made cartographer VS check conditional (#435)

made cartographer VS check conditional

The cartographer VS check is only needed to verify if .mesh DR should be
pinned. This check is not needed anywhere else.

Author: shriramsharma

admiral/pkg/clusters/serviceentry.go

@@ -1571,8 +1571,10 @@ func AddServiceEntriesWithDrWorker(
 		currentDR := getCurrentDRForLocalityLbSetting(rr, isServiceEntryModifyCalledForSourceCluster, cluster, se, partitionedIdentity)
 		ctxLogger.Infof("currentDR set for dr=%v cluster=%v", getIstioResourceName(se.Hosts[0], "-default-dr"), cluster)
 
+		// performCartographerVSCheck is set to true because we need to check if cartographer VS's exportTo
+		// has been modified to dot before pinning the .mesh DR
 		doDRUpdateForInClusterVSRouting := DoDRUpdateForInClusterVSRouting(
-			ctx, ctxLogger, env, cluster, identityId, isServiceEntryModifyCalledForSourceCluster, rr, se)
+			ctx, ctxLogger, env, cluster, identityId, isServiceEntryModifyCalledForSourceCluster, rr, se, true)
 
 		ctxLogger.Infof(
 			common.CtxLogFormat, "AddServiceEntriesWithDrWorker", "", "", cluster,

admiral/pkg/clusters/virtualservice_routing.go

@@ -539,7 +539,8 @@ func generateVirtualServiceForIncluster(
 	virtualService.Spec.ExportTo = []string{common.GetSyncNamespace()}
 	vsRoutingInclusterEnabledForClusterAndIdentity := false
 	if common.EnableExportTo(vsName) &&
-		DoVSRoutingInClusterForClusterAndIdentity(ctx, ctxLogger, env, sourceCluster, sourceIdentity, remoteRegistry) {
+		DoVSRoutingInClusterForClusterAndIdentity(
+			ctx, ctxLogger, env, sourceCluster, sourceIdentity, remoteRegistry, false) {
 		vsRoutingInclusterEnabledForClusterAndIdentity = true
 		virtualService.Spec.ExportTo = getSortedDependentNamespaces(
 			remoteRegistry.AdmiralCache, vsName, sourceCluster, ctxLogger, true)
@@ -847,7 +848,10 @@ func shouldPerformDRPinning(
 		return false
 	}
 
-	if !DoVSRoutingInClusterForClusterAndIdentity(ctx, ctxLogger, env, sourceCluster, sourceIdentity, remoteRegistry) {
+	// performCartographerVSCheck param is set to true since it is needed to make a decision
+	// if DR pinning should be performed
+	if !DoVSRoutingInClusterForClusterAndIdentity(
+		ctx, ctxLogger, env, sourceCluster, sourceIdentity, remoteRegistry, true) {
 		ctxLogger.Infof(common.CtxLogFormat, "shouldPerformDRPinning",
 			vsName, common.NamespaceIstioSystem, sourceCluster,
 			fmt.Sprintf("DoVSRoutingInClusterForClusterAndIdentity=false for cluster %s and identity %s", sourceCluster, sourceIdentity))
@@ -1742,26 +1746,27 @@ func addUpdateInClusterDestinationRule(
 	}
 
 	for sourceCluster, drHosts := range sourceClusterToDRHosts {
-		if !DoVSRoutingInClusterForClusterAndIdentity(ctx, ctxLogger, env, sourceCluster, sourceIdentity, remoteRegistry) {
-			ctxLogger.Infof(common.CtxLogFormat, "VSBasedRoutingInCluster",
-				"", "", sourceCluster,
-				fmt.Sprintf("Writing phase: addUpdateInClusterDestinationRule: VS based routing in-cluster disabled for cluster %s and identity %s", sourceCluster, sourceIdentity))
-			continue
-		}
-
-		ctxLogger.Info(common.CtxLogFormat, "VSBasedRoutingInCluster",
-			"", "", sourceCluster,
-			fmt.Sprintf("Writing phase: addUpdateInClusterDestinationRule: VS based routing in-cluster enabled for cluster %s and identity %s", sourceCluster, sourceIdentity))
-
 		san := fmt.Sprintf("%s%s/%s", common.SpiffePrefix, common.GetSANPrefix(), sourceIdentity)
 
 		clientTLSSettings := &networkingV1Alpha3.ClientTLSSettings{
 			Mode:            networkingV1Alpha3.ClientTLSSettings_ISTIO_MUTUAL,
 			SubjectAltNames: []string{san},
 		}
 
-		exportToNamespaces := getSortedDependentNamespaces(
-			remoteRegistry.AdmiralCache, cname, sourceCluster, ctxLogger, true)
+		exportToNamespaces := []string{common.GetSyncNamespace()}
+		if common.EnableExportTo(cname) &&
+			DoVSRoutingInClusterForClusterAndIdentity(
+				ctx, ctxLogger, env, sourceCluster, sourceIdentity, remoteRegistry, false) {
+			exportToNamespaces = getSortedDependentNamespaces(
+				remoteRegistry.AdmiralCache, cname, sourceCluster, ctxLogger, true)
+			ctxLogger.Info(common.CtxLogFormat, "VSBasedRoutingInCluster",
+				"", "", sourceCluster,
+				fmt.Sprintf("Writing phase: addUpdateInClusterDestinationRule: VS based routing in-cluster enabled for cluster %s and identity %s", sourceCluster, sourceIdentity))
+		} else {
+			ctxLogger.Infof(common.CtxLogFormat, "VSBasedRoutingInCluster",
+				"", "", sourceCluster,
+				fmt.Sprintf("Writing phase: addUpdateInClusterDestinationRule: VS based routing in-cluster disabled for cluster %s and identity %s", sourceCluster, sourceIdentity))
+		}
 
 		err := addUpdateRoutingDestinationRule(
 			ctx, ctxLogger, remoteRegistry, drHosts, sourceCluster,
@@ -2331,13 +2336,16 @@ func mergeHosts(hosts1 []string, hosts2 []string) []string {
 // or for a specific cluster and identity.
 // It also checks if there is a custom Virtual Service in the identity's namespace
 // and if the Cartographer Virtual Service is disabled for the given cluster and identity.
+// performCartographerVSCheck is a flag to indicate whether to perform the Cartographer VS check as this check
+// is only needed to verify if .mesh DR pinning should be performed.
 func DoVSRoutingInClusterForClusterAndIdentity(
 	ctx context.Context,
 	ctxLogger *log.Entry,
 	env,
 	cluster,
 	identity string,
-	remoteRegistry *RemoteRegistry) bool {
+	remoteRegistry *RemoteRegistry,
+	performCartographerVSCheck bool) bool {
 
 	// Check if the feature is enabled globally
 	if !common.GetEnableVSRoutingInCluster() {
@@ -2380,24 +2388,29 @@ func DoVSRoutingInClusterForClusterAndIdentity(
 			return false
 		}
 
-		// Check if the Cartographer Virtual Service is disabled
-		// We will disable this feature if the Cartographer VS does not have dot in exportTo
-		rc := remoteRegistry.GetRemoteController(cluster)
-		if rc == nil {
-			ctxLogger.Warnf(common.CtxLogFormat, "DoVSRoutingInClusterForClusterAndIdentity",
-				identity, "", cluster, "remote controller is nil")
-			return false
-		}
-		isCartographerVSDisabled, err := IsCartographerVSDisabled(ctx, ctxLogger, rc, env, identity, getCustomVirtualService)
-		if err != nil {
-			ctxLogger.Warnf(common.CtxLogFormat, "DoVSRoutingInClusterForClusterAndIdentity",
-				identity, "", cluster, fmt.Sprintf("failed IsCartographerVSDisabled check due to error %v", err))
-			return false
-		}
-		if !isCartographerVSDisabled {
-			ctxLogger.Infof(common.CtxLogFormat, "DoVSRoutingInClusterForClusterAndIdentity",
-				identity, "", cluster, fmt.Sprintf("isCartographerVSDisabled=%v", isCartographerVSDisabled))
-			return false
+		// This should be set to true if we need to check if .mesh DR should be pinned to remote
+		// region or not. For the DR to be pinned, the cartographer VS should have exportTo set to
+		// dot
+		if performCartographerVSCheck {
+			// Check if the Cartographer Virtual Service is disabled
+			// We will disable this feature if the Cartographer VS does not have dot in exportTo
+			rc := remoteRegistry.GetRemoteController(cluster)
+			if rc == nil {
+				ctxLogger.Warnf(common.CtxLogFormat, "DoVSRoutingInClusterForClusterAndIdentity",
+					identity, "", cluster, "remote controller is nil")
+				return false
+			}
+			isCartographerVSDisabled, err := IsCartographerVSDisabled(ctx, ctxLogger, rc, env, identity, getCustomVirtualService)
+			if err != nil {
+				ctxLogger.Warnf(common.CtxLogFormat, "DoVSRoutingInClusterForClusterAndIdentity",
+					identity, "", cluster, fmt.Sprintf("failed IsCartographerVSDisabled check due to error %v", err))
+				return false
+			}
+			if !isCartographerVSDisabled {
+				ctxLogger.Infof(common.CtxLogFormat, "DoVSRoutingInClusterForClusterAndIdentity",
+					identity, "", cluster, fmt.Sprintf("isCartographerVSDisabled=%v", isCartographerVSDisabled))
+				return false
+			}
 		}
 
 		return true
@@ -2431,7 +2444,8 @@ func DoDRUpdateForInClusterVSRouting(
 	identity string,
 	isSourceCluster bool,
 	remoteRegistry *RemoteRegistry,
-	se *networkingV1Alpha3.ServiceEntry) bool {
+	se *networkingV1Alpha3.ServiceEntry,
+	performCartographerVSCheck bool) bool {
 
 	if remoteRegistry == nil {
 		ctxLogger.Warnf(common.CtxLogFormat, "DoDRUpdateForInClusterVSRouting",
@@ -2451,7 +2465,7 @@ func DoDRUpdateForInClusterVSRouting(
 		return false
 	}
 	if isSourceCluster &&
-		DoVSRoutingInClusterForClusterAndIdentity(ctx, ctxLogger, env, cluster, identity, remoteRegistry) {
+		DoVSRoutingInClusterForClusterAndIdentity(ctx, ctxLogger, env, cluster, identity, remoteRegistry, performCartographerVSCheck) {
 		return true
 	}
 	return false

admiral/pkg/clusters/virtualservice_routing_test.go

@@ -8713,7 +8713,7 @@ func TestDoDRUpdateForInClusterVSRouting(t *testing.T) {
 			common.InitializeConfig(p)
 
 			assert.Equal(t, tc.expected, DoDRUpdateForInClusterVSRouting(context.Background(),
-				ctxLogger, tc.env, tc.cluster, tc.identity, tc.isSourceCluster, tc.remoteRegistry, tc.serviceEntry))
+				ctxLogger, tc.env, tc.cluster, tc.identity, tc.isSourceCluster, tc.remoteRegistry, tc.serviceEntry, true))
 		})
 	}
 
@@ -8866,6 +8866,7 @@ func TestDoVSRoutingInClusterForClusterAndIdentity(t *testing.T) {
 		vsRoutingInClusterDisabledResources   map[string]string
 		remoteRegistry                        *RemoteRegistry
 		expected                              bool
+		performCartographerVSCheck            bool
 	}{
 		{
 			name: "Given enableVSRoutingInCluster is false, enabledVSRoutingInClusterForResources is empty" +
@@ -8913,6 +8914,7 @@ func TestDoVSRoutingInClusterForClusterAndIdentity(t *testing.T) {
 			enabledVSRoutingInClusterForResources: map[string]string{"cluster9": "*"},
 			remoteRegistry:                        remoteRegistry,
 			expected:                              false,
+			performCartographerVSCheck:            true,
 		},
 		{
 			name: "Given enableVSRoutingInCluster is true, and given cluster does exists in the map" +
@@ -9012,7 +9014,7 @@ func TestDoVSRoutingInClusterForClusterAndIdentity(t *testing.T) {
 			common.InitializeConfig(p)
 
 			assert.Equal(t, tc.expected, DoVSRoutingInClusterForClusterAndIdentity(
-				context.Background(), ctxLogger, tc.env, tc.cluster, tc.identity, tc.remoteRegistry))
+				context.Background(), ctxLogger, tc.env, tc.cluster, tc.identity, tc.remoteRegistry, tc.performCartographerVSCheck))
 		})
 	}