Add CSM NEG support. #827
Add CSM NEG support. #827
Conversation
|
Welcome @cadmuxe! |
k8s-ci-robot
added
the
cncf-cla: yes
|
Hi @cadmuxe. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
/cc @freehan |
|
This is a draft, need add tests. |
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
cmd/glbc/main.go
Outdated
| @@ -197,7 +205,7 @@ func runControllers(ctx *ingctx.ControllerContext) { | |||
| fwc := firewalls.NewFirewallController(ctx, flags.F.NodePortRanges.Values()) | |||
|
|
|||
| // TODO: Refactor NEG to use cloud mocks so ctx.Cloud can be referenced within NewController. | |||
| negController := neg.NewController(negtypes.NewAdapter(ctx.Cloud), ctx, lbc.Translator, ctx.ClusterNamer, flags.F.ResyncPeriod, flags.F.NegGCPeriod, neg.NegSyncerType(flags.F.NegSyncerType), flags.F.EnableReadinessReflector) | |||
| negController := neg.NewController(negtypes.NewAdapter(ctx.Cloud), ctx, lbc.Translator, ctx.ClusterNamer, flags.F.ResyncPeriod, flags.F.NegGCPeriod, neg.NegSyncerType(flags.F.NegSyncerType), flags.F.EnableReadinessReflector, flags.F.EnableCSM) | |||
There was a problem hiding this comment.
refactor neg.NewController to take controller context
There was a problem hiding this comment.
Discussed offline, will keep this by now.
pkg/annotations/destination_rule.go
Outdated
| import "encoding/json" | ||
|
|
||
| // PortSubsetNegMap is the mapping between service port:subset to NEG name | ||
| type PortSubsetNegMap map[string]string |
There was a problem hiding this comment.
you probably need map[string]map[string]string?
"cloud.google.com/neg-status": `{
"network_endpoint_groups": {
"v1": {
"9080": "somehash-default-reviews-v1-9080",
}
"v2": {
"9080": "somehash-default-reviews-v2-9080",
}
}
pkg/utils/namer.go
Outdated
| // NEGWithSubset returns the gce neg name based on the service namespace, name | ||
| // target port and Istio:DestinationRule subset if provided. NEG naming convention: | ||
| // | ||
| // {prefix}{version}-{clusterid}-{namespace}-{name}-{service port}[-subset]-{hash} |
There was a problem hiding this comment.
{prefix}{version}-{clusterid}-{namespace}-{name}-{subset}-{service port}-{hash}?
There was a problem hiding this comment.
consider spliting the namer NegForServicePort and NegForDestinationRule
Address code review feedback. change the neg status to map[string]map[string]string
pkg/neg/controller.go
Outdated
| @@ -544,3 +656,53 @@ func getIngressServicesFromStore(store cache.Store, svc *apiv1.Service) (ings [] | |||
| } | |||
| return | |||
| } | |||
|
|
|||
| func castToDestinationRule(drus *unstructured.Unstructured) (*istioV1alpha3.DestinationRule, error) { | |||
pkg/neg/controller.go
Outdated
| return servicePortMap | ||
| } | ||
|
|
||
| func getDestinationRulesFromStore(store cache.Store, svc *apiv1.Service) (drs map[namespaceNamePair]*istioV1alpha3.DestinationRule) { |
pkg/neg/controller.go
Outdated
| // syncTracker tracks the latest time that service and endpoint changes are processed | ||
| syncTracker utils.TimeTracker | ||
|
|
||
| // reflector handles NEG readiness gate and conditions for pods in NEG. | ||
| reflector readiness.Reflector | ||
| } | ||
|
|
||
| type namespaceNamePair struct { |
There was a problem hiding this comment.
use types.NamespacedName, no need to have a new structure
pkg/neg/controller.go
Outdated
| } | ||
| targetServiceNamespace := drUnstructed.GetNamespace() | ||
| drHost := dr.Host | ||
| if strings.Contains(dr.Host, ".") { |
There was a problem hiding this comment.
pkg/neg/controller.go
Outdated
| klog.Errorf("Failed to convert informer object to DestinationRule") | ||
| return | ||
| } | ||
| targetServiceNamespace := drus.GetNamespace() |
There was a problem hiding this comment.
Have a util function for parsing hosts in DestinationRule. Return namespace/name of service
shared the util function with getDestinationRulesFromStore
| Subset string | ||
|
|
||
| // Subset label, should set together with Subset. | ||
| SubsetLabels string |
There was a problem hiding this comment.
why not use map[string]string?
There was a problem hiding this comment.
okay. Got it. If it is simpler, then just do it this way.
| if c.enableCSM { | ||
| // Find all destination rules that using this service. | ||
| destinationRules := getDestinationRulesFromStore(c.destinationRuleLister, service) | ||
| servicePorts := gatherPortMappingFromService(service) |
There was a problem hiding this comment.
IIUC, this only creates NEGs per each (destination rule subsets X service ports)
If c.enableCSM, you also need to create NEGs for each service port. Except for kube-system services and kubernetes.default service
pkg/neg/controller.go
Outdated
| destinationRules := getDestinationRulesFromStore(c.destinationRuleLister, service) | ||
| servicePorts := gatherPortMappingFromService(service) | ||
| for destinationRuleNN, destinationRule := range destinationRules { | ||
| destinationRulePortInfoMap := negtypes.NewPortInfoMapWithDestinationRule(namespace, name, servicePorts, c.namer, true, destinationRule) |
There was a problem hiding this comment.
Need to validate if the destinationRule has unique subset names. If not, error out.
I confirmed with the Istio team that they want user to create unique subset names but did not enforce it with validation.
| @@ -422,6 +472,44 @@ func (c *Controller) syncNegStatusAnnotation(namespace, name string, portMap neg | |||
| return err | |||
| } | |||
|
|
|||
| func (c *Controller) syncDestinationRuleNegStatusAnnotation(namespace, destinationRuleName string, portmap negtypes.PortInfoMap) error { | |||
| @@ -463,6 +551,30 @@ func (c *Controller) enqueueIngressServices(ing *v1beta1.Ingress) { | |||
| } | |||
| } | |||
|
|
|||
| func (c *Controller) enqueueDestinationRule(obj interface{}) { | |||
| @@ -101,6 +108,15 @@ func NewControllerContext( | |||
| healthChecks: make(map[string]func() error), | |||
| } | |||
|
|
|||
| if config.EnableCSM && dynamicClient != nil { | |||
| destrinationGVR := schema.GroupVersionResource{Group: "networking.istio.io", Version: "v1alpha3", Resource: "destinationrules"} | |||
There was a problem hiding this comment.
nit: add a WARNING here.
The destinationRule group version is v1alpha3 in group networking.istio.io. Need to update as istio API graduates.
pkg/neg/controller.go
Outdated
| destinationRules := getDestinationRulesFromStore(c.destinationRuleLister, service) | ||
| // Fill all service ports into portinfomap | ||
| servicePorts := gatherPortMappingFromService(service) | ||
| for destinationRuleNN, destinationRule := range destinationRules { |
There was a problem hiding this comment.
nit: s/destinationRuleNN/namespacedName ?
| type PortSubsetNegMap map[string]map[string]string | ||
|
|
||
| type DestinationRuleNEGStatus struct { | ||
| NetworkEndpointGroups PortSubsetNegMap `json:"network_endpoint_groups,omitempty"` |
There was a problem hiding this comment.
I mean move the comment from above to here
pkg/neg/controller.go
Outdated
| } | ||
| } | ||
| // If no destionationRules for this service, create one NEG for every ports. | ||
| if len(destinationRules) == 0 { |
There was a problem hiding this comment.
You need to create it anyway. Remove the if statement here
| @@ -324,9 +377,15 @@ func (c *Controller) processService(key string) error { | |||
| if err = c.syncNegStatusAnnotation(namespace, name, portInfoMap); err != nil { | |||
| return err | |||
| } | |||
| // Merge destinationRule related NEG after the Service NEGStatus Sync, we don't want DR related NEG status go into service. | |||
| if err := portInfoMap.Merge(csmPortInfoMap); err != nil { | |||
There was a problem hiding this comment.
consider flag gating this?
…reated. more comments update the gke-self-managed.sh script to support CSM mode.
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cadmuxe, freehan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
No description provided.