Comments (8)
Do we really need the capability for East-West? What is the reason? Through service discovery we know what kind of services are provided and how to reach them. Whats left is defining policies that enforce who can talk to whom and that is covered under traffic access control
from smi-spec.
My take on this is you have an actual Service resource, something like...
Service
|--Identity
|--Listeners
|----Listener
|------Port
|------Authenticated
|------Routes
|--------HTTPRouteGroup
|--Upstreams
|----Upstream
A TrafficTarget would reference the routes defined within a listener to control ingress, egress now I think about it should probably be a separate object TrafficDesination (terrible name).
We should probably kick this off after KubeCon, I am guessing most people are quite busy right now, would also be interesting to see what the community things once this gets opened up.
from smi-spec.
@aanandr I think this will be an ask of the community as this is a major and popular part of istio, basically the VirtualService API. I'm reading over the spec with the idea if I can replace my istio integration with SMI. Right now I can't because I see no ability to do L7 routing of traffic, which is crucial.
from smi-spec.
If it's helpful context, we intentionally left this out of the initial scope so we could deliver something concrete for kubecon. It will definitely be an open topic afterwards ;)
from smi-spec.
Just a question, this is a replacement, complement or something that "competes" with Ingress? (the
spec).
Just in case, this was presented today https://static.sched.com/hosted_files/kccnceu19/97/%5Bwith%20speaker%20notes%5D%20Kubecon%20EU%202019_%20Ingress%20V2%20%26%20Multi-Cluster%20Services.pdf
from smi-spec.
@aledbf SMI is predominately concerned with East/West traffic (traffic inside the cluster) where Ingress concerns North/South (traffic into the cluster). There is a little overlap as at some point the traffic from the ingress needs to be securely routed to upstream services. Good call raising this, this interaction does need to be explained and specified.
from smi-spec.
@nicholasjackson thank you for the clarification.
from smi-spec.
If SMI were to consider adopting the HTTPRoute
CRs from the Gateway API Spec (as originally mentioned in #66 (comment) and discussed again today during the SMI community meeting), the planned work around "route delegation" discussed in kubernetes-sigs/gateway-api#634 sounds like it might be able to address this need?
from smi-spec.
Related Issues (20)
- when to validate traffic target
- `Matches` in `TrafficSplit` is unclear HOT 12
- Add the (required) `apiVersion` field to all YAML file examples HOT 1
- Clarify behavior of overlapping rules and routing resolution in TrafficSplit HOT 1
- Support API/Interface
- Support Exact and Prefix matches for URI path in HTTPRouteGroup
- The Header Match format in HTTPRouteGroup description is not consistent with smi-sdk-go HOT 2
- TrafficTarget should be created in same namespace as destination
- No warning if incorrect yaml is applied for Traffic Split HOT 1
- Logical relationships between multiple match condition in TrafficSplit resource HOT 1
- Trafficsplit based on sourcelabel? HOT 3
- CRD installation HOT 1
- support queryParams in TrafficSpec HOT 1
- Question about A/B testing with traffic splits HOT 1
- Does the TrafficSplit spec allow for identification of a default route for unmatched traffic? HOT 3
- Depreciation of TrafficRoutes in favor of supporting Kubernetes Gateway API - WIP HOT 7
- Question: Header-based TrafficSplit
- Any plans for mirroring?
- State of SMI Spec HOT 6
- CNCF TOC annual review due HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from smi-spec.