Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(kuma-cp): deduplicate dataplane inbounds by address and port combination #12760

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

feat(kuma-cp): deduplicate dataplane inbounds by address and port combination #12760

wants to merge 15 commits into from
+531 −156

Conversation

Automaat
Copy link
Contributor

@Automaat Automaat commented Feb 5, 2025
edited by lahabana
Loading

Motivation

We now can have multiple inbounds if multiple services select the same address and port, but we will generate Envoy resources only for one of these. We should deduplicate them on creation so that we don't have inbounds that don't correlate with Envoy resources. This can be also useful for GUI

xref #13108

@Automaat Automaat added the ci/run-full-matrix PR: Runs all possible e2e test combination (expensive use carefully) label Feb 5, 2025
@Automaat Automaat requested a review from a team as a code owner February 5, 2025 14:37
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 5, 2025

Reviewer Checklist

🔍 Each of these sections need to be checked by the reviewer of the PR 🔍:
If something doesn't apply please check the box and add a justification if the reason is non obvious.

  • Is the PR title satisfactory? Is this part of a larger feature and should be grouped using > Changelog?
  • PR description is clear and complete. It Links to relevant issue as well as docs and UI issues
  • This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as an image registry)
  • IPv6 is taken into account (.e.g: no string concatenation of host port)
  • Tests (Unit test, E2E tests, manual test on universal and k8s)
    • Don't forget ci/ labels to run additional/fewer tests
  • Does this contain a change that needs to be notified to users? In this case, UPGRADE.md should be updated.
  • Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label)

@Automaat
feat(kuma-cp): fix tests
fc93dba 
Signed-off-by: Marcin Skalski <[email protected]>
@Automaat
feat(kuma-cp): fix tests
514fe96 
Signed-off-by: Marcin Skalski <[email protected]>
@Automaat Automaat mentioned this pull request Feb 7, 2025
Merged
@Automaat
Merge remote-tracking branch 'origin/master' into feat/inbound-name-f…
dfe4edb 
…rom-pod

# Conflicts:
#	pkg/plugins/runtime/k8s/controllers/pod_controller_test.go
#	pkg/plugins/runtime/k8s/controllers/testdata/01.dataplane.yaml
@Automaat
fix(e2e): fix picking right interface for delegated gateway
8817d6d 
Signed-off-by: Marcin Skalski <[email protected]>
@Automaat Automaat changed the title feat(kuma-cp): inbound name should be taken from pod instead of service feat(kuma-cp): deduplicate dataplane inbounds by address and port conmbination Feb 12, 2025
@Automaat Automaat changed the title feat(kuma-cp): deduplicate dataplane inbounds by address and port conmbination feat(kuma-cp): deduplicate dataplane inbounds by address and port combination Feb 12, 2025
jijiechen
jijiechen reviewed Feb 24, 2025
View reviewed changes
pkg/plugins/runtime/k8s/controllers/inbound_converter.go
ifaces = append(ifaces, inboundForServiceless(zone, pod, name, nodeLabels))
}

// Right now we will build multiple inbounds for each service selecting port, but later on
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code will be left here for future usage, so readers are from the future. Should it be changed to "We are only create one listener for last inbound now, but in the previous version, LegacyInboundInterfacesFor, we built multiple inbounds for each service selecting port"

jijiechen
jijiechen previously approved these changes Feb 24, 2025
View reviewed changes
Copy link
Member

@jijiechen jijiechen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@Automaat Automaat dismissed jijiechen’s stale review March 17, 2025 10:27

not ready yet

@Automaat Automaat marked this pull request as draft March 17, 2025 10:28
@Automaat Automaat marked this pull request as ready for review March 21, 2025 06:57
jijiechen
jijiechen reviewed Mar 21, 2025
View reviewed changes
pkg/plugins/runtime/k8s/controllers/inbound_converter.go
@@ -166,6 +168,7 @@ func (i *InboundConverter) LegacyInboundInterfacesFor(ctx context.Context, zone
return ifaces, nil
}

// Should be used when MeshService mode is Exclusive
func (i *InboundConverter) InboundInterfacesFor(ctx context.Context, zone string, pod *kube_core.Pod, services []*kube_core.Service) ([]*mesh_proto.Dataplane_Networking_Inbound, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to sort services []*kube_core.Service before iterate over it? To keep consistant results when deduplicated in multiple runs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we sort inbounds at the end

jijiechen
jijiechen reviewed Mar 21, 2025
View reviewed changes
pkg/plugins/runtime/k8s/controllers/inbound_converter.go
}

func deduplicateInboundsByAddressAndPort(ifaces []*mesh_proto.Dataplane_Networking_Inbound) []*mesh_proto.Dataplane_Networking_Inbound {
inboundKey := func(iface *mesh_proto.Dataplane_Networking_Inbound) string {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In one of my testing, I found when the service port is different than the targetPort, the two inbounds generated on the DP has the same name and port, but they have different k8s.kuma.io/service-port tags: one of them is incorrect. So in this case, we need to remove the one with incorrect tag. Could you also verify this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you mean the situation when we have service with two ports?
With this approach we don't care about tags, inbound tags will be gone after we fully switch to MeshService exclusive. I think in this situation we will just create inbound from pod port

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jijiechen jijiechen jijiechen left review comments

@Icarus9913 Icarus9913 Awaiting requested review from Icarus9913 Icarus9913 is a code owner automatically assigned from kumahq/kuma-maintainers

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
ci/run-full-matrix PR: Runs all possible e2e test combination (expensive use carefully)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Automaat @jijiechen