user pkg drain for draining in queue proxy

[nader-ziada]

Fixes #10783

Proposed Changes

• use pkg/drain for draining in queue proxy instead of writing drain again

Release Note

Use pkg/drain in queue proxy

[codecov]

Codecov Report

Merging #12033 (69a0b5c) into main (cad72a3) will decrease coverage by 0.06%.
The diff coverage is 28.57%.

@@            Coverage Diff             @@
##             main   #12033      +/-   ##
==========================================
- Coverage   87.36%   87.30%   -0.07%     
==========================================
  Files         196      195       -1     
  Lines        9611     9569      -42     
==========================================
- Hits         8397     8354      -43     
  Misses        935      935              
- Partials      279      280       +1     

Impacted Files	Coverage Δ
cmd/queue/main.go	0.49% <0.00%> (+<0.01%)	⬆️
pkg/queue/health/handler.go	100.00% <100.00%> (ø)
pkg/reconciler/revision/background.go	89.32% <0.00%> (-1.95%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cad72a3...69a0b5c. Read the comment docs.

[nader-ziada]

/retest

[nader-ziada]

seeing this flaker here as well #12064

[dprotaso]

/assign @julz @markusthoemmes

[nader-ziada]

will work on comments and update PR

[nader-ziada]

I think the PR makes a little more sense now if anyone has the time to take a look, thanks

[dprotaso]

Pulling the admin server in here sorta conflates the responsibilities of the health.State

I think you can leave the admin server as it was in queue proxy's main and simply just call Drain

[nader-ziada]

I think this PR is ready now

[julz]

I'm trying to convince myself this is correct. It seems like this makes the health check run the whole handler chain for a health check - is that what we want? I guess is works because the chain presumably still ends up in the health check path due to the header being there, but it seems a bit duplicative/unexpected that the health check be the whole handler chain? Wonder if we can have the health check be just the health check here

I think there may also be a mismatch between the queue behaviour and how pkg/drain acts. Specifically in the existing code when a knative prober header is passed (as opposed to the Kubernetes probe header) the queue only responds with queue.Name when the health check passes, whereas in drain serveKProbe always returns the queue.Name, even if the health check isn't passing.

[dprotaso]

Specifically in the existing code when a knative prober header is passed (as opposed to the Kubernetes probe header) the queue only responds with queue.Name when the health check passes

The link here is actually the queue proxy health check code and not the kprobe logic.

KProbe logic is wired in prior earlier in the handler chain:

serving/cmd/queue/main.go

Lines 314 to 315 in 70c7fc0

	composedHandler = health.ProbeHandler(healthState, probeContainer, tracingEnabled, composedHandler)
	composedHandler = network.NewProbeHandler(composedHandler)

[julz]

hm, good point - I think you're right, but I also tbh kind of think this highlights that the flow gets a bit confusing with the whole chain being passed as both Inner and HealthCheck (at minimum I'm finding it quite difficult to follow now!). Example: IIUC right now we have network.NewProbeHandler in the composedHandler chain (as linked above) and also we handle kprobes in pkg/drain - I think they both do the same thing so it's probably OK, but isn't one of them redundant? (And same question wrt the non-kprobe health checks, is health.ProbeHandler ever being called other than via pkg/drain calling its HealthCheck field?)

[dprotaso]

Yeah I brought that up #12033 (review) - because it was unclear to me why the drainer has kprobe logic when it exists in knative.dev/networking

[dprotaso]

(And same question wrt the non-kprobe health checks, is health.ProbeHandler ever being called other than via pkg/drain calling its HealthCheck field?)

I would lump this into the figure out kprobe handling and then re-organize the handlers

[nader-ziada]

the health.ProbeHandler is being called by the drainer when it calls healthcheck here which now has this line io.WriteString(w, queue.Name)

the TestRequestLogs would fail otherwsie

[nader-ziada]

created an issue in the pkg repo knative/pkg#2324 to tackle the duplication, but will need to do that a separate PR

[julz]

IIUC the above issue would help with the duplication of kprobe handling. Do we also have/need a plan to deal with the other health check being duplicated via both pkgdrain's HealthCheck field and also accessible by the regular chain? TBCH even now with the context in my head about what drainer does I don't completely follow which paths the health check might be called by (both? only via drainer.healthcheck?), so I'd really like us to have a plan at least to clear that up

[nader-ziada]

@julz I've made a change to use a different handler for the health check that only has the necessary handlers, does that make more sense?

[julz]

yeah, this is starting to look pretty good to me - thanks! Left a couple extra comments where I think (if my understanding is right) we may be able to "complete the refactor" a bit by dropping the health check from the existing path too

[julz]

is this still needed? (Is there a case where we need to do the health check that drainer doesn't intercept?). If not it'd be great if we could drop this so there's only one path the healthcheck can get called from

[nader-ziada]

when I try to remove this, I get failures in the tests, for example

stream.go:254: W 13:56:38.802 activator-669f74ccf4-lg59r [activator] [serving-tests/request-logs-fxrcfgjb-00001] Failed probing pods err=unexpected body: want "queue", got "Hello World! How about some tasty noodles?\n"

[julz]

ah interesting, looks like that's because the activator sometimes does the probing directly as an optimisation to try to detect readiness faster than kubernetes can, and when it does it passes Activator as the user agent but drainer only calls healthcheck if the UA is kube-probe. So that path will be directly hitting the health probe (not via drainer) and since this PR drops healthState from the main path I think that means it'll continue to see 200s while we're shutting down, which may not be what we want 🤔. Wonder if there's any nice way to get pkgdrain to answer activator's probes as well as kubelets.

[nader-ziada]

Can we just add a check in the pkg/drain.go to also check if activator probe?

[julz]

seems reasonable to me, yeah, it's a bit knative specific, but it is in knative/pkg so maybe that's fine :) If not I guess we could add a list of user agents we'll accept health checks from, but I'd go for the simple thing if no-one hates that

[nader-ziada]

sgtm, will make a PR in pkg

[dprotaso]

I don't think activator specific logic should be in pkg/drain - that package is used in eventing as well

[nader-ziada]

not really activator specific logic, just checking if header has a specific value

[nader-ziada]

knative/pkg#2331

[julz]

I think there might be no case where we'd want to delegate down to the proxy from the health check now (drain is doing the switching between the healthcheck/inner paths), so maybe this could become:

Suggested change

	var healthcheckHandler http.Handler = httpProxy
	healthcheckHandler = health.ProbeHandler(probeContainer, tracingEnabled, healthcheckHandler)
	var healthcheckHandler healthcheckHandler = health.ProbeHandler(probeContainer, tracingEnabled)

(just trying to make it so there's two independent paths, to the extent possible)

[nader-ziada]

/hold
for new release of pkg that includes knative/pkg#2331

[nader-ziada]

/hold cancel

@dprotaso @julz picked up the latest pkg change and update the queue proxy to use the new drainer extra headers field

[nader-ziada]

/test pull-knative-serving-istio-stable-no-mesh

[julz]

looks good to me bar the typo! thanks for putting up with all the back and forth on this one :)

[julz]

not very important, but I'm wondering why we do this here rather than when we create the drainer struct

[nader-ziada]

no reason, moved it to be set in struct creation similar to the QuietPeriod

[julz]

Suggested change

	// Add Activator probe header to the drainer so it can handle probes directly dfrom activator
	// Add Activator probe header to the drainer so it can handle probes directly from activator

[nader-ziada]

fixed

[julz]

/lgtm
/approve

[knative-prow-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: julz, nader-ziada

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/queue/OWNERS [julz]
• pkg/queue/OWNERS [julz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dprotaso]

composedHandler needs to be wrapped with the requestLogHandler here

[dprotaso]

*in addition to the healthcheckHandler

[nader-ziada]

its required in both? the RequestLogTest is passing without it

[dprotaso]

Yeah we should - otherwise normal requests to the user container aren't logged