Add logic for pilot to read ConfigMap to override MeshConfig#3916
Add logic for pilot to read ConfigMap to override MeshConfig#3916andraxylia wants to merge 40 commits intomasterfrom
Conversation
| // Config file either wasn't specified or failed to load - use a default mesh. | ||
| defaultMesh := model.DefaultMeshConfig() | ||
| mesh = &defaultMesh | ||
| if _, mesh, err = GetMeshConfig(s.kubeClient, kube.IstioNamespace, kube.IstioConfigMap); err != nil { |
There was a problem hiding this comment.
When is the config file not specified (see below for current pilot deployment)? And when would that file read fail?
istio/install/kubernetes/templates/istio-pilot.yaml.tmpl
Lines 156 to 158 in 720be7a
istio/install/kubernetes/templates/istio-pilot.yaml.tmpl
Lines 179 to 181 in 720be7a
There was a problem hiding this comment.
I think the configFile is used for VMs. In a K8s setup, it always fails, I tested it.
There was a problem hiding this comment.
Pilot discovery is not run for VMs, only proxy.
You mean it can fail if the config map is not mounted ?
There was a problem hiding this comment.
I really don't see how this works - if the config map is not yet ready, but the mount and the load would fail.
I agree we shouldn't use the defaults silently - but fail if config map is missing, but I'm not sure this (reading using the API) solves much.
There was a problem hiding this comment.
args.Mesh.ConfigFile should default to /etc/istio/config/mesh per
istio/pilot/cmd/pilot-discovery/main.go
Line 87 in 720be7a
There was a problem hiding this comment.
In fact the file was not available when running pilot from my mac. When running in a pod, the configMap gets mounted under /etc/istio/config, so there is no need to re-read the map.
The problem with the connectTimeout was in fact there are two of them in the config, one at the top level, and one in defaultConfig. Only the one at the top level is taken into account for CDS.
I can close this PR, unless we want to keep the ability of falling back on reading from a cluster config map when running pilot as a process locally. It seems to work fine.
|
Are you sure you need an entire config map reading function ? We already read the global mesh config from a config map, and we are trying to clean up that bit (cc @loewenstein / @xiaolanz ). If the issue is only about connect timeout not being respected, then this should already be covered as part of the new v1alpha2 destination rules (https://github.com/istio/api/blob/master/networking/v1alpha3/destination_rule.proto#L276) and the connect timeout option must be removed from the global config map. I think that is what is happening (we stopped reading the connect timeout from the config map and use the one in DestRule - it has a default value). [ cc @ijsnellf / @GregHanson ] |
|
This is the global config map not being read by pilot. It may have got lost in the refactoring, or maybe it was never there? It is not just about the timeout, it is also about anything in pilot that needs to be overritten. For instance, I will use this to enable or disable validate_clusters. Until or if we get rid of the configmap, this PR is fixing a bug. |
|
For the moment, connectTimeout is also used for v1, and as I said in my previous comment this is needed in general. For v2, we still need a value in the config map, that the user may overwrite on a per service basis, but if I need to change something globally, I do not want to create 1000 destination rules just for this. Nor do I want to change the code. BTW, inability to tune this easily stopped me from easily debugging the 503s issues. |
* WIP - codecov package support * Enabling package check * Update codecov range * Update codecov requirement
* Use schema value for group and version for test. * Remove obsolete comment.
* A few enhancements * Make --output to be a directory Add --clear_cache_stats option * add port-forward support so that it's even easier to use this command outside the k8s cluster * use port-forward to download envoy config
costinm
left a comment
There was a problem hiding this comment.
/lgtm
This is the first step to also watch it - and it may help for pilot on VMs, where it can pull the config map from apiserver instead of having to copy it to each VM.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: costinm The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Codecov Report
@@ Coverage Diff @@
## master #3916 +/- ##
=======================================
+ Coverage 76% 76% +1%
=======================================
Files 297 295 -2
Lines 27075 26961 -114
=======================================
+ Hits 20407 20468 +61
+ Misses 5358 5184 -174
+ Partials 1310 1309 -1
Continue to review full report at Codecov.
|
|
/lgtm cancel //PR changed after LGTM, removing LGTM. @andraxylia @costinm |
- Various changes to the e2e tests - Re-introducing old mixer docs (with many changes) for running a local docker registry in k8s.
… andra-configmap
…string attribute when the mixer filter was TCP previously. (#3989)
… andra-configmap
|
@andraxylia: The following test failed, say
DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
can you link the replacement PR here or in #3826, tia ? (with just the change you want to make, this one seemed like it had unrelated stale commits...) |
|
@ldemailly Closed this because the set of files went into a bad state after the rebase. Opened instead #4024 from exactly the same branch, but the set of files changed is correct. |
Fixes #3826