multicluster traffic management #10486
Conversation
|
😊 Welcome! This is either your first contribution to the Istio documentation repo, or
Thanks for contributing! Courtesy of your friendly welcome wagon. |
|
Skipping CI for Draft Pull Request. |
| spec: | ||
| hosts: | ||
| - mysvc.myns.svc.cluster.local | ||
| http: |
There was a problem hiding this comment.
without sourceLabels support the VS has to be different in each cluster... and doesn't really work for primary-remote
There was a problem hiding this comment.
Are you still working on the fix? Can this doc wait until that lands?
There was a problem hiding this comment.
It actually already works :)
| load-balanced across all clusters in the mesh for a given service. In some cases, that behavior is not desirable, and | ||
| this document describes the different options for overriding that default. | ||
|
|
||
| ## Cluster Local Services |
There was a problem hiding this comment.
should we also have a section that highlights locality load balancing as an option? and is this header correct?
There was a problem hiding this comment.
I don't think we actually define cluster-local as a term. Perhaps you could call this something like Keeping traffic in-cluster?
Backing up a bit, the DR section is actually more generic than "cluster-local" anyway. You could use it for any sort of partitioning by label (network, cluster, etc.). Maybe we should frame it like that?
So the outline might be something like:
- Keeping traffic in-cluster
- Partitioning Service Endpoints (i.e. Subsetting)
- Services that are not the same
And the partitioning example could effectively also be a cluster-local example, just doing it a different way. And just explain that it's actually a more flexible tool and can do more than just cluster-local.
| test: no | ||
| --- | ||
|
|
||
| Within a multicluster mesh, [namespace sameness](https://github.com/kubernetes/community/blob/master/sig-multicluster/namespace-sameness-position-statement.md) |
There was a problem hiding this comment.
Is this the right place for the sameness note? Or should it live in deployment models? Or both?
There was a problem hiding this comment.
This should definitely go in deployment models. Maybe we need a glossary entry as well for namespace sameness. I'm fine duplicating the link here.
| load-balanced across all clusters in the mesh for a given service. In some cases, that behavior is not desirable, and | ||
| this document describes the different options for overriding that default. | ||
|
|
||
| ## Cluster Local Services |
There was a problem hiding this comment.
I don't think we actually define cluster-local as a term. Perhaps you could call this something like Keeping traffic in-cluster?
Backing up a bit, the DR section is actually more generic than "cluster-local" anyway. You could use it for any sort of partitioning by label (network, cluster, etc.). Maybe we should frame it like that?
So the outline might be something like:
- Keeping traffic in-cluster
- Partitioning Service Endpoints (i.e. Subsetting)
- Services that are not the same
And the partitioning example could effectively also be a cluster-local example, just doing it a different way. And just explain that it's actually a more flexible tool and can do more than just cluster-local.
| spec: | ||
| hosts: | ||
| - mysvc.myns.svc.cluster.local | ||
| http: |
There was a problem hiding this comment.
Are you still working on the fix? Can this doc wait until that lands?
|
|
||
| ### Per-cluster `Service` or `Namespace` | ||
|
|
||
| If `Services` aren't meant to be used cross-cluster at all, it may make sense to simply give them unique names in each |
There was a problem hiding this comment.
Can we come up with a more concrete example for this? I'm having trouble picturing how this is different from cluster-local.
| ### Keeping traffic in-cluster | ||
|
|
||
| In some cases the default cross-cluster load balancing behavior is not desirable. To keep traffic "cluster-local" (i.e. | ||
| traffic sent from `cluster-a` will only reach destinations in `cluster-a`), there are multiple-approaches. |
There was a problem hiding this comment.
there is another approach localityloadbalancing.FailoverPriority
There was a problem hiding this comment.
Locality load balancing is a slightly different topic. Locality LB allows spill over into other localities. Here we're specifically protecting against that in order to draw strict partitions within the mesh. Any locality LB would apply within the partitions.
There was a problem hiding this comment.
Yes! Definitely want to fit that in.
|
|
||
| On top of default locality components of `region/zone/subzone`, you can use [`failoverPriority`](/docs/reference/config/networking/destination-rule/#LocalityLoadBalancerSetting) | ||
| to failover based on the cluster or network explicitly. Using the following destination rule, traffic will prefer first | ||
| in-cluster traffic, then in-network, then in-region, etc. |
There was a problem hiding this comment.
Not exactly, matching all the labels first, then second, match the first N-1 labels.
|
|
||
| ## Cluster Local Services | ||
| If there is no case where this traffic should be sent across clusters, consider giving the services a different name in each cluster. |
There was a problem hiding this comment.
This sounds like cluster-local services could apply here too ... in which case they are the same service, but happen to be stateful.
| @@ -7,15 +7,16 @@ owner: istio/wg-networking-maintainers | |||
| test: no | |||
| --- | |||
|
|
|||
| ### Services that are not the same | |||
There was a problem hiding this comment.
Maybe just call this Namespace Sameness?
|
|
||
| If there is no case where this traffic should be sent across clusters, consider giving the services a different name in each cluster. | ||
|
|
||
| ### Partitioning Service Endpoints (i.e. creating subsets) |
There was a problem hiding this comment.
Maybe just call this Partitioning a Service
|
|
||
| ### Partitioning Service Endpoints (i.e. creating subsets) | ||
|
|
||
| Using the label `topology.istio.io/cluster` in the subset selector for a DestinationRule, you can create |
There was a problem hiding this comment.
Let's begin by making a more general statement that you can partition anyway you like by label, using subsets. Maybe we can even link to the list of labels in the API? Then as the example, we can build a cluster-local service using the cluster label.
There was a problem hiding this comment.
+1 I think a list of the available built-in labels that one can use, would be really good.
There was a problem hiding this comment.
Sgtm. Would be cool if we included something in /reference/config/labels/ that additionally highlights the which ones are built-in.
| subset: cluster-2 | ||
| {{< /text >}} | ||
|
|
||
| #### Global `MeshConfig` settings |
There was a problem hiding this comment.
I actually think this should be a top-level section along side the Partitioning a Service section. The partitioning section is all about subsets .... this is different.
Maybe we call this something like Keeping Traffic In-Cluster? We've never actually defined cluster-local AFAIK :).
So I'm thinking we could re-arrange the contents to:
- Namespace Sameness
- Here we just keep you section as-is .. just introduce/re-introduce the concept.
- Keeping Traffic In-Cluster
- The mesh-config solution.
- Service Partitioning
- We describe that this is a general way of partitioning your service endpoints and we'll re-do the "Keeping Traffic In-Cluster" using subsets as an example.
WDYT?
There was a problem hiding this comment.
That sounds good to me. It would be good to also explain that service partitioning can also be used to keep traffic in-cluster and maybe touch on why use one vs the other.
There was a problem hiding this comment.
I've put things in this structure, but I can't really think of a good way to word the pros/cons of each of the "cluster-local" approaches.
On one hand, the subsetting approach allows a bit more granular control, but it also starts to mix service-level policy with topology-level policy. For example, a config that sends 10% of traffic to v2 now needs 2x subsets (i.e. cluster-1-v2, cluster-2-v2)
There was a problem hiding this comment.
Rather than pros/cons I was thinking just a high level statement, maybe along the lines of what you just said. The one is generally more appropriate for setting topology-level policy, while the other is more service focused.
There was a problem hiding this comment.
added a section at the bottom
| ### Keeping traffic in-cluster | ||
|
|
||
| In some cases the default cross-cluster load balancing behavior is not desirable. To keep traffic "cluster-local" (i.e. | ||
| traffic sent from `cluster-a` will only reach destinations in `cluster-a`), there are multiple-approaches. |
There was a problem hiding this comment.
Locality load balancing is a slightly different topic. Locality LB allows spill over into other localities. Here we're specifically protecting against that in order to draw strict partitions within the mesh. Any locality LB would apply within the partitions.
I think it still has a place here but I don't feel strongly. |
We already have docs (a task) for locality LB. We could mention it somewhere here and link to the docs? |
Probably just need to update it with details/examples for the new failoverPriority API. |
|
|
||
| On top of default locality components of `region/zone/subzone`, you can use [`failoverPriority`](/docs/reference/config/networking/destination-rule/#LocalityLoadBalancerSetting) | ||
| to failover based on the cluster or network explicitly. Using the following destination rule, traffic will prefer first | ||
| in-cluster traffic, then in-network, then in-region, etc. |
There was a problem hiding this comment.
This desc is not quite right
| - "topology.istio.io/cluster" | ||
| - "topology.istio.io/network" | ||
| - "topology.kubernetes.io/region" | ||
| - "topology.kubernetes.io/zone" | ||
| - "topology.istio.io/subzone" |
There was a problem hiding this comment.
maybe you can remove the region/zone/subzone
content/en/docs/ops/configuration/traffic-management/multicluster/index.md
Show resolved
Hide resolved
| clusterLocal: true | ||
| hosts: | ||
| - "mysvc.myns.svc.cluster.local" |
There was a problem hiding this comment.
This should be indented more?
btw, where is the proto for this?
There was a problem hiding this comment.
good catch – and I'm not sure what you mean by where is the proto?
|
|
||
| {{< tab name="per-service" category-value="service" >}} | ||
|
|
||
| {{< text yaml >}} |
There was a problem hiding this comment.
Should give more context. What CRD is this, and were is it applied?
…ter/index.md Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
content/en/docs/ops/configuration/traffic-management/multicluster/index.md
Outdated
Show resolved
Hide resolved
content/en/docs/ops/configuration/traffic-management/multicluster/index.md
Outdated
Show resolved
Hide resolved
…ter/index.md Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
…ter/index.md Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
|
/test gencheck_istio.io |
content/en/docs/ops/configuration/traffic-management/multicluster/index.md
Outdated
Show resolved
Hide resolved
…ter/index.md Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
* feat/content/zh/docs/ops/configuration/traffic-management/multicluster/index.md * feat/content/zh/docs/ops/configuration/traffic-management/multicluster/index.md * feat/multicluster traffic management docs * fix/content/zh/docs/releases/bugs/index.md * "2"
https://deploy-preview-10486--preliminary-istio.netlify.app/latest/docs/ops/configuration/traffic-management/multicluster/