Linkerd is altering status on HTTPRoutes it doesn't own #11659
Comments
|
I'm going to resolve this as a dup of envoyproxy/gateway#2248 – I'm involved with Envoy Gateway, too, so I think we can track it in just the one project. 🙂 |
|
Upon investigation... yeah, we think that this is a Linkerd bug. 🙁 Reopening this issue. How to reproduceStart with an empty cluster. 1. Install Linkerd.Install Linkerd without messing with Gateway API CRDs: linkerd install --crds --set enableHttpRoutes=false | k apply -f -
linkerd install --set enableHttpRoutes=false | k apply -f -At this point Linkerd will not start running, which surprised me, but the next step fixes that. 2. Install Envoy Gateway.This is from the Envoy Gateway quickstart: helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.6.0 \
-n envoy-gateway-system --create-namespace(Note that 3. Wait for Linkerd and Envoy Gateway to be running.kubectl rollout status -n envoy-gateway deploy
kubectl rollout status -n linkerd deploy4. Create a GatewayClass, Gateway, and HTTPRoute.Again from the Envoy Gateway quickstart: kubectl apply -f https://github.com/envoyproxy/gateway/releases/download/latest/quickstart.yaml -n default5. Observe the bug.kubectl get httproutes.gateway.networking.k8s.io backend -o yamlThe status:
parents: []instead of the proper status from Envoy Gateway. HypothesisIt appears that Envoy Gateway correctly notices that our HTTPRoute has an entry in Linkerd correctly sees the Overall, I think that Linkerd shouldn't be attempting any update of a route that it doesn't own, and I think that maybe that starts with altering the check in policy-controller/k8s/status/src/index.rs at line 129? } else if id.gkn.group == k8s_gateway_api::HttpRoute::group(&()) { |
kflynn
changed the title
|
Part of this fix is also going to be to add conformance tests for mesh/gateway-controller interaction, as tracked in kubernetes-sigs/gateway-api#2630.) |
|
Hi @kflynn |
Fixes #11659 When the policy controller updates the status of an HttpRoute, it will override any existing statuses on that resource. We update the policy controller to take into account any statuses which are not controlled by Linkerd already on the resource. It will patch the final statuses to be the combination of thee non-Linkerd statuses plus the Linkerd statuses. Signed-off-by: Alex Leong <[email protected]>
## edge-23.12.2 This edge release includes a restructuring of the proxy's balancer along with accompanying new metrics. The new minimum supported Kubernetes version is 1.22. * Restructured the proxy's balancer ([#11750]): balancer changes may now occur independently of request processing. Fail-fast circuit breaking is enforced on the balancer's queue so that requests can't get stuck in a queue indefinitely. This new balancer is instrumented with new metrics: request (in-queue) latency histograms, failfast states, discovery updates counts, and balancer endpoint pool sizes. * Changed how the policy controller updates HTTPRoute status so that it doesn't affect statuses from other non-linkerd controllers ([#11705]; fixes [#11659]) [#11750]: #11750 [#11705]: #11705 [#11659]: #11659
## edge-23.12.2 This edge release includes a restructuring of the proxy's balancer along with accompanying new metrics. The new minimum supported Kubernetes version is 1.22. * Restructured the proxy's balancer ([#11750]): balancer changes may now occur independently of request processing. Fail-fast circuit breaking is enforced on the balancer's queue so that requests can't get stuck in a queue indefinitely. This new balancer is instrumented with new metrics: request (in-queue) latency histograms, failfast states, discovery updates counts, and balancer endpoint pool sizes. * Changed how the policy controller updates HTTPRoute status so that it doesn't affect statuses from other non-linkerd controllers ([#11705]; fixes [#11659]) [#11750]: #11750 [#11705]: #11705 [#11659]: #11659
Fixes #11659 When the policy controller updates the status of an HttpRoute, it will override any existing statuses on that resource. We update the policy controller to take into account any statuses which are not controlled by Linkerd already on the resource. It will patch the final statuses to be the combination of thee non-Linkerd statuses plus the Linkerd statuses. Signed-off-by: Alex Leong <[email protected]>
What is the issue?
When I config Envoy-Gateway https://github.com/envoyproxy/gateway.
Then I apply HTTPRoute, the control plan of linkerd watch resource of envoy-gateway, and change it. So it make the envoy-gateway error. Help me how to fix it.
How can it be reproduced?
When I config Envoy-Gateway https://github.com/envoyproxy/gateway.
Then I apply HTTPRoute, the control plan of linkerd watch resource of envoy-gateway, and change it. So it make the envoy-gateway error. Help me how to fix it.
Logs, error output, etc
When I config Envoy-Gateway https://github.com/envoyproxy/gateway.
Then I apply HTTPRoute, the control plan of linkerd watch resource of envoy-gateway, and change it. So it make the envoy-gateway error. Help me how to fix it.
output of
linkerd check -o shortrepository: "https://helm.linkerd.io/stable"
version: 1.8.0
repository: https://helm.linkerd.io/stable
version: 1.16.6
Environment
repository: "https://helm.linkerd.io/stable"
version: 1.8.0
repository: https://helm.linkerd.io/stable
version: 1.16.6
Possible solution
No response
Additional context
When I config Envoy-Gateway https://github.com/envoyproxy/gateway.
Then I apply HTTPRoute, the control plan of linkerd watch resource of envoy-gateway, and change it. So it make the envoy-gateway error. Help me how to fix it.
Would you like to work on fixing this bug?
yes
The text was updated successfully, but these errors were encountered: