fix istioctl analyze vs error when a custom cluster domain

[nicole-lihui]

resolved #33174

Please provide a description of this PR:

[hzxuzhonghu]

can we get MeshConfig with this function? I am not sure, MeshConig is from configmap

[zirain]

there's a hack for MeshConfig.

[hanxiaop]

Yes, the configmap was saved in cache as MeshConfig for analysis during initialization.

[hanxiaop]

Why change this?

[MorrisLaw]

+1 to @hanxiaop question

[nicole-lihui]

I want to end the loop when the loop gets meshconfig, so added here

[howardjohn]

Using globals like this is not safe or acceptable, this will cause data races. note this package is used in long running servers, not just the CLI

[nicole-lihui]

ok, that's indeed a problem, I'll find a new methods.

[MorrisLaw]

What exactly is the todo? Also, does not doing that work now effect the resolution of the issue in any way?

[nicole-lihui]

Based on the description above( why use ** trusDomain** ??), I believe the current solution is only a preliminary workaround. A more optimal solution is needed and requires further discussion.

And I'm not sure how the community plans and designs this aspect, and whether there's a need for unification. Additionally, I think it would be helpful to include some usage documentation, as many people might encounter the same issue.

@zirain @howardjohn @hzxuzhonghu @hanxiaop

[nicole-lihui]

From a bug fix perspective, trustDomain can already resolved the user's issue.

However, I want to implement a more standardized and user-friendly solution. Therefore, I'll add a TODO to drive this improvement forward.

[MorrisLaw]

+1 to @hanxiaop question

[howardjohn]

trustDomain and cluster domain are 100% orthogonal to each other. There is absolutely no relationship at all (beyond the same default) and they should not be used interchange-ably like this

[nicole-lihui]

Let me try to find a better solution 🤔

[nicole-lihui]

Not stale

[nicole-lihui]

waiting add clusterDomain to meshconfig : istio/api#3265

[istio-testing]

@nicole-lihui: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
unit-tests-arm64_istio	0f81715	link	true	/test unit-tests-arm64
gencheck_istio	0f81715	link	true	/test gencheck
integ-cni_istio	0f81715	link	true	/test integ-cni
integ-distroless_istio	0f81715	link	true	/test integ-distroless
integ-ambient_istio	0f81715	link	true	/test integ-ambient
integ-operator-controller_istio	0f81715	link	true	/test integ-operator-controller
integ-pilot-istiodremote_istio	0f81715	link	true	/test integ-pilot-istiodremote
integ-helm_istio	0f81715	link	true	/test integ-helm
integ-pilot-istiodremote-mc_istio	0f81715	link	true	/test integ-pilot-istiodremote-mc
integ-security_istio	0f81715	link	true	/test integ-security
integ-ipv6_istio	0f81715	link	true	/test integ-ipv6
integ-pilot_istio	0f81715	link	true	/test integ-pilot
integ-ds_istio	0f81715	link	true	/test integ-ds
integ-pilot-multicluster_istio	0f81715	link	true	/test integ-pilot-multicluster
integ-basic-arm64_istio	0f81715	link	true	/test integ-basic-arm64
unit-tests_istio	0f81715	link	true	/test unit-tests
macbuildcheck_istio	0f81715	link	true	/test macbuildcheck
release-test_istio	0f81715	link	true	/test release-test
lint_istio	0f81715	link	true	/test lint
integ-telemetry-discovery_istio	0f81715	link	true	/test integ-telemetry-discovery
integ-security-istiodremote_istio	0f81715	link	true	/test integ-security-istiodremote
integ-telemetry-istiodremote_istio	0f81715	link	true	/test integ-telemetry-istiodremote
integ-telemetry-mc_istio	0f81715	link	true	/test integ-telemetry-mc
integ-telemetry_istio	0f81715	link	true	/test integ-telemetry
integ-security-multicluster_istio	0f81715	link	true	/test integ-security-multicluster

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.