Skip to content

canonical wds service#58576

Merged
istio-testing merged 12 commits intoistio:masterfrom
ilrudie:canonical-wds-service
Jan 10, 2026
Merged

canonical wds service#58576
istio-testing merged 12 commits intoistio:masterfrom
ilrudie:canonical-wds-service

Conversation

@ilrudie
Copy link
Copy Markdown
Contributor

@ilrudie ilrudie commented Dec 16, 2025
edited
Loading

Please provide a description of this PR:

This is a super early draft for creating "canonical" wds services.

As I worked to optimize ztunnel xds handling and service resolution, it became apparent that the lookup could be optimized all the way to something like, "Is in my namespace ELSE is canonical". When working on "is canonical" it became apparent that this could be a boolean field calculated by istiod instead of a field populated by ztunnel during xds handling.

TODO:

  • clean my scribbling from the comments
  • better testing
  • ztunnel implementation
  • some form of "preferred namespace" implementation (ztunnel presently supports this in-proxy. As a result, some way to produce this behavior is likely table stakes for any sort of rationalizing of service resolution in ambient.)

@ilrudie ilrudie requested review from a team as code owners December 16, 2025 00:23
@istio-policy-bot istio-policy-bot added the area/ambient Issues related to ambient mesh label Dec 16, 2025
@istio-testing istio-testing added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Dec 16, 2025
howardjohn
howardjohn reviewed Dec 16, 2025
View reviewed changes
@istio-testing istio-testing added the needs-rebase Indicates a PR needs to be rebased before being merged label Dec 19, 2025
@ilrudie ilrudie mentioned this pull request Dec 29, 2025
Merged
@ilrudie
workloadapi changes to add a canonical field to service
1bd39f3 
Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@ilrudie
first pass at marking wds services as canonical
9358582 
Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@ilrudie
protomarshal.ShallowCopy the wds Service in setCanonical
2f867cc 
Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@ilrudie
precomupute canonical svc, fix logic
ea7b148 
Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@ilrudie ilrudie force-pushed the canonical-wds-service branch from 83d919c to ea7b148 Compare December 30, 2025 16:29
@istio-testing istio-testing removed the needs-rebase Indicates a PR needs to be rebased before being merged label Dec 30, 2025
Stevenjin8
Stevenjin8 reviewed Dec 31, 2025
View reviewed changes
@ilrudie ilrudie mentioned this pull request Dec 31, 2025
Open
@istio-testing istio-testing added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jan 5, 2026
@ilrudie
update overlap tests to make assertions about canonical service
7cfedf5 
Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@ilrudie ilrudie force-pushed the canonical-wds-service branch from ff96de4 to 7cfedf5 Compare January 5, 2026 17:25
@ilrudie
eliminate key conflict requiring checked join
1bf38cf 
Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@ilrudie ilrudie force-pushed the canonical-wds-service branch from af8e8ba to 1bf38cf Compare January 9, 2026 15:34
@ilrudie
trying to unravel the issue with MC ambient indexes, we'll need to cl…
bd7d643 
…ean this up

Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@stevenctl
Copy link
Copy Markdown
Contributor

stevenctl commented Jan 9, 2026

last comment is that we probably want Waypoint to be consistent with the ztunnel logic added in istio/ztunnel#1704

We already get the intra-namespace dedupe logic from the sidecar code (timestamps, service > service entry) but we don't get the "prefer namespace local"

that could be added with something like this:

https://gist.github.com/stevenctl/9e7aca7e889ddf0970d7d0a60aa438ec

ilrudie added 4 commits January 9, 2026 15:03
@ilrudie
comment on MapCollection function warning about mapFunc
7c3db8f 
Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@ilrudie
cleanup comment
9be56ae 
Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@ilrudie
cleanup repeated code
3782bff 
Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@ilrudie
sync canonical comment with suggestion from ztunnel PR
143ceca 
Signed-off-by: Ian Rudie <ian.rudie@solo.io>
stevenctl
stevenctl approved these changes Jan 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@stevenctl stevenctl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but can we create a follow up if we want to make waypoint consistent with zt on the "prefer local namespace" case.

@keithmattix
Copy link
Copy Markdown
Contributor

keithmattix commented Jan 10, 2026

/retest

@ilrudie
release note
1eb2bb8 
Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@ilrudie
Copy link
Copy Markdown
Contributor Author

ilrudie commented Jan 10, 2026

/retest-required

1 similar comment
@ilrudie
Copy link
Copy Markdown
Contributor Author

ilrudie commented Jan 10, 2026

/retest-required

@istio-testing istio-testing merged commit 8bea6a8 into istio:master Jan 10, 2026
33 checks passed
stevenctl pushed a commit to stevenctl/istio that referenced this pull request Jan 14, 2026
@ilrudie @stevenctl
canonical wds service (istio#58576)
99c5a1b 
* workloadapi changes to add a canonical field to service

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* first pass at marking wds services as canonical

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* protomarshal.ShallowCopy the wds Service in setCanonical

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* precomupute canonical svc, fix logic

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* update overlap tests to make assertions about canonical service

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* eliminate key conflict requiring checked join

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* trying to unravel the issue with MC ambient indexes, we'll need to clean this up

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* comment on MapCollection function warning about mapFunc

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* cleanup comment

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* cleanup repeated code

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* sync canonical comment with suggestion from ztunnel PR

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

* release note

Signed-off-by: Ian Rudie <ian.rudie@solo.io>

---------

Signed-off-by: Ian Rudie <ian.rudie@solo.io>
@stevenctl stevenctl mentioned this pull request Jan 21, 2026
Open
@ilrudie ilrudie mentioned this pull request Jan 23, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@howardjohn howardjohn howardjohn left review comments

@Stevenjin8 Stevenjin8 Stevenjin8 left review comments

@keithmattix keithmattix keithmattix approved these changes

@stevenctl stevenctl stevenctl approved these changes

Assignees

No one assigned

Labels

area/ambient Issues related to ambient mesh size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@ilrudie @stevenctl @keithmattix @howardjohn @Stevenjin8 @istio-testing @istio-policy-bot