feat(outbound)!: disable 'hostname' label (#3606)

The 'hostname' label value is derived from the request URI and can be influenced
by applications. If a client uses a high cardinality of hostname values, this
leads to the proxy exporting many metrics and ultimately exhausting resources.

This change disables the 'hostname' label by default. A new field is outed to
the HTTP and TLS route parameters, `export_hostname_labels`, which can be used
to enable the 'hostname' label; however, this type is not yet configurable.
Changes are required to the proxy API and, ultimately, the policy controller, to
make this field configurable.

When the hostname is not exported, an empty label value is used.

BREAKING: The 'hostname' label is now disabled by default.

Author: olix0r

linkerd/app/outbound/src/http/logical/policy/route.rs

@@ -174,7 +174,7 @@ impl<B, T> svc::ExtractParam<metrics::labels::Route, http::Request<B>> for Http<
         metrics::labels::Route::new(
             self.params.parent_ref.clone(),
             self.params.route_ref.clone(),
-            req.uri(),
+            self.params.params.export_hostname_labels.then(|| req.uri()),
         )
     }
 }
@@ -187,10 +187,9 @@ impl<T> metrics::MkStreamLabel for Http<T> {
     fn mk_stream_labeler<B>(&self, req: &::http::Request<B>) -> Option<Self::StreamLabel> {
         let parent = self.params.parent_ref.clone();
         let route = self.params.route_ref.clone();
+        let uri = self.params.params.export_hostname_labels.then(|| req.uri());
         Some(metrics::LabelHttpRsp::from(metrics::labels::Route::new(
-            parent,
-            route,
-            req.uri(),
+            parent, route, uri,
         )))
     }
 }
@@ -240,7 +239,7 @@ impl<B, T> svc::ExtractParam<metrics::labels::Route, http::Request<B>> for Grpc<
         metrics::labels::Route::new(
             self.params.parent_ref.clone(),
             self.params.route_ref.clone(),
-            req.uri(),
+            self.params.params.export_hostname_labels.then(|| req.uri()),
         )
     }
 }
@@ -253,10 +252,9 @@ impl<T> metrics::MkStreamLabel for Grpc<T> {
     fn mk_stream_labeler<B>(&self, req: &::http::Request<B>) -> Option<Self::StreamLabel> {
         let parent = self.params.parent_ref.clone();
         let route = self.params.route_ref.clone();
+        let uri = self.params.params.export_hostname_labels.then(|| req.uri());
         Some(metrics::LabelGrpcRsp::from(metrics::labels::Route::new(
-            parent,
-            route,
-            req.uri(),
+            parent, route, uri,
         )))
     }
 }

linkerd/app/outbound/src/http/logical/policy/route/metrics/labels.rs

@@ -59,12 +59,10 @@ pub enum Error {
 // === impl Route ===
 
 impl Route {
-    pub fn new(parent: ParentRef, route: RouteRef, uri: &http::uri::Uri) -> Self {
+    pub fn new(parent: ParentRef, route: RouteRef, uri: Option<&http::uri::Uri>) -> Self {
         let hostname = uri
-            .host()
-            .map(str::as_bytes)
-            .map(dns::Name::try_from_ascii)
-            .and_then(Result::ok);
+            .and_then(http::uri::Uri::host)
+            .and_then(|h| dns::Name::try_from_ascii(h.as_bytes()).ok());
 
         Self {
             parent,

linkerd/app/outbound/src/http/logical/policy/route/metrics/test_util.rs

@@ -14,14 +14,14 @@ pub async fn send_assert_incremented(
     send: impl FnOnce(SendResponse),
 ) {
     handle.allow(1);
-    assert_eq!(counter.get(), 0);
+    let init = counter.get();
     svc.ready().await.expect("ready");
     let mut call = svc.call(req);
     let (_req, tx) = tokio::select! {
         _ = (&mut call) => unreachable!(),
         res = handle.next_request() => res.unwrap(),
     };
-    assert_eq!(counter.get(), 0);
+    assert_eq!(counter.get(), init);
     send(tx);
     if let Ok(mut rsp) = call.await {
         if !rsp.body().is_end_stream() {
@@ -30,7 +30,7 @@ pub async fn send_assert_incremented(
             let _ = rsp.body_mut().trailers().await;
         }
     }
-    assert_eq!(counter.get(), 1);
+    assert_eq!(counter.get(), init + 1);
 }
 
 pub type Handle = tower_test::mock::Handle<http::Request<BoxBody>, http::Response<BoxBody>>;