Skip to content

ServiceScope Implementation#56497

Merged
istio-testing merged 24 commits intoistio:masterfrom
jaellio:jaellio/multicluster-ambient-index
Jul 9, 2025
Merged

ServiceScope Implementation#56497
istio-testing merged 24 commits intoistio:masterfrom
jaellio:jaellio/multicluster-ambient-index

Conversation

@jaellio
Copy link
Copy Markdown
Contributor

@jaellio jaellio commented Jun 3, 2025
edited
Loading

Please provide a description of this PR:

This PR contains the initial alpha implementation of Service Scope for ambient mode multicluster configuration.

Included changes:

  • filtering of services to waypoints (waypoints and e/w gateways)
  • filtering of workloads to ztunnels (workloads belonging to the local cluster with locally scoped services and workloads belonging to globally scoped services)

Related API PR istio/api#3464

Resolves #55478

To do:

  • More encompassing unit tests
  • Integration test
  • Clean up
  • Update ambient default profile to only include a servicescope config if multicluster is enabled Include a default servicescopeconfig. Unless the user has enabled multinetwork ambient, the servicescopeconfig selections will have no impact. Services are still global by default
  • Add tests and verify precedence of ServiceEntry settings (TODO in BETA)

@istio-testing
Copy link
Copy Markdown
Collaborator

istio-testing commented Jun 3, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@istio-testing istio-testing added the do-not-merge/work-in-progress Block merging of a PR because it isn't ready yet. label Jun 3, 2025
@istio-policy-bot istio-policy-bot added area/ambient Issues related to ambient mesh area/networking area/user experience feature/Multi-cluster issues related with multi-cluster support labels Jun 3, 2025
@istio-testing istio-testing added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jun 3, 2025
@jaellio
Copy link
Copy Markdown
Contributor Author

jaellio commented Jun 3, 2025

/test all

@jaellio
Copy link
Copy Markdown
Contributor Author

jaellio commented Jun 3, 2025

/retest

1 similar comment
@jaellio
Copy link
Copy Markdown
Contributor Author

jaellio commented Jun 3, 2025

/retest

@jaellio jaellio marked this pull request as ready for review June 6, 2025 22:09
@jaellio jaellio requested review from a team as code owners June 6, 2025 22:09
@jaellio jaellio changed the title [WIP] ServiceScope Implementation ServiceScope Implementation Jun 9, 2025
@istio-testing istio-testing removed the do-not-merge/work-in-progress Block merging of a PR because it isn't ready yet. label Jun 9, 2025
@jaellio jaellio force-pushed the jaellio/multicluster-ambient-index branch 3 times, most recently from c7473f0 to fe74aad Compare June 9, 2025 21:58
dgn
dgn reviewed Jun 12, 2025
View reviewed changes
@jaellio jaellio force-pushed the jaellio/multicluster-ambient-index branch 4 times, most recently from 59774ae to 7f71a46 Compare June 19, 2025 22:58
@istio-testing istio-testing added the needs-rebase Indicates a PR needs to be rebased before being merged label Jun 25, 2025
jaellio added 4 commits June 25, 2025 16:58
@jaellio
Initial changes to reach label selector from mesh config to update en…
0c36a27 
…dpoints

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>

Pass MeshConfig to GlobalMergedWorkloadServicesCollection

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>

Add cluster and listener service filtering for waypoints and
e/w gateways

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>

Respond to PR feedback

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>

Add more tests

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>

Fix incorrect waypoint logic. In ambient mode, e/w gateways and waypoints
are both node.Type Waypoints

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>

Remove unused ServicesForGateway

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>

Updated failing lint and add a release note

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@jaellio
Filter services in ServiceServiceBuilder and check feature
f70a203 
flag for ambient multi network.

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@jaellio
Move feature flag set to avoid race
dc887d0 
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@jaellio
Fix race
f0832cc 
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
jaellio added 3 commits July 3, 2025 17:04
@jaellio
Respond to Keith's PR feedback
acb86cb 
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@jaellio
Merge remote-tracking branch 'upstream/master' into jaellio/multiclus…
fa0b63e 
…ter-ambient-index4
@jaellio
Fix gen
16b8f20 
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
keithmattix
keithmattix reviewed Jul 3, 2025
View reviewed changes
pilot/pkg/serviceregistry/kube/controller/ambient/services.go
networkGetter func(ctx krt.HandlerContext) network.ID,
) krt.TransformationSingle[*v1.Service, model.ServiceInfo] {
return func(ctx krt.HandlerContext, s *v1.Service) *model.ServiceInfo {
serviceScope := model.Local
Copy link
Copy Markdown
Contributor

@keithmattix keithmattix Jul 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think in general, labeling the waypoints for the user could be a nice UX improvement, but we could get some user validation that it's useful first. We'd definitely want to call it out in docs first though

jaellio added 2 commits July 4, 2025 00:10
@jaellio
Add support waypoint visibility at network gateways when the
da3caae 
waypoint has globally scoped services

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@jaellio
- deploy e/w gateway with blackhole listener/cluster if ambient
d2129e2 
multinetwork is enable to allow for existence even if no globally
scoped services exist
- utilize existing apps for integration tests

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
keithmattix
keithmattix requested changes Jul 7, 2025
View reviewed changes
jaellio added 3 commits July 7, 2025 19:01
@jaellio
wait on eastwest gateway by checking programmed
f5e147d 
status

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@jaellio
Update default servicescopeconfig and duplicate DeployGatewayAPI
3f302fc 
for simplicity

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@jaellio
Fix indentation and remove unrelated file
9300956 
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@keithmattix keithmattix removed the request for review from a team July 7, 2025 22:30
@jaellio
Compare networks rather than cluster id to determine locality
b6de08f 
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
therealmitchconnors
therealmitchconnors reviewed Jul 7, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@therealmitchconnors therealmitchconnors left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Low priority questions, but overall looks good.

keithmattix
keithmattix reviewed Jul 7, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@keithmattix keithmattix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Will give a final review tomorrow

@jaellio
Use correct address for e/w gateway and compare networks rather
f2ad931 
than clusterids

Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@keithmattix keithmattix added the cherrypick/release-1.27 Set this label on a PR to auto-merge it to the release-1.27 branch label Jul 8, 2025
@jaellio
Add todo and remove duplicate config
e9abd4f 
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
keithmattix
keithmattix reviewed Jul 8, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@keithmattix keithmattix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Will give a final review tomorrow

pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex.go
// Check if the service is a waypoint. If the service is not a waypoint
// or it's a waypoint containing no services then the Lookup will return
// an empty list
wpSvcs := a.services.ByOwningWaypointHostname.Lookup(NamespaceHostname{
Copy link
Copy Markdown
Contributor

@keithmattix keithmattix Jul 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We confirmed that waypoint services show up here?

Copy link
Copy Markdown
Contributor Author

@jaellio jaellio Jul 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll test this again manually

Copy link
Copy Markdown
Contributor Author

@jaellio jaellio Jul 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@keithmattix Added a hold until I push a feature flag check around calling AllLocalNetworkGlobalServices

@jaellio
Add comment to fix e/w gateway service lookup perf in beta
dddb137 
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@jaellio jaellio mentioned this pull request Jul 8, 2025
Closed
@jaellio jaellio added the do-not-merge/hold Block automatic merging of a PR. label Jul 9, 2025
@jaellio
Add feature flag check
a09d6d1 
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@jaellio jaellio removed the do-not-merge/hold Block automatic merging of a PR. label Jul 9, 2025
@jaellio
Fix lint
5e5178f 
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
@istio-testing istio-testing merged commit 4d03a06 into istio:master Jul 9, 2025
30 checks passed
@istio-testing
Copy link
Copy Markdown
Collaborator

istio-testing commented Jul 9, 2025

In response to a cherrypick label: new pull request created: #56946

@istio-testing istio-testing mentioned this pull request Jul 9, 2025
Merged
fjglira pushed a commit to fjglira/istio that referenced this pull request Sep 26, 2025
Automator: merge upstream changes to openshift-service-mesh/istio@master
70e04be 
* upstream/master:
  update compatibility version files setting enable native sidecar to false (istio#56903)
  ServiceScope Implementation (istio#56497)
  Automator: update proxy@master in istio/istio@master (istio#56942)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgn dgn dgn left review comments

@Stevenjin8 Stevenjin8 Stevenjin8 left review comments

@therealmitchconnors therealmitchconnors therealmitchconnors approved these changes

@keithmattix keithmattix keithmattix approved these changes

Assignees

No one assigned

Labels

area/ambient Issues related to ambient mesh area/networking area/user experience cherrypick/release-1.27 Set this label on a PR to auto-merge it to the release-1.27 branch feature/Multi-cluster issues related with multi-cluster support size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement service capture API

8 participants

@jaellio @istio-testing @Stevenjin8 @therealmitchconnors @keithmattix @dgn @mikemorris @istio-policy-bot