Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement a shared ResourceRules structure in MeshContext #13273

Open
lobkovilya opened this issue Mar 31, 2025 · 0 comments
Open

Implement a shared ResourceRules structure in MeshContext #13273

lobkovilya opened this issue Mar 31, 2025 · 0 comments
Labels
kind/design Design doc or related kind/improvement Improvement on an existing feature triage/accepted The issue was reviewed and is complete enough to start working on it

Comments

@lobkovilya
Copy link
Contributor

lobkovilya commented Mar 31, 2025
edited
Loading

Description

Today, Kuma calls outbound.BuildRules method for each xDS connection

kuma/pkg/plugins/policies/core/rules/outbound/resourcerules.go

Line 86 in 4d8c12d

func BuildRules(policies []core_model.Resource, reader common.ResourceReader) (ResourceRules, error) {

This results in an outbound.ResourceRules structure per xDS connection. That's inefficient both from a CPU and memory point of view, as significant parts of these structures are the same.

Imagine a situation where a MeshService backend has only producer policies. In that case, all backend clients have exactly the same backend outbound configuration. But today we're computing and storing this configuration separately for each client.

There is still a way for each client to redefine the configuration for the backend outbound – by using consumer policies. That's why the shared structure in MeshContext can't be a simple MeshService -> Conf map; it has to be more complex and take into account clients with different confs.

Once this structure is implemented, we can switch policy plugins to use it instead of policies.ToRules.ResourceRules:

kuma/pkg/plugins/policies/meshtimeout/plugin/v1alpha1/plugin.go

Line 71 in d3a493d

err := applyToRealResources(rs, policies.ToRules.ResourceRules, ctx.Mesh)

Data structure considerations

Ideally, we'd like to have a data structure that for a given policy type maps (DPP, Mesh*Service) to Conf, but it's clear memory-wise it's going to depend, either on:

  • Number of DPP proxies
  • 2^N, where N is the number of consumer policies (each consumer policy can either match or not match the given DPP proxy)

Neither of the options is ideal.

What we can do, though, is to create a data structure that for a given policy type maps (Proxy, Mesh*Service) to []Conf, so that merging all confs in []Conf gives the resulting structure for Proxy that consumes Mesh*Service. In that case, both memory and the lookup complexity are O(N), where N is the number of consumer policies.
@lobkovilya lobkovilya added kind/feature New feature triage/pending This issue will be looked at on the next triage meeting kind/improvement Improvement on an existing feature and removed kind/feature New feature labels Mar 31, 2025
@lukidzi lukidzi added triage/accepted The issue was reviewed and is complete enough to start working on it kind/design Design doc or related and removed triage/pending This issue will be looked at on the next triage meeting labels Mar 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/design Design doc or related kind/improvement Improvement on an existing feature triage/accepted The issue was reviewed and is complete enough to start working on it
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lobkovilya @lukidzi