search

kumahq / kuma

🐻 The multi-zone service mesh for containers, Kubernetes and VMs. Built with Envoy. CNCF Sandbox Project.
https://kuma.io/install
Apache License 2.0
3.61k stars 332 forks source link

Kuma should allow to define empty list of reachableServices #5041

Open lukidzi opened 2 years ago

lukidzi commented 2 years ago

What happened?

Sometimes services don't need to communicate with other services and in this case, they might not require changes/observer all services in the infrastructure. Currently, it is not possible to define an empty list of reachable services. On Kubernetes you can define kuma.io/transparent-proxying-reachable-services: "[]" and in this case, it won't match with any outbound. But, Kuma sees this as a list of service with the name[]. We should define maybe some value/annotation that will allow disabling tracking of all services.

jakubdyszkiewicz commented 1 year ago

A workaround is to put random non-existent service like this:

kuma.io/transparent-proxying-reachable-services: "non-existing-service"

It's because in protobuf [] = nil

github-actions[bot] commented 1 year ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 1 year ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 1 year ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 10 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 7 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 4 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

lahabana commented 1 month ago

Is this any better with MeshService? Is it also possible to have label based reachable services for example to have an entire namespace?

jakubdyszkiewicz commented 1 month ago

Yes, you can use label to select a namespace. We still treat empty reachable-backend-refs as "reach all" I think. I just pinged @lukidzi to make sure we fix it for the new annotation

lahabana commented 2 days ago

@lukidzi can you confirm we can to no service? Also we discussed a mode for MeshService which would require using ReachableServices have we got an issue to track this?