Enable refactoring queue-proxy binary with out-of-tree extensions

[davidhadas]

Fixes #13118
Alternative to #13122

Proposed Changes

• Enabling downstream and anyone creating an image of queue proxy to extend queue proxy
• This extendibility is a second step to enable the runtime security proposal here
• Next possible steps: (1) Support QP mutation pattern (2) support for annotations or another method to enable activating/configuring extensions
• Items for discussion: (a) Should we add the script to help demonstrate how extendibility works (or as a potential basis of an e2e testing)? (b)Should we allow extensions to change logger or env?

Release Note

Refactored queue-proxy binary to more easily support out-of-tree extension.

[knative-prow]

Hi @davidhadas. Thanks for your PR.

I'm waiting for a knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[codecov]

Codecov Report

Merging #13133 (5137f03) into main (017b9d0) will decrease coverage by 0.06%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main   #13133      +/-   ##
==========================================
- Coverage   86.78%   86.72%   -0.07%     
==========================================
  Files         196      196              
  Lines       14410    14416       +6     
==========================================
- Hits        12506    12502       -4     
- Misses       1609     1619      +10     
  Partials      295      295              

Impacted Files	Coverage Δ
pkg/queue/sharedmain/main.go	0.64% <0.00%> (-0.03%)	⬇️
pkg/autoscaler/statserver/server.go	75.55% <0.00%> (-2.23%)	⬇️
pkg/reconciler/revision/controller.go	92.95% <0.00%> (+3.62%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 017b9d0...5137f03. Read the comment docs.

[psschwei]

/ok-to-test

[psschwei]

Items for discussion: (a) Should we add the script to help demonstrate how extendibility works (or as a potential basis of an e2e testing)?

I think initially this would belong in a sandbox/private repo rather than in serving core.

(b)Should we allow extensions to change logger or env?

My gut reaction to this one is "no", as I'd assume that any needed changes could be done in the configs rather than needing to change them. Is there a particular use case you have in mind?

[psschwei]

a couple of minor nits:

• maybe don't rename the config struct ?
• perhaps a more descriptive name than Env (PodDetails? Caveat here is that I'm terrible at naming...)
• I'd put Env under the metrics config section (i.e. where the old fields were removed)

[davidhadas]

Note that Env struct is identical in content to:
type RequestLogRevision struct from https://pkg.go.dev/knative.dev/serving/pkg/http#RequestLogRevision which is also being used later in main.go, How about naming it "Revision"

I am not sure it should be under
// Metrics configuration

[evankanderson]

I think "Env" is a good name, as it's describing the "environment" (i.e. Pod) where the queue-proxy is running.

A few bits (like ServingService) won't vary per queue-proxy, but this struct seems to be "where am I on the map" rather than "what am I doing".

[davidhadas]

/assign @davidhadas

[evankanderson]

It looks like this shouldn't collide with the internal encryption work, which is nice!

I'm going to let @psschwei / @dprotaso do the final approval, but this LGTM.

A few smaller comments / nits. I appreciate the goal of reducing code movement throughout the file, but I think there might be a bigger benefit of consistently using the state in Defaults, rather than mirroring it into/out of the struct at strategic times. (In particular if we added a second extension point in the future.)

[evankanderson]

I think "Env" is a good name, as it's describing the "environment" (i.e. Pod) where the queue-proxy is running.

A few bits (like ServingService) won't vary per queue-proxy, but this struct seems to be "where am I on the map" rather than "what am I doing".

[evankanderson]

Hmm, I'm wondering if Main should be a method on Defaults.

I suspect not.

I'm also wondering about the name... Configuration, Process, Execution, QueueProxy?

[davidhadas]

This list includes two parts:

• parameters whose value is determined by the service and provided for the extensions to use (but not to change)
• parameters whose default is determined by the service and provided for the extensions such that may change them
  Maybe we should have divided this struct into two:

 type Defaults {
      Ctx              context.Context
      Transport    http.RoundTripper
 }	
 type Config {
     Env
     Logger  *zap.SugaredLogger
 }
 type QueueProxy struct {
        Invariables     Config
        Mutables        Defaults
 }

[psschwei]

I wouldn't split, I'd just note in comments which ones are considered mutable and which ones aren't.

Since they're exported types, an overview comment on the Defaults and Env structs themselves wouldn't be a bad idea.

[evankanderson]

I'd prefer to make d concrete here, rather than a pointer.

[evankanderson]

I can see that you're slicing the "where I'm at" out of the larger configuration. I'm wondering whether we should simply pass along all the config/privateEnv, and accept that plugins could (for example) adjust EnableProfiling without other high-level config.

[evankanderson]

This could enable splitting out envconfig into a pluggable module, though I'm not sure I'd recommend it, since I think we want that functionality enabled by default rather than every caller needing to say sharedmain.EnvConfig.

[davidhadas]

This ensures that extensions receive a copy of the Env and cannot change the Env used by the service which I think is appropriate here.

[dprotaso]

I think just having a read-only Env is ok for now - I think as people request more we can move properties from private => public with a discussion

[evankanderson]

Why not put this on 147? Reducing code movement?

I'd be inclined to s/logger/d.Logger/ throughout.

[davidhadas]

This ensures that extensions receive a copy of the logger and cannot change the logger used by the service which I think is appropriate here.

[dprotaso]

I'm ok either way.

Longer term I would expect the logger be pluggable in the future

func WithLogger(l *zap.SugaredLogger) func(q *Defaults) {
	return func(d *Defaults) {
		d.Logger = l
		return
	}
}

[evankanderson]

Again, I'd be inclined to substitute these throughout.

[evankanderson]

Slight preference for opts(&d) to make it clear that d is modified in-place here, but I don't care strongly.

[davidhadas]

/retest

[davidhadas]

Tests fail, but it does not seem like a code issue
/retest

[psschwei]

In general this LGTM but want to give Dave a chance to comment before merging.

/assign @dprotaso

[psschwei]

I wouldn't split, I'd just note in comments which ones are considered mutable and which ones aren't.

Since they're exported types, an overview comment on the Defaults and Env structs themselves wouldn't be a bad idea.

[psschwei]

we should also probably log the error here

[davidhadas]

Since we let downstream change this file, I think it is best if we log inside sharedmain to ensure consistent logging.

[davidhadas]

/retest

[davidhadas]

/retest

[knative-prow]

@davidhadas: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

• /test build-tests_serving_main
• /test contour-latest_serving_main
• /test contour-tls_serving_main
• /test gateway-api-latest_serving_main
• /test istio-latest-no-mesh-tls_serving_main
• /test istio-latest-no-mesh_serving_main
• /test kourier-stable-tls_serving_main
• /test kourier-stable_serving_main
• /test unit-tests_serving_main
• /test upgrade-tests_serving_main

The following commands are available to trigger optional jobs:

• /test https_serving_main
• /test istio-latest-mesh-short_serving_main
• /test istio-latest-mesh-tls_serving_main
• /test istio-latest-mesh_serving_main
• /test performance-tests-kperf_serving_main
• /test performance-tests-mako_serving_main

Use /test all to run the following jobs that were automatically triggered:

• build-tests_serving_main
• istio-latest-no-mesh-tls_serving_main
• istio-latest-no-mesh_serving_main
• unit-tests_serving_main
• upgrade-tests_serving_main

In response to this:

/test e2e / test (v1.22.9, istio, runtime) (pull_request)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[dprotaso]

I think just having a read-only Env is ok for now - I think as people request more we can move properties from private => public with a discussion

[dprotaso]

I'm ok either way.

Longer term I would expect the logger be pluggable in the future

func WithLogger(l *zap.SugaredLogger) func(q *Defaults) {
	return func(d *Defaults) {
		d.Logger = l
		return
	}
}

[dprotaso]

/lgtm
/approve

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: davidhadas, dprotaso

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/queue/OWNERS [dprotaso]
• pkg/queue/OWNERS [dprotaso]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment