perf(pdk): refine with optional cache to improvement performance #13981
Conversation
github-actions
bot
added
core/proxy
plugins/oauth2
core/pdk
plugins/cors
plugins/hmac-auth
plugins/request-transformer
plugins/aws-lambda
plugins/basic-auth
plugins/ldap-auth
plugins/grpc-web
schema-change-noteworthy
cherry-pick kong-ee
github-actions
bot
added
plugins/jwt
core/cli
core/balancer
core/clustering
core/templates
plugins/key-auth
plugins/acme
core/db
core/configuration
core/docs
core/logs
plugins/prometheus
plugins/session
chore
kong/pdk/request.lua
Outdated
| @@ -619,14 +617,14 @@ local function new(self) | |||
| -- kong.request.get_header("Host") -- "foo.com" | |||
| -- kong.request.get_header("x-custom-header") -- "bla" | |||
| -- kong.request.get_header("X-Another") -- "foo bar" | |||
| function _REQUEST.get_header(name) | |||
| function _REQUEST.get_header(name, ctx) | |||
There was a problem hiding this comment.
http_get_header supports ctx param to cache headers, expose it to get_header API so we could use cache.
There was a problem hiding this comment.
I don't like this either. If we add this parameter, we need to always keep the API like that, that the second parameter needs to be ctx. The benefits are so small that I would rather not do it. The most of the changes in plugins seems to be utilizing this. And that is also I think somewhat "bad" code to make people create tables of ctx and pass it here. If we cannot find better way to do this, then I would not do it.
Just an example e.g. if someone wants to add more beneficial parameter lilke default in case the header is missing the code would become:
local value = kong.request.get_header("Some-Header", nil, "default")Perhaps we will never add that either, but just tells that we don't want these strange ctx parameters in public API.
There was a problem hiding this comment.
What if we use kong.tools.get_header(name, ctx) directly in plugins, to replace non-cached kong.request.get_header API in certain places to achieve the cache benefit? It must be better to use PDK APIs in plugins, but I do see that there are a lot of kong.tools usage in plugins(which I feel more like should be used "internally" in core or some non-plugin module?), Do you think it's a proper practice?
There was a problem hiding this comment.
@ProBrian In general it would be best if we can get to state where there is no require "module" statements in plugins. That is we have a powerful PDK. But meanwhile, yes, many plugins require different modules. That also then spreads to all custom plugins as plugins are copy pasted. That then will make all our internal APIs and tools public too which we cannot break. I think for example those plugins, just call get_headers once and work with headers and call it done, rather than pass a table to somewhere that something else caches the get_headers.
kong/pdk/service/response.lua
Outdated
| @@ -285,10 +285,11 @@ local function new(pdk, major_version) | |||
| -- -- or `access` phase prior calling this function. | |||
| -- | |||
| -- local body = kong.service.response.get_raw_body() | |||
| function response.get_raw_body() | |||
| function response.get_raw_body(buffered_proxying) | |||
There was a problem hiding this comment.
just a minor refinement so that if we could reduce the reads of ngx.ctx.buffered_proxying by passing it by param
kong/plugins/basic-auth/access.lua
Outdated
| @@ -158,21 +158,22 @@ end | |||
|
|
|||
| local function do_authentication(conf) | |||
| local www_authenticate = "Basic realm=\"" .. conf.realm .. "\"" | |||
| local ctx = {} | |||
There was a problem hiding this comment.
Use a local ctx here which is cheaper thanngx.ctx, and the cache is only fresh in the local ctx lifetime, not in the request lifetime, so we don't need ngx.ctx
There was a problem hiding this comment.
Let's revert all the API changes and related changes in where the changed APIs were used. Benefit vs. drawbacks are too small. Those optimizations can be implemented inside plugins themselves if they are that good. In many cases it also depends whether plugin is reading single or multiple headers to what to use, eg. is. get_headers better than multiple get_header and is multiple get_header better with created context table at what count?
kong/pdk/request.lua
Outdated
| @@ -619,14 +617,14 @@ local function new(self) | |||
| -- kong.request.get_header("Host") -- "foo.com" | |||
| -- kong.request.get_header("x-custom-header") -- "bla" | |||
| -- kong.request.get_header("X-Another") -- "foo bar" | |||
| function _REQUEST.get_header(name) | |||
| function _REQUEST.get_header(name, ctx) | |||
There was a problem hiding this comment.
I don't like this either. If we add this parameter, we need to always keep the API like that, that the second parameter needs to be ctx. The benefits are so small that I would rather not do it. The most of the changes in plugins seems to be utilizing this. And that is also I think somewhat "bad" code to make people create tables of ctx and pass it here. If we cannot find better way to do this, then I would not do it.
Just an example e.g. if someone wants to add more beneficial parameter lilke default in case the header is missing the code would become:
local value = kong.request.get_header("Some-Header", nil, "default")Perhaps we will never add that either, but just tells that we don't want these strange ctx parameters in public API.
Removed all public API changes. @bungle |
|
@ProBrian I'll setup a meeting, where we can discuss how to get this in. |
chronolaw
changed the title
|
Do we have any data about improvements? |
| @@ -116,7 +116,7 @@ X-Missing: nil | |||
| === TEST 4: response.get_header() returns nil when response header does not fit in default max_headers | |||
| === TEST 4: response.get_header() returns existing header will not limited by get_headers() default max_headers configuration | |||
There was a problem hiding this comment.
It's not a new feature, just a refine, since we use ngx.header[name] to replace _RESPONSE.get_headers()[name] in the get_header implementation, the max headers limitation brought by get_headers() will not exist anymore.
There was a problem hiding this comment.
Looks like this extends the capability of this PDK function. Shall we consider this a new feature?
There was a problem hiding this comment.
I thinks it's not needed to consider this a new feature, because
- the limitation is due to our internal implementation.
- the limitation is not documented which means users aren't even aware of this limitation.
that means we have no interface changes and no documentation changes from user's perspective.
I did a preliminary test on aws, you can refer to https://konghq.atlassian.net/wiki/spaces/~712020faf780811dc24bb28ad1df7390c03c41/pages/4217667620/A+Journey+to+PDK+Caching#One-more-try-for-the-2nd-half, but that's not a standard test environment. I think we should run a perf test after this PR merged to see. |
kong/plugins/grpc-web/handler.lua
Outdated
| @@ -51,7 +50,7 @@ function grpc_web:access(conf) | |||
| end | |||
|
|
|||
| local dec, err = deco.new( | |||
| kong_request_get_header("Content-Type"), | |||
| ngx_var.http_content_type, | |||
There was a problem hiding this comment.
It may not correct, since now nginx could return multiple headers in one value, like "a, b, c".
could you check other places? thanks.
There was a problem hiding this comment.
@bungle , could you verify it? thanks.
There was a problem hiding this comment.
@chronolaw confirmed: #13981 (review)
kong/pdk/request.lua
Outdated
| @@ -820,8 +818,7 @@ local function new(self) | |||
| -- body.age -- "42" | |||
| function _REQUEST.get_body(mimetype, max_args, max_allowed_file_size) | |||
| check_phase(before_content) | |||
|
|
|||
| local content_type = mimetype or _REQUEST.get_header(CONTENT_TYPE) | |||
| local content_type = mimetype or ngx.var.http_content_type | |||
There was a problem hiding this comment.
ngx.var.content_type does not seem to be single header. If you send multiple, you will get "<value1>, <value2>, ...".
There was a problem hiding this comment.
What is even more annoying is that:
ngx.req.set_header("Content-Type", "value")
is only reflected with the first value. Seems like clear_header is needed together with set_header?
There was a problem hiding this comment.
This seems to work properly:
local ct = kong.request.get_header("Content-Type")
ngx.req.clear_header("Content-Type")
ngx.req.set_header("Content-Type", ct)
If I don't do clear_header, it does not work properly.
There was a problem hiding this comment.
This is the request I am using:
http -v :8001 Content-Type:text/html Content-Type:text/json
There was a problem hiding this comment.
Seems there's a mismatch limitation between openresty and nginx that I've ignored, that is,
-
nginx allows multiple line values for headers like "Content-Type".
-
And openresty defines a list of headers that is "built-in single value", which includes
"Content-Type".ngx.req.set_headerwill not allow multiple value for"Content-Type", so if wengx.req.set_header("Content-Type", {"json1", "json2"}), it will use the last elem as the single value, so thenngx.req.get_headers()["Content-Type"]andngx.var.http_content_typewill all get a single value"json2". -
But when multiple content type header is sent by http request client, not by openresty set_header API, then the header value is just handled by nginx, and
get_headerswill get a table{"json1", "json2"}andngx.var.http_content_typewill get the value as comma separated string:"json1, json2".
There was a problem hiding this comment.
What is even more annoying is that:
ngx.req.set_header("Content-Type", "value")is only reflected with the first value. Seems like
clear_headeris needed together withset_header?
That's due to the implementation of openresty, it assumes that Content-Type should be single value, so in set_header implementation, the assignment will only take place in the first index of value list.
There was a problem hiding this comment.
I will rollback the var.http_content_type changes, since kong.request.get_header will only get the first value no matter content-type is multi value or not from downstream; but var.http_content_type rely on the assumption that downstream send single content-type or content-type is set by ngx.req.set_header.
| @@ -244,7 +244,7 @@ local function new(self, major_version) | |||
| error("header name must be a string", 2) | |||
| end | |||
|
|
|||
| local header_value = _RESPONSE.get_headers()[name] | |||
| local header_value = ngx.header[name] | |||
There was a problem hiding this comment.
Should we keep the original code here?
There was a problem hiding this comment.
ngx.header is the better way to get a single response header, and it returns the same type of values as get_headers()[name]: if get_headers()[name] get a table, ngx.header will get a table similarly(unlike ngx.var.sent_http_ which returns comma separated string). So we make this change for better performance.
| @@ -89,7 +89,7 @@ local function configure_origin(conf, header_filter) | |||
| end | |||
| end | |||
|
|
|||
| local req_origin = kong.request.get_header("origin") | |||
| local req_origin = headers["origin"] | |||
There was a problem hiding this comment.
Could you confirm it is ok?
There was a problem hiding this comment.
That's a tricky point, here we want to use headers result as param to reduce duplicated get_header call. Although origin header should not be a multiple value logically, but users may still send http http://xxx/yyy Origin:o1 Origin:o2 from downstream which doesn't quite make sense as I see(also I feel like two Content-Type header in one http request is also not quite logically correct...).
But anyway in this case kong.request.get_header("origin") will get only first value o1 and get_headers()["origin"] will get {o1, o2}.
So the get_header API guarantees we only get a single value no matter it's multiple value or not. But in the other side, its pointless to run get_header multiple times since the header has not been changed. Maybe we could just change this to:
type(headers["origin"]) == "table" and headers["origin"][1] or headers["origin"]
which is the implementation to make header value always single(see https://github.com/Kong/kong/blob/master/kong/tools/http.lua#L564).
@bungle @chronolaw
| @@ -181,7 +181,7 @@ local function configure_credentials(conf, allow_all, header_filter) | |||
|
|
|||
| -- Access-Control-Allow-Origin is '*', must change it because ACAC cannot | |||
| -- be 'true' if ACAO is '*'. | |||
| local req_origin = kong.request.get_header("origin") | |||
| local req_origin = headers["origin"] | |||
There was a problem hiding this comment.
Could you confirm it is ok?
| if kong.request.get_method() ~= "OPTIONS" | ||
| or not kong.request.get_header("Origin") | ||
| or not kong.request.get_header("Access-Control-Request-Method") | ||
| or not headers["Origin"] |
There was a problem hiding this comment.
Could you confirm it is ok?
Summary
Checklist
changelog/unreleased/kongorskip-changeloglabel added on PR if changelog is unnecessary. README.mdIssue reference
Fix #[issue number]