ip-algo: rename pod field to app; image from pod spec
Build flock Image / build (push) Has been cancelled
Build flock Image / build (push) Has been cancelled
The `pod` field hashed pod.Name, which differs per replica because of
the ReplicaSet pod-template-hash + 5-char random suffix. With
namespace,pod,image, all replicas of the same Deployment got distinct
hextets even though they were the same workload.
Replace `pod` with `app` — a stable workload identifier derived from
the controller chain:
- Deployment → ReplicaSet → Pod: strip the pod-template-hash suffix
from the RS name (`traefik-789df685f` → `traefik`).
- StatefulSet/DaemonSet/Job → Pod: use controller name as-is.
- Bare pod: pod name.
Image now comes from pod.Spec.Containers[0].Image (the spec'd
reference). 64-hex-char values are treated as sha256 digests and
parsed as before; everything else (image:tag, short SHA) is FNV-1a-64'd
as a string. This makes `traefik:v3.5` deterministic across replicas
without needing the runtime-resolved digest.
Net effect: namespace,app,image yields identical hextets across all
replicas of the same Deployment except the trailing random N nibble.
embed.Values.Pod → App; AllocRequest.Pod kept for log context only,
new App and Image fields drive the embed call. handlers.go computes
both via deriveAppName + podImageRef helpers.
Tests: 7 new TestDeriveAppName_* cases (Deploy/STS/DS/bare/RS-without-
hash/non-controller-owner) + TestPodImageRef. Existing fuzz seeds
updated for the new keyword.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Donavan Fritz
@@ -70,8 +70,8 @@ func TestEmbed_Slash64Deterministic(t *testing.T) {
|
||||
// /64 with 3 fields: 5+5+5+1 nibbles = 64-bit IID.
|
||||
net64 := mustCIDR(t, "2602:817:3000:f001::/64")
|
||||
addr, err := Embed(net64,
|
||||
[]Field{FieldNamespace, FieldPod, FieldImage},
|
||||
Values{Namespace: "mail", Pod: "stalwart-0", ImageFallback: "container-abc"},
|
||||
[]Field{FieldNamespace, FieldApp, FieldImage},
|
||||
Values{Namespace: "mail", App: "stalwart", ImageFallback: "container-abc"},
|
||||
0xe,
|
||||
)
|
||||
if err != nil {
|
||||
@@ -79,8 +79,8 @@ func TestEmbed_Slash64Deterministic(t *testing.T) {
|
||||
}
|
||||
// Property: same inputs → same output (twice).
|
||||
addr2, err := Embed(net64,
|
||||
[]Field{FieldNamespace, FieldPod, FieldImage},
|
||||
Values{Namespace: "mail", Pod: "stalwart-0", ImageFallback: "container-abc"},
|
||||
[]Field{FieldNamespace, FieldApp, FieldImage},
|
||||
Values{Namespace: "mail", App: "stalwart", ImageFallback: "container-abc"},
|
||||
0xe,
|
||||
)
|
||||
if err != nil {
|
||||
@@ -101,8 +101,8 @@ func TestEmbed_Slash64Deterministic(t *testing.T) {
|
||||
|
||||
func TestEmbed_DifferentInputsDifferentOutputs(t *testing.T) {
|
||||
net64 := mustCIDR(t, "2602:817:3000:f001::/64")
|
||||
a, _ := Embed(net64, []Field{FieldNamespace, FieldPod}, Values{Namespace: "ns1", Pod: "p1"}, 0)
|
||||
b, _ := Embed(net64, []Field{FieldNamespace, FieldPod}, Values{Namespace: "ns2", Pod: "p1"}, 0)
|
||||
a, _ := Embed(net64, []Field{FieldNamespace, FieldApp}, Values{Namespace: "ns1", App: "p1"}, 0)
|
||||
b, _ := Embed(net64, []Field{FieldNamespace, FieldApp}, Values{Namespace: "ns2", App: "p1"}, 0)
|
||||
if a.Equal(b) {
|
||||
t.Fatalf("different namespace produced identical IID: %s", a)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user