fix: ensure VS is updated when delegation is enabled #1818
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jhuliano Skittberg Moreno <[email protected]>
Signed-off-by: Jhuliano Skittberg Moreno <[email protected]>
jhuliano
force-pushed
the
fix/istio-vs-delegation
branch
from
290ae8e to
38766d4
Compare
jhuliano
commented
Jul 31, 2025
| @@ -68,8 +68,7 @@ spec: | |||
| service: | |||
| port: 80 | |||
| targetPort: 9898 | |||
| portDiscovery: true | |||
There was a problem hiding this comment.
Removed portDiscovery: true because it was workaround for the reported issue.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1818 +/- ##
===========================================
- Coverage 39.44% 28.46% -10.98%
===========================================
Files 287 287
Lines 22706 22810 +104
===========================================
- Hits 8956 6494 -2462
- Misses 12777 15594 +2817
+ Partials 973 722 -251 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
jhuliano
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes a bug where Flagger failed to remove
gatewaysandhostsfrom an IstioVirtualServicewhen the Canary was updated to enable the delegation feature.The Problem
When a user enables the istio route delegation by setting
spec.service.delegation: trueand removinggatewaysandhostsfrom theCanaryspec, the reconciliation logic did not properly update the managedVirtualService.See #1464 for more details.
The Solution
The reconciliation logic has been updated to explicitly trigger a update on the VS removing the
gatewaysandhostswhen delegation is enabled. This ensures the managedVirtualServiceis correctly synced.I'm not sure if this is the best solution since at the core the problem seems to be that the reconciliation logic is doing a diff but because the
virtualService.Spec(VS that is read from the cluster) is updated on the fly with empty ([]) hosts and gateways, the removal ofhostsandgatewaysare never detected by the diff.I thought the best option would be to simply NOT modify the
virtualServicevariable, but this seemed to generate other bugs where aflagger.kubernetes.io/original-configurationannotation was added on the VS and the canary got stuck in progressing at 10% traffic, which I couldn't fully understand how to fix.Testing
To validate the fix I have done the following:
Additional notes
This issue has some quirky workarounds that actually triggers the diff and in-turn causes the VS to be updated, for example, with the E2E I found out that setting
portDiscovery: truecauses the diff logic to trigger and update the VS as expected.Fixes #1464