Shutdown Websocket Connections Gracefully in the queue-proxy

[dprotaso]

• have the websocket server test image send a close message when shutting down gracefully
• include an e2e test that asserts websockets connections are gracefully handled
• include a special handler to track hijacked connections and create a drain method

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dprotaso

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [dprotaso]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

❌ Patch coverage is 41.66667% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.22%. Comparing base (2cd582b) to head (1e11ed1).
⚠️ Report is 9 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/queue/sharedmain/handlers.go	0.00%	11 Missing ⚠️
pkg/queue/sharedmain/main.go	0.00%	10 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #16362      +/-   ##
==========================================
+ Coverage   80.18%   80.22%   +0.03%     
==========================================
  Files         216      217       +1     
  Lines       13440    13507      +67     
==========================================
+ Hits        10777    10836      +59     
- Misses       2298     2306       +8     
  Partials      365      365              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dprotaso]

One observation I have is that the activator will drop hijacked connections similar to the queue proxy.

Hijacking happens implicitly with the httputil.ReverseProxy - https://cs.opensource.google/go/go/+/refs/tags/go1.25.6:src/net/http/httputil/reverseproxy.go;l=504

The solution in the queue-proxy is straight forward because we know K8s will send a TERM signal to the user container - thus we can expect apps to return a close frame when that happens. Those are the changes I made to our websocket server. This isn't necessary but just maybe it's a good practice

With the activator though - there's no way to signal downstream to end the connection. We maybe could send a close frame on the connection but it makes the activator protocol aware and I don't think we can write a message on an upstream connection like this (it could be interleaved with another).

Given this - I don't think the activator issue should prevent this change from merging - but just the solution there isn't straighforward.

[dprotaso]

/retest

hmm

websocket_test.go:162: Successfully wrote: "Hello, websocket"
websocket_test.go:190: error running test failed to read message: read tcp 10.250.69.110:60956->34.138.223.27:80: read: connection reset by peer

[dprotaso]

/retest

[dprotaso]

With the extra test we need to bump this since we run things with -parallel=1 due to github actions default runners being crappy.

[dprotaso]

I adjusted the test to not use time.Sleep to speed it up

[linkvt]

Maybe not that relevant for this PR but timing tests could also be sped up using synctest after requiring go 1.25, see https://go.dev/blog/testing-time

[dprotaso]

Not for e2e. It would run faster if we ran tests in parallel - but with kind+github action runners they are so under provisioned that tests flake out etc.

[dprotaso]

/assign @linkvt @elijah-rou

[knative-prow]

@dprotaso: GitHub didn't allow me to assign the following users: elijah-rou.

Note that only knative members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

Details

In response to this:

/assign @linkvt @elijah-rou

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[linkvt]

Looks good to me in general, took me a while to figure out the concurrency and what is actually tested, I left a few minor comments though.

[linkvt]

I'm not sure if this always behaves as expected, couldn't a potential sequence be:

1. B: inHandler is unblocked
2. B: close drainStarted
3. Test: drainStarted is unblocked
4. Test: close handlerWait
5. A: handlerWait is unblocked, returns and inflight requests equals 0
6. B: nothing to Drain

Should this test verify that drain works correctly when a connection is closed after the tracker was asked to Drain?

[dprotaso]

You think I should add a sleep in-between drainStarted being unblocked and closing handlerWait?

[dprotaso]

I think I was thinking that close(drainStarted) wouldn't yield the go-routine so the drain does start but I don't believe there is a guarantee like that in Go

[linkvt]

Yes I think we can remove drainStarted, move <-inHandler out of the second goroutine between the two goroutines and add a sleep before close(handlerWait).

This way the handler would start, unblock <-inHandler, start the goroutine to drain, sleep in the test func so that Drain will run the loop a few times before close(handlerWait) lets the handler finish.

Edit: We could even add a select to check whether <-drainResult has received a value before this sleep passes.

[dprotaso]

done - take a look

[linkvt]

Yes I think we can remove drainStarted, move <-inHandler out of the second goroutine between the two goroutines and add a sleep before close(handlerWait).

This way the handler would start, unblock <-inHandler, start the goroutine to drain, sleep in the test func so that Drain will run the loop a few times before close(handlerWait) lets the handler finish.

Edit: We could even add a select to check whether <-drainResult has received a value before this sleep passes.

[linkvt]

/lgtm