[backplane] pin envoy to v1.35.13 instead of floating latest#89
Closed
dilyevsky wants to merge 1 commit into
Closed
[backplane] pin envoy to v1.35.13 instead of floating latest#89dilyevsky wants to merge 1 commit into
dilyevsky wants to merge 1 commit into
Conversation
The backplane image bake (--download_envoy_only) and runtime download resolved the Envoy version via GetLatestRelease, so every image build silently picked up whatever upstream had just released. The v0.11.22/23 builds jumped 1.35.3 -> 1.38.0/1.38.2, which regressed the golang filter: Envoy segfaults in tcmalloc on the cgo thread-adoption path (x_cgo_getstackbound -> pthread_getattr_np -> calloc) under listener reload churn, crash-looping production backplanes and surfacing as Cloudflare 52x at the edge. Add --envoy_version (default v1.35.13: the last known-good 1.35 line plus upstream security backports) and plumb it through the proxy reconciler into GitHubRelease for both the image bake and the runtime download paths. An empty value restores the old latest-release behavior; --envoy_release_url still takes precedence.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Forward-port of the v0.11.24 hotfix (commit 0656862 on
dsky/release-v0.11.24).The backplane image bake (
--download_envoy_only) and runtime download resolved the Envoy version viaGetLatestRelease, so every image build silently picked up whatever upstream had just released. The v0.11.22/23 builds jumped 1.35.3 → 1.38.0/1.38.2, which regressed the golang filter: Envoy segfaults in tcmalloc on the cgo thread-adoption path (x_cgo_getstackbound→pthread_getattr_np→calloc) under listener reload churn, crash-looping production backplanes and surfacing as Cloudflare 52x at the edge. Verified against two prod cores; identical deterministic crash site on both.This adds
--envoy_version(defaultv1.35.13) plumbed through the proxy reconciler intoGitHubReleasefor both the image bake and runtime download paths. Empty value restores latest-release behavior;--envoy_release_urlstill takes precedence.Note for main: 1.35.13 is the conservative last-known-good line. If main's consumers need a newer Envoy, bump the pin deliberately in its own commit after soaking the golang filter under listener-reload churn — never let it float.