-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: Option to automatically create DNS record for virtual service #330
Comments
Hey Mike. I can see why that paragraph is interpreted that way. I think the intent was to work forward from an existing application which is already referencing some service by a name. So the virtual service could be So, to be clear, your last paragraph is the intent for virtual services; stable name while the services behind it change. The problem arises because today the proxy isn't intercepting DNS, so the application still needs to resolve the name before envoy takes over for the real service discovery dns. A bunch of our examples use a cloudmap private DNS namespace and have the virtual service match the service discovery, so the records are created. Other workarounds include creating the dummy record in route53 or in the local hosts file; the application just needs to send the request out to the proxy. I'm not sure if App Mesh creating DNS records is the right mechanism for this; removing the need to have resolvable DNS for the virtual service name may be a better solution, to have the proxy take over that initial DNS response for the application. I thought we already had an open issue I could point you to (to see if it matches up with your current understanding), I'll check with the team. Did I miss anything? |
I agree with @efe-selcuk. We have an open issue to track naming Virtual Services by any name instead of FQDN. |
Hi @efe-selcuk - I understand your explanation, and it makes sense where there is an existing application that has been "meshified". But where a new application is being deployed from scratch, it feels wrong to create the expectation that version 1 should assume the "versionless" name, and that only subsequent versions should have different names. What is so special about version1 that it should follow a different naming convention than subsequent versions? Right now I am building a pipeline that will deploy a new ECS Service which includes the CommitID in the service name, so that each version has a different ECS service name. The intention is that the mesh virtual service+router can then be used to shift traffic to the new version. If I follow the AWS docs recommendation, then I cannot deploy version 1 using my pipeline because the name would need to be "versionless". In such a situation I think that the "versionless" name belongs to the virtual service, and not to any specific version of the service. I understand why the problem arises. I just question whether the recommended solution is always the right solution, and that is why I thought having the option of adding the DNS name as part of the virtual service creation could work. But I agree that removing the need to have resolvable DNS for the virtual service name would be a better solution. |
Hi @rajal-amzn - issue #65 seems to be about using simple hostnames to call dependencies. If the solution for this means that I can also use a FQDN which is not resolvable by DNS, then that works for me. But this is not clear from the description on the ticket - it refers to ticket #71 , but it does not explicitly state that the unresolvable FQDN issue will be addressed by the same solution as for simple hostnames. |
The documentation suggests that If application needs to access external services, I need to name my virtual services same as of external service. e.g. if application is accessing If my application needs to point a different resource, I need to update my application, virtual node, virtual services. This is alot to change and kills purpose of using Service Mesh. What I'm proposing that application can choose any generic name for service and Virtualnode should be responsible for routing traffic to desired service based upon dns hostname. This could simplify it greatly. |
Seems to me that there are at least 2 considerations which give rise to various use cases. Consider a situation where a downstream service A is calling an upstream service B which is configured as a virtual service in the mesh. 1. Downstream service reference to upstream service name 2. Name of the upstream service implementing the virtual service In all combinations of these cases, the best solution would be for the Envoy proxy for the downstream service to map the referenced upstream name to the correct service (based on the virtual service/router config) WITHOUT any need for DNS resolution. If the downstream also wishes to call upstream services outside the mesh then IMHO it is useful to model these external upstream services within the mesh, using a virtual node and virtual router as described here. That way it is possible to change the target upstream service through the virtual service e.g. to move to a new version of an external API, without changing the downstream service. In this case though the Envoy proxy of the downstream service would need to perform a DNS lookup, as there is no Envoy proxy associated with the external service to do this. Maybe we should have Envoy-only UpstreamProxies for external services, just as we have Envoy-only virtual gateways for ingress? |
I've just been hit by the issue documented at: #71, where my application front-end could not resolve my back-end virtual service name because there was no DNS entry for it.
While the docs have been updated to address this issue, I don't think the recommended approach makes sense in situations where a virtual service is associated with a virtual router (or wherever there is a possibility of multiple real service implementations).
The virtual service docs say:
One of the purposes served by a virtual service is that you can route traffic to one of many underlying real service implementations, each of which have their own distinct names e.g.
colorteller-red
,colorteller-blue
etc. In such cases, the name of the virtual service should be neutral, and should not be tied to any one specific underlying service implementation i.e. in this case the best name would simply becolorteller
.Another use of virtual services is to support blue/green deployments when moving to a new version e.g.
serviceA-v1
moving toserviceA-v2
, and for this reason it would not make sense for the virtual service name to include the version number of the first (or any) real version - it should just beserviceA
.For cases like the above, where the virtual service name needs to be distinct from all the underlying real service names, it would be great if App Mesh could offer the option to automatically create a DNS record for a virtual service when it is created.
The text was updated successfully, but these errors were encountered: