Skip to content

add destination rules for sequencer high performance gRPC #3402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
mblaze-da wants to merge 2 commits into
base: main
Choose a base branch
from
+194 −1
Draft

add destination rules for sequencer high performance gRPC #3402

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ba95f22
add destination rules for sequencer high performance gRPC
mblaze-da Dec 12, 2025
4a0ff83
Merge branch 'main' into mblaze-da/sequencer-high-perf-grpc/2791
mblaze-da Dec 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
136 changes: 136 additions & 0 deletions cluster/expected/infra/expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3394,6 +3394,74 @@
"provider": "",
"type": "kubernetes:security.istio.io/v1:AuthorizationPolicy"
},
{
"custom": true,
"id": "",
"inputs": {
"apiVersion": "networking.istio.io/v1beta1",
"kind": "DestinationRule",
"metadata": {
"name": "sv-1-global-domain-3-sequencer-high-perf-grpc-rule",
"namespace": "cluster-ingress"
},
"spec": {
"host": "global-domain-3-sequencer.sv-1.svc.cluster.local",
"trafficPolicy": {
"connectionPool": {
"http": {
"http1MaxPendingRequests": 10000,
"http2MaxRequests": 10000,
"maxConcurrentStreams": 10000,
"maxRequestsPerConnection": 0
},
"tcp": {
"maxConnections": 10000
}
},
"loadBalancer": {
"simple": "LEAST_REQUEST"
}
}
}
},
"name": "sv-1-global-domain-3-sequencer-high-perf-grpc-rule",
"provider": "",
"type": "kubernetes:networking.istio.io/v1beta1:DestinationRule"
},
{
"custom": true,
"id": "",
"inputs": {
"apiVersion": "networking.istio.io/v1beta1",
"kind": "DestinationRule",
"metadata": {
"name": "sv-1-global-domain-4-sequencer-high-perf-grpc-rule",
"namespace": "cluster-ingress"
},
"spec": {
"host": "global-domain-4-sequencer.sv-1.svc.cluster.local",
"trafficPolicy": {
"connectionPool": {
"http": {
"http1MaxPendingRequests": 10000,
"http2MaxRequests": 10000,
"maxConcurrentStreams": 10000,
"maxRequestsPerConnection": 0
},
"tcp": {
"maxConnections": 10000
}
},
"loadBalancer": {
"simple": "LEAST_REQUEST"
}
}
}
},
"name": "sv-1-global-domain-4-sequencer-high-perf-grpc-rule",
"provider": "",
"type": "kubernetes:networking.istio.io/v1beta1:DestinationRule"
},
{
"custom": true,
"id": "",
Expand Down Expand Up @@ -3430,6 +3498,74 @@
"provider": "",
"type": "kubernetes:security.istio.io/v1:AuthorizationPolicy"
},
{
"custom": true,
"id": "",
"inputs": {
"apiVersion": "networking.istio.io/v1beta1",
"kind": "DestinationRule",
"metadata": {
"name": "sv-2-global-domain-3-sequencer-high-perf-grpc-rule",
"namespace": "cluster-ingress"
},
"spec": {
"host": "global-domain-3-sequencer.sv-2.svc.cluster.local",
"trafficPolicy": {
"connectionPool": {
"http": {
"http1MaxPendingRequests": 10000,
"http2MaxRequests": 10000,
"maxConcurrentStreams": 10000,
"maxRequestsPerConnection": 0
},
"tcp": {
"maxConnections": 10000
}
},
"loadBalancer": {
"simple": "LEAST_REQUEST"
}
}
}
},
"name": "sv-2-global-domain-3-sequencer-high-perf-grpc-rule",
"provider": "",
"type": "kubernetes:networking.istio.io/v1beta1:DestinationRule"
},
{
"custom": true,
"id": "",
"inputs": {
"apiVersion": "networking.istio.io/v1beta1",
"kind": "DestinationRule",
"metadata": {
"name": "sv-2-global-domain-4-sequencer-high-perf-grpc-rule",
"namespace": "cluster-ingress"
},
"spec": {
"host": "global-domain-4-sequencer.sv-2.svc.cluster.local",
"trafficPolicy": {
"connectionPool": {
"http": {
"http1MaxPendingRequests": 10000,
"http2MaxRequests": 10000,
"maxConcurrentStreams": 10000,
"maxRequestsPerConnection": 0
},
"tcp": {
"maxConnections": 10000
}
},
"loadBalancer": {
"simple": "LEAST_REQUEST"
}
}
}
},
"name": "sv-2-global-domain-4-sequencer-high-perf-grpc-rule",
"provider": "",
"type": "kubernetes:networking.istio.io/v1beta1:DestinationRule"
},
{
"custom": true,
"id": "",
Expand Down
59 changes: 58 additions & 1 deletion cluster/pulumi/infra/src/istio.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -635,6 +635,60 @@ function configurePublicInfo(ingressNs: k8s.core.v1.Namespace): k8s.apiextension
: [];
}

function configureSequencerHighPerformanceGrpcDestinationRules(
ingressNs: k8s.core.v1.Namespace
): Array<k8s.apiextensions.CustomResource> {
return [
...(function* () {
for (const migration of DecentralizedSynchronizerUpgradeConfig.runningMigrations()) {
for (const sv of coreSvsToDeploy) {
Copy link
Contributor

@martinflorian-da martinflorian-da Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not allSvsToDeploy? I guess it doesn't matter for MainNet (only core SVs there), but for consistency?

yield configureSequencerHighPerformanceGrpcDestinationRule(
ingressNs,
sv.ingressName,
migration.id
);
}
}
})(),
];
}

function configureSequencerHighPerformanceGrpcDestinationRule(
ingressNs: k8s.core.v1.Namespace,
ingressName: string,
migrationId: number
): k8s.apiextensions.CustomResource {
const sequencerName = `global-domain-${migrationId}-sequencer`;
const ruleName = `${ingressName}-${sequencerName}-high-perf-grpc-rule`;
return new k8s.apiextensions.CustomResource(ruleName, {
apiVersion: 'networking.istio.io/v1beta1',
kind: 'DestinationRule',
metadata: {
name: ruleName,
namespace: ingressNs.metadata.name,
},
spec: {
host: `${sequencerName}.${ingressName}.svc.cluster.local`,
Copy link
Contributor

@martinflorian-da martinflorian-da Dec 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be clear: The intention here is to use k8s-internal addresses, not the external one we define via VirtualService?

If so... can't you just check on a scratchnet cluster or CILR if you got the hostname right? I'd launch a shell on some validator pod and try reaching the endpoint from there via curl or grpcurl.

(Not very confident about the networking stuff here myself...)

trafficPolicy: {
loadBalancer: {
simple: 'LEAST_REQUEST',
},
connectionPool: {
http: {
http1MaxPendingRequests: 10000,
http2MaxRequests: 10000,
maxConcurrentStreams: 10000,
maxRequestsPerConnection: 0,
},
tcp: {
maxConnections: 10000,
},
},
},
},
});
}

export function configureIstio(
ingressNs: ExactNamespace,
ingressIp: pulumi.Output<string>,
Expand All @@ -653,7 +707,10 @@ export function configureIstio(
const gateways = configureGateway(ingressNs, gwSvc, cometBftSvc);
const docsAndReleases = configureDocsAndReleases(true, gateways);
const publicInfo = configurePublicInfo(ingressNs.ns);
return [...gateways, ...docsAndReleases, ...publicInfo];
const sequencerHighPerformanceGrpcRules = configureSequencerHighPerformanceGrpcDestinationRules(
ingressNs.ns
);
return [...gateways, ...docsAndReleases, ...publicInfo, ...sequencerHighPerformanceGrpcRules];
}

export function istioMonitoring(
Expand Down