Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix service mirror controller warnings for remote-discover services #11251

Merged
merged 3 commits into from Aug 16, 2023
Merged

Fix service mirror controller warnings for remote-discover services #11251

merged 3 commits into from Aug 16, 2023

Conversation

alpeb
Copy link
Member

@alpeb alpeb commented Aug 15, 2023

Warnings were getting generated in the service mirror controller during repairEndpoints and when reacting to Endpoints updates on the target cluster. Fixed that, while refactored the isRemoteDiscovery function to be more generic.

@alpeb alpeb requested a review from a team as a code owner August 15, 2023 17:52
adleong
adleong reviewed Aug 15, 2023
View reviewed changes
multicluster/service-mirror/cluster_watcher.go Show resolved Hide resolved
multicluster/service-mirror/cluster_watcher.go
@@ -894,6 +894,10 @@ func (rcsw *RemoteClusterServiceWatcher) Start(ctx context.Context) error {
rcsw.log.Debugf("skipped processing endpoints object %s/%s: missing %s label", epNew.Namespace, epNew.Name, consts.DefaultExportedServiceSelector)
return
}
if rcsw.isRemoteDiscovery(epNew.Labels) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do the endpoints of an exported service have the exported label on them? Typically, the user would only label the exported service. Does the endpoints controller copy this label to the endpoints or something like that?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, it appears labels are copied into the endpoints automatically:

$ k -n emojivoto expose pod web-8559b97f7c-pk6xq --port 80
service/web-8559b97f7c-pk6xq exposed

$ k -n emojivoto label svc/web-8559b97f7c-pk6xq mirror.linkerd.io/exported=remote-discovery

$ k -n emojivoto get ep web-8559b97f7c-pk6xq -ojson | jq .metadata.labels
{
  "app": "web-svc",
  "linkerd.io/control-plane-ns": "linkerd",
  "linkerd.io/proxy-deployment": "web",
  "linkerd.io/workload-ns": "emojivoto",
  "mirror.linkerd.io/exported": "remote-discovery",
  "pod-template-hash": "8559b97f7c",
  "version": "v11"
}

multicluster/service-mirror/cluster_watcher.go Outdated Show resolved Hide resolved
multicluster/service-mirror/cluster_watcher.go Outdated Show resolved Hide resolved
@alpeb
Fix service mirror controller warnings for remote-discover services
b2bfd10 
Warnings were getting generated in the service mirror controller during repairEndpoints and when reacting to Endpoints updates on the target cluster. Fixed that, while refactored the `isRemoteDiscovery` function to be more generic.
@alpeb
Feedback
e8add91
@alpeb
Rebase and fix isRemoteDiscovery call
c99c550
@alpeb alpeb force-pushed the alpeb/remove-remote-disco-warnings branch from 9be6686 to c99c550 Compare August 15, 2023 21:05
@alpeb alpeb merged commit 117048c into main Aug 16, 2023
35 checks passed
@alpeb alpeb deleted the alpeb/remove-remote-disco-warnings branch August 16, 2023 18:34
alpeb added a commit that referenced this pull request Aug 16, 2023
@alpeb
edge-23.8.3 Change notes
1cf99ce 
This is a release candidate for stable-2.14.0; we encourage you to help trying
it out!

This edge release contains a number of improvements over the multi-cluster
features introduced in the last edge release supporting flat networks. It also
hardens the containers security stance by removing write access to the root
filesystem.

* Enhanced `linkerd multicluster link` to allow clusters to be linked without a
  gateway ([#11226])
* Added cluster store size gauge metric ([#11256])
* Disabled local traffic policy for remote discovery ([#11257])
* Fixed various innocuous multi-cluster warnings ([#11251], [#11246], [#11253])
* Set `readOnlyRootFilesystem: true` in all the containers, as they don't
  require write permissions ([#11221]; fixes [#11142]) (thanks @mikutas!)
@alpeb alpeb mentioned this pull request Aug 16, 2023
Merged
alpeb added a commit that referenced this pull request Aug 16, 2023
@alpeb
edge-23.8.3 Change notes (#11262)
13157bd 
This is a release candidate for stable-2.14.0; we encourage you to help trying
it out!

This edge release contains a number of improvements over the multi-cluster
features introduced in the last edge release supporting flat networks. It also
hardens the containers security stance by removing write access to the root
filesystem.

* Enhanced `linkerd multicluster link` to allow clusters to be linked without a
  gateway ([#11226])
* Added cluster store size gauge metric ([#11256])
* Disabled local traffic policy for remote discovery ([#11257])
* Fixed various innocuous multi-cluster warnings ([#11251], [#11246], [#11253])
* Set `readOnlyRootFilesystem: true` in all the containers, as they don't
  require write permissions ([#11221]; fixes [#11142]) (thanks @mikutas!)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olix0r olix0r olix0r approved these changes

@adleong adleong adleong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@alpeb @olix0r @adleong