Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

namespace/node pool: forward RPCs cross-region if ACLs aren't enabled #20220

Merged
merged 2 commits into from
Mar 26, 2024
Merged

namespace/node pool: forward RPCs cross-region if ACLs aren't enabled #20220

merged 2 commits into from
Mar 26, 2024

Conversation

tgross
Copy link
Member

@tgross tgross commented Mar 25, 2024
edited
Loading

Although it's not recommended, it's possible to federate regions without ACLs enabled. In this case, ACL-related objects such as namespaces and node pools can be written independently in each region and won't be replicated. If you use commands like namespace apply or node pool delete, the RPC is supposed to be forwarded to the authoritative region. But when ACLs are disabled, there is no authoritative region and so the RPC will always be applied to the local region even if the -region flag is passed.

Remove the change to the RPC region for the namespace and node pool write RPC whenever ACLs are disabled, so that forwarding works.

Fixes: #20197
Ref: #20128

@tgross tgross changed the title namespace/node_pool: forward RPCs cross-region if ACLs are enabled namespace/node pool: forward RPCs cross-region if ACLs are enabled Mar 25, 2024
@tgross
namespace/node_pool: forward RPCs cross-region if ACLs are enabled
cbfa63e 
Although it's not recommended, it's possible to federate regions without ACLs
enabled. In this case, ACL-related objects such as namespaces and node pools can
be written independently in each region and won't be replicated. If you use
commands like `namespace apply` or `node pool delete`, the RPC is supposed to be
forwarded to the authoritative region. But when ACLs are disabled, there is no
authoritative region and so the RPC will always be applied to the local region
even if the `-region` flag is passed.

Remove the change to the RPC region for the namespace and node pool write RPC
whenver ACLs are disabled, so that forwarding works.

Fixes: #20197
Ref: #20128
@tgross tgross force-pushed the b-namespace-apply-forwarding branch from ab17d0d to cbfa63e Compare March 25, 2024 18:28
@tgross tgross added theme/namespaces theme/node-pools Issues related to node pools type/bug backport/1.7.x backport to 1.7.x release line backport/1.6.x backport to 1.6.x release line labels Mar 25, 2024
@tgross tgross added this to the 1.7.x milestone Mar 25, 2024
@tgross tgross requested review from lgfa29, angrycub and gulducat March 25, 2024 18:53
@tgross tgross marked this pull request as ready for review March 25, 2024 18:53
@tgross tgross changed the title namespace/node pool: forward RPCs cross-region if ACLs are enabled namespace/node pool: forward RPCs cross-region if ACLs aren't enabled Mar 25, 2024
@tgross tgross merged commit 2fde4a0 into main Mar 26, 2024
19 checks passed
@tgross tgross deleted the b-namespace-apply-forwarding branch March 26, 2024 14:39
This was referenced Mar 26, 2024
Merged
Merged
philrenaud pushed a commit that referenced this pull request Apr 18, 2024
@tgross @philrenaud
namespace/node pool: forward RPCs cross-region if ACLs aren't enabled (
0f0d9f5 
…#20220)

Although it's not recommended, it's possible to federate regions without ACLs
enabled. In this case, ACL-related objects such as namespaces and node pools can
be written independently in each region and won't be replicated. If you use
commands like `namespace apply` or `node pool delete`, the RPC is supposed to be
forwarded to the authoritative region. But when ACLs are disabled, there is no
authoritative region and so the RPC will always be applied to the local region
even if the `-region` flag is passed.

Remove the change to the RPC region for the namespace and node pool write RPC
whenver ACLs are disabled, so that forwarding works.

Fixes: #20197
Ref: #20128
@github-actions GitHub Actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 15, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lgfa29 lgfa29 lgfa29 approved these changes

@angrycub angrycub Awaiting requested review from angrycub

@gulducat gulducat Awaiting requested review from gulducat

Assignees
No one assigned
Labels
backport/1.6.x backport to 1.6.x release line backport/1.7.x backport to 1.7.x release line theme/namespaces theme/node-pools Issues related to node pools type/bug
Projects
None yet
Milestone
1.7.x
Development

Successfully merging this pull request may close these issues.

namespace updates should fail sensibly when cluster is federated and ACLs are disabled
2 participants
@tgross @lgfa29