ztunnel icon indicating copy to clipboard operation
ztunnel copied to clipboard

Published 20 hours ago verified publisher icon istio

Support providing per-workload proxy tasks with drain context

Open bleggett opened this issue 1 year ago • 2 comments

Prompted by https://github.com/istio/ztunnel/pull/898

What we really need beyond that PR with inpod is more granular drains than ztunnel is equipped with currently, at a minimum I can imagine the following:

  • Drain(reason: workload gone) -> workload gone, don't wait for connections to "unstick" - just drop.
  • Drain(reason: proxy terminating) -> workloads are not gone, but whole proxy is going - start refusing conns and give workloads a grace period.

This is relatively easily accomplished with regular tokio::sync channels, we should probably just replace our use of https://github.com/linkerd/drain-rs (which is a very light wrapper around those) with use of the tokio sync primitives directly.

ALSO - as part of this we should have draintests for EVERY handler.

  • inbound
  • outbound
  • inbound_passthrough
  • socks5
  • dns

that test that they are all guaranteed to drain down to 0 tasks when signaled.

bleggett avatar Apr 09 '24 03:04 bleggett

I do not see the drain-rs crate in the cargo.toml

daixiang0 avatar Apr 11 '24 07:04 daixiang0

I do not see the drain-rs crate in the cargo.toml

It's just called drain: https://github.com/istio/ztunnel/blob/master/Cargo.toml#L43

bleggett avatar Apr 16 '24 17:04 bleggett

I think this is mostly done and just 1 final task tracked in https://github.com/istio/ztunnel/issues/1191

howardjohn avatar Aug 23 '24 15:08 howardjohn