Clarify docs on invalid serviceName #756
Conversation
k8s-ci-robot
added
kind/documentation
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @howardjohn. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
size/S
apis/v1alpha2/httproute_types.go
Outdated
| @@ -241,7 +241,7 @@ type HTTPRouteRule struct { | |||
| Filters []HTTPRouteFilter `json:"filters,omitempty"` | |||
|
|
|||
| // BackendRefs defines the backend(s) where matching requests should be | |||
| // sent. If unspecified, the rule performs no forwarding. If unspecified and | |||
| // sent. If unspecified or invalid, the rule performs no forwarding; if | |||
There was a problem hiding this comment.
Should we further clarify what invalid means?
Does a regular k8s Service with no endpoints count as invalid?
There was a problem hiding this comment.
Good point, wouldn't hurt to clarify that a Service with no endpoints should also not have traffic forwarded for it either. Maybe something like this:
A BackendRef is considered invalid when it refers to a non-existent resource or a Service that does not have any endpoints.
There was a problem hiding this comment.
Would be nice to clarify too if you have multiple backendrefs what happens. From the discussion in the issue, you'd lad balance across some valid and some that return 503s?
There was a problem hiding this comment.
I personally think it makes more sense to leave the weighting as requested. IE if a user says that 80% of requests should go to an invalid backend, could we just make that 80% of requests 503? Although that's harsh, it may be better than the alternative of sending all traffic to an alpha endpoint, a failure that could potentially go unnoticed for a long time.
There was a problem hiding this comment.
I just feel we need to call out whatever behavior is decided. In my head, you'd set status for the invalid but skip the invalid services for serving. But that's ok if others don't agree. 🙃
Given this model, if you only had one invalid service defined for a route, you'd serve 503s, bit would you set a status on the route?
There was a problem hiding this comment.
I personally think it makes more sense to leave the weighting as requested. IE if a user says that 80% of requests should go to an invalid backend, could we just make that 80% of requests 503? Although that's harsh, it may be better than the alternative of sending all traffic to an alpha endpoint, a failure that could potentially go unnoticed for a long time.
This was the consensus in the linked issue #638.
You could set an unresolved refs condition somewhere to report the inability to resolve an invalid service name.
There was a problem hiding this comment.
So, something like this?
| // sent. If unspecified or invalid, the rule performs no forwarding; if | |
| // sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), | |
| // the rule performs no forwarding; if |
With another bit added afterwards:
// 503 responses must be sent so that the overall weight is respected; if an invalid backend is requested
// to have 80% of requests, then 80% of requests must get a 503 instead.That makes sense to me. (With apologies to @howardjohn for writing your PR for you :) )
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
apis/v1alpha2/tcproute_types.go
Outdated
| // sent. | ||
| // sent. If unspecified or invalid, the rule performs no forwarding; if | ||
| // no filters are specified that would result in a response being sent, | ||
| // a HTTP 503 status code is returned. |
There was a problem hiding this comment.
Missed this the first time, but the HTTP 503 bit doesn't make sense for TCP or other L4 protocols.
There was a problem hiding this comment.
Close the connection for TCP and ignore the packet for UDP?
There was a problem hiding this comment.
Maybe this?
| // a HTTP 503 status code is returned. | |
| // the underlying implementation must actively reject connection attempts to this backend, which | |
| // in this case implies closing the TCP connection. |
For UDP, the only option is to drop the packet on the floor.
apis/v1alpha2/tlsroute_types.go
Outdated
| // sent. | ||
| // sent. If unspecified or invalid, the rule performs no forwarding; if | ||
| // no filters are specified that would result in a response being sent, | ||
| // a HTTP 503 status code is returned. |
There was a problem hiding this comment.
As above with TCPRoute, it's not always given that TLSRoutes are using HTTP, so maybe something like this:
| // a HTTP 503 status code is returned. | |
| // the underlying implementation should actively reject connection attempts to this backend, | |
| // either by sending a HTTP 503 status code, or closing the connection for non-HTTP TLSRoutes. |
k8s-ci-robot
added
size/M
|
I think this update lines up well with all the feedback above, thanks @howardjohn! /lgtm |
k8s-ci-robot
added
the
lgtm
|
/approve |
robscott
added
the
tide/merge-method-squash
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: howardjohn, robscott The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Fixes #638
What type of PR is this?
/kind documentation
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #638
Does this PR introduce a user-facing change?: