New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access to revisions of an external control plane #31322
Comments
I think the path prefix would not work for CA/discovery address due to grpc |
I don't think the discoveryAddress should take revisions into account. I am working on #31342 which lets istioctl find the XDS address using the injector config. It uses the |
@howardjohn, good point, my suggestion will only work for the https one (injectionURL). What about using wildcard subdomains instead, something like this:
Would that work? Any other suggestions? @esnible, I'm not sure I understand how #31342 fixes this. Seems that currently revisions can't be used with external control planes. |
That could work, but there is not one way that this can/should be implemented. Users will have their own routing requirements. Some examples of other ideas that may work better for other users (note: these are pretty old): https://gist.github.com/howardjohn/15618fd3a1d2ed54b95ae6fb50548433 https://gist.github.com/howardjohn/41e5c30816b82b6abc8c89f943393d96 I don't think we should enforce the |
Another option is to set XDS_HEADER_REVISION env var, then you can do standard virtual service header routing |
Not stale. |
not stale |
🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2022-04-21. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions. Created by the issue and PR lifecycle manager. |
Describe the feature request
When using an external control plane, the remote istiod location is configured in several places, three of which (
discoveryAddress
,caAddress
, andinjectionURL
) should, but currently do not, take revisions into account:For example, when the the
injectionURL
value is set, it will be used in the MutatingWebhookConfiguration as is, with no regard to the webhooks associated revision. Only the not-set ({{- else }}
) uses the revision to select the correct istiod service.If instead, we added a new variable (
istiodRemote.istiodURL
), we could pass the revision as a path prefix, which the external control plane could use to access the appropriate istiod revision:If we make a similar change for all three variables, this would also simplify the external control plane configuration. Only one variable (
istiodRemote.istiodURL
) would need to be configured, instead of the current three:Describe alternatives you've considered
[ ] Docs
[x] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[x] User Experience
[ ] Developer Infrastructure
Additional context
The text was updated successfully, but these errors were encountered: