ambient: match multiple svc VIPs in waypoint #51939
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
istio-testing
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
istio-testing
added
the
size/L
|
/test all |
|
/test integ-ambient-ipv6 |
1 similar comment
|
/test integ-ambient-ipv6 |
|
/test integ-ambient |
Signed-off-by: Jacek Ewertowski <[email protected]>
Signed-off-by: Jacek Ewertowski <[email protected]>
Signed-off-by: Jacek Ewertowski <[email protected]>
Signed-off-by: Jacek Ewertowski <[email protected]>
…ode enabled Signed-off-by: Jacek Ewertowski <[email protected]>
Signed-off-by: Jacek Ewertowski <[email protected]>
Signed-off-by: Jacek Ewertowski <[email protected]>
Signed-off-by: Jacek Ewertowski <[email protected]>
jewertow
force-pushed
the
match-multiple-svc-ips-in-waypoint
branch
from
f162c2a
to
391a4d1
Compare
Signed-off-by: Jacek Ewertowski <[email protected]>
|
/test all |
Signed-off-by: Jacek Ewertowski <[email protected]>
Signed-off-by: Jacek Ewertowski <[email protected]>
jewertow
changed the title
Signed-off-by: Jacek Ewertowski <[email protected]>
|
/test integ-ambient-ipv6 |
istio-testing
removed
the
do-not-merge/work-in-progress
|
/test integ-ambient-ipv6 |
howardjohn
reviewed
Jul 8, 2024
| // between using DefaultAddress or ClusterVIPs[0] to create a listener. | ||
| notDefaultAddresses := sets.New[string](addresses...).Delete(ha.address) | ||
| addresses = []string{ha.address} | ||
| addresses = append(addresses, notDefaultAddresses.UnsortedList()...) |
There was a problem hiding this comment.
We should probably use a sorted list for stability. If we shuffle it everytime it can lead to constant XDS changes which is expensive. The list is virtually guaranteed to be short, so this should be acceptable performance
| @@ -381,20 381,26 @@ func TestWaypointDNS(t *testing.T) { | |||
| if src.Config().HasSidecar() { | |||
| t.Skip("TODO: sidecars don't properly handle use-waypoint") | |||
| } | |||
| address := "240.240.240.239" | |||
| if _, v6 := getSupportedIPFamilies(t); v6 { | |||
There was a problem hiding this comment.
I think we can unconditionally put both. Did you see issues?
There was a problem hiding this comment.
I didn't try using both.
There was a problem hiding this comment.
I think that putting both addresses can't work, because Address is used directly to build the URL, so it won't work with multiple addresses. I tried putting both to be sure that Go can't handle it and it was failing.
| @@ -381,20 381,26 @@ func TestWaypointDNS(t *testing.T) { | |||
| if src.Config().HasSidecar() { | |||
| t.Skip("TODO: sidecars don't properly handle use-waypoint") | |||
| } | |||
| address := "240.240.240.239" | |||
There was a problem hiding this comment.
We can also fixup baseline_test L1742 and L1913
There was a problem hiding this comment.
I will look at those tests.
howardjohn
approved these changes
Jul 8, 2024
Signed-off-by: Jacek Ewertowski <[email protected]>
hzxuzhonghu
reviewed
Jul 9, 2024
| @@ -1275,7 1275,7 @@ func (s *Service) GetExtraAddressesForProxy(node *Proxy) []string { | |||
| // GetAllAddressesForProxy returns a k8s service's extra addresses to the cluster where the node resides. | |||
| // Especially for dual stack k8s service to get other IP family addresses. | |||
| func (s *Service) GetAllAddressesForProxy(node *Proxy) []string { | |||
| if features.EnableDualStack && node.Metadata != nil && node.Metadata.ClusterID != "" { | |||
| if (features.EnableDualStack || features.EnableAmbient) && node.Metadata != nil && node.Metadata.ClusterID != "" { | |||
There was a problem hiding this comment.
features.EnableAmbient can violates EnableDualStack setting?
There was a problem hiding this comment.
I would rather say that dual-stack is enabled by default in ambient mode.
There was a problem hiding this comment.
It is a env, why cannot user turn it off
There was a problem hiding this comment.
I don't know, I didn't add that condition.
|
1 to on by default in ambient (as we have done in other areas for dual
stack)
…On Tue, Jul 9, 2024, 4:14 AM Jacek Ewertowski ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In pilot/pkg/model/service.go
<#51939 (comment)>:
> @@ -1275,7 1275,7 @@ func (s *Service) GetExtraAddressesForProxy(node *Proxy) []string {
// GetAllAddressesForProxy returns a k8s service's extra addresses to the cluster where the node resides.
// Especially for dual stack k8s service to get other IP family addresses.
func (s *Service) GetAllAddressesForProxy(node *Proxy) []string {
- if features.EnableDualStack && node.Metadata != nil && node.Metadata.ClusterID != "" {
if (features.EnableDualStack || features.EnableAmbient) && node.Metadata != nil && node.Metadata.ClusterID != "" {
I would rather say that dual-stack is enabled by default in ambient mode.
—
Reply to this email directly, view it on GitHub
<#51939 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEYGXKAX65ZJO72H5AIAKDZLOLXXAVCNFSM6AAAAABKQ2QAWGVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDCNRVGQZDQMZRG4>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
This was referenced Jul 16, 2024
jewertow
added a commit
to jewertow/upstream-istio
that referenced
this pull request
Jul 23, 2024
Signed-off-by: Jacek Ewertowski <[email protected]>
istio-testing
pushed a commit
that referenced
this pull request
Jul 26, 2024
…stener (#52283) * networking: match multiple VIPs in sidecar outbound listener (#51967) * networking: match multiple addresses in sidecar outbound listener Signed-off-by: Jacek Ewertowski <[email protected]> * Add unit tests for GetAllAddressesForProxy Signed-off-by: Jacek Ewertowski <[email protected]> * Refactor buildSidecarOutboundListener Signed-off-by: Jacek Ewertowski <[email protected]> * Add an integration test Signed-off-by: Jacek Ewertowski <[email protected]> * Add a release note Signed-off-by: Jacek Ewertowski <[email protected]> * Refactor GetAllAddressesForProxy Signed-off-by: Jacek Ewertowski <[email protected]> * Fix linter error Signed-off-by: Jacek Ewertowski <[email protected]> * Revert removal svcExtraListenAddresses variable Signed-off-by: Jacek Ewertowski <[email protected]> * Fix unit tests Signed-off-by: Jacek Ewertowski <[email protected]> * Refactoring Signed-off-by: Jacek Ewertowski <[email protected]> * Fix TestEDSOverlapping Signed-off-by: Jacek Ewertowski <[email protected]> * Skip testServiceEntryWithMultipleVIPs in ambient mode Signed-off-by: Jacek Ewertowski <[email protected]> * Fix TestEDSUnhealthyEndpoints Signed-off-by: Jacek Ewertowski <[email protected]> * Add test case for ServiceEntry with resolution NONE and multiple VIPs Signed-off-by: Jacek Ewertowski <[email protected]> * Fix lint error Signed-off-by: Jacek Ewertowski <[email protected]> * Fix linter errors Signed-off-by: Jacek Ewertowski <[email protected]> * Fix lint error Signed-off-by: Jacek Ewertowski <[email protected]> * Generate service with all ports Signed-off-by: Jacek Ewertowski <[email protected]> * do not create service instance for each hostname/address pair Signed-off-by: Jacek Ewertowski <[email protected]> * Refactor GetExtraAddressesForProxy and revert removal of its usage from buildSidecarOutboundListener Signed-off-by: Jacek Ewertowski <[email protected]> * Fix listenerBindings.Extra() Signed-off-by: Jacek Ewertowski <[email protected]> * Handle IPv6 prefix length Signed-off-by: Jacek Ewertowski <[email protected]> * Check address' family only if a proxy supports given family Signed-off-by: Jacek Ewertowski <[email protected]> * Update a comment Signed-off-by: Jacek Ewertowski <[email protected]> * Refactor getAllAddressesForProxy Signed-off-by: Jacek Ewertowski <[email protected]> --------- Signed-off-by: Jacek Ewertowski <[email protected]> * Apply missing changes from #51939 Signed-off-by: Jacek Ewertowski <[email protected]> * networking: fix DNS auto-allocation (#52147) * Fix returning auto-allocated address Signed-off-by: Jacek Ewertowski <[email protected]> * Add an integration test Signed-off-by: Jacek Ewertowski <[email protected]> * Add missing build tag and license to dns_auto_allocation_test.go Signed-off-by: Jacek Ewertowski <[email protected]> * Fix unit tests Signed-off-by: Jacek Ewertowski <[email protected]> * Add workload selector to ProxyConfig Signed-off-by: Jacek Ewertowski <[email protected]> * Trigger injection if ProxyConfig was not propagated Signed-off-by: Jacek Ewertowski <[email protected]> --------- Signed-off-by: Jacek Ewertowski <[email protected]> * Remove leftovers from conflict resolution Signed-off-by: Jacek Ewertowski <[email protected]> --------- Signed-off-by: Jacek Ewertowski <[email protected]>
luksa
pushed a commit
to luksa/istio
that referenced
this pull request
Oct 14, 2024
* upstream/master: Concurrent xds cache benchmark (istio#51958) Fix TestController_ServiceWithChangingDiscoveryNamespaces flake (istio#51940) Allow setting seccomp profile type (e.g. `RuntimeDefault`) for waypoints (istio#51826) Automator: update proxy@master in istio/istio@master (istio#51931) istioctl - improve use of fancy icons (istio#51926) Automator: update common-files@master in istio/istio@master (istio#51961) Bump certifi from 2024.2.2 to 2024.7.4 in /samples/helloworld/src (istio#51949) Speedup isntall of multiple suites by up to 30s (istio#51948) ambient: add tests for components restarting (istio#51710) Enable dualStack cfg for istiod control plane in dualStack tests (istio#51844) Skip test setup for CNI skew test when we skip all tests (istio#51744) validation: add a few missed duration validations (istio#51946) Bump certifi in /samples/bookinfo/src/productpage (istio#51925) ambient: match multiple svc VIPs in waypoint (istio#51939) configure tls inspector initial buffer size (istio#51928) Be a bit more consistent with annotations in zt chart (istio#51692) update kiali addon to 1.87 (istio#51941) TestReachability: prune redundant test cases (istio#51924) Drop redundant test suite in security sds_ingress (istio#51923) Fix FuzzShallowcopyTrafficPolicy (istio#51916)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please provide a description of this PR:
Fixes #51886
Istio will store all cluster VIPs for service entries, but these VIPs will be applied only to waypoint listeners for now - I will fix sidecars in a follow-up PR.