Skip to content

Ambient: In ambient index, filter configs by revision#56477

Merged
istio-testing merged 3 commits intoistio:masterfrom
vikaschoudhary16:ambient-filter-by-revision
Jun 6, 2025
Merged

Ambient: In ambient index, filter configs by revision#56477
istio-testing merged 3 commits intoistio:masterfrom
vikaschoudhary16:ambient-filter-by-revision

Conversation

@vikaschoudhary16
Copy link
Copy Markdown
Contributor

@vikaschoudhary16 vikaschoudhary16 commented May 31, 2025
edited by istio-policy-bot
Loading

Please provide a description of this PR:
Unlike sidecar mode, ambient index does not filter configs by revision. For example if istiod is revision stable and config CRs such as authz policy are canary revision labelled, still these configs are in ambient index and pushed to ztunnel.
This PR is adding the config filtering by revision.

@vikaschoudhary16 vikaschoudhary16 requested a review from a team as a code owner May 31, 2025 12:24
@istio-testing istio-testing added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label May 31, 2025
howardjohn
howardjohn reviewed Jun 3, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@howardjohn howardjohn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm aside from some comments

pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex.go
remoteClientConfigOverrides: options.RemoteClientConfigOverrides,
}

filter := kclient.Filter{
Copy link
Copy Markdown
Member

@howardjohn howardjohn Jun 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we don't want this for Gateways. A user will set a rev on a gateway to make it programmed by istiod-A, but istiod-B needs to know about it.

pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex.go

filter := kclient.Filter{
ObjectFilter: options.Client.ObjectFilter(),
ObjectFilter: kubetypes.ComposeFilters(options.Client.ObjectFilter(), a.inRevision),
Copy link
Copy Markdown
Member

@howardjohn howardjohn Jun 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should only be on configuration objects to maintain consistency. So not Services seems to be the only one violating this currently. Maybe renaming filter to make that clear would help avoid future mis-use as well

howardjohn
howardjohn reviewed Jun 3, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@howardjohn howardjohn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixes #51462

@therealmitchconnors
Copy link
Copy Markdown
Contributor

therealmitchconnors commented Jun 4, 2025

/retest

@istio-testing
Copy link
Copy Markdown
Collaborator

istio-testing commented Jun 6, 2025

@vikaschoudhary16: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
integ-ambient-mc_istio dbb600c link false /test integ-ambient-mc
Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@istio-testing istio-testing merged commit 6cc3906 into istio:master Jun 6, 2025
29 of 30 checks passed
vikaschoudhary16 added a commit to vikaschoudhary16/istio that referenced this pull request Jun 18, 2025
@vikaschoudhary16
Ambient: In ambient index, filter configs by revision (istio#56477)
cfdf237 
* In ambient index, filter configs by revision

* release notes

* Address feedback

Signed-off-by: Vikas Choudhary (vikasc) <choudharyvikas16@gmail.com>
@zirain
Copy link
Copy Markdown
Member

zirain commented Jun 19, 2025

@howardjohn is this safe to backport?

istio-testing pushed a commit that referenced this pull request Jun 19, 2025
@vikaschoudhary16 @dhawton
[release-1.26] Ambient: In ambient index, filter configs by revision (#…
b1e4857 
…56477) (#56689)

* Ambient: In ambient index, filter configs by revision (#56477)

* In ambient index, filter configs by revision

* release notes

* Address feedback

Signed-off-by: Vikas Choudhary (vikasc) <choudharyvikas16@gmail.com>

* Update releasenotes/notes/56477.yaml

---------

Signed-off-by: Vikas Choudhary (vikasc) <choudharyvikas16@gmail.com>
Co-authored-by: Daniel Hawton <daniel@hawton.org>
vikaschoudhary16 added a commit to vikaschoudhary16/istio that referenced this pull request Jun 20, 2025
@vikaschoudhary16 @dhawton
[release-1.26] Ambient: In ambient index, filter configs by revision (i…
c9e2a7a 
…stio#56477) (istio#56689)

* Ambient: In ambient index, filter configs by revision (istio#56477)

* In ambient index, filter configs by revision

* release notes

* Address feedback

Signed-off-by: Vikas Choudhary (vikasc) <choudharyvikas16@gmail.com>

* Update releasenotes/notes/56477.yaml

---------

Signed-off-by: Vikas Choudhary (vikasc) <choudharyvikas16@gmail.com>
Co-authored-by: Daniel Hawton <daniel@hawton.org>
Signed-off-by: Vikas Choudhary (vikasc) <choudharyvikas16@gmail.com>
@vikaschoudhary16 vikaschoudhary16 mentioned this pull request Jun 20, 2025
Merged
istio-testing pushed a commit that referenced this pull request Jun 20, 2025
@vikaschoudhary16 @dhawton
[release-1.26] Ambient: In ambient index, filter configs by revision (#…
fed8a21 
…56477) (#56689) (#56713)

* Ambient: In ambient index, filter configs by revision (#56477)

* In ambient index, filter configs by revision

* release notes

* Address feedback



* Update releasenotes/notes/56477.yaml

---------

Signed-off-by: Vikas Choudhary (vikasc) <choudharyvikas16@gmail.com>
Co-authored-by: Daniel Hawton <daniel@hawton.org>
fjglira pushed a commit to fjglira/istio that referenced this pull request Sep 26, 2025
Automator: merge upstream changes to openshift-service-mesh/istio@master
30d843c 
* upstream/master: (28 commits)
  Automator: update common-files@master in istio/istio@master (istio#56545)
  Automator: update proxy@master in istio/istio@master (istio#56544)
  Automator: update go-control-plane in istio/istio@master (istio#56543)
  Automator: update proxy@master in istio/istio@master (istio#56540)
  Automator: update ztunnel@master in istio/istio@master (istio#56532)
  Ambient: In ambient index, filter configs by revision (istio#56477)
  Automator: update istio/client-go@master dependency in istio/istio@master (istio#56539)
  Automator: update proxy@master in istio/istio@master (istio#56538)
  Automator: update common-files@master in istio/istio@master (istio#56537)
  optimization: allow for lazy sidecar initialization (istio#47221)
  static collection eager indexes (istio#56530)
  fix typo in flag (istio#56534)
  feat: enable support for proxy protocol on status port (istio#55986)
  remove finding of pods by IP (istio#56502)
  Automator: update proxy@master in istio/istio@master (istio#56528)
  migrate file monitor to krt (istio#55970)
  Automator: update istio/client-go@master dependency in istio/istio@master (istio#56525)
  Automator: update ztunnel@master in istio/istio@master (istio#56518)
  Fix crash in merging http routes (istio#56499)
  krt: add assertions (istio#56510)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@howardjohn howardjohn howardjohn approved these changes

Assignees

No one assigned

Labels

size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@vikaschoudhary16 @therealmitchconnors @istio-testing @zirain @howardjohn