Enable Istio Sidecar injection for activator#833
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: akyyy Assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
google-prow-robot
added
the
size/M
| kind: Namespace | ||
| metadata: | ||
| labels: | ||
| istio-injection: enabled |
There was a problem hiding this comment.
I am wondering if this will enable istio sidecar injection for other pods in namespace ela-system. I guess we only want to inject sidecar for activator and autoscaler (maybe).
There was a problem hiding this comment.
The particular deployment needs a special annotation to get istio sidecar enabled.
annotations:
sidecar.istio.io/inject: "true"
so we should be fine.
| } | ||
| if len(endpoint.Subsets[0].Ports) != 1 { | ||
| return nil, fmt.Errorf("need just one port. Found %v ports", len(endpoint.Subsets[0].Ports)) | ||
| svc, err = services.Get(controller.GetElaK8SServiceNameForRevision(revision), metav1.GetOptions{}) |
There was a problem hiding this comment.
Any reason this is called a second time here? (same call is made on line 97 as well)
There was a problem hiding this comment.
oops. That's an error.
| if len(endpoint.Subsets[0].Ports) != 1 { | ||
| return nil, fmt.Errorf("need just one port. Found %v ports", len(endpoint.Subsets[0].Ports)) | ||
| svc, err = services.Get(controller.GetElaK8SServiceNameForRevision(revision), metav1.GetOptions{}) | ||
| if len(svc.Spec.Ports) != 1 { |
There was a problem hiding this comment.
Do we need to restrict this to only one port? What if more ports are added in the future (for example, when we enable mutual TLS, we might need to add a second port for health checks, separate from the serving port) - it will require changes in this code as well. Can this instead look for a specific named port?
|
|
||
| func (a *Activator) proxyRequest(revRequest RevisionRequest, serviceURL *url.URL) { | ||
| glog.Infof("Sending a proxy request to %q", serviceURL) | ||
| glog.Infof("Sending the request to %q", serviceURL) |
There was a problem hiding this comment.
I recommend eventually removing this. This will easily get very verbose. This is the perfect place to integrate to the distributed tracing :)
There was a problem hiding this comment.
Deleted this log line. There is an issue to track tracing/metrics for activator #743.
| t.Errorf("Error in getRevisionTargetURL %v", err) | ||
| } | ||
| expectedURL := "http://abc:1234" | ||
| expectedURL := "http://test-rev-service.default.svc.cluster.local:1234" |
There was a problem hiding this comment.
we probably should have a check here that tests that the request host is also empty.
| // https://github.com/elafros/elafros/blob/2b3ee4f3c46118b3759aa95d9e6c41747c32d6c5/pkg/controller/route/ela_ingress.go#L38 | ||
| // Since host values like "route-example.default.demo-domain.com" do not exist, we need to | ||
| // clear it to make istio sidecar happy if it's injected. | ||
| revRequest.r.Host = "" |
There was a problem hiding this comment.
@mattmoor Is this the best thing to do to overcome 404's?
akyyy
left a comment
akyyy
left a comment
There was a problem hiding this comment.
Nghia syned up with me. He thinks the right fix could be additional route rules or check with istio team. I'll try those first.
|
|
||
| func (a *Activator) proxyRequest(revRequest RevisionRequest, serviceURL *url.URL) { | ||
| glog.Infof("Sending a proxy request to %q", serviceURL) | ||
| glog.Infof("Sending the request to %q", serviceURL) |
There was a problem hiding this comment.
Deleted this log line. There is an issue to track tracing/metrics for activator #743.
| if len(endpoint.Subsets[0].Ports) != 1 { | ||
| return nil, fmt.Errorf("need just one port. Found %v ports", len(endpoint.Subsets[0].Ports)) | ||
| svc, err = services.Get(controller.GetElaK8SServiceNameForRevision(revision), metav1.GetOptions{}) | ||
| if len(svc.Spec.Ports) != 1 { |
| } | ||
| if len(endpoint.Subsets[0].Ports) != 1 { | ||
| return nil, fmt.Errorf("need just one port. Found %v ports", len(endpoint.Subsets[0].Ports)) | ||
| svc, err = services.Get(controller.GetElaK8SServiceNameForRevision(revision), metav1.GetOptions{}) |
There was a problem hiding this comment.
oops. That's an error.
akyyy
added
the
do-not-merge/hold
|
@akyyy: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Nicole took over the issue and she will work on this. Thanks! |
|
I'm continuing this PR in #966 |
mattmoor
added
do-not-merge/work-in-progress
|
Is this subsumed by #966? |
|
This has been replaced by #966 |
* Remove config/domainmapping * Add 0.23 label
* Remove config/domainmapping * Add 0.23 label
… (knative#836) * Add root ca for Controller HA test with https (knative#11471) This patch adds `test.AddRootCAtoTransport` for prober in TestControllerHA. * stick serverless-operator branch * Revert "stick serverless-operator branch" This reverts commit d2be74a. * Add v0.23 label to manifests (knative#833) * Remove config/domainmapping * Add 0.23 label * Update label * Add back DomainMapping
6 participants
Fixes #838
Proposed Changes