mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-19 17:50:17 +02:00
5ac7ae9c26
## Summary Add a new `circuit_breaker_thresholds` option: ```yaml circuit_breaker_thresholds: max_connections: 1 max_pending_requests: 2 max_requests: 3 max_retries: 4 max_connection_pools: 5 ``` This option can be set at the global level or at the route level. Each threshold is optional and when not set a default will be used. For internal clusters we will disable the circuit breaker. For normal routes we will use the envoy defaults. ## Related issues - [ENG-2310](https://linear.app/pomerium/issue/ENG-2310/add-circuit-breaker-settings-per-route) ## Checklist - [x] reference any related issues - [x] updated unit tests - [x] add appropriate label (`enhancement`, `bug`, `breaking`, `dependencies`, `ci`) - [x] ready for review
165 lines
4.4 KiB
Go
165 lines
4.4 KiB
Go
package envoyconfig
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/pomerium/pomerium/config"
|
|
"github.com/pomerium/pomerium/config/envoyconfig/filemgr"
|
|
"github.com/pomerium/pomerium/internal/testutil"
|
|
)
|
|
|
|
func TestBuilder_BuildBootstrapAdmin(t *testing.T) {
|
|
t.Setenv("TMPDIR", "/tmp")
|
|
b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil, true)
|
|
t.Run("valid", func(t *testing.T) {
|
|
adminCfg, err := b.BuildBootstrapAdmin(&config.Config{
|
|
Options: &config.Options{
|
|
EnvoyAdminAddress: "localhost:9901",
|
|
},
|
|
})
|
|
assert.NoError(t, err)
|
|
testutil.AssertProtoJSONEqual(t, `
|
|
{
|
|
"address": {
|
|
"pipe": {
|
|
"mode": 384,
|
|
"path": "/tmp/`+envoyAdminAddressSockName+`"
|
|
}
|
|
}
|
|
}
|
|
`, adminCfg)
|
|
})
|
|
}
|
|
|
|
func TestBuilder_BuildBootstrapLayeredRuntime(t *testing.T) {
|
|
b := New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil, true)
|
|
staticCfg, err := b.BuildBootstrapLayeredRuntime(context.Background(), &config.Config{})
|
|
assert.NoError(t, err)
|
|
testutil.AssertProtoJSONEqual(t, `
|
|
{ "layers": [{
|
|
"name": "static_layer_0",
|
|
"staticLayer": {
|
|
"re2": {
|
|
"max_program_size": {
|
|
"error_level": 1048576,
|
|
"warn_level": 1024
|
|
}
|
|
},
|
|
"tracing": {
|
|
"opentelemetry": {
|
|
"flush_interval_ms": 5000,
|
|
"min_flush_spans": 512
|
|
}
|
|
}
|
|
}
|
|
}] }
|
|
`, staticCfg)
|
|
}
|
|
|
|
func TestBuilder_BuildBootstrapStaticResources(t *testing.T) {
|
|
t.Run("valid", func(t *testing.T) {
|
|
b := New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil, true)
|
|
staticCfg, err := b.BuildBootstrapStaticResources(context.Background(), &config.Config{}, false)
|
|
assert.NoError(t, err)
|
|
testutil.AssertProtoJSONEqual(t, `
|
|
{
|
|
"clusters": [
|
|
{
|
|
"name": "pomerium-control-plane-grpc",
|
|
"type": "STATIC",
|
|
"connectTimeout": "5s",
|
|
"circuitBreakers": {
|
|
"thresholds": [{
|
|
"maxConnectionPools": 4294967295,
|
|
"maxConnections": 4294967295,
|
|
"maxPendingRequests": 4294967295,
|
|
"maxRequests": 4294967295
|
|
}]
|
|
},
|
|
"loadAssignment": {
|
|
"clusterName": "pomerium-control-plane-grpc",
|
|
"endpoints": [{
|
|
"lbEndpoints": [{
|
|
"endpoint": {
|
|
"address": {
|
|
"socketAddress":{
|
|
"address": "127.0.0.1",
|
|
"portValue": 1111
|
|
}
|
|
}
|
|
}
|
|
}]
|
|
}]
|
|
},
|
|
"typedExtensionProtocolOptions": {
|
|
"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
|
|
"@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
|
|
"explicitHttpConfig": {
|
|
"http2ProtocolOptions": {
|
|
"allowConnect": true,
|
|
"initialConnectionWindowSize": 1048576,
|
|
"initialStreamWindowSize": 65536,
|
|
"maxConcurrentStreams": 100
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
`, staticCfg)
|
|
})
|
|
t.Run("bad gRPC address", func(t *testing.T) {
|
|
b := New("xyz:zyx", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil, true)
|
|
_, err := b.BuildBootstrapStaticResources(context.Background(), &config.Config{}, false)
|
|
assert.Error(t, err)
|
|
})
|
|
}
|
|
|
|
func TestBuilder_BuildBootstrapStatsConfig(t *testing.T) {
|
|
b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil, true)
|
|
t.Run("valid", func(t *testing.T) {
|
|
statsCfg, err := b.BuildBootstrapStatsConfig(&config.Config{
|
|
Options: &config.Options{
|
|
Services: "all",
|
|
},
|
|
})
|
|
assert.NoError(t, err)
|
|
testutil.AssertProtoJSONEqual(t, `
|
|
{
|
|
"statsTags": [{
|
|
"tagName": "service",
|
|
"fixedValue": "pomerium"
|
|
}]
|
|
}
|
|
`, statsCfg)
|
|
})
|
|
}
|
|
|
|
func TestBuilder_BuildBootstrap(t *testing.T) {
|
|
b := New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil, true)
|
|
t.Run("OverloadManager", func(t *testing.T) {
|
|
bootstrap, err := b.BuildBootstrap(context.Background(), &config.Config{
|
|
Options: &config.Options{
|
|
EnvoyAdminAddress: "localhost:9901",
|
|
},
|
|
}, false)
|
|
assert.NoError(t, err)
|
|
testutil.AssertProtoJSONEqual(t, `
|
|
{
|
|
"resourceMonitors": [
|
|
{
|
|
"name": "envoy.resource_monitors.global_downstream_max_connections",
|
|
"typedConfig": {
|
|
"@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig",
|
|
"maxActiveDownstreamConnections": "50000"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
`, bootstrap.OverloadManager)
|
|
})
|
|
}
|