Skip to content

Commit

Permalink
Prevent the PassthroughCluster for clients/workloads in the service m…
Browse files Browse the repository at this point in the history
…esh (kserve#3711)

Prevent the PassthroughCluster for clients in the service mesh

The KServe Ingress VirtualServices are created with configurations targeting only the Gateways. Although this works, the omission of the Istio sidecars has the following downsides for workloads that belong to the Istio mesh:

* Requests to InferenceServices will be treated as going to external services (i.e. not part of the mesh), because the sidecars are unaware of the routing rules.
* In consequence, the requests will be hanlded as with any external (non-mesh) workload: the ingress gateway will first receive the request and will forward it to itself doing the URL rewrite to the relevant -predictor, -explainer or -transformer hostname. Such forwarding can be avoided (for mesh-workloads) and the rewrite can be performed by the sidecars with the right VirtualService configuration.

 This is adding the missing configurations in the KServe-created VirtualService, so that Istio sidecars are aware of the KServe services/hostnames and do the rewrite in the sidecar, rather than delaying/deferring the rewrite to the Gateway.

 For workloads that belong to the mesh, slightly better performance may be seen (given one request forwarding is saved) and better observability from Istio may also be possible.

Signed-off-by: Edgar Hernández <[email protected]>
Signed-off-by: asdqwe123zxc <[email protected]>
  • Loading branch information
israel-hdez authored and asdqwe123zxc committed Jun 11, 2024
1 parent fb572af commit ed70756
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 18 deletions.
1 change: 1 addition & 0 deletions pkg/constants/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,7 @@ const (

var (
LocalGatewayHost = "knative-local-gateway.istio-system.svc." + network.GetClusterDomainName()
IstioMeshGateway = "mesh"
)

// InferenceService Component enums
Expand Down
3 changes: 2 additions & 1 deletion pkg/controller/v1beta1/inferenceservice/controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -317,6 +317,7 @@ var _ = Describe("v1beta1 inference service controller", func() {
Spec: istiov1beta1.VirtualService{
Gateways: []string{
constants.KnativeLocalGateway,
constants.IstioMeshGateway,
constants.KnativeIngressGateway,
},
Hosts: []string{
Expand All @@ -327,7 +328,7 @@ var _ = Describe("v1beta1 inference service controller", func() {
{
Match: []*istiov1beta1.HTTPMatchRequest{
{
Gateways: []string{constants.KnativeLocalGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway},
Authority: &istiov1beta1.StringMatch{
MatchType: &istiov1beta1.StringMatch_Regex{
Regex: constants.HostRegExp(network.GetServiceHostname(serviceKey.Name, serviceKey.Namespace)),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,7 @@ func createHTTPMatchRequest(prefix, targetHost, internalHost string, additionalH
Regex: constants.HostRegExp(internalHost),
},
},
Gateways: []string{config.LocalGateway},
Gateways: []string{config.LocalGateway, constants.IstioMeshGateway},
},
}
if !isInternal {
Expand Down Expand Up @@ -431,6 +431,7 @@ func createIngress(isvc *v1beta1.InferenceService, useDefault bool, config *v1be

gateways := []string{
config.LocalGateway,
constants.IstioMeshGateway,
}
if !isInternal {
hosts = append(hosts, serviceHost)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func TestCreateVirtualService(t *testing.T) {
Regex: constants.HostRegExp(network.GetServiceHostname(serviceName, namespace)),
},
},
Gateways: []string{constants.KnativeLocalGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway},
},
{
Authority: &istiov1beta1.StringMatch{
Expand Down Expand Up @@ -132,7 +132,7 @@ func TestCreateVirtualService(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{Name: serviceName, Namespace: namespace, Annotations: annotations, Labels: labels},
Spec: istiov1beta1.VirtualService{
Hosts: []string{serviceInternalHostName, serviceHostName},
Gateways: []string{constants.KnativeLocalGateway, constants.KnativeIngressGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway, constants.KnativeIngressGateway},
Http: []*istiov1beta1.HTTPRoute{
{
Match: predictorRouteMatch,
Expand Down Expand Up @@ -187,7 +187,7 @@ func TestCreateVirtualService(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{Name: serviceName, Namespace: namespace, Annotations: annotations, Labels: labels},
Spec: istiov1beta1.VirtualService{
Hosts: []string{serviceInternalHostName},
Gateways: []string{constants.KnativeLocalGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway},
Http: []*istiov1beta1.HTTPRoute{
{
Match: []*istiov1beta1.HTTPMatchRequest{
Expand All @@ -197,7 +197,7 @@ func TestCreateVirtualService(t *testing.T) {
Regex: constants.HostRegExp(network.GetServiceHostname(serviceName, namespace)),
},
},
Gateways: []string{constants.KnativeLocalGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway},
},
},
Route: []*istiov1beta1.HTTPRouteDestination{
Expand Down Expand Up @@ -295,7 +295,7 @@ func TestCreateVirtualService(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{Name: serviceName, Namespace: namespace, Annotations: annotations, Labels: labels},
Spec: istiov1beta1.VirtualService{
Hosts: []string{serviceInternalHostName, serviceHostName},
Gateways: []string{constants.KnativeLocalGateway, constants.KnativeIngressGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway, constants.KnativeIngressGateway},
Http: []*istiov1beta1.HTTPRoute{
{
Match: predictorRouteMatch,
Expand Down Expand Up @@ -367,7 +367,7 @@ func TestCreateVirtualService(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{Name: serviceName, Namespace: namespace, Annotations: annotations, Labels: labels},
Spec: istiov1beta1.VirtualService{
Hosts: []string{serviceInternalHostName, serviceHostName},
Gateways: []string{constants.KnativeLocalGateway, constants.KnativeIngressGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway, constants.KnativeIngressGateway},
Http: []*istiov1beta1.HTTPRoute{
{
Match: predictorRouteMatch,
Expand Down Expand Up @@ -466,7 +466,7 @@ func TestCreateVirtualService(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{Name: serviceName, Namespace: namespace, Annotations: annotations, Labels: labels},
Spec: istiov1beta1.VirtualService{
Hosts: []string{serviceInternalHostName, serviceHostName},
Gateways: []string{constants.KnativeLocalGateway, constants.KnativeIngressGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway, constants.KnativeIngressGateway},
Http: []*istiov1beta1.HTTPRoute{
{
Match: []*istiov1beta1.HTTPMatchRequest{
Expand All @@ -481,7 +481,7 @@ func TestCreateVirtualService(t *testing.T) {
Regex: constants.HostRegExp(network.GetServiceHostname(serviceName, namespace)),
},
},
Gateways: []string{constants.KnativeLocalGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway},
},
{
Uri: &istiov1beta1.StringMatch{
Expand Down Expand Up @@ -567,7 +567,7 @@ func TestCreateVirtualService(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{Name: serviceName, Namespace: namespace, Annotations: annotations, Labels: labels},
Spec: istiov1beta1.VirtualService{
Hosts: []string{serviceInternalHostName, serviceHostName, "my-domain.com"},
Gateways: []string{constants.KnativeLocalGateway, constants.KnativeIngressGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway, constants.KnativeIngressGateway},
Http: []*istiov1beta1.HTTPRoute{
{
Match: []*istiov1beta1.HTTPMatchRequest{
Expand All @@ -577,7 +577,7 @@ func TestCreateVirtualService(t *testing.T) {
Regex: constants.HostRegExp(network.GetServiceHostname(serviceName, namespace)),
},
},
Gateways: []string{constants.KnativeLocalGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway},
},
{
Authority: &istiov1beta1.StringMatch{
Expand Down Expand Up @@ -689,7 +689,7 @@ func TestCreateVirtualService(t *testing.T) {
Spec: istiov1beta1.VirtualService{
Hosts: []string{serviceInternalHostName, serviceHostName, "my-domain.com",
"my-model.test.my-additional-domain.com", "my-model.test.my-second-additional-domain.com"},
Gateways: []string{constants.KnativeLocalGateway, constants.KnativeIngressGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway, constants.KnativeIngressGateway},
Http: []*istiov1beta1.HTTPRoute{
{
Match: []*istiov1beta1.HTTPMatchRequest{
Expand All @@ -699,7 +699,7 @@ func TestCreateVirtualService(t *testing.T) {
Regex: constants.HostRegExp(network.GetServiceHostname(serviceName, namespace)),
},
},
Gateways: []string{constants.KnativeLocalGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway},
},
{
Authority: &istiov1beta1.StringMatch{
Expand Down Expand Up @@ -820,7 +820,7 @@ func TestCreateVirtualService(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{Name: serviceName, Namespace: namespace, Annotations: annotations, Labels: labels},
Spec: istiov1beta1.VirtualService{
Hosts: []string{serviceInternalHostName, serviceHostName},
Gateways: []string{constants.KnativeLocalGateway, constants.KnativeIngressGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway, constants.KnativeIngressGateway},
Http: []*istiov1beta1.HTTPRoute{
{
Match: predictorRouteMatch,
Expand Down Expand Up @@ -891,7 +891,7 @@ func TestCreateVirtualService(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{Name: serviceName, Namespace: namespace, Annotations: annotations, Labels: labels},
Spec: istiov1beta1.VirtualService{
Hosts: []string{serviceInternalHostName, serviceHostName},
Gateways: []string{constants.KnativeLocalGateway, constants.KnativeIngressGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway, constants.KnativeIngressGateway},
Http: []*istiov1beta1.HTTPRoute{
{
Match: predictorRouteMatch,
Expand Down Expand Up @@ -1089,7 +1089,7 @@ func TestCreateVirtualService(t *testing.T) {
}},
Spec: istiov1beta1.VirtualService{
Hosts: []string{serviceInternalHostName},
Gateways: []string{constants.KnativeLocalGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway},
Http: []*istiov1beta1.HTTPRoute{
{
Match: []*istiov1beta1.HTTPMatchRequest{
Expand All @@ -1099,7 +1099,7 @@ func TestCreateVirtualService(t *testing.T) {
Regex: constants.HostRegExp(network.GetServiceHostname(serviceName, namespace)),
},
},
Gateways: []string{constants.KnativeLocalGateway},
Gateways: []string{constants.KnativeLocalGateway, constants.IstioMeshGateway},
},
},
Route: []*istiov1beta1.HTTPRouteDestination{
Expand Down

0 comments on commit ed70756

Please sign in to comment.