-
Notifications
You must be signed in to change notification settings - Fork 468
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Canary deployments with Gateway API between namespaces #695
Comments
We are currently discussion the addition of "inclusion" or "delegation" of HTTPRoute which may meet your criteria. In your example, your HTTPRoute objects are the same -- how is this different than a simple traffic split? Can you post the nginx config you are thinking of?
|
Sure, the difference would be that service 2 is on a different namespace, to make it easier to do traffic splits on whole applications, when the service that changes is not the first one. These would be the apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minimal-ingress
namespace: ns1
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: www.example.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service1
port:
number: 80 apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minimal-ingress
namespace: ns2
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-weight: "50"
spec:
rules:
- host: www.example.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service1
port:
number: 80 |
There are actually two active discussions about making this possible as a 1st class capability of the API. #711 is the proposal for cross-Namespace Route->Service (by @robscott) and this is the proposal for cross-Namespace Route->Route (by @youngnick). Both are a bit early proposals but making steady progress. Today there can be a cross-Namespace relationship between Gateways and Routes but not between any other resources. There are several other cross-Namespace relationships that are very useful though.
The syntax could likely change and this is not in the API today, but your use-case could look something like the following. Here I've put the HTTPRoute in kind: HTTPRoute
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: cross-ns-route
namespace: ns1
labels:
gateway: external-http
spec:
hostnames:
- "www.example.org"
rules:
- forwardTo:
- serviceName: service1
namespace: ns2
port: 8080
weight: 50
- serviceName: service1
namespace: ns3
port: 8080
weight: 90 @arapulido can I ask why you would like to do canaries between different Namespaces? Is this because it's simple to canary an entire stack because every service is using the same name within a Namespace? |
Another good use cases is having my |
Yes, it makes things clearer and if you happen to have some service hostnames hardcoded in the code, it would still work |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
I think this has mostly been solved by cross-namespace forwarding from Routes in v1alpha2 (#741). Although we discussed using a round robin approach when multiple routes match a request, we ultimately determined that that would be too confusing, so instead we have pretty detailed conflict resolution guidelines on which Route needs to be chosen when multiple match: gateway-api/apis/v1alpha2/httproute_types.go Lines 139 to 155 in 165ecc3
I'm going to go ahead and close this since I think we've addressed it now, but feel free to reopen if not. |
The Gateway API spec seems to expect each team to work on a single namespace, which feels a bit too rigid for certain use cases.
In my case, I would like to be able to do canary deployments that involve services that are not directly getting external traffic. This is a lot easier to do if you can do a different deployment in a second namespace, something like this:
This is not currently possible with the current spec and something that will be useful to have (to put an example, the NGINX Ingress controller allows to do this).
Similar, I am wondering if this other way to implement the same thing is allowed by the spec:
Basically, having a single HTTPRoute object, but that points to an ExternalService, pointing to the service in the second namespace
With
service1-external
looking like this:The text was updated successfully, but these errors were encountered: