Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make istiod-less Remote Cluster the default for multicluster #27420

Closed
Tracked by #38
nmittler opened this issue Sep 18, 2020 · 17 comments · Fixed by istio/istio.io#11155
Closed
Tracked by #38

Make istiod-less Remote Cluster the default for multicluster #27420

nmittler opened this issue Sep 18, 2020 · 17 comments · Fixed by istio/istio.io#11155
Assignees
@frankbu
Labels
area/environments area/test and release feature/Multi-cluster issues related with multi-cluster support lifecycle/staleproof Indicates a PR or issue has been deemed to be immune from becoming stale and/or automatically closed
Projects
Prioritization
Milestone
1.14

Comments

@nmittler
Copy link
Contributor

nmittler commented Sep 18, 2020
edited by istio-policy-bot

For 1.8 (Multicluster Beta), we want to switch the default remote cluster type to be istiod-less. We also want to deprecate the old remote cluster type.

All tests should use the istiod-less remote by default as well.

[ ] Docs
[x] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[ ] Security
[x] Test and Release
[ ] User Experience
[ ] Developer Infrastructure

Additional context
@nmittler nmittler added this to the 1.8 milestone Sep 18, 2020
@stevenctl
Copy link
Contributor

@irisdingbj @linsun can you point me to a doc or help me understand why we need to set ISTIOD_CUSTOM_HOST?

@linsun
Copy link
Member

linsun commented Sep 22, 2020

@stevenctl ISTIOD_CUSTOM_HOST is an env var that is used to generate the webhook certificate for istiod to include the host. This is useful when the host is not from a trust-able authority.

@linsun
Copy link
Member

linsun commented Oct 14, 2020

Update on this: #27921

@nmittler nmittler modified the milestones: 1.8, 1.9 Oct 21, 2020
@irisdingbj
Copy link
Member

#28181

@stevenctl stevenctl mentioned this issue Dec 15, 2020
Closed
@istio-policy-bot istio-policy-bot added the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Jan 25, 2021
@ericvn
Copy link
Contributor

ericvn commented Jan 27, 2021

@irisdingbj @nmittler Should #28181 have satisfied this issue and it can be closed?

@istio-policy-bot istio-policy-bot removed the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Jan 27, 2021
@stevenctl
Copy link
Contributor

No, we don't have a documented path for users to enable this in production. What we're doing in integration tests is a bit non-standard and actually is the cause of some of the flakes we see.

@jacob-delgado jacob-delgado modified the milestones: 1.9, 1.10 Feb 4, 2021
@brian-avery
Copy link
Member

@stevenctl @nmittler Who's doing the work here? What work is needed? This is marked as a p0 for 1.10. Is that still accurate?

@stevenctl
Copy link
Contributor

The work required:

  • Tests
    • We have the capability to make ITs use this model, but that uses some hacks. If we can eliminate the CUSTOM_HOST thing by installing custom certs on our test containers, that may work.
    • We'll likely want to run 2 prow jobs for networking test, one that has this model and one with the old model of remotes.
  • Docs for how to set this up as a user.

As far as priority level, who is going to work on this and when, I'm not sure.

@nmittler
Copy link
Contributor Author

nmittler commented Apr 6, 2021

@linsun @GregHanson IBM had been leading this work previously. Is there any plan to help drive the feature to Beta?

@stevenctl stevenctl mentioned this issue Apr 19, 2021
Open
31 tasks
@brian-avery brian-avery modified the milestones: 1.10, 1.11 Apr 20, 2021
@istio-policy-bot istio-policy-bot added the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Jul 6, 2021
@nmittler
Copy link
Contributor Author

nmittler commented Jul 7, 2021

not stale

@istio-policy-bot istio-policy-bot removed the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Jul 7, 2021
@stevenctl stevenctl mentioned this issue Jul 20, 2021
Closed
@ryantking
Copy link
Contributor

@nmittler @linsun @irisdingbj @stevenctl Any opposition moving this into the 1.12 milestone?

@stevenctl stevenctl modified the milestones: 1.11, 1.12 Jul 27, 2021
@Kmoneal
Copy link
Contributor

Kmoneal commented Oct 20, 2021
edited

@linsun @irisdingbj @stevenctl Any updates if this will need to be moved to 1.13?

@Kmoneal
Copy link
Contributor

Kmoneal commented Oct 22, 2021

I'll move this to 1.13 due to no recent activity

@Kmoneal Kmoneal modified the milestones: 1.12, 1.13 Oct 22, 2021
@istio-policy-bot istio-policy-bot added the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Jan 21, 2022
@stevenctl
Copy link
Contributor

@frankbu at this point, it's mostly docs, right? do you think it will make 1.13?

@istio-policy-bot istio-policy-bot removed the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Jan 21, 2022
@stevenctl
Copy link
Contributor

Assuming this will miss 1.13? I haven't kept close attention.

@frankbu
Copy link
Contributor

frankbu commented Jan 31, 2022

The istiodless remotes integration tests are working, so mostly just docs need to be updated, but the implementation is not ideal because currently there is no way for an istiod to know if a remote secret is for a remote cluster or another primary as @stevenctl rightfully pointed out here: #36121 (comment). We probably want a deterministic implementation before we promote?

@stevenctl
Copy link
Contributor

Agreed.

@stevenctl stevenctl modified the milestones: 1.13, 1.14 Feb 7, 2022
@frankbu frankbu assigned frankbu and unassigned linsun, irisdingbj and stevenctl Apr 1, 2022
This was referenced Apr 1, 2022
Merged
Merged
Merged
@spwangxp spwangxp mentioned this issue Apr 28, 2022
Closed
@istio-policy-bot istio-policy-bot added the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label May 2, 2022
@stevenctl stevenctl added the lifecycle/staleproof Indicates a PR or issue has been deemed to be immune from becoming stale and/or automatically closed label May 3, 2022
@istio-policy-bot istio-policy-bot removed the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label May 3, 2022
Prioritization automation moved this from P0 to Done Jul 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@frankbu frankbu

Labels
area/environments area/test and release feature/Multi-cluster issues related with multi-cluster support lifecycle/staleproof Indicates a PR or issue has been deemed to be immune from becoming stale and/or automatically closed
Projects
Prioritization
Done
Milestone
1.14
Development

Successfully merging a pull request may close this issue.

Change multicluster docs to use istiodless remotes istio/istio.io