@@ -187,7 +187,7 @@ The Routing Service implements the following design guidelines:
1. Simple:
- Routing service does not buffer requests.
- Routing service can only proxy to a single Cell based on request headers.
- Routing service can only proxy to a single Cell based on the incoming request.
1. Stateless:
- Routing service does not have permanent storage.
- Routing service uses multi-level cache: in-memory, external shared cache.
@@ -199,9 +199,7 @@ The Routing Service implements the following design guidelines:
- Routing service is configured with a static list of Cells.
- Routing service configuration is applied as part of service deployment.
1. Rule-based:
- Routing rules are a static JSON file that is part of routing service.
- Configured rules needs to be made compatible with all versions of GitLab running in a cluster.
- Rules allows to match by any criteria: header, content of the header, or route path.
- The routing rules are configurable.
1. Agnostic:
- Routing service is not aware of high-level concepts like organizations.
- The classification is done per-specification provided in a rules, to find the classification key.
@@ -236,11 +234,14 @@ graph TD;
### Routing rules
- The router applies a hierarchy of rules to route a request.
- Incoming requests are first matched against path patterns configured in the router. Claims are extracted from the paths (e.g. /:NAMESPACE_PATH) and used to determine the target cell via [Topology Service](topology_service.md).
- The router falls back to token based routing if the claim in the path is not found, or a path does not contain a claim (e.g. `/api/graphql` and `cable`).
- The routing rules describe how to decode the request, find the classification key, and make the routing decision.
- The routing rules are static and defined ahead of time as part of HTTP Router deployment.
-The routing rules are defined as a JSON document describing in-order a sequence of operation.
-Apart from the Path routing rule, other routing rules are defined as a JSON document describing in-order a sequence of operations.
- The routing rules might be compiled to application code to provide a way faster execution scheme.
- Each routing rule is described by the `cookies`, `headers`, `path`, `method`, and `action`.
- Each routing rule is described by the `cookies`, `headers`, `method`, and `action`.
- The `action` can be `classify` as a way to indicate that the Topology Service should be used
to perform dynamic classification.
- The `action` can be `proxy` as a way to indicate to perform passthrough to the fixed
@@ -269,14 +270,11 @@ The routing rules JSON structure describes all matchers:
"match_regex":"<regex_match>"
},
},
"path":{
"match_regex":"<regex_match>"
},
"method":["<list_of_accepted_methods>"],
"action":"classify",
"classify":{
"type":"session_prefix|project_path|...",
"type":"session_prefix|...",
"value":"string_build_from_regex_matchers"
},
@@ -322,25 +320,6 @@ Example of the routing rules that makes routing decision based session cookie, a
}
```
Example of the routing rules published by all Cells that makes routing decision based on the path:
@@ -482,150 +444,6 @@ Note: It is important for this rollout strategy to follow the timeline. You will
`25`, `50`, `75`, `100` percents. Keep `CHANGE_LOCK_OVERRIDE` and `OVERRIDE_LAST_PERCENTAGE` set to `true` through entire rollout cycle.
1. Once 100% of traffic is rollout out, open MR on [deploy-worker.sh](https://gitlab.com/gitlab-com/gl-infra/cells/http-router-deployer/-/blob/main/scripts/deploy-worker.sh) script to set the value back to the full sequence `"5 25 50 75 100"`. Example: `ROLLOUT_PERCENTAGES="5 25 50 75 100"`. Remove the `OVERRIDE_LAST_PERCENTAGE` and `CHANGE_LOCK_OVERRIDE` environment variables in [`.gitlab-ci.yml`](https://gitlab.com/gitlab-com/gl-infra/cells/http-router-deployer/-/blob/main/.gitlab-ci.yml).
## Request flows
1. There are two Cells.
1.`gitlab-org` is a top-level namespace and lives in `Cell US0` in the `GitLab.com Public` organization.
1.`my-company` is a top-level namespace and lives in `Cell EU0` in the `my-organization` organization.
### Router configured to perform the following routing
1. The Cell US0 supports all other public-facing projects.
1. The Cell EU0 configured to generate all secrets and session cookies with a prefix like `cell_eu0_`.
1. The Personal Access Token is scoped to Organization, and because the Organization is part only of a single Cell,
the PATs generated are prefixed with Cell identifier.
1. The Session Cookie encodes Organization in-use, and because the Organization is part only of a single Cell,
the session cookie generated is prefixed with Cell identifier.
1. The Cell EU0 allows only private organizations, groups, and projects.
1. The Cell US0 is a target Cell for all requests unless explicitly prefixed.
Router rules:
```json
{
"rules":[
{
"cookies":{
"_gitlab_session":{
"regex_match":"^(?<cell_name>cell.*:)"
}
},
"action":"classify",
"classify":{
"type":"session_prefix",
"value":"${cell_name}"
}
},
{
"headers":{
"GITLAB_TOKEN":{
"regex_match":"^(?<cell_name>cell.*-)"
}
},
"action":"classify",
"classify":{
"type":"token_prefix",
"value":"${cell_name}"
}
},
{
"action":"classify",
"classify":{
"type":"first_cell",
}
}
]
}
```
#### Goes to `/my-company/my-project` while logged in into Cell EU0
1. Because user switched the Organization to `my-company`, its session cookie is prefixed with `cell_eu0_`.
1. User sends request `/my-company/my-project`, and because the cookie is prefixed with `cell_eu0_` it is directed to Cell EU0.
1.`Cell EU0` returns the correct response.
```mermaid
sequenceDiagram
participant user as User
participant router as Router
participant cache as Cache
participant ts as Topology Service
participant cell_eu0 as Cell EU0
participant cell_eu1 as Cell EU1
user->>router: GET /my-company/my-project<br/>_gitlab_session=cell_eu0_uwwz7rdavil9
