istio
437 строк · 13.4 Кб
1// Copyright Istio Authors2//3// Licensed under the Apache License, Version 2.0 (the "License");4// you may not use this file except in compliance with the License.5// You may obtain a copy of the License at6//7// http://www.apache.org/licenses/LICENSE-2.08//9// Unless required by applicable law or agreed to in writing, software10// distributed under the License is distributed on an "AS IS" BASIS,11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.12// See the License for the specific language governing permissions and13// limitations under the License.14package aggregate16import (18"net/netip"19"sync"20"istio.io/istio/pilot/pkg/features"22"istio.io/istio/pilot/pkg/model"23"istio.io/istio/pilot/pkg/serviceregistry"24"istio.io/istio/pilot/pkg/serviceregistry/provider"25"istio.io/istio/pkg/cluster"26"istio.io/istio/pkg/config/host"27"istio.io/istio/pkg/config/labels"28"istio.io/istio/pkg/config/mesh"29"istio.io/istio/pkg/log"30"istio.io/istio/pkg/maps"31"istio.io/istio/pkg/util/sets"32)33// The aggregate controller does not implement serviceregistry.Instance since it may be comprised of various35// providers and clusters.36var (37_ model.ServiceDiscovery = &Controller{}38_ model.AggregateController = &Controller{}39)40// Controller aggregates data across different registries and monitors for changes42type Controller struct {43meshHolder mesh.Holder44// The lock is used to protect the registries and controller's running status.46storeLock sync.RWMutex47registries []*registryEntry48// indicates whether the controller has run.49// if true, all the registries added later should be run manually.50running bool51handlers model.ControllerHandlers53handlersByCluster map[cluster.ID]*model.ControllerHandlers54model.NetworkGatewaysHandler55}56func (c *Controller) ServicesForWaypoint(key model.WaypointKey) []model.ServiceInfo {58if !features.EnableAmbientControllers {59return nil60}61var res []model.ServiceInfo62for _, p := range c.GetRegistries() {63res = append(res, p.ServicesForWaypoint(key)...)64}65return res66}67func (c *Controller) Waypoint(network, address string) []netip.Addr {69if !features.EnableAmbientWaypoints {70return nil71}72var res []netip.Addr73for _, p := range c.GetRegistries() {74res = append(res, p.Waypoint(network, address)...)75}76return res77}78func (c *Controller) WorkloadsForWaypoint(key model.WaypointKey) []model.WorkloadInfo {80if !features.EnableAmbientWaypoints {81return nil82}83var res []model.WorkloadInfo84for _, p := range c.GetRegistries() {85res = append(res, p.WorkloadsForWaypoint(key)...)86}87return res88}89func (c *Controller) AdditionalPodSubscriptions(proxy *model.Proxy, addr, cur sets.String) sets.String {91if !features.EnableAmbientControllers {92return nil93}94res := sets.New[string]()95for _, p := range c.GetRegistries() {96res = res.Merge(p.AdditionalPodSubscriptions(proxy, addr, cur))97}98return res99}100func (c *Controller) Policies(requested sets.Set[model.ConfigKey]) []model.WorkloadAuthorization {102var res []model.WorkloadAuthorization103if !features.EnableAmbientControllers {104return res105}106for _, p := range c.GetRegistries() {107res = append(res, p.Policies(requested)...)108}109return res110}111func (c *Controller) AddressInformation(addresses sets.String) ([]model.AddressInfo, sets.String) {113i := []model.AddressInfo{}114if !features.EnableAmbientControllers {115return i, nil116}117removed := sets.String{}118for _, p := range c.GetRegistries() {119wis, r := p.AddressInformation(addresses)120i = append(i, wis...)121removed.Merge(r)122}123// We may have 'removed' it in one registry but found it in another124for _, wl := range i {125// TODO(@hzxuzhonghu) This is not right for workload, we may search workload by ip, but the resource name is uid.126if removed.Contains(wl.ResourceName()) {127removed.Delete(wl.ResourceName())128}129}130return i, removed131}132type registryEntry struct {134serviceregistry.Instance135// stop if not nil is the per-registry stop chan. If null, the server stop chan should be used to Run the registry.136stop <-chan struct{}137}138type Options struct {140MeshHolder mesh.Holder141}142// NewController creates a new Aggregate controller144func NewController(opt Options) *Controller {145return &Controller{146registries: make([]*registryEntry, 0),147meshHolder: opt.MeshHolder,148running: false,149handlersByCluster: map[cluster.ID]*model.ControllerHandlers{},150}151}152func (c *Controller) addRegistry(registry serviceregistry.Instance, stop <-chan struct{}) {154c.registries = append(c.registries, ®istryEntry{Instance: registry, stop: stop})155// Observe the registry for events.157registry.AppendNetworkGatewayHandler(c.NotifyGatewayHandlers)158registry.AppendServiceHandler(c.handlers.NotifyServiceHandlers)159registry.AppendServiceHandler(func(prev, curr *model.Service, event model.Event) {160for _, handlers := range c.getClusterHandlers() {161handlers.NotifyServiceHandlers(prev, curr, event)162}163})164}165func (c *Controller) getClusterHandlers() []*model.ControllerHandlers {167c.storeLock.Lock()168defer c.storeLock.Unlock()169return maps.Values(c.handlersByCluster)170}171// AddRegistry adds registries into the aggregated controller.173// If the aggregated controller is already Running, the given registry will never be started.174func (c *Controller) AddRegistry(registry serviceregistry.Instance) {175c.storeLock.Lock()176defer c.storeLock.Unlock()177c.addRegistry(registry, nil)178}179// AddRegistryAndRun adds registries into the aggregated controller and makes sure it is Run.181// If the aggregated controller is running, the given registry is Run immediately.182// Otherwise, the given registry is Run when the aggregate controller is Run, using the given stop.183func (c *Controller) AddRegistryAndRun(registry serviceregistry.Instance, stop <-chan struct{}) {184if stop == nil {185log.Warnf("nil stop channel passed to AddRegistryAndRun for registry %s/%s", registry.Provider(), registry.Cluster())186}187c.storeLock.Lock()188defer c.storeLock.Unlock()189c.addRegistry(registry, stop)190if c.running {191go registry.Run(stop)192}193}194// DeleteRegistry deletes specified registry from the aggregated controller196func (c *Controller) DeleteRegistry(clusterID cluster.ID, providerID provider.ID) {197c.storeLock.Lock()198defer c.storeLock.Unlock()199if len(c.registries) == 0 {201log.Warnf("Registry list is empty, nothing to delete")202return203}204index, ok := c.getRegistryIndex(clusterID, providerID)205if !ok {206log.Warnf("Registry %s/%s is not found in the registries list, nothing to delete", providerID, clusterID)207return208}209c.registries[index] = nil210c.registries = append(c.registries[:index], c.registries[index+1:]...)211log.Infof("%s registry for the cluster %s has been deleted.", providerID, clusterID)212}213// GetRegistries returns a copy of all registries215func (c *Controller) GetRegistries() []serviceregistry.Instance {216c.storeLock.RLock()217defer c.storeLock.RUnlock()218// copy registries to prevent race, no need to deep copy here.220out := make([]serviceregistry.Instance, len(c.registries))221for i := range c.registries {222out[i] = c.registries[i]223}224return out225}226func (c *Controller) getRegistryIndex(clusterID cluster.ID, provider provider.ID) (int, bool) {228for i, r := range c.registries {229if r.Cluster().Equals(clusterID) && r.Provider() == provider {230return i, true231}232}233return 0, false234}235// Services lists services from all platforms237func (c *Controller) Services() []*model.Service {238// smap is a map of hostname (string) to service index, used to identify services that239// are installed in multiple clusters.240smap := make(map[host.Name]int)241index := 0242services := make([]*model.Service, 0)243// Locking Registries list while walking it to prevent inconsistent results244for _, r := range c.GetRegistries() {245svcs := r.Services()246if r.Provider() != provider.Kubernetes {247index += len(svcs)248services = append(services, svcs...)249} else {250for _, s := range svcs {251previous, ok := smap[s.Hostname]252if !ok {253// First time we see a service. The result will have a single service per hostname254// The first cluster will be listed first, so the services in the primary cluster255// will be used for default settings. If a service appears in multiple clusters,256// the order is less clear.257smap[s.Hostname] = index258index++259services = append(services, s)260} else {261// We must deepcopy before merge, and after merging, the ClusterVips length will be >= 2.262// This is an optimization to prevent deepcopy multi-times263if services[previous].ClusterVIPs.Len() < 2 {264// Deep copy before merging, otherwise there is a case265// a service in remote cluster can be deleted, but the ClusterIP left.266services[previous] = services[previous].DeepCopy()267}268// If it is seen second time, that means it is from a different cluster, update cluster VIPs.269mergeService(services[previous], s, r)270}271}272}273}274return services275}276// GetService retrieves a service by hostname if exists278func (c *Controller) GetService(hostname host.Name) *model.Service {279var out *model.Service280for _, r := range c.GetRegistries() {281service := r.GetService(hostname)282if service == nil {283continue284}285if r.Provider() != provider.Kubernetes {286return service287}288if out == nil {289out = service.DeepCopy()290} else {291// If we are seeing the service for the second time, it means it is available in multiple clusters.292mergeService(out, service, r)293}294}295return out296}297// mergeService only merges two clusters' k8s services299func mergeService(dst, src *model.Service, srcRegistry serviceregistry.Instance) {300if !src.Ports.Equals(dst.Ports) {301log.Debugf("service %s defined from cluster %s is different from others", src.Hostname, srcRegistry.Cluster())302}303// Prefer the k8s HostVIPs where possible304clusterID := srcRegistry.Cluster()305if len(dst.ClusterVIPs.GetAddressesFor(clusterID)) == 0 {306newAddresses := src.ClusterVIPs.GetAddressesFor(clusterID)307dst.ClusterVIPs.SetAddressesFor(clusterID, newAddresses)308}309}310// NetworkGateways merges the service-based cross-network gateways from each registry.312func (c *Controller) NetworkGateways() []model.NetworkGateway {313var gws []model.NetworkGateway314for _, r := range c.GetRegistries() {315gws = append(gws, r.NetworkGateways()...)316}317return gws318}319func (c *Controller) MCSServices() []model.MCSServiceInfo {321var out []model.MCSServiceInfo322for _, r := range c.GetRegistries() {323out = append(out, r.MCSServices()...)324}325return out326}327func nodeClusterID(node *model.Proxy) cluster.ID {329if node.Metadata == nil || node.Metadata.ClusterID == "" {330return ""331}332return node.Metadata.ClusterID333}334// Skip the service registry when there won't be a match336// because the proxy is in a different cluster.337func skipSearchingRegistryForProxy(nodeClusterID cluster.ID, r serviceregistry.Instance) bool {338// Always search non-kube (usually serviceentry) registry.339// Check every registry if cluster ID isn't specified.340if r.Provider() != provider.Kubernetes || nodeClusterID == "" {341return false342}343return !r.Cluster().Equals(nodeClusterID)345}346// GetProxyServiceTargets lists service instances co-located with a given proxy348func (c *Controller) GetProxyServiceTargets(node *model.Proxy) []model.ServiceTarget {349out := make([]model.ServiceTarget, 0)350nodeClusterID := nodeClusterID(node)351for _, r := range c.GetRegistries() {352if skipSearchingRegistryForProxy(nodeClusterID, r) {353log.Debugf("GetProxyServiceTargets(): not searching registry %v: proxy %v CLUSTER_ID is %v",354r.Cluster(), node.ID, nodeClusterID)355continue356}357instances := r.GetProxyServiceTargets(node)359if len(instances) > 0 {360out = append(out, instances...)361}362}363return out365}366func (c *Controller) GetProxyWorkloadLabels(proxy *model.Proxy) labels.Instance {368clusterID := nodeClusterID(proxy)369for _, r := range c.GetRegistries() {370// If proxy clusterID unset, we may find incorrect workload label.371// This can not happen in k8s env.372if clusterID == "" || clusterID == r.Cluster() {373lbls := r.GetProxyWorkloadLabels(proxy)374if lbls != nil {375return lbls376}377}378}379return nil381}382// Run starts all the controllers384func (c *Controller) Run(stop <-chan struct{}) {385c.storeLock.Lock()386for _, r := range c.registries {387// prefer the per-registry stop channel388registryStop := stop389if s := r.stop; s != nil {390registryStop = s391}392go r.Run(registryStop)393}394c.running = true395c.storeLock.Unlock()396<-stop398log.Info("Registry Aggregator terminated")399}400// HasSynced returns true when all registries have synced402func (c *Controller) HasSynced() bool {403for _, r := range c.GetRegistries() {404if !r.HasSynced() {405log.Debugf("registry %s is syncing", r.Cluster())406return false407}408}409return true410}411func (c *Controller) AppendServiceHandler(f model.ServiceHandler) {413c.handlers.AppendServiceHandler(f)414}415func (c *Controller) AppendWorkloadHandler(f func(*model.WorkloadInstance, model.Event)) {417// Currently, it is not used.418// Note: take care when you want to enable it, it will register the handlers to all registries419// c.handlers.AppendWorkloadHandler(f)420}421func (c *Controller) AppendServiceHandlerForCluster(id cluster.ID, f model.ServiceHandler) {423c.storeLock.Lock()424defer c.storeLock.Unlock()425handler, ok := c.handlersByCluster[id]426if !ok {427c.handlersByCluster[id] = &model.ControllerHandlers{}428handler = c.handlersByCluster[id]429}430handler.AppendServiceHandler(f)431}432func (c *Controller) UnRegisterHandlersForCluster(id cluster.ID) {434c.storeLock.Lock()435defer c.storeLock.Unlock()436delete(c.handlersByCluster, id)437}438