Skip to content

daemon: conditionally disable headless service watch #40844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 29, 2025
Merged

daemon: conditionally disable headless service watch #40844

merged 1 commit into from
Aug 29, 2025

Conversation

moscicky
Copy link
Contributor

@moscicky moscicky commented Jul 31, 2025
edited
Loading

Previously, daemon watched headless services and headless services endpoint slices uncodnitially. This meant that even if features relying on headless services watch such as Gateway API and Ingress were not used the watch was created. This caused a increased load on apisever in clusters making use of headless services.

This patch disables the headless service watch when feature relying on it (Gateway API, Ingress) are not enabled.

Tests for the change were copied from the version prior to #28440.

Fixes: #40763

Please ensure your pull request adheres to the following guidelines:

  • For first time contributors, read Submitting a pull request
  • All code is covered by unit and/or runtime tests where feasible.
  • All commits contain a well written commit description including a title,
    description and a Fixes: #XXX line if the commit addresses a particular
    GitHub issue.
  • If your commit description contains a Fixes: <commit-id> tag, then
    please add the commit author[s] as reviewer[s] to this issue.
  • All commits are signed off. See the section Developer’s Certificate of Origin
  • Provide a title or release-note blurb suitable for the release notes.
  • Are you a user of Cilium? Please add yourself to the Users doc
  • Thanks for contributing!
Disable unnecessary headless service watching to reduce API server load in clusters not using the Gateway API or Ingress features.

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jul 31, 2025
@github-actions github-actions bot added the kind/community-contribution This was a contribution made by a community member. label Jul 31, 2025
@tsotne95
Copy link
Contributor

tsotne95 commented Aug 1, 2025

/test

@moscicky moscicky force-pushed the pr/disable-headless-service-watch branch from 4ee8020 to 4f501f1 Compare August 4, 2025 13:15
@marseel
Copy link
Contributor

marseel commented Aug 4, 2025

/test

@moscicky moscicky force-pushed the pr/disable-headless-service-watch branch from 4f501f1 to f55c550 Compare August 5, 2025 13:18
@moscicky moscicky changed the title deamon: disable headless service watch when gateway-api and ingress a… deamon: conditionally disable headless service watch Aug 5, 2025
@moscicky moscicky force-pushed the pr/disable-headless-service-watch branch from f55c550 to 004a38b Compare August 5, 2025 13:39
@tsotne95
Copy link
Contributor

tsotne95 commented Aug 5, 2025

/test

@moscicky moscicky force-pushed the pr/disable-headless-service-watch branch from 004a38b to d8b4063 Compare August 5, 2025 14:45
@tsotne95
Copy link
Contributor

tsotne95 commented Aug 5, 2025

/test

@tsotne95
Copy link
Contributor

tsotne95 commented Aug 6, 2025

/ci-clustermesh

@moscicky moscicky marked this pull request as ready for review August 6, 2025 08:03
@moscicky moscicky requested review from a team as code owners August 6, 2025 08:03
@moscicky moscicky requested review from joamaki and jrajahalme August 6, 2025 08:03
@moscicky
Copy link
Contributor Author

moscicky commented Aug 6, 2025

This PR contains one of solutions discussed in: #40763, I am happy to discuss alternative approaches

@marseel
Copy link
Contributor

marseel commented Aug 6, 2025

cc @youngnick

joamaki
joamaki requested changes Aug 6, 2025
View reviewed changes
joamaki
joamaki reviewed Aug 6, 2025
View reviewed changes
joamaki
joamaki reviewed Aug 6, 2025
View reviewed changes
@moscicky moscicky requested review from a team as code owners August 6, 2025 13:01
@pchaigno pchaigno enabled auto-merge August 25, 2025 14:45
@tsotne95
Copy link
Contributor

/ci-clustermesh

@tsotne95
Copy link
Contributor

/ci-e2e-upgrade

@tsotne95
Copy link
Contributor

/ci-ginkgo

auto-merge was automatically disabled August 26, 2025 10:48

Head branch was pushed to by a user without write access

@moscicky moscicky force-pushed the pr/disable-headless-service-watch branch from 26a9de8 to 50e3432 Compare August 26, 2025 10:48
@tsotne95
Copy link
Contributor

/test

@tsotne95
Copy link
Contributor

/ci-gateway-api

@tsotne95
Copy link
Contributor

/ci-e2e-upgrade

@marseel marseel enabled auto-merge August 27, 2025 07:51
@marseel
Copy link
Contributor

marseel commented Aug 27, 2025

cc @cilium/envoy for review, I think Jarno is OOO

@youngnick youngnick requested review from sayboras and removed request for jrajahalme August 29, 2025 04:47
@youngnick
Copy link
Contributor

I added @sayboras, thanks for the callout @marseel.

sayboras
sayboras approved these changes Aug 29, 2025
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks ✅

@moscicky
daemon: conditionally disable headless service watch
e425529 
Previously, daemon watched headless services and headless services endpoint slices uncodnitially. This meant that even if features relying on headless services watch such as Gateway API and Ingress were not used the watch was created. This caused a increased load on apisever in clusters making use of headless services.

This patch disables the headless service watch when feature relying on it (Gateway API, Ingress) are not enabled.

Fixes: cilium#40763

Signed-off-by: Maciej Moscicki <mmoscicki@google.com>
auto-merge was automatically disabled August 29, 2025 08:41

Head branch was pushed to by a user without write access

@moscicky moscicky force-pushed the pr/disable-headless-service-watch branch from 50e3432 to e425529 Compare August 29, 2025 08:41
@tsotne95
Copy link
Contributor

/test

@tsotne95
Copy link
Contributor

/ci-gateway-api

@pchaigno pchaigno enabled auto-merge August 29, 2025 09:22
@pchaigno pchaigno added this pull request to the merge queue Aug 29, 2025
Merged via the queue into cilium:main with commit 72fa526 Aug 29, 2025
68 checks passed
@viktor-kurchenko viktor-kurchenko mentioned this pull request Sep 2, 2025
Merged
18 tasks
@viktor-kurchenko viktor-kurchenko added backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. and removed needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Sep 2, 2025
@github-actions github-actions bot added backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. and removed backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. labels Sep 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joamaki joamaki joamaki approved these changes

@marseel marseel marseel approved these changes

@sayboras sayboras sayboras approved these changes

@youngnick youngnick youngnick approved these changes

@rastislavs rastislavs rastislavs approved these changes

@smagnani96 smagnani96 smagnani96 approved these changes

@bowei bowei Awaiting requested review from bowei

Assignees
No one assigned
Labels
backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. feature/k8s-gateway-api feature/k8s-ingress kind/community-contribution This was a contribution made by a community member. release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Scalability Regression: Agent Headless Service watch changes in 1.16+