Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kafka-controller dns lookup fails in istio ambient mode #4136

Open
joke opened this issue Oct 14, 2024 · 6 comments
Open

kafka-controller dns lookup fails in istio ambient mode #4136

joke opened this issue Oct 14, 2024 · 6 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@joke
Copy link

joke commented Oct 14, 2024

Describe the bug

The kafka-controller isn't working in istio ambient mode. The DNS entries can't be resolved properly.

level: error
ts: '2024-10-14T09:48:21.865Z'
logger: kafka-broker-controller
caller: 'prober/prober.go:105'
msg: Failed probe
commit: d641892-dirty
knative.dev/pod: kafka-controller-5fdcdfc9bf-vbtf8
scope: prober
port: ''
IP: bulk-updater-kn-channel.pass.svc.cluster.local
address: 'http://bulk-updater-kn-channel.pass.svc.cluster.local'
error: >-
  Get "http://bulk-updater-kn-channel.pass.svc.cluster.local": dial tcp: lookup
  bulk-updater-kn-channel.pass.svc.cluster.local on 172.20.0.10:53: no such host
stacktrace: "knative.dev/eventing-kafka-broker/control-plane/pkg/prober.probe\n\tknative.dev/eventing-kafka-broker/control-plane/pkg/prober/prober.go:105\nknative.dev/eventing-kafka-broker/control-plane/pkg/prober.(*asyncProber).probe.func2\n\tknative.dev/eventing-kafka-broker/control-plane/pkg/prober/async_prober.go:136"

The kafka-controller can't do the lookups on the channel services even though Istio Ambient DNS Capture is activated.

As far as I can tell this might be caused by missing service entries for the services with ExternalNames. Knative eventing does not create these service entries. But maybe it should based on this documentation.

Expected behavior

No error reports.

The System

To Reproduce

If the cluster as a working istio ambient setup just add these pod labels to the deployment:

istio.io/dataplane-mode: ambient
sidecar.istio.io/inject: 'false'

Knative release version

Knative: 1.15
Eventing Kafka Broker: 1.15.2

@joke joke added the kind/bug Categorizes issue or PR as related to a bug. label Oct 14, 2024
@pierDipi
Copy link
Member

pierDipi commented Oct 16, 2024

@joke are you using the eventing-istio controllers? https://knative.dev/docs/eventing/features/istio-integration/

we didn't update istio versions for a while in our testing https://github.com/knative-extensions/eventing-istio/blob/main/third_party/istio/manifest.yaml but we've not tried ambient mode either, is this ambient mode specific issue or generally 1.21+ istio doesn't work?

@joke
Copy link
Author

joke commented Oct 16, 2024

@pierDipi I'm not using the eventing-istio controller. But I can try.

I looked at the source code and from what I gathered the controller only creates DestinationRules.
According to the release notes DestinationRules can't be applied to ExternalName services without a ServiceEntry thus they shouldn't have any effect.

@pierDipi
Copy link
Member

I read it the same, with 1.21 eventing-istio is not necessary anymore

@joke
Copy link
Author

joke commented Oct 16, 2024

@pierDipi Some component would need to create the ServiceEntrys tough. Maybe eventing-istio should do that.

@pierDipi
Copy link
Member

would you be interested in contributing?

@joke
Copy link
Author

joke commented Oct 31, 2024

Sure. Any hints want to do?
Like should the solution be implemented in eventing-istio. Or a new component? Or should net-istio do such a thing. And how do things relate to the net-gateway-api extension?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Development

No branches or pull requests

2 participants