-
Notifications
You must be signed in to change notification settings - Fork 437
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch separate Gloo Gateway xds to proxy syncer #9310
Conversation
Visit the preview URL for this PR (updated for commit d5024f7): https://gloo-edge--pr9310-switch-to-proxy-sync-qlih4vg0.web.app (expires Fri, 19 Apr 2024 22:21:55 GMT) 🔥 via Firebase Hosting GitHub Action 🌎 Sign: 77c2b86e287749579b7ff9cadb81e099042ef677 |
Issues linked to changelog: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fairly certain the changes to xds_syncer introduced in #9341 are not present.
Unfortunately this wasn't caught as no e2e test is in place for the status reporting
The proxy syncer no longer syncs envoy, it only reconciles the proxies, so the gateway translator will handle the statuses for RouteOptions. @ilackarms |
projects/gateway2/helm/gloo-gateway/templates/gateway/proxy-deployment.yaml
Outdated
Show resolved
Hide resolved
038703f
to
5d51b79
Compare
Gloo Edge Enterprise supports a custom ext-auth and rate-limit server in the default deployment. To support ext-auth and ratelimit, this replaces the current gateway xds syncer with a proxy syncer. The proxy syncer would feed proxies in to a common in memory set of proxies.
The changes in this PR include:
Minor fix to kube e2e test debugging logic to not hard code gateway name when getting the envoy config dump on test failure.
Removing the k8s Gateway controller's kube service discovery logic in favor of the legacy classic Edge kube svc discovery. This means Gloo Gateway now requires
disable_kubernetes_destinations=false
to be set (this is the default value in the helm chart).The proxy no longer uses upstream and instead selects kube destination:
Old:
New:
Similarly, the Gloo Gateway mirror plugin translates a kube destination into an upstream here instead of relying on the Gloo Gateway discovered upstream.
In order to support Gloo Gateway creating proxies in any namespace, we need to change the Gloo Gateway proxy metadata to include a
proxy_namespace
label. Currently, the proxyClient can only list proxies in the writeNamespace (ex.gloo-system
), and will error in solo-kit if the namespace is not valid. Instead of changing solo-kit to support the empty namespace, theproxy_namespace
label is added to the proxy and used to reconstruct the snapshot cache key.Since the xds syncers are combined, we now reuse the old
role
metadata field to be consistent with the other proxy types (ingress, knative, gloo edge legacy, etc.). The old proxies use<proxy_namespace>~<proxy_name>
to define the role. The gloo gateway role comes from the proxy-deployment ConfigMap and is in the format<owner>~<proxy_namespace>~<proxy_name>
.Old:
New: