ztunnel icon indicating copy to clipboard operation
ztunnel copied to clipboard
verified publisher icon istio

Add headless service support

Open nmittler opened this issue 2 years ago • 4 comments

Ztunnel doesn't currently support headless services. This will be needed by the DNS proxy, however.

The initial DNS proxy PR (#536) ignores headless services for now.

nmittler avatar Jun 19 '23 17:06 nmittler

Why not supported even without dns proxy?

DNS is resolved by core-dns and ztunnel fetches Workload(Address) by dst ip

hzxuzhonghu avatar Jun 20 '23 01:06 hzxuzhonghu

Why not supported even without dns proxy?

@hzxuzhonghu I'm not sure what your point is here, exactly. If you're just saying that we should implement headless services in ztunnel independent of the DNS proxy work, that's fine. However, DNS proxy is one concrete use case where it's needed.

nmittler avatar Jun 20 '23 13:06 nmittler

I think we can change the proto to stop using VIP and start using service key. That is basically what it is today anyways

cc @kdorosh

howardjohn avatar Jun 20 '23 15:06 howardjohn

Sorry I mean IIUC ztunnel can send request to headless service currently. For ztunnel there is no much diff, today ztunnel outbound is based on upstream workload/svc. And in headless case, definitely it is based on workload.

hzxuzhonghu avatar Jun 21 '23 01:06 hzxuzhonghu

🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2023-06-21. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions.

Created by the issue and PR lifecycle manager.

istio-policy-bot avatar May 15 '24 17:05 istio-policy-bot