Hive Hive
Sign in
Projects
Domains
Forage
Specs
Drops

feat(kura): add cross-region peer gateway discovery

GitHub issue · Closed

Metadata
Source
tuist/tuist #11173
Updated
Jun 24, 2026
Domains
Kura
Details

Resolves N/A

Adds cross-region Kura peer gateway discovery for tenant meshes while keeping runtime activation staged behind shared peer TLS.

This introduces optional KuraInstance fields for a regional peer gateway, global discovery DNS, and externally managed peer TLS. The controller now reconciles a primary-pinned peer LoadBalancer whenever the peer gateway DNS fields are present, and only enables Kura global discovery env when a shared peer TLS Secret is configured. That lets the peer Service and external-dns records reconcile as soon as the server deploys the new manifest revision, without switching runtime replication into a trust domain that is not ready yet.

Kura now supports separate local and global DNS discovery. Local discovery continues to use pod-local headless DNS and advertises KURA_NODE_URL; global discovery queries /_internal/status?scope=global so remote regions learn the stable regional KURA_PEER_GATEWAY_URL instead of unreachable pod DNS.

The server provisioner stamps KuraInstance manifests with a revision annotation and the reconciler re-applies active manifests when the live revision differs from the code revision, even if the Kura runtime image tag has not changed. This makes the new CRD/controller spec reconcile after this deploy rather than waiting for a future runtime image rollout.

How to test locally

  • mise x go@1.25 -- go test ./... from infra/kura-controller
  • mise x rust@1.90 -- cargo test config::tests::from_lookup_parses_optional_discovery_dns_name from kura
  • mise x rust@1.90 -- cargo test replication::tests::discover_targets_keeps_dns_names_for_https_peers from kura
  • mise x rust@1.90 -- cargo test http::tests::internal_status_advertises_gateway_url_for_global_discovery from kura
  • elixir -e 'Enum.each(System.argv(), fn path -> Code.string_to_quoted!(File.read!(path)); IO.puts("ok #{path}") end)' lib/tuist/environment.ex lib/tuist/kura/regions.ex lib/tuist/kura/provisioner.ex lib/tuist/kura/provisioner/kubernetes_controller.ex lib/tuist/kura/reconciler.ex test/tuist/kura/provisioner/kubernetes_controller_test.exs from server
  • git diff --check

Full server tests were not run because this worktree is missing Mix dependencies and mix test test/tuist/kura/provisioner/kubernetes_controller_test.exs stops at mix deps.get requirements.

Comments
TA
tuist-atlas[bot] Jun 10, 2026

Cross-region peer gateway discovery is now available in xcresult-processor-image@0.13.0. Update to this version to use it.