Skip to content

Service Internal Traffic Policy: use more generic API #2166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Service Internal Traffic Policy: use more generic API #2166

wants to merge 1 commit into from

Conversation

howardjohn
Copy link

The current choice of Cluster will likely cause some confusion for implementations providing multicluster Service routing.

For example, Cilium and Istio both transparently route to all endpoints across all clusters (see https://cilium.io/blog/2019/03/12/clustermesh#service-discovery). This makes the statement that Route to all cluster-wide endpoints (or use topology aware subsetting if enabled) no longer correct for these implementations.

As a counter example, I believe Linkerd's model technically is compatible, as it is actually copying Endpoints over into the cluster. However, it may still confuse users as despite the Endpoint being in the cluster, the destination of the Endpoint is not, and the fact the Endpoint is in the cluster is an implementation detail.

Another counter example is MCSD, where the Service is still "cluster", and a separate ServiceExport is used to define the supercluster.

It is also possible this could instead be extended to have 3 options: Supercluster, Cluster, and Local, effectively replacing ServiceExport.

So this PR changes the naming a bit to allow for both models to exist gracefully

cc @robscott @JeremyOT @nmittler

@howardjohn
Service Internal Traffic Policy: use more generic API
a343e74 
The current choice of `Cluster` will likely cause some confusion for implementations providing multicluster Service routing.

For example, Cilium and Istio both transparently route to all endpoints across all clusters (see https://cilium.io/blog/2019/03/12/clustermesh#service-discovery). This makes the statement that `Route to all cluster-wide endpoints (or use topology aware subsetting if enabled)` no longer correct for these implementations.

As a counter example, I believe Linkerd's model technically is compatible, as it is actually copying Endpoints over into the cluster. However, it may still confuse users as despite the Endpoint being in the cluster, the destination of the Endpoint is not, and the fact the Endpoint is in the cluster is an implementation detail.

Another counter example is MCSD, where the Service is still "cluster", and a separate ServiceExport is used to define the supercluster.

It is also possible this could instead be extended to have 3 options: Supercluster, Cluster, and Local, effectively replacing ServiceExport.

So this PR changes the naming a bit to allow for both models to exist gracefully
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Nov 25, 2020
@k8s-ci-robot
Copy link
Contributor

Welcome @howardjohn!

It looks like this is your first PR to kubernetes/enhancements 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/enhancements has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot
Copy link
Contributor

Hi @howardjohn. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: howardjohn
To complete the pull request process, please assign dcbw after the PR has been reviewed.
You can assign the PR to them by writing /assign @dcbw in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory sig/network Categorizes an issue or PR as relevant to SIG Network. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 25, 2020
@robscott
Copy link
Member

/ok-to-test
/cc @andrewsykim

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Nov 25, 2020
@robscott
Copy link
Member

Also for multicluster perspective:
/cc @JeremyOT

@thockin
Copy link
Member

thockin commented Nov 25, 2020

@andrewsykim for it. Seems reasonable

andrewsykim
andrewsykim reviewed Nov 30, 2020
View reviewed changes
Copy link
Member

@andrewsykim andrewsykim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with All but I don't love how it's inconsistent with externalTrafficPolicy that uses Cluster. Should we support "All" for both or is it not worth it cause we can't change the default for externalTrafficPolicy anyways? cc @maplain who has started on the implementation.

@thockin
Copy link
Member

thockin commented Nov 30, 2020 via email

@andrewsykim
Copy link
Member

We could support "All" as an alias for "Cluster" in external, I suppose. We'd have to alpha it like any other field change.

Sounds good to me, we can discuss this further as a follow-up or during the PR review. I would also like to consider if it makes sense to support PreferLocal for externalTrafficPolicy as well. Likely more difficult than internal because of SNAT semantics.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 6, 2020
@thockin
Copy link
Member

thockin commented Dec 6, 2020 via email

@annajung
Copy link
Contributor

annajung commented Feb 3, 2021
edited
Loading

Hi there, 1.21 Enhancements Lead here.
This enhancement is being tracked for the 1.21 release, and it's currently missing one of the PRR requirements as stated #2086 (comment).

Since this PR is open, I wanted to mention it in case you wanted to include it here.
Specifically, a file under https://github.com/kubernetes/enhancements/tree/master/keps/prod-readiness/sig-network is required with the name of the PRR reviewer. See Submitting a KEP for production readiness approval doc for details.

Please make sure that all requirements are met before the upcoming enhancements freeze Feb 9th.

For PRR review, please reach out to #prod-readiness slack channel to get it reviewed asap. thanks!

@annajung annajung mentioned this pull request Feb 8, 2021
Closed
@maplain maplain mentioned this pull request Feb 9, 2021
Merged
@howardjohn
Copy link
Author

What is needed for this to be merged?

@robscott
Copy link
Member

robscott commented Mar 4, 2021

/cc @maplain

@k8s-ci-robot
Copy link
Contributor

@robscott: GitHub didn't allow me to request PR reviews from the following users: maplain.

Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @maplain

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@thockin
Copy link
Member

thockin commented Mar 5, 2021

Thinking about this today.

The problem with "All" as an alias is that most people who want "All" are not going to specify anything, and we can't really change the default. So let's not do that.

We can either merge this (and change/followup #96600) to "All" which is still not exactly correct once topology lands or leave it at "Cluster" and document that some implementations span clusters.

@k8s-ci-robot
Copy link
Contributor

@howardjohn: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 6, 2021
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 5, 2021
@howardjohn howardjohn closed this Jul 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@caseydavenport caseydavenport Awaiting requested review from caseydavenport

@thockin thockin Awaiting requested review from thockin

@JeremyOT JeremyOT Awaiting requested review from JeremyOT

1 more reviewer

@andrewsykim andrewsykim andrewsykim left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@andrewsykim andrewsykim

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory lgtm "Looks good to me", indicates that a PR is ready to be merged. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. sig/network Categorizes an issue or PR as relevant to SIG Network. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@howardjohn @k8s-ci-robot @robscott @thockin @andrewsykim @annajung @fejta-bot