istio.io icon indicating copy to clipboard operation
istio.io copied to clipboard

Published 20 hours ago verified publisher icon istio

clarify unmentioned constraint port.name equalness

Open tedli opened this issue 2 years ago • 11 comments

Please provide a description for what this PR is for.

In our multi cluster mesh, we found that, even we meet the namespace-sameness, cross cluster calls to remote cluster through eastwest gateway never happen in some cases. (calls always invoke to primary cluster) After some digging, we found that the same kubernetes Service had different port.name, and the code that aggregating eds reads the port.name to match endpoint with service. And if we correct the Service.spec.ports[_].name to be same as what in primary cluster (literally equal, both name no specified consider equal "" == "" ), cross cluster calls act as expect. So as namespace-sameness, the addition constraint should be documented.

https://github.com/istio/istio/blob/93e4ec424b52da807228bd7784c59d646ec73733/pilot/pkg/xds/endpoint_builder.go#L240-L242

for _, ep := range endpoints {
			// TODO(nmittler): Consider merging discoverability policy with cluster-local
			if !ep.IsDiscoverableFromProxy(b.proxy) {
				continue
			}
			if svcPort.Name != ep.ServicePortName {
				continue
			}

And to help us figure out who should review this PR, please put an X in all the areas that this PR affects.

  • [ ] Configuration Infrastructure
  • [x] Docs
  • [x] Installation
  • [x] Networking
  • [ ] Performance and Scalability
  • [ ] Policies and Telemetry
  • [ ] Security
  • [ ] Test and Release
  • [ ] User Experience
  • [ ] Developer Infrastructure

tedli avatar Aug 04 '22 02:08 tedli

😊 Welcome! This is either your first contribution to the Istio documentation repo, or it's been awhile since you've been here. A few things you should know:

  • You can learn about how we write and maintain documentation, about our style guidelines, and about all the available web site features by visiting Contributing to the Docs.

  • In the next few minutes, an automatic preview of your change will be built as a full copy of the istio.io website. You can find this preview by clicking on the Details link next to the deploy/netlify entry in the Status section of this page.

  • We care about quality, so we've put in place a number of checks to ensure our documentation is top notch. We do spell checking, we sanitize the markdown, we ensure all hyperlinks point to valid location, and more. If your PR doesn't pass one of these checks, you'll see a red X in the status section of the page. Click on the Details link to get a list of the problems with your PR. Fix those problems and push an update to your PR. This will automatically rerun the tests and hopefully this time everything will be perfect.

  • Once your changes are accepted and merged into the repository, they will initially show up on https://preliminary.istio.io. The changes will be published to https://istio.io the next time we do a major release (which typically happens every 3 months or so).

Thanks for contributing!

Courtesy of your friendly welcome wagon.

istio-policy-bot avatar Aug 04 '22 02:08 istio-policy-bot

Hi @tedli. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

istio-testing avatar Aug 04 '22 02:08 istio-testing

/ok-to-test

tedli avatar Aug 05 '22 03:08 tedli

@tedli: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

In response to this:

/ok-to-test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

istio-testing avatar Aug 05 '22 03:08 istio-testing

/ok-to-test

zirain avatar Aug 05 '22 06:08 zirain

/retest

tedli avatar Aug 05 '22 07:08 tedli

WG Network, PTAL

craigbox avatar Aug 12 '22 14:08 craigbox

This PR is targeted for the release-1.14 branch which will shortly be archived and likely not archived again. Thus this PR will not show up in the 1.14 version of the documentation. This PR should be rebased on the main branch (and cherry-picked to 1.15 if needed).

ericvn avatar Aug 31 '22 19:08 ericvn

@tedli could you please rebase this on master or release-1.15?

craigbox avatar Sep 12 '22 02:09 craigbox

@tedli could you please rebase this on master or release-1.15?

Hi craigbox,

Thanks for reply. I cherry-picked this to master and release-1.15. Please have a look.

https://github.com/istio/istio.io/pull/11892 https://github.com/istio/istio.io/pull/11891

tedli avatar Sep 12 '22 03:09 tedli

@craigbox If we approve this one, it will be cp'd to the other releases. This PR won't matter too much, unless we rebuild the 1.14 archive. But at least the tooling should cherry-pick to the istio and preliminary istio branches.

Else, we could close this and approve the one in master and cherry-pick that to 1.15.

ericvn avatar Sep 12 '22 13:09 ericvn