istio.io/istio@v0.0.0-20240520182934-d79c90f27776/architecture/networking/controllers.md (about)

     1  # Controllers
     2  
     3  Istio has a variety of [controllers](https://kubernetes.io/docs/concepts/architecture/controller/), which basically watch some inputs and do something.
     4  This can be reading from Kubernetes and writing other objects back, writing to proxies over XDS, etc.
     5  
     6  Unfortunately, writing controllers is very error prone, even for seemingly simple cases.
     7  To work around this, Istio has a variety of abstractions meant to make writing controllers easier.
     8  
     9  ## Clients
    10  
    11  Istio offers a variety of increasingly high level abstractions on top of the common Kubernetes [`client-go`](https://github.com/kubernetes/client-go).
    12  
    13  ```mermaid
    14  flowchart TD
    15      kcg["Kubernetes client-go"]
    16      ic["Istio kube.Client"]
    17      ikc["Istio kclient.Client"]
    18      ikrt["Istio krt.Collection"]
    19      ikrt--"Builds on"-->ikc--"Builds on"-->ic--"Builds on"-->kcg
    20  ```
    21  
    22  **`kube.Client`** is a fairly light wrapper around Kubernetes clients, but offers quite a few benefits.
    23  Istio consumes _many_ different types of clients (at the time of writing, 7), as well as informers for each of these.
    24  Additionally, we often need to convert to various different client forms for different libraries we integrate with.
    25  
    26  `kube.Client` just bundles these all in one place, so we have a single object to pass around anywhere we need Kubernetes access.
    27  Additionally, it has a fake client variant, that does the same thing but with fake clients for use in unit tests.
    28  
    29  Aside from this, there are a few conveniences and workarounds built-in to the client to make things simpler.
    30  
    31  *All Istio Kubernetes usage should use this library and not operate on Kubernetes clients directly.*
    32  
    33  **`kclient.Client`** is a higher level wrapper around a Kubernetes resource, and is built up of sub-parts `kclient.Reader`, `kclient.Writer`, and `kclient.Informer`.
    34  Typically, the whole `kclient.Client` is used,though.
    35  
    36  Functionality offered by `kclient` includes:
    37  * Typed clients (via generics) and more ergonomic APIs
    38  * Ability to make a _delayed_ client. This is used when making clients based on CRDs that may not exist.
    39    In general, Istio does not fail on missing CRDs and prefers to treat these as if there were just zero resources for that client.
    40    The `NewDelayedInformer` abstracts that entirely, offering the same API as normal `kclient.Client`.
    41  * Simple object filtering. Beyond just static filters on objects, `kclient` supports _dynamic filters_ that can change at runtime.
    42    When a filter changes and includes/removes new objects, those are automatically handled.
    43  * Proper syncing and shutdown logic. Checking for when an informer has fully started can be quite tricky; `kclient` automatically handles it.
    44  
    45  Under the `kclient` package, `clienttest` also provides similar interfaces meant for writing unit tests.
    46  
    47  *All Istio informer usage should use this library and not operate on Kubernetes informers directly.*
    48  
    49  **`krt`** is a very high level wrapper around Kubernetes informers, building on top of `kclient`.
    50  
    51  See the [krt README](../../pkg/kube/krt/README.md) for more information.
    52  
    53  *krt is currently experimental; please ask maintainers before utilizing it in new areas.*
    54  
    55  ## Writing Controllers
    56  
    57  The `controllers` package offers a variety of helpers for writing controllers.
    58  These operate in a similar manner as [`controller-runtime`](https://github.com/kubernetes-sigs/controller-runtime) but are *far* smaller and less abstract.
    59  
    60  With a few exceptions, Istio controllers typically are split in two phases: construction and running.
    61  
    62  Construction should create informers (via `kclient.New`), setup a queue (via `controllers.NewQueue`), and register event handlers on the informers.
    63  Often, these handlers are adding something to the queue like `client.AddEventHandler(controllers.ObjectHandler(queue.AddObject))`.
    64  Construction should NOT actually start running all of these things, do I/O, or block in anyway.
    65  
    66  Running the controller actually starts processing things.
    67  Normally, this just means running the queue.
    68  All informers created by `kube.Client` are kept track in the client, and started in one go with `RunAndWait` in one centralized call.
    69  As a result, each individual controllers should simply wait until informers have synced, then run the queue to start processing things.
    70  
    71  A queue is used to give a few properties:
    72  * Ability to serially process updates received from a variety of different sources. This avoids need for other synchronization mechanisms like mutexes.
    73  * Correctness at startup; with the sequencing above, items are only processed once all informers are synced. This means queries will not return stale data at startup.
    74  * Deduping of identical events
    75  * Automatic retrying of failed events (configurable)
    76  
    77  The above logic is critical to handle correctly to ensure correctness of a controller.
    78  The [Example Controller](../../pkg/kube/controllers/example_test.go) is a key reference point for any controller development;
    79  while there are a few exceptional cases that should behave differently, for the most part any divergence from the reference code results in bugs.