, 2024
Closed
Merged
Merged
@raflFaisal raflFaisal mentioned this pull request Oct 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@beeme1mr beeme1mr beeme1mr approved these changes

@Kavindu-Dodan Kavindu-Dodan Awaiting requested review from Kavindu-Dodan

@thisthat thisthat Awaiting requested review from thisthat

@toddbaert toddbaert Awaiting requested review from toddbaert

Assignees

@beeme1mr beeme1mr

@thisthat thisthat

@Kavindu-Dodan Kavindu-Dodan

@toddbaert toddbaert

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pradeepbbl @toddbaert @beeme1mr @thisthat @Kavindu-Dodan