Skip to content

Honor the service.kubernetes.io/service-proxy-name label #979

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
uablrek opened this issue Aug 31, 2020 · 1 comment · Fixed by #1591
Closed

Honor the service.kubernetes.io/service-proxy-name label #979

uablrek opened this issue Aug 31, 2020 · 1 comment · Fixed by #1591
Labels
feature override-stale Don't allow automatic management of stale issues / PRs

Comments

@uablrek
Copy link
Contributor

uablrek commented Aug 31, 2020

Is your feature request related to a problem? Please describe.

The service.kubernetes.io/service-proxy-name was initially intended to off-load the kube-proxy from handling all services already handled by a service mesh. I think there will be more specialized K8s proxiers coming in the near future. People has requirement for special things and to get a (possibly odd) feature into the "real" K8s proxier (or Kube-router) is hard (if at all possible).

Describe the solution you'd like

Kube-router should honour the service.kubernetes.io/service-proxy-name label when taking over the standard kube-proxy. This means; if the label is defined for a service Kube-router must not setup loadbalancing for that service. Example;

apiVersion: v1
kind: Service
metadata:
  name: mserver-no-proxy
  labels:
    service.kubernetes.io/service-proxy-name: istio
spec:
  selector:
    app: mserver-deployment
  ports:
  - port: 5001
    name: mconnect

Describe alternatives you've considered

You could also take a more defensive approach in Kube-router by (optionally) allowing a setting like service.kubernetes.io/service-proxy-name: kube-router to let kube-router handle only some services, e.g. for DSR. Some administrations are reluctant to deviate from "standard" K8s, but special handling for special services may be ok.

Additional context

This is easy to implement by filtering the service watch (sbezverk/nfproxy#50).
@uablrek
Copy link
Contributor Author

uablrek commented Aug 31, 2020

Ref; cilium/cilium#13019

@uablrek uablrek mentioned this issue Aug 31, 2020
Closed
@uablrek uablrek changed the title Honour the service.kubernetes.io/service-proxy-name label Honor the service.kubernetes.io/service-proxy-name label Aug 31, 2020
@aauren aauren mentioned this issue Aug 31, 2020
Closed
@aauren aauren added the override-stale Don't allow automatic management of stale issues / PRs label Sep 4, 2023
aauren added a commit that referenced this issue Dec 26, 2023
@aauren
feat(NSC): honor service-proxy-name label
5a496f9 
Abide the service.kubernetes.io/service-proxy-name label as defined by
the upstream standard here:
https://github.com./kubernetes-sigs/kpng/blob/master/doc/service-proxy.md#ignored-servicesendpoints

Resolves the failing e2e test:
should implement service.kubernetes.io/service-proxy-name

Fixes: #979
@aauren aauren mentioned this issue Dec 26, 2023
Merged
aauren added a commit that referenced this issue Jan 5, 2024
@aauren
feat(NSC): honor service-proxy-name label
a0fe844 
Abide the service.kubernetes.io/service-proxy-name label as defined by
the upstream standard here:
https://github.com./kubernetes-sigs/kpng/blob/master/doc/service-proxy.md#ignored-servicesendpoints

Resolves the failing e2e test:
should implement service.kubernetes.io/service-proxy-name

Fixes: #979
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature override-stale Don't allow automatic management of stale issues / PRs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Respect service.kubernetes.io Labels cloudnativelabs/kube-router
2 participants
@aauren @uablrek