From 97f3dc355e75a1b36c95fa81678e18c8e82c4825 Mon Sep 17 00:00:00 2001 From: aattuluri <44482891+aattuluri@users.noreply.github.com> Date: Tue, 16 Jun 2020 20:58:54 -0700 Subject: [PATCH] Import admiral generated hosts on Istio Sidecar egress for dependent workloads (#113) --- admiral/pkg/clusters/serviceentry.go | 13 +++++++++++-- admiral/pkg/clusters/serviceentry_test.go | 4 ++-- admiral/pkg/controller/common/types.go | 5 +++-- admiral/pkg/controller/common/types_test.go | 7 ++++--- 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/admiral/pkg/clusters/serviceentry.go b/admiral/pkg/clusters/serviceentry.go index 9582bebd..bb2097e4 100644 --- a/admiral/pkg/clusters/serviceentry.go +++ b/admiral/pkg/clusters/serviceentry.go @@ -131,11 +131,10 @@ func createServiceEntryForNewServiceOrPod(env string, sourceIdentity string, rem } //add virtual service for routing locally in within the cluster createIngressOnlyVirtualService(rc, cname, serviceEntry, localFqdn, meshPorts) - } for _, val := range dependents.Map() { - remoteRegistry.AdmiralCache.DependencyNamespaceCache.Put(val, serviceInstance.Namespace, localFqdn) + remoteRegistry.AdmiralCache.DependencyNamespaceCache.Put(val, serviceInstance.Namespace, localFqdn, map[string]string {cname: "1"}) } if common.GetWorkloadSidecarUpdate() == "enabled" { @@ -176,8 +175,18 @@ func modifySidecarForLocalClusterCommunication(sidecarNamespace string, sidecarE //copy and add our new local FQDN newSidecar := copySidecar(sidecar) + egressHosts := make(map[string]string) + for _, sidecarEgress := range sidecarEgressMap { egressHost := sidecarEgress.Namespace + "/" + sidecarEgress.FQDN + egressHosts[egressHost] = egressHost + for cname, _ := range sidecarEgress.CNAMEs { + scopedCname := sidecarEgress.Namespace + "/" + cname + egressHosts[scopedCname] = scopedCname + } + } + + for egressHost, _ := range egressHosts { if !util.Contains(newSidecar.Spec.Egress[0].Hosts, egressHost) { newSidecar.Spec.Egress[0].Hosts = append(newSidecar.Spec.Egress[0].Hosts, egressHost) } diff --git a/admiral/pkg/clusters/serviceentry_test.go b/admiral/pkg/clusters/serviceentry_test.go index a31284ad..da4ec30f 100644 --- a/admiral/pkg/clusters/serviceentry_test.go +++ b/admiral/pkg/clusters/serviceentry_test.go @@ -375,7 +375,7 @@ func TestModifyExistingSidecarForLocalClusterCommunication(t *testing.T) { if createdSidecar != nil { sidecarEgressMap := make(map[string]common.SidecarEgress) - sidecarEgressMap["test-dependency-namespace"] = common.SidecarEgress{Namespace: "test-dependency-namespace", FQDN: "test-local-fqdn"} + sidecarEgressMap["test-dependency-namespace"] = common.SidecarEgress{Namespace: "test-dependency-namespace", FQDN: "test-local-fqdn", CNAMEs:map[string]string{"test.myservice.global": "1"}} modifySidecarForLocalClusterCommunication("test-sidecar-namespace", sidecarEgressMap, remoteController) updatedSidecar, error := sidecarController.IstioClient.NetworkingV1alpha3().Sidecars("test-sidecar-namespace").Get("default", v12.GetOptions{}) @@ -384,7 +384,7 @@ func TestModifyExistingSidecarForLocalClusterCommunication(t *testing.T) { t.Fail() } - hostList := append(createdSidecar.Spec.Egress[0].Hosts, "test-dependency-namespace/test-local-fqdn") + hostList := append(createdSidecar.Spec.Egress[0].Hosts, "test-dependency-namespace/test-local-fqdn", "test-dependency-namespace/test.myservice.global") createdSidecar.Spec.Egress[0].Hosts = hostList if !cmp.Equal(updatedSidecar, createdSidecar) { diff --git a/admiral/pkg/controller/common/types.go b/admiral/pkg/controller/common/types.go index c6d1f86e..b43e226a 100644 --- a/admiral/pkg/controller/common/types.go +++ b/admiral/pkg/controller/common/types.go @@ -19,6 +19,7 @@ type MapOfMaps struct { type SidecarEgress struct { Namespace string FQDN string + CNAMEs map[string]string } //maintains a map from workload identity -> map[namespace]SidecarEgress @@ -133,14 +134,14 @@ func (s *MapOfMaps) Map() map[string]*Map { return s.cache } -func (s *SidecarEgressMap) Put(identity string, namespace string, fqdn string) { +func (s *SidecarEgressMap) Put(identity string, namespace string, fqdn string, cnames map[string]string) { defer s.mutex.Unlock() s.mutex.Lock() var mapVal = s.cache[identity] if mapVal == nil { mapVal = make(map[string]SidecarEgress, 0) } - mapVal[namespace] = SidecarEgress{Namespace: namespace, FQDN: fqdn} + mapVal[namespace] = SidecarEgress{Namespace: namespace, FQDN: fqdn, CNAMEs: cnames} s.cache[identity] = mapVal } diff --git a/admiral/pkg/controller/common/types_test.go b/admiral/pkg/controller/common/types_test.go index b6879c21..1433e054 100644 --- a/admiral/pkg/controller/common/types_test.go +++ b/admiral/pkg/controller/common/types_test.go @@ -49,9 +49,10 @@ func TestEgressMap(t *testing.T) { paymentsEnv, ordersEnv := "prod", "staging" paymentsNs, ordersNs := payments + "-" + paymentsEnv, orders + "-" + ordersEnv paymentsFqdn, ordersFqdn := payments + "." + paymentsNs + "." + "svc.cluster.local", orders + "." + ordersNs + "." + "svc.cluster.local" - paymentsSidecar, ordersSidecar := SidecarEgress{FQDN: paymentsFqdn, Namespace: paymentsNs}, SidecarEgress{FQDN: ordersFqdn, Namespace: ordersNs} - egressMap.Put(payments, paymentsNs, paymentsFqdn) - egressMap.Put(orders, ordersNs, ordersFqdn) + paymentsCname, ordersCname := paymentsEnv + "." + payments + ".global", ordersEnv + "." + orders + ".global" + paymentsSidecar, ordersSidecar := SidecarEgress{FQDN: paymentsFqdn, Namespace: paymentsNs, CNAMEs:map[string]string{paymentsCname: paymentsCname}}, SidecarEgress{FQDN: ordersFqdn, Namespace: ordersNs, CNAMEs:map[string]string{ordersCname: ordersCname}} + egressMap.Put(payments, paymentsNs, paymentsFqdn, map[string]string{paymentsCname: paymentsCname}) + egressMap.Put(orders, ordersNs, ordersFqdn, map[string]string{ordersCname: ordersCname}) ordersEgress := egressMap.Get("orders");