Subset DestinationRule merge cause cds cache is not invalid

### Bug Description

we have two destinationrule with same host.  e.g:
dynamic-1-demo-gateway
```
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: dynamic-1-demo-gateway
  namespace: gateway-system
spec:
  host: istio-e2e-app.apigw-demo.svc.cluster.local
  subsets:
    name: dynamic-1-demo-gateway
    trafficPolicy:
      connectionPool:
        http:
          http1MaxPendingRequests: 10250
          http2MaxRequests: 2124
          idleTimeout: 3s
        tcp:
          connectTimeout: 60s
          maxConnections: 60222
      loadBalancer:
        simple: ROUND_ROBIN
```

dynamic-2-demo-gateway
```
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: dynamic-2-demo-gateway
spec:
  host: istio-e2e-app.apigw-demo.svc.cluster.local
  subsets:
  - name: dynamic-2-demo-gateway
    trafficPolicy:
      tls:
        mode: DISABLE
```

CDS caching is enabled: PILOT_ENABLE_CDS_CACHE is true
when i modify dynamic-1-demo-gateway configs, e.g: update tcp maxConnections, 
curl istiod/debug/config_dump?proxyID={proxy}.ns | less, get cds not update.

When i update config PILOT_ENABLE_CDS_CACHE to false, is ok.


### Version

```prose
istiod version: 1.12

destinationrule eg:

dynamic-1-demo-gateway
`apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: dynamic-1-demo-gateway
  namespace: gateway-system
spec:
  host: istio-e2e-app.apigw-demo.svc.cluster.local
  subsets:
    name: dynamic-1-demo-gateway
    trafficPolicy:
      connectionPool:
        http:
          http1MaxPendingRequests: 10250
          http2MaxRequests: 2124
          idleTimeout: 3s
        tcp:
          connectTimeout: 60s
          maxConnections: 60222
      loadBalancer:
        simple: ROUND_ROBIN`

dynamic-2-demo-gateway
`apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: dynamic-2-demo-gateway
spec:
  host: istio-e2e-app.apigw-demo.svc.cluster.local
  subsets:
  - name: dynamic-2-demo-gateway
    trafficPolicy:
      tls:
        mode: DISABLE`
```


### Additional Information

Debug codes, i see the cahce configIndex is from destinationrule name
```
func (b EndpointBuilder) DependentConfigs() []model.ConfigKey {
	configs := []model.ConfigKey{}
	if b.destinationRule != nil {
		configs = append(configs, model.ConfigKey{Kind: gvk.DestinationRule, Name: b.destinationRule.Name, Namespace: b.destinationRule.Namespace})
	}
	if b.service != nil {
		configs = append(configs, model.ConfigKey{Kind: gvk.ServiceEntry, Name: string(b.service.Hostname), Namespace: b.service.Attributes.Namespace})
	}
	return configs
}
```

But, in destinatonrule merge， subset info may be merged to one destinationrule, this will cause  some cds cache can not invalid.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Subset DestinationRule merge cause cds cache is not invalid #39726

Bug Description

Version

Additional Information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Subset DestinationRule merge cause cds cache is not invalid #39726

Description

Bug Description

Version

Additional Information

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions