feat(kuma-cp): deduplicate dataplane inbounds by address and port combination

[Automaat]

Motivation

We now can have multiple inbounds if multiple services select the same address and port, but we will generate Envoy resources only for one of these. We should deduplicate them on creation so that we don't have inbounds that don't correlate with Envoy resources. This can be also useful for GUI

xref #13108

Fix: #12123

[github-actions]

Reviewer Checklist

🔍 Each of these sections need to be checked by the reviewer of the PR 🔍:
If something doesn't apply please check the box and add a justification if the reason is non obvious.

• Is the PR title satisfactory? Is this part of a larger feature and should be grouped using > Changelog?
• PR description is clear and complete. It Links to relevant issue as well as docs and UI issues
• This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as an image registry)
• IPv6 is taken into account (.e.g: no string concatenation of host port)
• Tests (Unit test, E2E tests, manual test on universal and k8s)
  • Don't forget ci/ labels to run additional/fewer tests
• Does this contain a change that needs to be notified to users? In this case, UPGRADE.md should be updated.
• Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label)

[jijiechen]

The code will be left here for future usage, so readers are from the future. Should it be changed to "We are only create one listener for last inbound now, but in the previous version, LegacyInboundInterfacesFor, we built multiple inbounds for each service selecting port"

[jijiechen]

Looks good to me.

not ready yet

[jijiechen]

Do we need to sort services []*kube_core.Service before iterate over it? To keep consistant results when deduplicated in multiple runs.

[Automaat]

we sort inbounds at the end

[jijiechen]

In one of my testing, I found when the service port is different than the targetPort, the two inbounds generated on the DP has the same name and port, but they have different k8s.kuma.io/service-port tags: one of them is incorrect. So in this case, we need to remove the one with incorrect tag. Could you also verify this?

[Automaat]

do you mean the situation when we have service with two ports?
With this approach we don't care about tags, inbound tags will be gone after we fully switch to MeshService exclusive. I think in this situation we will just create inbound from pod port

[lobkovilya]

you can reference the issue #3339

[lobkovilya]

nit: it's a public method, please use a proper doc comments that starts with // InboundInterfacesFor ...

[lobkovilya]

Please create a private method inboundInterfaceFor so that methods looks like

func (i *InboundConverter) LegacyInboundInterfacesFor(ctx context.Context, zone string, pod *kube_core.Pod, services []*kube_core.Service) ([]*mesh_proto.Dataplane_Networking_Inbound, error) {
    return i.inboundInterfacesFor(ctx, zone, pod, services)
}

func (i *InboundConverter) InboundInterfacesFor(ctx context.Context, zone string, pod *kube_core.Pod, services []*kube_core.Service) ([]*mesh_proto.Dataplane_Networking_Inbound, error) {
    inbounds, err := i.inboundInterfacesFor(ctx, zone, pod, services)
    if err != nil {
        return err
    }
    return deduplicateInboundsByAddressAndPort(ifaces), nil
}

Because in the future if duplicated code in LegacyInboundInterfacesFor and InboundInterfacesFor diverges it'll be hard to understand what it takes to remove LegacyInboundInterfacesFor

[lobkovilya]

Probably should be moved out from deduplicateInbounds method, "deduplicate" usually implies:

• the complexity is O(N)
• the order of the input slice is preserved in the output slice

[lobkovilya]

nit: inboundsPerAddressPort?

[lobkovilya]

append to the result slice here, that way you preserve the original order and you won't need another loop on inboundsPerName