From a335ea2251e76a825a31e0408a22aa7a077336e3 Mon Sep 17 00:00:00 2001 From: kazukousen Date: Thu, 22 Oct 2020 08:21:36 +0900 Subject: [PATCH 01/12] Support virtualService delegate --- artifacts/flagger/crd.yaml | 3 +++ charts/flagger/crds/crd.yaml | 3 +++ kustomize/base/flagger/crd.yaml | 3 +++ pkg/apis/flagger/v1beta1/canary.go | 5 +++++ pkg/router/istio.go | 13 +++++++++++++ 5 files changed, 27 insertions(+) diff --git a/artifacts/flagger/crd.yaml b/artifacts/flagger/crd.yaml index 37311bab1..031e83612 100644 --- a/artifacts/flagger/crd.yaml +++ b/artifacts/flagger/crd.yaml @@ -156,6 +156,9 @@ spec: type: array items: type: string + isDelegation: + description: enable behaving as a delegate VirtualService + type: boolean match: description: URI match conditions type: array diff --git a/charts/flagger/crds/crd.yaml b/charts/flagger/crds/crd.yaml index 37311bab1..031e83612 100644 --- a/charts/flagger/crds/crd.yaml +++ b/charts/flagger/crds/crd.yaml @@ -156,6 +156,9 @@ spec: type: array items: type: string + isDelegation: + description: enable behaving as a delegate VirtualService + type: boolean match: description: URI match conditions type: array diff --git a/kustomize/base/flagger/crd.yaml b/kustomize/base/flagger/crd.yaml index 37311bab1..031e83612 100644 --- a/kustomize/base/flagger/crd.yaml +++ b/kustomize/base/flagger/crd.yaml @@ -156,6 +156,9 @@ spec: type: array items: type: string + isDelegation: + description: enable behaving as a delegate VirtualService + type: boolean match: description: URI match conditions type: array diff --git a/pkg/apis/flagger/v1beta1/canary.go b/pkg/apis/flagger/v1beta1/canary.go index 3451e796b..8d6688fc4 100644 --- a/pkg/apis/flagger/v1beta1/canary.go +++ b/pkg/apis/flagger/v1beta1/canary.go @@ -137,6 +137,11 @@ type CanaryService struct { // +optional Hosts []string `json:"hosts,omitempty"` + // IsDelegation behaves as a delegate virtual service + // if enabled, the pilot env `PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE` must also be set to enabled. + // +optional + IsDelegation bool `json:"is_delegation,omitempty"` + // TrafficPolicy attached to the generated Istio destination rules // +optional TrafficPolicy *istiov1alpha3.TrafficPolicy `json:"trafficPolicy,omitempty"` diff --git a/pkg/router/istio.go b/pkg/router/istio.go index bb15c4b6f..b660825d9 100644 --- a/pkg/router/istio.go +++ b/pkg/router/istio.go @@ -98,6 +98,13 @@ func (ir *IstioRouter) reconcileDestinationRule(canary *flaggerv1.Canary, name s func (ir *IstioRouter) reconcileVirtualService(canary *flaggerv1.Canary) error { apexName, primaryName, canaryName := canary.GetServiceNames() + if canary.Spec.Service.IsDelegation { + if len(canary.Spec.Service.Hosts) > 0 || len(canary.Spec.Service.Gateways) > 0 { + // delegate VirtualService cannot have hosts and gateways. + return fmt.Errorf("VirtualService %s.%s cannot have hosts and gateways", apexName, canary.Namespace) + } + } + // set hosts and add the ClusterIP service host if it doesn't exists hosts := canary.Spec.Service.Hosts var hasServiceHost bool @@ -132,6 +139,12 @@ func (ir *IstioRouter) reconcileVirtualService(canary *flaggerv1.Canary) error { makeDestination(canary, canaryName, 0), } + if canary.Spec.Service.IsDelegation { + // delegate VirtualService requires the hosts and gateway empty. + hosts = []string{} + gateways = []string{} + } + newSpec := istiov1alpha3.VirtualServiceSpec{ Hosts: hosts, Gateways: gateways, From 3f69a650a6cb8603485a761c5f3ba32759f9dd72 Mon Sep 17 00:00:00 2001 From: kazukousen Date: Thu, 22 Oct 2020 22:38:15 +0900 Subject: [PATCH 02/12] add unit test --- pkg/apis/flagger/v1beta1/canary.go | 2 +- pkg/router/istio_test.go | 47 ++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/pkg/apis/flagger/v1beta1/canary.go b/pkg/apis/flagger/v1beta1/canary.go index 8d6688fc4..f19258aff 100644 --- a/pkg/apis/flagger/v1beta1/canary.go +++ b/pkg/apis/flagger/v1beta1/canary.go @@ -140,7 +140,7 @@ type CanaryService struct { // IsDelegation behaves as a delegate virtual service // if enabled, the pilot env `PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE` must also be set to enabled. // +optional - IsDelegation bool `json:"is_delegation,omitempty"` + IsDelegation bool `json:"isDelegation,omitempty"` // TrafficPolicy attached to the generated Istio destination rules // +optional diff --git a/pkg/router/istio_test.go b/pkg/router/istio_test.go index b3457ad1e..6b23b887d 100644 --- a/pkg/router/istio_test.go +++ b/pkg/router/istio_test.go @@ -333,6 +333,53 @@ func TestIstioRouter_GatewayPort(t *testing.T) { assert.Equal(t, uint32(mocks.canary.Spec.Service.Port), port) } +func TestIstioRouter_Delegate(t *testing.T) { + t.Run("ok", func(t *testing.T) { + mocks := newFixture(nil) + mocks.canary.Spec.Service.Hosts = []string{} + mocks.canary.Spec.Service.Gateways = []string{} + mocks.canary.Spec.Service.IsDelegation = true + + router := &IstioRouter{ + logger: mocks.logger, + flaggerClient: mocks.flaggerClient, + istioClient: mocks.meshClient, + kubeClient: mocks.kubeClient, + } + + err := router.Reconcile(mocks.canary) + require.NoError(t, err) + + vs, err := mocks.meshClient.NetworkingV1alpha3().VirtualServices("default").Get(context.TODO(), "podinfo", metav1.GetOptions{}) + require.NoError(t, err) + + assert.Equal(t, 0, len(vs.Spec.Hosts)) + assert.Equal(t, 0, len(vs.Spec.Gateways)) + }) + + t.Run("invalid", func(t *testing.T) { + mocks := newFixture(nil) + if len(mocks.canary.Spec.Service.Gateways) == 0 { + // in this case, the gateways or hosts should not be not empty because it requires to cause an error. + mocks.canary.Spec.Service.Gateways = []string{ + "public-gateway.istio", + "mesh", + } + } + mocks.canary.Spec.Service.IsDelegation = true + + router := &IstioRouter{ + logger: mocks.logger, + flaggerClient: mocks.flaggerClient, + istioClient: mocks.meshClient, + kubeClient: mocks.kubeClient, + } + + err := router.Reconcile(mocks.canary) + require.Error(t, err) + }) +} + func TestIstioRouter_Finalize(t *testing.T) { mocks := newFixture(nil) router := &IstioRouter{ From db175e51ca352491c16c892f04ddc4848d34056e Mon Sep 17 00:00:00 2001 From: kazukousen Date: Fri, 23 Oct 2020 02:01:12 +0900 Subject: [PATCH 03/12] add e2e test for using delegation --- .circleci/config.yml | 4 + test/e2e-istio-tests-delegate.sh | 149 +++++++++++++++++++++++++++++++ 2 files changed, 153 insertions(+) create mode 100644 test/e2e-istio-tests-delegate.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 047423cb8..46b40ec0a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -97,6 +97,10 @@ jobs: - run: test/e2e-istio-dependencies.sh - run: test/e2e-istio-tests.sh - run: test/e2e-istio-tests-skip-analysis.sh + - run: test/e2e-kubernetes-cleanup.sh + - run: test/e2e-istio-dependencies.sh + - run: test/e2e-istio-tests.sh + - run: test/e2e-istio-tests-delegate.sh e2e-gloo-testing: machine: true diff --git a/test/e2e-istio-tests-delegate.sh b/test/e2e-istio-tests-delegate.sh new file mode 100644 index 000000000..c35be50ca --- /dev/null +++ b/test/e2e-istio-tests-delegate.sh @@ -0,0 +1,149 @@ +#!/usr/bin/env bash + +# This script runs e2e tests for when the canary delegation is enabled +# Prerequisites: Kubernetes Kind and Istio +set -o errexit + +echo '>>> Set pilot env to enable virtual service delegate' +kubectl -n istio-system set env deploy istiod PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE=true +kubectl -n istio-system rollout status deploy istiod + +echo '>>> Initialising Gateway' +cat <>> Initialising root virtual service' +cat <>> Initialising canary for delegate' +cat <>> Waiting for primary to be ready' +retries=50 +count=0 +ok=false +until ${ok}; do + kubectl -n test get canary/podinfo | grep 'Initialized' && ok=true || ok=false + sleep 5 + count=$(($count + 1)) + if [[ ${count} -eq ${retries} ]]; then + kubectl -n istio-system logs deployment/flagger + echo "No more retries left" + exit 1 + fi +done + +echo '✔ Canary initialization test passed' + +echo '>>> Triggering canary deployment' +kubectl -n test set image deployment/podinfo podinfod=stefanprodan/podinfo:3.1.1 + +echo '>>> Waiting for canary promotion' +retries=50 +count=0 +ok=false +until ${ok}; do + kubectl -n test describe deployment/podinfo-primary | grep '3.1.1' && ok=true || ok=false + sleep 10 + kubectl -n istio-system logs deployment/flagger --tail 1 + count=$(($count + 1)) + if [[ ${count} -eq ${retries} ]]; then + kubectl -n test describe deployment/podinfo + kubectl -n test describe deployment/podinfo-primary + kubectl -n istio-system logs deployment/flagger + echo "No more retries left" + exit 1 + fi +done + +echo '>>> Waiting for canary finalization' +retries=50 +count=0 +ok=false +until ${ok}; do + kubectl -n test get canary/podinfo | grep 'Succeeded' && ok=true || ok=false + sleep 5 + count=$(($count + 1)) + if [[ ${count} -eq ${retries} ]]; then + kubectl -n istio-system logs deployment/flagger + echo "No more retries left" + exit 1 + fi +done + +echo '>>> Set pilot env to disable virtual service delegate' +kubectl -n istio-system set env deploy istiod PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE=false +kubectl -n istio-system rollout status deploy istiod + +echo '✔ Canary promotion test passed' + +if [[ "$1" = "canary" ]]; then + exit 0 +fi From 2c9a45cf24760125fa80137e86ec5d730e02574b Mon Sep 17 00:00:00 2001 From: kazukousen Date: Fri, 23 Oct 2020 02:23:25 +0900 Subject: [PATCH 04/12] more simplify to run CI --- .circleci/config.yml | 1 - test/e2e-istio-tests-delegate.sh | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 test/e2e-istio-tests-delegate.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 46b40ec0a..0e2ab4034 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -99,7 +99,6 @@ jobs: - run: test/e2e-istio-tests-skip-analysis.sh - run: test/e2e-kubernetes-cleanup.sh - run: test/e2e-istio-dependencies.sh - - run: test/e2e-istio-tests.sh - run: test/e2e-istio-tests-delegate.sh e2e-gloo-testing: diff --git a/test/e2e-istio-tests-delegate.sh b/test/e2e-istio-tests-delegate.sh old mode 100644 new mode 100755 index c35be50ca..1e9525e55 --- a/test/e2e-istio-tests-delegate.sh +++ b/test/e2e-istio-tests-delegate.sh @@ -2,6 +2,7 @@ # This script runs e2e tests for when the canary delegation is enabled # Prerequisites: Kubernetes Kind and Istio + set -o errexit echo '>>> Set pilot env to enable virtual service delegate' From 980ffbf85493d55db0049eebfe545534e220056e Mon Sep 17 00:00:00 2001 From: kazukousen Date: Fri, 23 Oct 2020 17:36:29 +0900 Subject: [PATCH 05/12] decrease istiod resource --- test/e2e-istio.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/e2e-istio.sh b/test/e2e-istio.sh index 20c1c5c73..ec1f1c88e 100755 --- a/test/e2e-istio.sh +++ b/test/e2e-istio.sh @@ -10,7 +10,9 @@ cd ${REPO_ROOT}/bin && \ curl -L https://istio.io/downloadIstio | ISTIO_VERSION=${ISTIO_VER} sh - echo ">>> Installing Istio ${ISTIO_VER}" -${REPO_ROOT}/bin/istio-${ISTIO_VER}/bin/istioctl manifest apply --set profile=default +${REPO_ROOT}/bin/istio-${ISTIO_VER}/bin/istioctl manifest apply --set profile=default \ + --set values.pilot.resources.requests.cpu=100m \ + --set values.pilot.resources.requests.memory=100Mi kubectl -n istio-system rollout status deployment/prometheus From 582c69d9f7ed60ab7fe5e88eba28e177eb1db4a3 Mon Sep 17 00:00:00 2001 From: Kazuki Nitta Date: Fri, 23 Oct 2020 19:02:03 +0900 Subject: [PATCH 06/12] Update pkg/router/istio.go Co-authored-by: Takeshi Yoneda --- pkg/router/istio.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/router/istio.go b/pkg/router/istio.go index b660825d9..5b43c0c69 100644 --- a/pkg/router/istio.go +++ b/pkg/router/istio.go @@ -101,7 +101,7 @@ func (ir *IstioRouter) reconcileVirtualService(canary *flaggerv1.Canary) error { if canary.Spec.Service.IsDelegation { if len(canary.Spec.Service.Hosts) > 0 || len(canary.Spec.Service.Gateways) > 0 { // delegate VirtualService cannot have hosts and gateways. - return fmt.Errorf("VirtualService %s.%s cannot have hosts and gateways", apexName, canary.Namespace) + return fmt.Errorf("VirtualService %s.%s cannot have hosts and gateways when delegation enabled", apexName, canary.Namespace) } } From b90de6e0c247ab3b21ec623e32c97042b72baf44 Mon Sep 17 00:00:00 2001 From: kazukousen Date: Fri, 23 Oct 2020 19:51:52 +0900 Subject: [PATCH 07/12] configValidation=false --- test/e2e-istio.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/e2e-istio.sh b/test/e2e-istio.sh index ec1f1c88e..9a95e9365 100755 --- a/test/e2e-istio.sh +++ b/test/e2e-istio.sh @@ -12,7 +12,8 @@ curl -L https://istio.io/downloadIstio | ISTIO_VERSION=${ISTIO_VER} sh - echo ">>> Installing Istio ${ISTIO_VER}" ${REPO_ROOT}/bin/istio-${ISTIO_VER}/bin/istioctl manifest apply --set profile=default \ --set values.pilot.resources.requests.cpu=100m \ - --set values.pilot.resources.requests.memory=100Mi + --set values.pilot.resources.requests.memory=100Mi \ + --set values.global.configValidation=false kubectl -n istio-system rollout status deployment/prometheus From f6163c316a06ad6859b3cacb7fadcf3871016b3a Mon Sep 17 00:00:00 2001 From: kazukousen Date: Sat, 24 Oct 2020 23:27:13 +0900 Subject: [PATCH 08/12] update istio 1.7.3 --- kustomize/istio/kustomization.yaml | 1 + kustomize/istio/patch.yaml | 2 +- test/e2e-istio-tests.sh | 2 +- test/e2e-istio.sh | 9 +++------ 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/kustomize/istio/kustomization.yaml b/kustomize/istio/kustomization.yaml index fba329ba3..e2c011338 100644 --- a/kustomize/istio/kustomization.yaml +++ b/kustomize/istio/kustomization.yaml @@ -1,5 +1,6 @@ namespace: istio-system bases: - ../base/flagger/ + - ../base/prometheus/ patchesStrategicMerge: - patch.yaml diff --git a/kustomize/istio/patch.yaml b/kustomize/istio/patch.yaml index 8180d2d89..a2af53504 100644 --- a/kustomize/istio/patch.yaml +++ b/kustomize/istio/patch.yaml @@ -10,7 +10,7 @@ spec: args: - -log-level=info - -mesh-provider=istio - - -metrics-server=http://prometheus:9090 + - -metrics-server=http://flagger-prometheus:9090 - -slack-user=flagger - -slack-channel= - -slack-url= diff --git a/test/e2e-istio-tests.sh b/test/e2e-istio-tests.sh index 2954626ef..1ee5f17c0 100755 --- a/test/e2e-istio-tests.sh +++ b/test/e2e-istio-tests.sh @@ -15,7 +15,7 @@ metadata: spec: provider: type: prometheus - address: http://prometheus.istio-system:9090 + address: http://flagger-prometheus.istio-system:9090 query: | histogram_quantile( 0.99, diff --git a/test/e2e-istio.sh b/test/e2e-istio.sh index 9a95e9365..d4c92d8c1 100755 --- a/test/e2e-istio.sh +++ b/test/e2e-istio.sh @@ -2,7 +2,7 @@ set -o errexit -ISTIO_VER="1.6.7" +ISTIO_VER="1.7.3" REPO_ROOT=$(git rev-parse --show-toplevel) echo ">>> Downloading Istio ${ISTIO_VER}" @@ -10,12 +10,9 @@ cd ${REPO_ROOT}/bin && \ curl -L https://istio.io/downloadIstio | ISTIO_VERSION=${ISTIO_VER} sh - echo ">>> Installing Istio ${ISTIO_VER}" -${REPO_ROOT}/bin/istio-${ISTIO_VER}/bin/istioctl manifest apply --set profile=default \ +${REPO_ROOT}/bin/istio-${ISTIO_VER}/bin/istioctl manifest install --set profile=default \ --set values.pilot.resources.requests.cpu=100m \ - --set values.pilot.resources.requests.memory=100Mi \ - --set values.global.configValidation=false - -kubectl -n istio-system rollout status deployment/prometheus + --set values.pilot.resources.requests.memory=100Mi kubectl -n istio-system get all From 50b513aba99cae0b41bdca2872f07d627de855bd Mon Sep 17 00:00:00 2001 From: kazukousen Date: Tue, 27 Oct 2020 18:24:25 +0900 Subject: [PATCH 09/12] use prometheus addon --- kustomize/istio/kustomization.yaml | 1 - kustomize/istio/patch.yaml | 2 +- test/e2e-istio-tests.sh | 2 +- test/e2e-istio.sh | 3 +++ 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/kustomize/istio/kustomization.yaml b/kustomize/istio/kustomization.yaml index e2c011338..fba329ba3 100644 --- a/kustomize/istio/kustomization.yaml +++ b/kustomize/istio/kustomization.yaml @@ -1,6 +1,5 @@ namespace: istio-system bases: - ../base/flagger/ - - ../base/prometheus/ patchesStrategicMerge: - patch.yaml diff --git a/kustomize/istio/patch.yaml b/kustomize/istio/patch.yaml index a2af53504..8180d2d89 100644 --- a/kustomize/istio/patch.yaml +++ b/kustomize/istio/patch.yaml @@ -10,7 +10,7 @@ spec: args: - -log-level=info - -mesh-provider=istio - - -metrics-server=http://flagger-prometheus:9090 + - -metrics-server=http://prometheus:9090 - -slack-user=flagger - -slack-channel= - -slack-url= diff --git a/test/e2e-istio-tests.sh b/test/e2e-istio-tests.sh index 1ee5f17c0..2954626ef 100755 --- a/test/e2e-istio-tests.sh +++ b/test/e2e-istio-tests.sh @@ -15,7 +15,7 @@ metadata: spec: provider: type: prometheus - address: http://flagger-prometheus.istio-system:9090 + address: http://prometheus.istio-system:9090 query: | histogram_quantile( 0.99, diff --git a/test/e2e-istio.sh b/test/e2e-istio.sh index d4c92d8c1..c32ec1fb0 100755 --- a/test/e2e-istio.sh +++ b/test/e2e-istio.sh @@ -14,6 +14,9 @@ ${REPO_ROOT}/bin/istio-${ISTIO_VER}/bin/istioctl manifest install --set profile= --set values.pilot.resources.requests.cpu=100m \ --set values.pilot.resources.requests.memory=100Mi +kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.7/samples/addons/prometheus.yaml +kubectl -n istio-system rollout status deployment/prometheus + kubectl -n istio-system get all echo '>>> Load Flagger image in Kind' From 240bd23ac3d1952f7e66f56019fad42a7cee0476 Mon Sep 17 00:00:00 2001 From: Kazuki Nitta Date: Wed, 28 Oct 2020 00:31:35 +0900 Subject: [PATCH 10/12] fix delegation spec Co-authored-by: Stefan Prodan --- pkg/apis/flagger/v1beta1/canary.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkg/apis/flagger/v1beta1/canary.go b/pkg/apis/flagger/v1beta1/canary.go index f19258aff..c371a79e0 100644 --- a/pkg/apis/flagger/v1beta1/canary.go +++ b/pkg/apis/flagger/v1beta1/canary.go @@ -140,7 +140,11 @@ type CanaryService struct { // IsDelegation behaves as a delegate virtual service // if enabled, the pilot env `PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE` must also be set to enabled. // +optional - IsDelegation bool `json:"isDelegation,omitempty"` + // If enabled, Flagger would generate Istio VirtualServices without hosts and gateway, + // making the service compatible with Istio delegation. Note that pilot env + //` PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE` must also be set. + // +optional + Delegation bool `json:"delegation,omitempty"` // TrafficPolicy attached to the generated Istio destination rules // +optional From 204d661b7763cbc8ccbb74f264bb6601f40b91ca Mon Sep 17 00:00:00 2001 From: kazukousen Date: Wed, 28 Oct 2020 01:46:05 +0900 Subject: [PATCH 11/12] fix spec and add faq doc --- artifacts/flagger/crd.yaml | 2 +- charts/flagger/crds/crd.yaml | 2 +- docs/gitbook/faq.md | 79 ++++++++++++++++++++++++++++++ kustomize/base/flagger/crd.yaml | 2 +- pkg/apis/flagger/v1beta1/canary.go | 9 ++-- pkg/router/istio.go | 4 +- pkg/router/istio_test.go | 4 +- test/e2e-istio-tests-delegate.sh | 2 +- 8 files changed, 90 insertions(+), 14 deletions(-) diff --git a/artifacts/flagger/crd.yaml b/artifacts/flagger/crd.yaml index 031e83612..6fd69629e 100644 --- a/artifacts/flagger/crd.yaml +++ b/artifacts/flagger/crd.yaml @@ -156,7 +156,7 @@ spec: type: array items: type: string - isDelegation: + delegation: description: enable behaving as a delegate VirtualService type: boolean match: diff --git a/charts/flagger/crds/crd.yaml b/charts/flagger/crds/crd.yaml index 031e83612..6fd69629e 100644 --- a/charts/flagger/crds/crd.yaml +++ b/charts/flagger/crds/crd.yaml @@ -156,7 +156,7 @@ spec: type: array items: type: string - isDelegation: + delegation: description: enable behaving as a delegate VirtualService type: boolean match: diff --git a/docs/gitbook/faq.md b/docs/gitbook/faq.md index 5deb2cec7..ffbb9ff70 100644 --- a/docs/gitbook/faq.md +++ b/docs/gitbook/faq.md @@ -554,6 +554,85 @@ spec: Flagger works for user facing apps exposed outside the cluster via an ingress gateway and for backend HTTP APIs that are accessible only from inside the mesh. +If `Delegation` is enabled, Flagger would generate Istio VirtualService without hosts and gateway, +making the service compatible with Istio delegation. + +```yaml +apiVersion: flagger.app/v1beta1 +kind: Canary +metadata: + name: backend + namespace: test +spec: + service: + delegation: true + port: 9898 + targetRef: + apiVersion: v1 + kind: Deployment + name: podinfo + analysis: + interval: 15s + threshold: 15 + maxWeight: 30 + stepWeight: 10 +``` + +Based on the above spec, Flagger will create the following virtual service: + +```yaml +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: backend + namespace: test + ownerReferences: + - apiVersion: flagger.app/v1beta1 + blockOwnerDeletion: true + controller: true + kind: Canary + name: backend + uid: 58562662-5e10-4512-b269-2b789c1b30fe +spec: + http: + - route: + - destination: + host: podinfo-primary + weight: 100 + - destination: + host: podinfo-canary + weight: 0 +``` + +Therefore, The following virtual service forward the traffic to `/podinfo` by the above delegate VirtualService. + +```yaml +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: frontend + namespace: test +spec: + gateways: + - public-gateway.istio-system.svc.cluster.local + - mesh + hosts: + - frontend.example.com + - frontend + http: + - match: + - uri: + prefix: /podinfo + rewrite: + uri: / + delegate: + name: backend + namespace: test +``` + +Note that pilot env `PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE` must also be set. +(For the use of Istio Delegation, you can refer to the [documentation](https://istio.io/latest/docs/reference/config/networking/virtual-service/#Delegate).) + ### Istio Ingress Gateway **How can I expose multiple canaries on the same external domain?** diff --git a/kustomize/base/flagger/crd.yaml b/kustomize/base/flagger/crd.yaml index 031e83612..6fd69629e 100644 --- a/kustomize/base/flagger/crd.yaml +++ b/kustomize/base/flagger/crd.yaml @@ -156,7 +156,7 @@ spec: type: array items: type: string - isDelegation: + delegation: description: enable behaving as a delegate VirtualService type: boolean match: diff --git a/pkg/apis/flagger/v1beta1/canary.go b/pkg/apis/flagger/v1beta1/canary.go index c371a79e0..12cd60524 100644 --- a/pkg/apis/flagger/v1beta1/canary.go +++ b/pkg/apis/flagger/v1beta1/canary.go @@ -137,12 +137,9 @@ type CanaryService struct { // +optional Hosts []string `json:"hosts,omitempty"` - // IsDelegation behaves as a delegate virtual service - // if enabled, the pilot env `PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE` must also be set to enabled. - // +optional - // If enabled, Flagger would generate Istio VirtualServices without hosts and gateway, - // making the service compatible with Istio delegation. Note that pilot env - //` PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE` must also be set. + // If enabled, Flagger would generate Istio VirtualServices without hosts and gateway, + // making the service compatible with Istio delegation. Note that pilot env + // `PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE` must also be set. // +optional Delegation bool `json:"delegation,omitempty"` diff --git a/pkg/router/istio.go b/pkg/router/istio.go index 5b43c0c69..93cc1139e 100644 --- a/pkg/router/istio.go +++ b/pkg/router/istio.go @@ -98,7 +98,7 @@ func (ir *IstioRouter) reconcileDestinationRule(canary *flaggerv1.Canary, name s func (ir *IstioRouter) reconcileVirtualService(canary *flaggerv1.Canary) error { apexName, primaryName, canaryName := canary.GetServiceNames() - if canary.Spec.Service.IsDelegation { + if canary.Spec.Service.Delegation { if len(canary.Spec.Service.Hosts) > 0 || len(canary.Spec.Service.Gateways) > 0 { // delegate VirtualService cannot have hosts and gateways. return fmt.Errorf("VirtualService %s.%s cannot have hosts and gateways when delegation enabled", apexName, canary.Namespace) @@ -139,7 +139,7 @@ func (ir *IstioRouter) reconcileVirtualService(canary *flaggerv1.Canary) error { makeDestination(canary, canaryName, 0), } - if canary.Spec.Service.IsDelegation { + if canary.Spec.Service.Delegation { // delegate VirtualService requires the hosts and gateway empty. hosts = []string{} gateways = []string{} diff --git a/pkg/router/istio_test.go b/pkg/router/istio_test.go index 6b23b887d..08b3b7cc5 100644 --- a/pkg/router/istio_test.go +++ b/pkg/router/istio_test.go @@ -338,7 +338,7 @@ func TestIstioRouter_Delegate(t *testing.T) { mocks := newFixture(nil) mocks.canary.Spec.Service.Hosts = []string{} mocks.canary.Spec.Service.Gateways = []string{} - mocks.canary.Spec.Service.IsDelegation = true + mocks.canary.Spec.Service.Delegation = true router := &IstioRouter{ logger: mocks.logger, @@ -366,7 +366,7 @@ func TestIstioRouter_Delegate(t *testing.T) { "mesh", } } - mocks.canary.Spec.Service.IsDelegation = true + mocks.canary.Spec.Service.Delegation = true router := &IstioRouter{ logger: mocks.logger, diff --git a/test/e2e-istio-tests-delegate.sh b/test/e2e-istio-tests-delegate.sh index 1e9525e55..9f934c15f 100755 --- a/test/e2e-istio-tests-delegate.sh +++ b/test/e2e-istio-tests-delegate.sh @@ -69,7 +69,7 @@ spec: port: 80 targetPort: 9898 portDiscovery: true - isDelegation: true + delegation: true skipAnalysis: true analysis: interval: 15s From 046aea4e6ff78c13942c63eacbb9f17260f6d919 Mon Sep 17 00:00:00 2001 From: kazukousen Date: Wed, 28 Oct 2020 01:50:01 +0900 Subject: [PATCH 12/12] add a reference to the pilot doc --- docs/gitbook/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/gitbook/faq.md b/docs/gitbook/faq.md index ffbb9ff70..081f06ffa 100644 --- a/docs/gitbook/faq.md +++ b/docs/gitbook/faq.md @@ -631,7 +631,7 @@ spec: ``` Note that pilot env `PILOT_ENABLE_VIRTUAL_SERVICE_DELEGATE` must also be set. -(For the use of Istio Delegation, you can refer to the [documentation](https://istio.io/latest/docs/reference/config/networking/virtual-service/#Delegate).) +(For the use of Istio Delegation, you can refer to the documentation of [Virtual Service](https://istio.io/latest/docs/reference/config/networking/virtual-service/#Delegate) and [pilot environment variables](https://istio.io/latest/docs/reference/commands/pilot-discovery/#envvars).) ### Istio Ingress Gateway