Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EndpointSlices Reflection should happen for services I annotated to offload from local cluster #2036

Closed
Sharathmk99 opened this issue Sep 21, 2023 · 1 comment · Fixed by #2043
Closed

EndpointSlices Reflection should happen for services I annotated to offload from local cluster #2036

Sharathmk99 opened this issue Sep 21, 2023 · 1 comment · Fixed by #2043

Comments

@Sharathmk99
Copy link
Contributor

What happened:

We are using "AllowList-based and DenyList-based Resource Reflection" feature and facing below problem.

We wanted to select few services from namespace A to offload to remote cluster, so we have set reflection.service.type=AllowList and added annotation liqo.io/allow-reflection to service which I wanted to offload to remote cluster. But I kept reflection.endpointslice.type to DenyList. Now I can see only selective services in remote cluster, which is good.

But now I'm creating service A in remote cluster which has same service name as local cluster but not selected to offload to remote cluster, now when I try to access Service A from remote cluster it's been forwarded to local cluster because endpointslices is created for all services under namespace.

I could have set reflection.endpointslice.type to AllowList but I don't manually create EndpointSlice in local cluster to add annotations. Ideally EndpointSlices should be created for the services I annotated to offload from local cluster.

What you expected to happen:

EndpointSlices should be created for the services I annotated to offload from local cluster, not for all services under namespace

How to reproduce it (as minimally and precisely as possible):

Create Service A and Service B under Namespace A and annotate Service A with liqo.io/allow-reflection.
Try to create Service B in remote cluster and access Service B from remote cluster.

Anything else we need to know?:

Environment:

  • Liqo version: v0.9.4
  • Liqoctl version: v0.9.4
  • Kubernetes version (use kubectl version): 1.22.x
  • Cloud provider or hardware configuration: kubeadm & AKS
  • Node image:
  • Network plugin and version:
  • Install tools:
  • Others:
@fra98
Copy link
Member

fra98 commented Sep 21, 2023
edited
Loading

@Sharathmk99 thanks for your suggestion. We will modify soon this behaviour. In particular:

  • the endpointslices reflector will inherit the reflection type from the services reflector
  • an endpointslice is (not) reflected if the associated service is (not) reflected
  • you can bypass the above behavior if you explicitly annotate the endpointslice itself (i.e., reflect the endpointslice using liqo.io/allow-reflection annotation, do not reflect using liqo.io/skip-reflection)

@fra98 fra98 mentioned this issue Sep 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Endpointslices reflection fix fra98/liqo
2 participants
@Sharathmk99 @fra98