mesh: add computed destinations with a controller that computes them #19067

ishustava · 2023-10-04T21:14:23Z

Description

This PR adds a new type ComputedDestinations that will contain all destinations from any Destinations resources and will be name-aligned with a workload. This also adds an explicit-destinations controller that computes these resources.

This is needed to simplify the tracking we need to do currently in the sidecar-proxy controller and makes it easier to query all explicit destinations that apply to a workload.

PR Checklist

updated test coverage
external facing docs updated
appropriate backport labels added
not a security concern

ishustava · 2023-10-04T21:41:53Z

internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper.go

+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package workloadselectionmapper


I generalized this mapper as I needed the same functionality for both explicit destinations and proxy config controllers.

proto-public/pbmesh/v2beta1/computed_destinations.proto

internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper.go

internal/mesh/internal/mappers/common/workload_selector_util.go

internal/mesh/internal/controllers/explicitdestinations/controller.go

internal/mesh/internal/controllers/explicitdestinations/status.go

internal/mesh/internal/controllers/explicitdestinations/controller.go

rboyer

Left a few remaining comments.

internal/mesh/internal/controllers/explicitdestinations/controller.go

ishustava · 2023-10-12T01:19:34Z

internal/mesh/internal/controllers/explicitdestinations/mapper/mapper.go

+		serviceRefMapper:        bimapper.New(pbmesh.ComputedExplicitDestinationsType, pbcatalog.ServiceType),
+	}
+}
+


The methods below are tested in controller tests

…icts

internal/mesh/internal/controllers/explicitdestinations/controller.go

…he same

This change builds on #19043 and #19067 and updates the sidecar controller to use those computed resources. This achieves several benefits: * The cache is now simplified which helps us solve for previous bugs (such as multiple Upstreams/Destinations targeting the same service would overwrite each other) * We no longer need proxy config cache * We no longer need to do merging of proxy configs as part of the controller logic * Controller watches are simplified because we no longer need to have complex mapping using cache and can instead use the simple ReplaceType mapper. It also makes several other improvements/refactors: * Unifies all caches into one. This is because originally the caches were more independent, however, now that they need to interact with each other it made sense to unify them where sidecar proxy controller uses one cache with 3 bimappers * Unifies cache and mappers. Mapper already needed all caches anyway and so it made sense to make the cache do the mapping also now that the cache is unified. * Gets rid of service endpoints watches. This was needed to get updates in a case when service's identities have changed and we need to update proxy state template's spiffe IDs for those destinations. This will however generate a lot of reconcile requests for this controller as service endpoints objects can change a lot because they contain workload's health status. This is solved by adding a status to the service object tracking "bound identities" and have service endpoints controller update it. Having service's status updated allows us to get updates in the sidecar proxy controller because it's already watching service objects * Add a watch for workloads. We need it so that we get updates if workload's ports change. This also ensures that we update cached identities in case workload's identity changes.

…19067) This commit adds a new type ComputedDestinations that will contain all destinations from any Destinations resources and will be name-aligned with a workload. This also adds an explicit-destinations controller that computes these resources. This is needed to simplify the tracking we need to do currently in the sidecar-proxy controller and makes it easier to query all explicit destinations that apply to a workload.

…mputes them into release/1.17.x (#19194) mesh: add computed destinations with a controller that computes them (#19067) This commit adds a new type ComputedDestinations that will contain all destinations from any Destinations resources and will be name-aligned with a workload. This also adds an explicit-destinations controller that computes these resources. This is needed to simplify the tracking we need to do currently in the sidecar-proxy controller and makes it easier to query all explicit destinations that apply to a workload. Co-authored-by: Iryna Shustava <[email protected]>

ishustava changed the base branch from main to ishustava/NET-3995-computed-proxy-config October 4, 2023 21:14

ishustava added pr/no-changelog PR does not need a corresponding .changelog entry pr/no-backport labels Oct 4, 2023

ishustava force-pushed the ishustava/NET-3996-computed-destinations branch from a800d12 to 9d77602 Compare October 4, 2023 21:40

ishustava commented Oct 4, 2023

View reviewed changes

ishustava force-pushed the ishustava/NET-3996-computed-destinations branch 3 times, most recently from 4025072 to e2184f8 Compare October 4, 2023 23:36

ishustava force-pushed the ishustava/NET-3995-computed-proxy-config branch 3 times, most recently from d3e50af to 688a2eb Compare October 5, 2023 14:54

ishustava force-pushed the ishustava/NET-3996-computed-destinations branch from e2184f8 to b11c7cb Compare October 5, 2023 15:49

ishustava marked this pull request as ready for review October 5, 2023 16:31

ishustava requested a review from a team as a code owner October 5, 2023 16:31

ishustava requested a review from rboyer October 5, 2023 16:31

ishustava mentioned this pull request Oct 5, 2023

mesh: sidecar proxy controller improvements #19083

Merged

4 tasks