This repository has been archived by the owner on Mar 16, 2024. It is now read-only.
Propagate ports from main container service to additional services for the same container #2006
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…r the same container Signed-off-by: Grant Linville <[email protected]>
g-linville
requested review from
cjellick,
thedadams,
njhale,
StrongMonkey,
keyallis and
tylerslaton
thedadams
reviewed
Aug 2, 2023
njhale
approved these changes
Aug 2, 2023
tylerslaton
approved these changes
Aug 2, 2023
Signed-off-by: Grant Linville <[email protected]>
thedadams
approved these changes
Aug 2, 2023
g-linville
added a commit
to g-linville/runtime
that referenced
this pull request
Aug 4, 2023
…vices for the same container (acorn-io#2006)" This reverts commit 2e8339a.
g-linville
added a commit
to g-linville/runtime
that referenced
this pull request
Aug 4, 2023
…vices for the same container (acorn-io#2006)" This reverts commit 2e8339a. Signed-off-by: Grant Linville <[email protected]>
cloudnautique
pushed a commit
to cloudnautique/runtime
that referenced
this pull request
Sep 28, 2023
…r the same container (acorn-io#2006) Signed-off-by: Grant Linville <[email protected]>
cloudnautique
pushed a commit
to cloudnautique/runtime
that referenced
this pull request
Sep 28, 2023
…vices for the same container (acorn-io#2006)" This reverts commit 2e8339a. Signed-off-by: Grant Linville <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This one is a bit tough to explain. Let's start with this Acornfile:
Prior to this PR, the controller would render two Kubernetes Services for this. The first is
my-container, accessible on port 80 and sending traffic to port 80 on themy-containercontainer. The second isnginx, accessible on port 8080 and sending traffic to port 80 on themy-containercontainer. Fairly straightforward and works great....that is, until Istio comes into the picture. Istio does not like when multiple services have the same target port on the same pod, but with different public-facing ports. When we were running like this, we had weird traffic routing issues where Envoy would forward traffic to a stale pod IP that no longer belonged to any pods.
The fix? When we create additional
servicesfor a specific container (i.e., thecontainerfield is specified, as it is in our example), propagate all of the HTTP ports from the "main" service for the container (the one whose name is the same as the name of the container). Istio will still complain when you runistioctl analyze -A, but the routing issues disappear and things work again.Also in this PR, we block these additional
servicesfrom being allowed to specify any non-HTTP ports.I also added a new unit test to cover this case.
Checklist
This is a title (#1216). Here's an example