-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ServiceID-SNI, ports and protocols #10
Comments
+1 to the idea, but would changing the name of the field be disruptive to implementations that want to upgrade from v1alpha1 to v1alpha2?
I think the more likely reason here is if a Hamlet implementation operates at L4-only and defers to the consumer to know the domain / SNI header of the service. @sergiopozoh what's the relationship between the new Port field and the port in |
yes, all changes here are disruptive. For an alpha, I wasn't considering changing the major version, but we can do it for the sake of clarity. I assume that the underlying reason for the question. Was it? |
Proposed changes (new revision)
Existing Endpoint type, with a new field EndpointSelector
New type representing the service instance information required for routing at the ingress of the service owner, when there are multiple backing instances (for example in different ports or with different protocols).
|
The previous spec is leaking port information from the service owner. In fact, there is no need to share port information, but only for the service provider to simply export an identifier for the backing services for a FederatedService. This identifier has to be unique within that context. In this way, we are creating a hierarchy in a way that a FederatedService can contain multiple backing instances under the same FQDN. For flexibility, each instance can be exposed in a different ingress, or on the same ingress but in a different port. This is the new alternative Existing
New type representing the service instance information required for routing at the ingress of the service owner, when there are multiple backing instances.
For a consumer agent compliant implementation, the agent must generate in the local consumer platform a FQDN for each of the instances with the format In addition, for a consumer agent compliant implementation, the agent must generate in the local consumer platform an entry with Alternatives
|
Proposed changes
required Array Port { required int number, required string protocol, optional string SNI
Where
number.
A valid non-negative integer port number.protocol.
Protocol exposed on the port. MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. TLS implies the connection will be routed based on the SNI header to the destination.SNI.
The value of this field will be set as the SNI header by the federated service mesh consumer when creating a connection to the owner and has been originally set by the owner. Each vendor may possibly have its own SNI format, so this specification doesn't define a particular format to use for this field. This field is opaque for the consumer, it simply uses it.Reasons
ServiceID is really an SNI. SNI only makes sense when there is TLS traffic. In the current version of the spec, traffic has to be TLS. However, there could be architectures where TLS is not needed or not even possible. This is a limitation of the spec and the main reason of this proposed change.
If ServiceID/SNI is made optional, we have to use either Name or FQDN as the primary key within the owner mesh instead of the ServiceID. Neither of these two alone can be really guaranteed to be unique no matter if we require it in the spec or not. However a combination of FQDN (if mandatory) and Port can be, or a combination of Name (if FQDN is optional) and Port. However, Port is not part of the current spec, but encoded in the ServiceID/SNI (which is currently mandatory but also opaque for the consumer mesh, as it does not know how to interpret its content).
Currently, there are no ports for the service endpoint but the port is encoded in the SNI. This has some limitations
Alternatives
there is no other way for a consumer than having two endpoints/entries and append the port to the name of the service to be able to differentiate them. This is not the best UX.
The proposed changes allow a compact and simple representation of remote service descriptions for
The text was updated successfully, but these errors were encountered: