Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

policy(feat): GrpcRoute index support #12584

Closed
wants to merge 159 commits into from
Closed

policy(feat): GrpcRoute index support #12584

wants to merge 159 commits into from

Conversation

the-wondersmith
Copy link
Contributor

Subject

Enable handling of Gateway GRPCRoute resources in linkerd-policy-controller-k8s-index.

Problem

Coming Soon™

Solution

  • does things

Validation

Coming Soon™

Fixes Partially Addresses

the-wondersmith and others added 30 commits April 27, 2024 14:34
@the-wondersmith
chore(deps): enable k8s-gateway-api experimental feature by default
8384e93 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
chore(deps): enable k8s-gateway-api experimental feature by default
5bfc2f1 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
chore(deps): enable k8s-gateway-api experimental feature by default
536fada 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
chore(deps): enable k8s-gateway-api experimental feature by default
0ce91e7 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
fix(typo): fix controller metrics patches typo
904f68a 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
chore(deps): remove k8s-gateway-api dependency in favor of reexport f…
f902467 
…rom linkerd-policy-controller-k8s-api

Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
feat: initial support for gateway grpcroute
db41e29 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
revert: remove unnecessary k8s-gateway-api feature addition
bcaf307 
Signed-off-by: Mark S <the@wondersmith.dev>
@dependabot @the-wondersmith
build(deps): bump lock_api from 0.4.11 to 0.4.12 (linkerd#12511)
4197360 
Bumps [lock_api](https://github.com/Amanieu/parking_lot) from 0.4.11 to 0.4.12.
- [Changelog](https://github.com/Amanieu/parking_lot/blob/master/CHANGELOG.md)
- [Commits](Amanieu/parking_lot@lock_api-0.4.11...lock_api-0.4.12)

---
updated-dependencies:
- dependency-name: lock_api
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mark S <the@wondersmith.dev>
@dependabot @the-wondersmith
build(deps): bump parking_lot from 0.12.1 to 0.12.2 (linkerd#12510)
cf98619 
Bumps [parking_lot](https://github.com/Amanieu/parking_lot) from 0.12.1 to 0.12.2.
- [Changelog](https://github.com/Amanieu/parking_lot/blob/master/CHANGELOG.md)
- [Commits](Amanieu/parking_lot@0.12.1...0.12.2)

---
updated-dependencies:
- dependency-name: parking_lot
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mark S <the@wondersmith.dev>
@marwanad @the-wondersmith
fix: avoid unnecessary headless endpoint mirrors cleanups during GC (l…
a3e50bd 
…inkerd#12500)

Subject
Fixes a bug where headless endpoint mirrors get cleaned up during GC

Problem
When GC is triggered (which also happens at startup or when the link watch disconnects), the service mirror controller attempts to look for services that can be GC'ed. This is done by looping through the local mirrored services on the cluster, then extracting the name of the original service in the remote (by dropping the target name suffix).

However, this check doesn't account for the headless endpoint service mirrors (the per pod cluster IP services). For example, if you have nginx-svc in the west cluster and two replicas, the source cluster will end up with nginx-svc-west, nginx-set-0-west and nginx-set-1-west. The logic would then parse the resource name for the latter two services as nginx-set-0 and nginx-set-1 which won't exist on the remote and ends up deleting them as part of GC.

The next sync would recreate those mirrors but you end up with downtime.

Solution
For those cases, instead of parsing the remote resource from the local service name, retrieve the info from the `mirror.linkerd.io/headless-mirror-svc-name` label.

Validation
Unit tests

Fixes linkerd#12499

Signed-off-by: Marwan Ahmed <me@marwanad.com>
Signed-off-by: Mark S <the@wondersmith.dev>
@alpeb @the-wondersmith
Fix issues with native sidecars (linkerd#12453)
3b336f5 
Closes linkerd#12395

Failing to iterate over init containers as well as regular containers for finding the proxy in various parts of the code when the proxy is injected as a native sidecar resulted in:

- `Get` Destination API failing in the presence of opaque ports
- Failure having the injector detecting already injected pods
- Various CLI issues

This PR is split into the following commits addressing each issue separately:

a8ebe76 - Fix injection check for existing sidecars
44e9625 - Fix 'linkerd uninject'
6269496 - Fix 'linkerd version --proxy'
42dbdad - Fix 'linkerd identity'
39db823 - Fix 'linkerd check'
7359f37 - Fix 'linkerd dg proxy-metrics'
f8f73c4 - Fix destination controller

Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
fix(tests): add missing timeouts field to gateway HttpRouteRule fix…
d259fb3 
…ture

Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
style(logging): simplify logged route patching error messages
f35eb70 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
docs: update Index::route_refs docstring
fa79a34 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-status-support
f043a63
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-status-support
dfa0899
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-status-support
96c010f
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-status-support
8e7836b
@olix0r
chore: Add Cargo.toml patch for testing
0006aa9
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-status-support
a2f1209
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-status-support
092658f
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-status-support
10cd038
@the-wondersmith
style: apply preferred crate structure
59918f4 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-status-support
856aa08
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-status-support
ce6ae3f
@the-wondersmith
chore(deps): bump k8s-gateway-api git ref
ca0b9e4 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-status-support
39072ad
@the-wondersmith
test(fix): remove incorrect timeouts field
c406101 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-status-support
4e86511
@the-wondersmith
perf: handle empty route collections
5a34150 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
refactor: remove unnecessary IntoIterator impl
041a762 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
refactor: replaced inlined function with direct call to tracing::warn
a1d9f9b 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
refactor: remove unnecessary Default impl
3d27c8e 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
fix: ...
ca74e53 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
perf: simplify service_routes handling on Namespace struct
05f9dd5 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-index-support
3d0b1ee
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-index-support
f04eaa8
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-index-support
43aad3a
@the-wondersmith
revert: remove RouteMatch enum
5ae68c5 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
fix: return empty rule for inbound grpc routes
4c19a22 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith the-wondersmith deleted the policy-feat-grpcroute-index-support branch May 28, 2024 13:51
@the-wondersmith the-wondersmith restored the policy-feat-grpcroute-index-support branch May 28, 2024 13:53
@the-wondersmith
Merge remote-tracking branch 'refs/remotes/origin/main' into policy-f…
3b5418d 
…eat-grpcroute-index-support

Signed-off-by: Mark S <the@wondersmith.dev>

# Conflicts:
#	policy-controller/grpc/src/outbound.rs
#	policy-controller/k8s/index/src/outbound/index.rs
@the-wondersmith the-wondersmith force-pushed the policy-feat-grpcroute-index-support branch from 513c913 to 3b5418d Compare May 28, 2024 16:00
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-index-support
58614ed
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-index-support
fbc7cc3
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-index-support
94697a1
@the-wondersmith
chore(deps): update k8s-gateway-api git ref
09423f8 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
perf: remove unnecessary clone
eef0a3a 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
perf: remove unnecessary field
c8f94a4 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
chore(deps): update k8s-gateway-api git ref
dcef28e 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
perf: simplify routes binding
b8fdf5f 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
chore: port updated backend conversion behavior from http to grpc
2eb79fa 
Signed-off-by: Mark S <the@wondersmith.dev>
@the-wondersmith
Merge branch 'main' into policy-feat-grpcroute-index-support
e574efa
@the-wondersmith
Copy link
Contributor Author

Just commenting for historical context purposes -

PR was opened to facilitate code review, but its overall size and content doesn't mesh with internal change management strategy. I'm closing this PR now that code review is complete and will be breaking the changes out into smaller chunks of mergeable changes.

@the-wondersmith the-wondersmith deleted the policy-feat-grpcroute-index-support branch June 5, 2024 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adleong adleong adleong left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@the-wondersmith @adleong @marwanad @alpeb @olix0r