Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-380

Pilot requires access to nodes (cluster-scoped resource)

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Major
    • maistra-rc1
    • None
    • pilot
    • None
    • RC1

    Description

      As part of the multitenancy work, we need to solve the issue of Pilot currently requiring privileges to read nodes, which are a cluster-scoped resource.

      Currently, Pilot requires this only to determine pod locality (it gets the node the pod is running on, then retrieves two of its labels (region and zone).

      If it can't get the node for any reason, it only logs a warning, but continues operating.

      See https://github.com/istio/istio/blob/ee61f6e815dd34d6e85a56c695e48b480ee2522e/pilot/pkg/serviceregistry/kube/controller.go#L307-L324

      Attachments

        Issue Links

          is incorporated by

          Task - Represents a small unit of work that is not end-user facing. MAISTRA-425 Introduce controller that copies labels related to pod locality from the node to the pod

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              mluksa@redhat.com Marko Luksa
              mluksa@redhat.com Marko Luksa
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: