add custom 503 pages for when backends are down

Author: Xetera

internal/xds/503-dashboard.html

@@ -0,0 +1,61 @@
+<!doctype html>
+<html>
+  <head>
+    <title>503 Dashboard Unavailable</title>
+    <style>
+      * {
+        box-sizing: border-box;
+        margin: 0;
+        padding: 0;
+      }
+      body {
+        font-family:
+          system-ui,
+          -apple-system,
+          sans-serif;
+        background: #0a0a0a;
+        color: #e5e5e5;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        min-height: 100vh;
+        padding: 1rem;
+      }
+      .container {
+        text-align: center;
+        max-width: 500px;
+      }
+      h1 {
+        font-size: 4rem;
+        color: #ef4444;
+        margin-bottom: 1rem;
+      }
+      h2 {
+        font-size: 1.5rem;
+        margin-bottom: 1rem;
+        color: #fff;
+      }
+      p {
+        color: #b8b8b8;
+        line-height: 1.6;
+      }
+      code {
+        background: #262626;
+        padding: 0.2rem 0.4rem;
+        border-radius: 0.25rem;
+        font-size: 0.9rem;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="container">
+      <h1>503</h1>
+      <h2>Dashboard Unavailable</h2>
+      <p>
+        The dashboard is down but envoy isn't. You might need to restart
+        localproxy after force killing envoy with
+        <code>sudo killall envoy</code>
+      </p>
+    </div>
+  </body>
+</html>

internal/xds/503.html

@@ -0,0 +1,54 @@
+<!doctype html>
+<html>
+  <head>
+    <title>503 Service Unavailable</title>
+    <style>
+      * {
+        box-sizing: border-box;
+        margin: 0;
+        padding: 0;
+      }
+      body {
+        font-family:
+          system-ui,
+          -apple-system,
+          sans-serif;
+        background: #0a0a0a;
+        color: #e5e5e5;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        min-height: 100vh;
+        padding: 1rem;
+      }
+      .container {
+        text-align: center;
+        max-width: 500px;
+      }
+      h1 {
+        font-size: 4rem;
+        color: #ef4444;
+        margin-bottom: 1rem;
+      }
+      h2 {
+        font-size: 1.5rem;
+        margin-bottom: 1rem;
+        color: #fff;
+      }
+      p {
+        color: #b8b8b8;
+        line-height: 1.6;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="container">
+      <h1>503</h1>
+      <h2>Service Unavailable</h2>
+      <p>
+        The backend service is not responding. Please check that your
+        application is running and try again.
+      </p>
+    </div>
+  </body>
+</html>

internal/xds/snapshot.go

@@ -1,10 +1,12 @@
 package xds
 
 import (
+	_ "embed"
 	"fmt"
 	"net"
 	"time"
 
+	accesslog "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3"
 	cluster "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	endpoint "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
@@ -21,8 +23,15 @@ import (
 	"github.com/envoyproxy/go-control-plane/pkg/resource/v3"
 	"google.golang.org/protobuf/types/known/anypb"
 	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
 )
 
+//go:embed 503.html
+var error503HTML string
+
+//go:embed 503-dashboard.html
+var error503DashboardHTML string
+
 type Protocol string
 
 const (
@@ -89,12 +98,112 @@ func (b *SnapshotBuilder) Build(routes []Route, httpsRedirect bool) (*cache.Snap
 
 	routerFilter, _ := anypb.New(&router.Router{})
 
+	statusCode503Filter := &accesslog.AccessLogFilter{
+		FilterSpecifier: &accesslog.AccessLogFilter_StatusCodeFilter{
+			StatusCodeFilter: &accesslog.StatusCodeFilter{
+				Comparison: &accesslog.ComparisonFilter{
+					Op: accesslog.ComparisonFilter_EQ,
+					Value: &core.RuntimeUInt32{
+						DefaultValue: 503,
+						RuntimeKey:   "local_reply_503",
+					},
+				},
+			},
+		},
+	}
+
+	dashboardHostFilter := &accesslog.AccessLogFilter{
+		FilterSpecifier: &accesslog.AccessLogFilter_OrFilter{
+			OrFilter: &accesslog.OrFilter{
+				Filters: []*accesslog.AccessLogFilter{
+					{
+						FilterSpecifier: &accesslog.AccessLogFilter_HeaderFilter{
+							HeaderFilter: &accesslog.HeaderFilter{
+								Header: &route.HeaderMatcher{
+									Name: ":authority",
+									HeaderMatchSpecifier: &route.HeaderMatcher_ExactMatch{
+										ExactMatch: "localhost",
+									},
+								},
+							},
+						},
+					},
+					{
+						FilterSpecifier: &accesslog.AccessLogFilter_HeaderFilter{
+							HeaderFilter: &accesslog.HeaderFilter{
+								Header: &route.HeaderMatcher{
+									Name: ":authority",
+									HeaderMatchSpecifier: &route.HeaderMatcher_ExactMatch{
+										ExactMatch: "proxy.localhost",
+									},
+								},
+							},
+						},
+					},
+					{
+						FilterSpecifier: &accesslog.AccessLogFilter_HeaderFilter{
+							HeaderFilter: &accesslog.HeaderFilter{
+								Header: &route.HeaderMatcher{
+									Name: ":authority",
+									HeaderMatchSpecifier: &route.HeaderMatcher_ExactMatch{
+										ExactMatch: "proxy.internal",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	localReplyConfig := &hcm.LocalReplyConfig{
+		Mappers: []*hcm.ResponseMapper{
+			{
+				Filter: &accesslog.AccessLogFilter{
+					FilterSpecifier: &accesslog.AccessLogFilter_AndFilter{
+						AndFilter: &accesslog.AndFilter{
+							Filters: []*accesslog.AccessLogFilter{
+								statusCode503Filter,
+								dashboardHostFilter,
+							},
+						},
+					},
+				},
+				StatusCode: wrapperspb.UInt32(503),
+				Body: &core.DataSource{
+					Specifier: &core.DataSource_InlineString{InlineString: error503DashboardHTML},
+				},
+				BodyFormatOverride: &core.SubstitutionFormatString{
+					ContentType: "text/html; charset=UTF-8",
+					Format: &core.SubstitutionFormatString_TextFormat{
+						TextFormat: "%LOCAL_REPLY_BODY%",
+					},
+				},
+			},
+			{
+				Filter: statusCode503Filter,
+				StatusCode: wrapperspb.UInt32(503),
+				Body: &core.DataSource{
+					Specifier: &core.DataSource_InlineString{InlineString: error503HTML},
+				},
+				BodyFormatOverride: &core.SubstitutionFormatString{
+					ContentType: "text/html; charset=UTF-8",
+					Format: &core.SubstitutionFormatString_TextFormat{
+						TextFormat: "%LOCAL_REPLY_BODY%",
+					},
+				},
+			},
+		},
+	}
+
 	httpsHcm := &hcm.HttpConnectionManager{
 		CodecType:             hcm.HttpConnectionManager_AUTO,
 		StatPrefix:            "https_ingress",
 		StreamIdleTimeout:     durationpb.New(0),
 		RequestTimeout:        durationpb.New(0),
 		RequestHeadersTimeout: durationpb.New(0),
+		LocalReplyConfig:      localReplyConfig,
 		RouteSpecifier: &hcm.HttpConnectionManager_Rds{
 			Rds: &hcm.Rds{
 				ConfigSource: &core.ConfigSource{
@@ -119,6 +228,7 @@ func (b *SnapshotBuilder) Build(routes []Route, httpsRedirect bool) (*cache.Snap
 		StreamIdleTimeout:     durationpb.New(0),
 		RequestTimeout:        durationpb.New(0),
 		RequestHeadersTimeout: durationpb.New(0),
+		LocalReplyConfig:      localReplyConfig,
 		RouteSpecifier: &hcm.HttpConnectionManager_Rds{
 			Rds: &hcm.Rds{
 				ConfigSource: &core.ConfigSource{
@@ -387,6 +497,7 @@ func (b *SnapshotBuilder) Build(routes []Route, httpsRedirect bool) (*cache.Snap
 				StreamIdleTimeout:     durationpb.New(0),
 				RequestTimeout:        durationpb.New(0),
 				RequestHeadersTimeout: durationpb.New(0),
+				LocalReplyConfig:      localReplyConfig,
 				RouteSpecifier: &hcm.HttpConnectionManager_Rds{
 					Rds: &hcm.Rds{
 						ConfigSource: &core.ConfigSource{