Force usage of envoyv2 ports in bootstrap.go by consuming config option for discoveryAddress

[sdake]

The Helm chart has v1 proxy ports which is incorrect.

[gyliu513]

@sdake , how did you test this? the proxyv2 will not work with port 15005 and 15007?

/cc @rshriram

[sdake]

was tested with the e2e tests. I do not know if proxyv2 will not work with port 15005 or 15007. This problem was found in a different review.

[gyliu513]

@sdake can you please show me the review? I want to do some test, but stuck at #6460

[gyliu513]

@sdake it works with both port 15007 and 15010 without auth.

@rshriram any recommendation for this?

[rshriram]

Obtain the values from the Envoy v2 transition.yaml. Also I think Costin has some ports fixed in the bootstrap/server.go

[sdake]

@rshriram after un-hardcoding the port, the gate implodes. Any insight?

[gyliu513]

@tiswanso afte the sidecar was injected, the /etc/istio/proxy/envoy-rev0.json is already "socket_address": {"address": "istio-pilot.istio-system", "port_value": 15010}, but why the injected container generated by istioctl kube-inject still using 15007?

    spec:
      containers:
      - image: istio/examples-bookinfo-details-v1:1.5.0
        imagePullPolicy: IfNotPresent
        name: details
        ports:
        - containerPort: 9080
        resources: {}
      - args:
        - proxy
        - sidecar
        - --configPath
        - /etc/istio/proxy
        - --binaryPath
        - /usr/local/bin/envoy
        - --serviceCluster
        - details
        - --drainDuration
        - 45s
        - --parentShutdownDuration
        - 1m0s
        - --discoveryAddress
        - istio-pilot.istio-system:15007 <<<<
        - --discoveryRefreshDelay

[rshriram]

Gateways don’t read the global sidecar injector config. So if you want to make pilot port parameterizable, add option to global config and make pilot and pilot agent read it during startup

[tiswanso]

@gyliu513 -- that's the behavior of the code in [1] & the thing @sdake is trying to change with these latest versions of the review. At the moment, no matter what port is passed in discoveryAddress to the istio-proxy (sidecar) it will configure envoy ADS over port 15010 or 15011 (mTLS).

[1] 6fc1a85#r197216278

[gyliu513]

@tiswanso so seems the parameter discoveryAddress in injected in sidecar container has no use? Then why do we need to set this parameter?

[codecov]

Codecov Report

Merging #6452 into master will decrease coverage by 1%.
The diff coverage is 100%.

@@           Coverage Diff           @@
##           master   #6452    +/-   ##
=======================================
- Coverage      68%     68%   -<1%     
=======================================
  Files         357     352     -5     
  Lines       31094   30862   -232     
=======================================
- Hits        21018   20856   -162     
+ Misses       9246    9160    -86     
- Partials      830     846    +16

Impacted Files	Coverage Δ
pkg/bootstrap/bootstrap_config.go	27% <100%> (ø)	⬇️
mixer/adapter/solarwinds/log_handler.go	54% <0%> (-26%)	⬇️
mixer/adapter/rbac/util.go	56% <0%> (-13%)	⬇️
galley/pkg/server/server.go	81% <0%> (-9%)	⬇️
mixer/adapter/circonus/circonus.go	68% <0%> (-7%)	⬇️
mixer/adapter/stackdriver/stackdriver.go	50% <0%> (-5%)	⬇️
security/pkg/nodeagent/secrets/server.go	82% <0%> (-4%)	⬇️
mixer/adapter/stackdriver/helper/common.go	79% <0%> (-4%)	⬇️
galley/pkg/mcp/snapshot/snapshot.go	96% <0%> (-4%)	⬇️
pilot/pkg/serviceregistry/kube/queue.go	86% <0%> (-3%)	⬇️
... and 75 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1d6c6c3...b1d1f1a. Read the comment docs.

[sdake]

/assign @nmittler

[istio-testing]

@sdake: The following tests failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
prow/e2e-dashboard.sh	b1d1f1a	link	/test e2e-dashboard
prow/e2e-mixer-no_auth.sh	b1d1f1a	link	/test e2e-mixer-no_auth
prow/e2e-bookInfoTests-v1alpha3.sh	b1d1f1a	link	/test e2e-bookInfo-envoyv2-v1alpha3
prow/istio-pilot-e2e-envoyv2-v1alpha3.sh	b1d1f1a	link	/test istio-pilot-e2e-envoyv2-v1alpha3
prow/e2e-simpleTests.sh	b1d1f1a	link	/test e2e-simple

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[costinm]

/lgtm

It was hardcoded because I didn't want to add another option or env variable - we don't have tests or really support changing the ports, and with the v1 going away I was planning to do something like this PR.

BTW - not sure how 'remote' is configured now, but I suspect the entire address should be customizable, so we can pass "https://istio-gateway.mydomain.com:15011" as discovery address in remote clusters (and even in primary cluster)

[istio-testing]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: costinm, sdake

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• install/OWNERS [costinm,sdake]
• pkg/OWNERS [costinm]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sdake]

@rshriram indicated this would be taken care of by the v1 removal.