Skip to content

separate check and report clusters#362

Merged
rshriram merged 5 commits intomasterfrom
mixer_cluster_mesh
Feb 8, 2018
Merged

separate check and report clusters#362
rshriram merged 5 commits intomasterfrom
mixer_cluster_mesh

Conversation

@rshriram
Copy link
Copy Markdown
Member

@rshriram rshriram commented Feb 7, 2018
edited
Loading

Pursuant to PR #358 ..
TODO: Once this is implemented in Pilot such that policy_check_cluster and telemetry_cluster are always specified, we need to

  1. Change proxy such that a missing check_cluster implies disable policy checks, a missing telemetry_cluster implies disable telemetry, but enable policy.
  2. After changing proxy, remove the disable_policy_checks option from global config, update docs, and remove dead code from pilot.

@rshriram rshriram requested a review from ZackButcher as a code owner February 7, 2018 15:15
@googlebot googlebot added the cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA. label Feb 7, 2018
@rshriram rshriram mentioned this pull request Feb 7, 2018
Merged
douglas-reid
douglas-reid reviewed Feb 7, 2018
View reviewed changes
Comment thread mesh/v1alpha1/config.proto
// Istio service mesh.
message MeshConfig {
// Address of the egress Envoy service (e.g. _istio-egress:80_).
string egress_proxy_address = 1;
Copy link
Copy Markdown
Contributor

@douglas-reid douglas-reid Feb 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is egress_proxy_address being removed as part of the mixer_address separation?

Copy link
Copy Markdown
Member Author

@rshriram rshriram Feb 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah shux.. It was an unused config item.. We got rid of egress proxy a long time ago. Thought I would remove it as well.

ayj
ayj reviewed Feb 7, 2018
View reviewed changes
Comment thread mesh/v1alpha1/config.proto Outdated
// reported to the mixer for HTTP requests and TCP connections. Default
// Address of the server that will be used by the proxies for policy
// check calls (e.g. _istio-mixer:15004_). By using different names for
// policyCheckServer and telemetryServer, it is possible to have one set
Copy link
Copy Markdown
Contributor

@ayj ayj Feb 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use mixer_check_server and mixer_report_server for consistency with the mixer API service?

Copy link
Copy Markdown
Member Author

@rshriram rshriram Feb 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a good point. What I am trying to do here is to keep the config at concept level (policies, telemetry, auth, etc.). There are other parts of the config that are essentially pointing to implementation specific things, which to a layman is going to be hard to understand. If I am starting off with Istio, I look at global config and turn off things I don't want/enable things I want. Make sense?

(I am waiting to get rid of those RDSrefresh delays, etc. but haven't found a good way to do it yet).

Copy link
Copy Markdown
Contributor

@ayj ayj Feb 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Somewhat. We seem to be conflating mesh administrator configuration and operator policy config into the same protobuf which makes this difficult. Configuring whether a feature (e.g. auth, telemetry) is enabled globally (or per namespace / service) is a different concept than how the services that enable those features are accessed by the proxies.

Shriram Rajagopalan added 2 commits February 7, 2018 14:47
ZackButcher
ZackButcher approved these changes Feb 7, 2018
View reviewed changes
Copy link
Copy Markdown
Contributor

@ZackButcher ZackButcher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@rshriram
Copy link
Copy Markdown
Member Author

rshriram commented Feb 7, 2018

Lets not merge this until all tests pass in istio/istio for my PR. Dont want to upset stuff..

@rshriram rshriram merged commit b5d35aa into master Feb 8, 2018
@rshriram rshriram deleted the mixer_cluster_mesh branch February 13, 2018 19:41
ayj pushed a commit to ayj/api that referenced this pull request Feb 14, 2018
@rshriram @ayj
separate check and report clusters (istio#362)
fb7f742 
* separate check and report clusters

* fix

* nits

* nit

* backward compat
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZackButcher ZackButcher ZackButcher approved these changes

@mandarjog mandarjog Awaiting requested review from mandarjog

+2 more reviewers

@ayj ayj ayj left review comments

@douglas-reid douglas-reid douglas-reid left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rshriram @ayj @ZackButcher @douglas-reid @googlebot