Feat: Add Workload DnsController #1438
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @Flying-Tom, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request introduces a new DNS resolution capability for workloads, primarily targeting ServiceEntry configurations in a Dual-Engine environment. The core change involves adding a dedicated DnsController that asynchronously resolves hostnames to IP addresses, ensuring that workloads can be correctly processed even if their addresses are not immediately available upon initial discovery. This enhances the system's adaptability to dynamic service discovery scenarios.
Highlights
- New DNS Controller for Workloads: I've introduced a new
DnsControllerwithin thepkg/controller/workloadpackage. This controller is specifically designed to handle DNS resolution for workloads, particularly those originating fromServiceEntryconfigurations in Dual-Engine mode. - Integration with Workload Processing Pipeline: The new
DnsControlleris now integrated into theWorkloadControllerandProcessor. Workloads received fromServiceEntrythat initially lack resolved IP addresses are now channeled to thisDnsControllerfor asynchronous DNS lookup. TheProcessorincludes a retry mechanism to ensure these workloads are fully processed once their addresses are resolved. - Dynamic Address Resolution for ServiceEntry Workloads: The
WorkloadProcessorhas been enhanced to identifyServiceEntryworkloads that arrive without pre-resolved IP addresses. It now queues these for DNS resolution via the newDnsResolverChanand includes a robust retry loop to wait for and then apply the resolved addresses, ensuring proper handling of dynamically discovered services.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
Code Review
This pull request introduces a DnsController to support DNS resolution for ServiceEntry in Dual-Engine mode. There are several critical issues that could lead to panics or incorrect behavior. I've provided detailed comments and suggestions to address these points.
Flying-Tom
force-pushed
the
dual-engine-dns
branch
from
884c030 to
e03a9a5
Compare
Flying-Tom
force-pushed
the
dual-engine-dns
branch
3 times, most recently
from
c7ce028 to
94ec7fa
Compare
|
/assign @Kuromesi |
|
@hzxuzhonghu: GitHub didn't allow me to assign the following users: Kuromesi. Note that only kmesh-net members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Pull Request Overview
This PR adds DNS resolution capability for workloads generated by ServiceEntry in Dual-Engine mode, enabling proper address resolution for service entries that initially have nil addresses.
- Implements a new DNS controller for workload address resolution
- Adds retry logic for ServiceEntry workloads with unresolved addresses
- Integrates DNS resolution workflow into the existing workload processing pipeline
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| pkg/controller/workload/workload_processor.go | Adds DNS resolver channel, handles ServiceEntry workloads with retry logic, and includes various bug fixes |
| pkg/controller/workload/workload_controller.go | Integrates DNS controller into workload controller lifecycle |
| pkg/controller/workload/dns.go | New DNS controller implementation for workload address resolution |
| pkg/controller/controller.go | Starts DNS controller in main controller flow |
|
The improvements mentioned in the review will be fixed. |
|
@Flying-Tom any update |
pkg/controller/workload/dns.go
Outdated
| if _, ok := r.pendingHostnames[workloadName]; !ok { | ||
| r.pendingHostnames[workloadName] = []string{} | ||
| } | ||
| r.pendingHostnames[workloadName] = append(r.pendingHostnames[workloadName], hostname) |
There was a problem hiding this comment.
not sure i understand, does a workload has multi hostnames?
pkg/controller/workload/dns.go
Outdated
| if _, ok := r.pendingHostnames[workloadName]; !ok { | ||
| r.pendingHostnames[workloadName] = []string{} | ||
| } | ||
| r.pendingHostnames[workloadName] = append(r.pendingHostnames[workloadName], hostname) |
There was a problem hiding this comment.
another problem if this function is called multiple times with same workloads, this will store duplicate hostname
pkg/controller/workload/dns.go
Outdated
| } | ||
| } | ||
| r.workloadCache[hostname].Workloads = append( | ||
| r.workloadCache[hostname].Workloads, workload, |
There was a problem hiding this comment.
same here, if processDomains called multitimes with same workloads, duplicate workload will be here
|
Would like to see the ut |
Flying-Tom
force-pushed
the
dual-engine-dns
branch
from
7966e69 to
8463f14
Compare
Flying-Tom
force-pushed
the
dual-engine-dns
branch
2 times, most recently
from
26ca612 to
415ea33
Compare
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 10 out of 11 changed files in this pull request and generated 3 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 10 out of 11 changed files in this pull request and generated 1 comment.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| r.Lock() | ||
| ch, ok := r.ResolvedDomainChanMap[uid] | ||
| r.Unlock() | ||
|
|
||
| if ok { | ||
| r.cache.AddOrUpdateWorkload(newWorkload) | ||
| select { | ||
| case ch <- newWorkload: | ||
| log.Infof("workload %s/%s addresses resolved: %v", newWorkload.Namespace, newWorkload.Name, newWorkload.Addresses) | ||
| case <-time.After(WorkloadChannelSendTimeout): | ||
| log.Warnf("timeout sending resolved workload %s/%s", newWorkload.Namespace, newWorkload.Name) | ||
| } | ||
|
|
||
| r.Lock() | ||
| if _, stillExists := r.ResolvedDomainChanMap[uid]; stillExists { | ||
| close(r.ResolvedDomainChanMap[uid]) | ||
| delete(r.ResolvedDomainChanMap, uid) | ||
| } | ||
| r.Unlock() |
There was a problem hiding this comment.
There's a potential race condition where the channel could be closed between the first unlock (line 180) and the second lock (line 191). Consider holding the lock across the entire operation or using a different synchronization approach.
Copilot uses AI. Check for mistakes.
Flying-Tom
force-pushed
the
dual-engine-dns
branch
from
5a81691 to
b9ae304
Compare
Flying-Tom
force-pushed
the
dual-engine-dns
branch
from
2419f2a to
b9ae304
Compare
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 12 out of 13 changed files in this pull request and generated 2 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| if service.Waypoint != nil && service.GetWaypoint().GetAddress() != nil && len(service.Addresses) != 0 { | ||
| // Currently istiod only set the waypoint address to the first address of the service | ||
| // When waypoints of different granularities are deployed together, the only waypoint service to be determined | ||
| // when waypoints of different granularities are deployed together, the only waypoint service to be determined |
There was a problem hiding this comment.
The comment has inconsistent capitalization. It should start with a capital letter: 'When waypoints of different granularities are deployed together, the only waypoint service to be determined'.
| // when waypoints of different granularities are deployed together, the only waypoint service to be determined | |
| // When waypoints of different granularities are deployed together, the only waypoint service to be determined |
Copilot uses AI. Check for mistakes.
| func (p *Processor) handleAuthorizationTypeResponse(rsp *service_discovery_v3.DeltaDiscoveryResponse, rbac *auth.Rbac) error { | ||
| if rbac == nil { | ||
| return fmt.Errorf("Rbac module uninitialized") | ||
| return fmt.Errorf("rbac module uninitialized") |
There was a problem hiding this comment.
Error message capitalization is inconsistent with Go conventions. Error messages should start with lowercase unless they begin with a proper noun.
Copilot uses AI. Check for mistakes.
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Signed-off-by: Tom <yusencao@outlook.com>
Flying-Tom
force-pushed
the
dual-engine-dns
branch
from
b9ae304 to
b74f106
Compare
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: LiZhenCheng9527 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
5 participants
What type of PR is this?
/kind feature
What this PR does / why we need it:
Supprort Dns resolve for workload generated by
ServiceEntryin Dual-Engine mode.Which issue(s) this PR fixes:
Fixes #1407
Special notes for your reviewer:
Does this PR introduce a user-facing change?: