cloudnativelabs
Honor the service.kubernetes.io/service-proxy-name label
Is your feature request related to a problem? Please describe.
The service.kubernetes.io/service-proxy-name was initially intended to off-load the kube-proxy from handling all services already handled by a service mesh. I think there will be more specialized K8s proxiers coming in the near future. People has requirement for special things and to get a (possibly odd) feature into the "real" K8s proxier (or Kube-router) is hard (if at all possible).
Describe the solution you'd like
Kube-router should honour the service.kubernetes.io/service-proxy-name label when taking over the standard kube-proxy. This means; if the label is defined for a service Kube-router must not setup loadbalancing for that service. Example;
apiVersion: v1
kind: Service
metadata:
name: mserver-no-proxy
labels:
service.kubernetes.io/service-proxy-name: istio
spec:
selector:
app: mserver-deployment
ports:
- port: 5001
name: mconnect
Describe alternatives you've considered
You could also take a more defensive approach in Kube-router by (optionally) allowing a setting like service.kubernetes.io/service-proxy-name: kube-router to let kube-router handle only some services, e.g. for DSR. Some administrations are reluctant to deviate from "standard" K8s, but special handling for special services may be ok.
Additional context
- PR
- KEP
- Related comment; https://github.com/kubernetes/kubernetes/issues/92369#issuecomment-650034563
This is easy to implement by filtering the service watch (https://github.com/sbezverk/nfproxy/pull/50).
