Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

policy(feat): GrpcRoute index support #12584

Conversation

the-wondersmith
Copy link
Contributor

Subject

Enable handling of Gateway GRPCRoute resources in linkerd-policy-controller-k8s-index.

Problem

Coming Soon™

Solution

  • does things

Validation

Coming Soon™

Fixes Partially Addresses

the-wondersmith and others added 30 commits April 27, 2024 14:34
Signed-off-by: Mark S <the@wondersmith.dev>
Signed-off-by: Mark S <the@wondersmith.dev>
Signed-off-by: Mark S <the@wondersmith.dev>
Signed-off-by: Mark S <the@wondersmith.dev>
Signed-off-by: Mark S <the@wondersmith.dev>
…rom linkerd-policy-controller-k8s-api

Signed-off-by: Mark S <the@wondersmith.dev>
Signed-off-by: Mark S <the@wondersmith.dev>
Signed-off-by: Mark S <the@wondersmith.dev>
Bumps [lock_api](https://github.com/Amanieu/parking_lot) from 0.4.11 to 0.4.12.
- [Changelog](https://github.com/Amanieu/parking_lot/blob/master/CHANGELOG.md)
- [Commits](Amanieu/parking_lot@lock_api-0.4.11...lock_api-0.4.12)

---
updated-dependencies:
- dependency-name: lock_api
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mark S <the@wondersmith.dev>
Bumps [parking_lot](https://github.com/Amanieu/parking_lot) from 0.12.1 to 0.12.2.
- [Changelog](https://github.com/Amanieu/parking_lot/blob/master/CHANGELOG.md)
- [Commits](Amanieu/parking_lot@0.12.1...0.12.2)

---
updated-dependencies:
- dependency-name: parking_lot
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mark S <the@wondersmith.dev>
…inkerd#12500)

Subject
Fixes a bug where headless endpoint mirrors get cleaned up during GC

Problem
When GC is triggered (which also happens at startup or when the link watch disconnects), the service mirror controller attempts to look for services that can be GC'ed. This is done by looping through the local mirrored services on the cluster, then extracting the name of the original service in the remote (by dropping the target name suffix).

However, this check doesn't account for the headless endpoint service mirrors (the per pod cluster IP services). For example, if you have nginx-svc in the west cluster and two replicas, the source cluster will end up with nginx-svc-west, nginx-set-0-west and nginx-set-1-west. The logic would then parse the resource name for the latter two services as nginx-set-0 and nginx-set-1 which won't exist on the remote and ends up deleting them as part of GC.

The next sync would recreate those mirrors but you end up with downtime.

Solution
For those cases, instead of parsing the remote resource from the local service name, retrieve the info from the `mirror.linkerd.io/headless-mirror-svc-name` label.

Validation
Unit tests

Fixes linkerd#12499

Signed-off-by: Marwan Ahmed <me@marwanad.com>
Signed-off-by: Mark S <the@wondersmith.dev>
Closes linkerd#12395

Failing to iterate over init containers as well as regular containers for finding the proxy in various parts of the code when the proxy is injected as a native sidecar resulted in:

- `Get` Destination API failing in the presence of opaque ports
- Failure having the injector detecting already injected pods
- Various CLI issues

This PR is split into the following commits addressing each issue separately:

a8ebe76 - Fix injection check for existing sidecars
44e9625 - Fix 'linkerd uninject'
6269496 - Fix 'linkerd version --proxy'
42dbdad - Fix 'linkerd identity'
39db823 - Fix 'linkerd check'
7359f37 - Fix 'linkerd dg proxy-metrics'
f8f73c4 - Fix destination controller

Signed-off-by: Mark S <the@wondersmith.dev>
…ture

Signed-off-by: Mark S <the@wondersmith.dev>
Signed-off-by: Mark S <the@wondersmith.dev>
Signed-off-by: Mark S <the@wondersmith.dev>
Signed-off-by: Mark S <the@wondersmith.dev>
Signed-off-by: Mark S <the@wondersmith.dev>
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith the-wondersmith deleted the policy-feat-grpcroute-index-support branch May 28, 2024 13:51
@the-wondersmith the-wondersmith restored the policy-feat-grpcroute-index-support branch May 28, 2024 13:53
…eat-grpcroute-index-support

Signed-off-by: Mark S <the@wondersmith.dev>

# Conflicts:
#	policy-controller/grpc/src/outbound.rs
#	policy-controller/k8s/index/src/outbound/index.rs
@the-wondersmith the-wondersmith force-pushed the policy-feat-grpcroute-index-support branch from 513c913 to 3b5418d Compare May 28, 2024 16:00
@the-wondersmith
Copy link
Contributor Author

Just commenting for historical context purposes -

PR was opened to facilitate code review, but its overall size and content doesn't mesh with internal change management strategy. I'm closing this PR now that code review is complete and will be breaking the changes out into smaller chunks of mergeable changes.

@the-wondersmith the-wondersmith deleted the policy-feat-grpcroute-index-support branch June 5, 2024 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants