From 7112393a34f6a11956df4ea3a82af7b27b7f6604 Mon Sep 17 00:00:00 2001 From: Jakub Dyszkiewicz Date: Wed, 8 Dec 2021 10:54:18 +0100 Subject: [PATCH 1/9] feat(kuma-cp): sidecar injection webhook based on labels (#3417) Signed-off-by: Jakub Dyszkiewicz --- UPGRADE.md | 5 ++ .../context/install_control_plane_context.go | 2 +- .../cmd/install/install_control_plane.go | 2 +- ...tall-control-plane.cni-enabled.golden.yaml | 48 ++++++++++++++++++- ...install-control-plane.defaults.golden.yaml | 48 ++++++++++++++++++- .../install-control-plane.global.golden.yaml | 48 ++++++++++++++++++- ...ontrol-plane.override-env-vars.golden.yaml | 48 ++++++++++++++++++- ...nstall-control-plane.overrides.golden.yaml | 48 ++++++++++++++++++- ...all-control-plane.with-ingress.golden.yaml | 48 ++++++++++++++++++- .../install-control-plane.zone.golden.yaml | 48 ++++++++++++++++++- deployments/charts/kuma/README.md | 2 +- .../templates/cp-webhooks-and-secrets.yaml | 46 +++++++++++++++++- deployments/charts/kuma/values.yaml | 4 +- .../kumactl/kumactl_install_control-plane.md | 2 +- .../k8s/controllers/inbound_converter.go | 8 +++- .../k8s/controllers/testdata/01.pod.yaml | 1 + .../runtime/k8s/webhooks/injector/injector.go | 42 ++++++++++++++-- .../cp_compatibility_kubernetes_multizone.go | 2 +- test/framework/setup.go | 14 ++++++ 19 files changed, 440 insertions(+), 26 deletions(-) diff --git a/UPGRADE.md b/UPGRADE.md index 1177560292ff..ce69e1f66c9b 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -8,6 +8,11 @@ does not have any particular instructions. ## Upcoming release +### Kubernetes + +Please migrate your `kuma.io/sidecar-injection` annotations to labels. +The new version still supports annotation, but to have a guarantee that applications can only start with sidecar, you must use label instead of annotation. + ## Upgrade to `1.4.0` Starting with this version, the default API server authentication method is user diff --git a/app/kumactl/cmd/install/context/install_control_plane_context.go b/app/kumactl/cmd/install/context/install_control_plane_context.go index 967223d1b8d8..57c6171a9fb6 100644 --- a/app/kumactl/cmd/install/context/install_control_plane_context.go +++ b/app/kumactl/cmd/install/context/install_control_plane_context.go @@ -71,7 +71,7 @@ func DefaultInstallCpContext() InstallCpContext { ControlPlane_image_tag: kuma_version.Build.GitTag, ControlPlane_service_name: "kuma-control-plane", ControlPlane_envVars: map[string]string{}, - ControlPlane_injectorFailurePolicy: "Ignore", + ControlPlane_injectorFailurePolicy: "Fail", DataPlane_image_registry: "docker.io/kumahq", DataPlane_image_repository: "kuma-dp", DataPlane_image_tag: kuma_version.Build.GitTag, diff --git a/app/kumactl/cmd/install/install_control_plane.go b/app/kumactl/cmd/install/install_control_plane.go index 00acd40f554b..06b5d57f9f8f 100644 --- a/app/kumactl/cmd/install/install_control_plane.go +++ b/app/kumactl/cmd/install/install_control_plane.go @@ -118,7 +118,7 @@ This command requires that the KUBECONFIG environment is set`, cmd.Flags().StringVar(&args.ControlPlane_tls_apiServer_clientCertsSecret, "tls-api-server-client-certs-secret", args.ControlPlane_tls_apiServer_clientCertsSecret, "Secret that contains list of .pem certificates that can access admin endpoints of Kuma API on HTTPS") cmd.Flags().StringVar(&args.ControlPlane_tls_kdsGlobalServer_secret, "tls-kds-global-server-secret", args.ControlPlane_tls_kdsGlobalServer_secret, "Secret that contains tls.crt, key.crt for protecting cross cluster communication") cmd.Flags().StringVar(&args.ControlPlane_tls_kdsZoneClient_secret, "tls-kds-zone-client-secret", args.ControlPlane_tls_kdsZoneClient_secret, "Secret that contains ca.crt which was used to sign KDS Global server. Used for CP verification") - cmd.Flags().StringVar(&args.ControlPlane_injectorFailurePolicy, "injector-failure-policy", args.ControlPlane_injectorFailurePolicy, "failue policy of the mutating web hook implemented by the Kuma Injector component") + cmd.Flags().StringVar(&args.ControlPlane_injectorFailurePolicy, "injector-failure-policy", args.ControlPlane_injectorFailurePolicy, "failure policy of the mutating web hook implemented by the Kuma Injector component") cmd.Flags().StringToStringVar(&args.ControlPlane_envVars, "env-var", args.ControlPlane_envVars, "environment variables that will be passed to the control plane") cmd.Flags().StringVar(&args.DataPlane_image_registry, "dataplane-registry", args.DataPlane_image_registry, "registry for the image of the Kuma DataPlane component") cmd.Flags().StringVar(&args.DataPlane_image_repository, "dataplane-repository", args.DataPlane_image_repository, "repository for the image of the Kuma DataPlane component") diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml index ce4f0e774afd..83a8cb397962 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml @@ -1082,7 +1082,7 @@ spec: metadata: annotations: checksum/config: bd9040893dba92c246c9f15b8e5c5fdbbccabfeb97201a967595c7c13f24356c - checksum/tls-secrets: 67e1c21135f2c9ac6e7c1c33a036bbabab1250b9be164c9d275eae816b69b805 + checksum/tls-secrets: 5f337216840fad68c3d519633e8a1fb5c9f4fc6c4303497f65c0309135a00e21 labels: app.kubernetes.io/name: kuma app.kubernetes.io/instance: kuma @@ -1249,10 +1249,54 @@ webhooks: - virtualoutbounds + sideEffects: None + - name: namespace-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + namespaceSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + - name: pods-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + objectSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods sideEffects: None - name: kuma-injector.kuma.io admissionReviewVersions: ["v1"] - failurePolicy: Ignore + failurePolicy: Ignore clientConfig: caBundle: XYZ service: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml index a67d30d3439c..9113fa8eeb46 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml @@ -907,7 +907,7 @@ spec: metadata: annotations: checksum/config: bd9040893dba92c246c9f15b8e5c5fdbbccabfeb97201a967595c7c13f24356c - checksum/tls-secrets: 67e1c21135f2c9ac6e7c1c33a036bbabab1250b9be164c9d275eae816b69b805 + checksum/tls-secrets: 5f337216840fad68c3d519633e8a1fb5c9f4fc6c4303497f65c0309135a00e21 labels: app.kubernetes.io/name: kuma app.kubernetes.io/instance: kuma @@ -1074,10 +1074,54 @@ webhooks: - virtualoutbounds + sideEffects: None + - name: namespace-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + namespaceSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + - name: pods-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + objectSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods sideEffects: None - name: kuma-injector.kuma.io admissionReviewVersions: ["v1"] - failurePolicy: Ignore + failurePolicy: Ignore clientConfig: caBundle: XYZ service: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml index a934b0ec776d..c968e53f3009 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml @@ -916,7 +916,7 @@ spec: metadata: annotations: checksum/config: bd9040893dba92c246c9f15b8e5c5fdbbccabfeb97201a967595c7c13f24356c - checksum/tls-secrets: 67e1c21135f2c9ac6e7c1c33a036bbabab1250b9be164c9d275eae816b69b805 + checksum/tls-secrets: 5f337216840fad68c3d519633e8a1fb5c9f4fc6c4303497f65c0309135a00e21 labels: app.kubernetes.io/name: kuma app.kubernetes.io/instance: kuma @@ -1080,10 +1080,54 @@ webhooks: - virtualoutbounds + sideEffects: None + - name: namespace-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + namespaceSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + - name: pods-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + objectSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods sideEffects: None - name: kuma-injector.kuma.io admissionReviewVersions: ["v1"] - failurePolicy: Ignore + failurePolicy: Ignore clientConfig: caBundle: XYZ service: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml index 321735c8f92b..4cae99241191 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml @@ -907,7 +907,7 @@ spec: metadata: annotations: checksum/config: bd9040893dba92c246c9f15b8e5c5fdbbccabfeb97201a967595c7c13f24356c - checksum/tls-secrets: 67e1c21135f2c9ac6e7c1c33a036bbabab1250b9be164c9d275eae816b69b805 + checksum/tls-secrets: 5f337216840fad68c3d519633e8a1fb5c9f4fc6c4303497f65c0309135a00e21 labels: app.kubernetes.io/name: kuma app.kubernetes.io/instance: kuma @@ -1074,10 +1074,54 @@ webhooks: - virtualoutbounds + sideEffects: None + - name: namespace-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + namespaceSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + - name: pods-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + objectSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods sideEffects: None - name: kuma-injector.kuma.io admissionReviewVersions: ["v1"] - failurePolicy: Ignore + failurePolicy: Ignore clientConfig: caBundle: XYZ service: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml index 5d3759493a14..9bdf750d78f2 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml @@ -911,7 +911,7 @@ spec: metadata: annotations: checksum/config: 243da0d686658ca26902677cd16971d2ec72fe4453dbb0b09c09ea96b423d4ce - checksum/tls-secrets: 4d6f0e89dd8efed9a9eb2523670c3224b440db9ef34d41cce63ec46dd8ab5b41 + checksum/tls-secrets: 12e245aa8f7469c6fcbc3fc3c91c376d33ecc6298869b68332d21c56aa5c38d4 labels: app.kubernetes.io/name: kuma app.kubernetes.io/instance: kuma @@ -1119,9 +1119,53 @@ webhooks: sideEffects: None - - name: kuma-injector.kuma.io + - name: namespace-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Crash + namespaceSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma + name: kuma-ctrl-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + - name: pods-kuma-injector.kuma.io admissionReviewVersions: ["v1"] failurePolicy: Crash + objectSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma + name: kuma-ctrl-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + - name: kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Ignore clientConfig: caBundle: XYZ service: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml index 2aca84919b7d..8e2f827f402d 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml @@ -936,7 +936,7 @@ spec: metadata: annotations: checksum/config: bd9040893dba92c246c9f15b8e5c5fdbbccabfeb97201a967595c7c13f24356c - checksum/tls-secrets: 67e1c21135f2c9ac6e7c1c33a036bbabab1250b9be164c9d275eae816b69b805 + checksum/tls-secrets: 5f337216840fad68c3d519633e8a1fb5c9f4fc6c4303497f65c0309135a00e21 labels: app.kubernetes.io/name: kuma app.kubernetes.io/instance: kuma @@ -1219,10 +1219,54 @@ webhooks: - virtualoutbounds + sideEffects: None + - name: namespace-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + namespaceSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + - name: pods-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + objectSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods sideEffects: None - name: kuma-injector.kuma.io admissionReviewVersions: ["v1"] - failurePolicy: Ignore + failurePolicy: Ignore clientConfig: caBundle: XYZ service: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml index fad3b6bbb603..358dc7e34c59 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml @@ -911,7 +911,7 @@ spec: metadata: annotations: checksum/config: bd9040893dba92c246c9f15b8e5c5fdbbccabfeb97201a967595c7c13f24356c - checksum/tls-secrets: 67e1c21135f2c9ac6e7c1c33a036bbabab1250b9be164c9d275eae816b69b805 + checksum/tls-secrets: 5f337216840fad68c3d519633e8a1fb5c9f4fc6c4303497f65c0309135a00e21 labels: app.kubernetes.io/name: kuma app.kubernetes.io/instance: kuma @@ -1082,10 +1082,54 @@ webhooks: - virtualoutbounds + sideEffects: None + - name: namespace-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + namespaceSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + - name: pods-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Fail + objectSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: XYZ + service: + namespace: kuma-system + name: kuma-control-plane + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods sideEffects: None - name: kuma-injector.kuma.io admissionReviewVersions: ["v1"] - failurePolicy: Ignore + failurePolicy: Ignore clientConfig: caBundle: XYZ service: diff --git a/deployments/charts/kuma/README.md b/deployments/charts/kuma/README.md index 6ba840553db8..1e089e72ca71 100644 --- a/deployments/charts/kuma/README.md +++ b/deployments/charts/kuma/README.md @@ -26,7 +26,7 @@ A Helm chart for the Kuma Control Plane | controlPlane.autoscaling.metrics | list | `[{"resource":{"name":"cpu","target":{"averageUtilization":80,"type":"Utilization"}},"type":"Resource"}]` | For clusters that do support autoscaling/v2beta, use metrics | | controlPlane.nodeSelector | object | `{"kubernetes.io/arch":"amd64","kubernetes.io/os":"linux"}` | Node selector for the Kuma Control Plane pods | | controlPlane.affinity | object | `{}` | Affinity placement rule for the Kuma Control Plane pods | -| controlPlane.injectorFailurePolicy | string | `"Ignore"` | Failure policy of the mutating webhook implemented by the Kuma Injector component | +| controlPlane.injectorFailurePolicy | string | `"Fail"` | Failure policy of the mutating webhook implemented by the Kuma Injector component | | controlPlane.service.name | string | `nil` | Optionally override of the Kuma Control Plane Service's name | | controlPlane.service.type | string | `"ClusterIP"` | Service type of the Kuma Control Plane | | controlPlane.service.annotations | object | `{}` | Additional annotations to put on the Kuma Control Plane | diff --git a/deployments/charts/kuma/templates/cp-webhooks-and-secrets.yaml b/deployments/charts/kuma/templates/cp-webhooks-and-secrets.yaml index af2308075829..8da64e444a6f 100644 --- a/deployments/charts/kuma/templates/cp-webhooks-and-secrets.yaml +++ b/deployments/charts/kuma/templates/cp-webhooks-and-secrets.yaml @@ -104,9 +104,53 @@ webhooks: - virtualoutbounds {{ .Values.controlPlane.webhooks.ownerReference.additionalRules | nindent 6 }} sideEffects: None - - name: kuma-injector.kuma.io + - name: namespace-kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: {{ .Values.controlPlane.injectorFailurePolicy }} + namespaceSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: {{ $caBundle }} + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kuma.controlPlane.serviceName" . }} + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + - name: pods-kuma-injector.kuma.io admissionReviewVersions: ["v1"] failurePolicy: {{ .Values.controlPlane.injectorFailurePolicy }} + objectSelector: + matchLabels: + kuma.io/sidecar-injection: enabled + clientConfig: + caBundle: {{ $caBundle }} + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kuma.controlPlane.serviceName" . }} + path: /inject-sidecar + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + - name: kuma-injector.kuma.io + admissionReviewVersions: ["v1"] + failurePolicy: Ignore {{/* Failure policy is hardcoded as Ignore because any other mode will cause CP to be unable to start after all instances are down */}} clientConfig: caBundle: {{ $caBundle }} service: diff --git a/deployments/charts/kuma/values.yaml b/deployments/charts/kuma/values.yaml index 6305e5fc8fb5..f00980dfb495 100644 --- a/deployments/charts/kuma/values.yaml +++ b/deployments/charts/kuma/values.yaml @@ -60,7 +60,7 @@ controlPlane: affinity: {} # -- Failure policy of the mutating webhook implemented by the Kuma Injector component - injectorFailurePolicy: Ignore + injectorFailurePolicy: Fail service: # -- (string) Optionally override of the Kuma Control Plane Service's name @@ -195,7 +195,7 @@ ingress: nodeSelector: kubernetes.io/os: linux kubernetes.io/arch: amd64 - + # -- Affinity placement rule for the Kuma Ingress pods affinity: {} diff --git a/docs/cmd/kumactl/kumactl_install_control-plane.md b/docs/cmd/kumactl/kumactl_install_control-plane.md index babcff74ffba..47b9f300b1af 100644 --- a/docs/cmd/kumactl/kumactl_install_control-plane.md +++ b/docs/cmd/kumactl/kumactl_install_control-plane.md @@ -38,7 +38,7 @@ kumactl install control-plane [flags] --ingress-drain-time string drain time for Envoy proxy (default "30s") --ingress-enabled install Kuma with an Ingress deployment, using the Data Plane image --ingress-use-node-port use NodePort instead of LoadBalancer for the Ingress Service - --injector-failure-policy string failue policy of the mutating web hook implemented by the Kuma Injector component (default "Ignore") + --injector-failure-policy string failure policy of the mutating web hook implemented by the Kuma Injector component (default "Fail") --kds-global-address string URL of Global Kuma CP (example: grpcs://192.168.0.1:5685) --mode string kuma cp modes: one of standalone|zone|global (default "standalone") --namespace string namespace to install Kuma Control Plane to (default "kuma-system") diff --git a/pkg/plugins/runtime/k8s/controllers/inbound_converter.go b/pkg/plugins/runtime/k8s/controllers/inbound_converter.go index 69d60e17c01a..3ae0511d7061 100644 --- a/pkg/plugins/runtime/k8s/controllers/inbound_converter.go +++ b/pkg/plugins/runtime/k8s/controllers/inbound_converter.go @@ -9,6 +9,7 @@ import ( mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" + "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/metadata" util_k8s "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/util" ) @@ -124,7 +125,12 @@ func InboundInterfacesFor(zone string, pod *kube_core.Pod, services []*kube_core func InboundTagsForService(zone string, pod *kube_core.Pod, svc *kube_core.Service, svcPort *kube_core.ServicePort) map[string]string { tags := util_k8s.CopyStringMap(pod.Labels) for key, value := range tags { - if value == "" { + if key == metadata.KumaSidecarInjectionAnnotation || value == "" { + delete(tags, key) + } else if strings.Contains(key, "kuma.io/") { + // we don't want to convert labels like + // kuma.io/sidecar-injection, kuma.io/service, k8s.kuma.io/namespace etc. + converterLog.Info("ignoring label when converting labels to tags, because it uses reserved Kuma prefix", "label", key, "pod", pod.Name) delete(tags, key) } } diff --git a/pkg/plugins/runtime/k8s/controllers/testdata/01.pod.yaml b/pkg/plugins/runtime/k8s/controllers/testdata/01.pod.yaml index a8c0f2af4cf1..85cce32cb049 100644 --- a/pkg/plugins/runtime/k8s/controllers/testdata/01.pod.yaml +++ b/pkg/plugins/runtime/k8s/controllers/testdata/01.pod.yaml @@ -4,6 +4,7 @@ metadata: labels: app: example version: "0.1" + kuma.io/sidecar-injection: enabled spec: containers: - ports: [] diff --git a/pkg/plugins/runtime/k8s/webhooks/injector/injector.go b/pkg/plugins/runtime/k8s/webhooks/injector/injector.go index de68799ff7ee..a46ee708ce87 100644 --- a/pkg/plugins/runtime/k8s/webhooks/injector/injector.go +++ b/pkg/plugins/runtime/k8s/webhooks/injector/injector.go @@ -129,23 +129,59 @@ func (i *KumaInjector) needInject(pod *kube_core.Pod, ns *kube_core.Namespace) ( log.V(1).Info("pod fulfills exception requirements") return false, nil } - enabled, exist, err := metadata.Annotations(pod.Annotations).GetEnabled(metadata.KumaSidecarInjectionAnnotation) + + for _, container := range pod.Spec.Containers { + if container.Name == util.KumaSidecarContainerName { + log.V(1).Info("pod already has Kuma sidecar") + return false, nil + } + } + + enabled, exist, err := metadata.Annotations(pod.Labels).GetEnabled(metadata.KumaSidecarInjectionAnnotation) if err != nil { return false, err } if exist { if !enabled { - log.V(1).Info("pod has kuma.io/sidecar-injection: disabled annotation") + log.V(1).Info(`pod has "kuma.io/sidecar-injection: disabled" label`) } return enabled, nil } + + // support annotations for backwards compatibility + annotationWarningMsg := "WARNING: you are using kuma.io/sidecar-injection as annotation. Please migrate it to label to have strong guarantee that application can only start with sidecar" + enabled, exist, err = metadata.Annotations(pod.Annotations).GetEnabled(metadata.KumaSidecarInjectionAnnotation) + if err != nil { + return false, err + } + if exist { + log.Info(annotationWarningMsg, "pod", pod.Name, "namespace", ns.Name) + if !enabled { + log.V(1).Info(`pod has "kuma.io/sidecar-injection: disabled" annotation`) + } + return enabled, nil + } + + enabled, exist, err = metadata.Annotations(ns.Labels).GetEnabled(metadata.KumaSidecarInjectionAnnotation) + if err != nil { + return false, err + } + if exist { + if !enabled { + log.V(1).Info(`namespace has "kuma.io/sidecar-injection: disabled" label`) + } + return enabled, nil + } + + // support annotations for backwards compatibility enabled, exist, err = metadata.Annotations(ns.Annotations).GetEnabled(metadata.KumaSidecarInjectionAnnotation) if err != nil { return false, err } if exist { + log.Info(annotationWarningMsg, "namespace", ns.Name) if !enabled { - log.V(1).Info("namespace has kuma.io/sidecar-injection: disabled annotation") + log.V(1).Info(`namespace has "kuma.io/sidecar-injection: disabled" annotation`) } return enabled, nil } diff --git a/test/e2e/compatibility/cp_compatibility_kubernetes_multizone.go b/test/e2e/compatibility/cp_compatibility_kubernetes_multizone.go index dd8c928474a5..5f19787ab46e 100644 --- a/test/e2e/compatibility/cp_compatibility_kubernetes_multizone.go +++ b/test/e2e/compatibility/cp_compatibility_kubernetes_multizone.go @@ -104,7 +104,7 @@ func CpCompatibilityMultizoneKubernetes() { err = NewClusterSetup(). Install(Kuma(core.Zone, zoneDeployOptsFuncs...)). - Install(NamespaceWithSidecarInjection(TestNamespace)). + Install(NamespaceWithSidecarInjectionOnAnnotation(TestNamespace)). Setup(zoneCluster) Expect(err).ToNot(HaveOccurred()) diff --git a/test/framework/setup.go b/test/framework/setup.go index de6cb38a58ef..656e6f29b2cd 100644 --- a/test/framework/setup.go +++ b/test/framework/setup.go @@ -214,6 +214,20 @@ func NamespaceWithSidecarInjection(namespace string) InstallFunc { return YamlK8s(fmt.Sprintf(` apiVersion: v1 kind: Namespace +metadata: + name: %s + labels: + kuma.io/sidecar-injection: "enabled" +`, namespace)) +} + +// NamespaceWithSidecarInjectionOnAnnotation creates namespace with sidecar-injection annotation +// Since we still support annotations for backwards compatibility, we should also test it. +// Use NamespaceWithSidecarInjection unless you want to explicitly check backwards compatibility. +func NamespaceWithSidecarInjectionOnAnnotation(namespace string) InstallFunc { + return YamlK8s(fmt.Sprintf(` +apiVersion: v1 +kind: Namespace metadata: name: %s annotations: From 11c92ea1cd05e6b31258a3bf6e0d2b81959dd9c9 Mon Sep 17 00:00:00 2001 From: Jakub Dyszkiewicz Date: Wed, 8 Dec 2021 16:14:14 +0100 Subject: [PATCH 2/9] test(*): fix postgress tests permissions (#3443) Signed-off-by: Jakub Dyszkiewicz --- tools/postgres/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/postgres/Dockerfile b/tools/postgres/Dockerfile index 8c2c4bff3c55..31909a146f47 100644 --- a/tools/postgres/Dockerfile +++ b/tools/postgres/Dockerfile @@ -4,8 +4,8 @@ COPY pg_hba.conf /var/lib/postgresql/pg_hba.conf COPY certs/rootCA.crt /var/lib/postgresql/rootCA.crt COPY certs/postgres.server.crt /var/lib/postgresql/postgres.server.crt COPY certs/postgres.server.key /var/lib/postgresql/postgres.server.key -RUN chown postgres /var/lib/postgresql/postgres.server.key && \ - chmod 600 /var/lib/postgresql/postgres.server.key +RUN chown -R postgres /var/lib/postgresql && \ + chmod 600 /var/lib/postgresql/postgres.server.key CMD ["-c", "ssl=on", "-c", "ssl_cert_file=/var/lib/postgresql/postgres.server.crt", "-c", "ssl_key_file=/var/lib/postgresql/postgres.server.key", "-c", "ssl_ca_file=/var/lib/postgresql/rootCA.crt", "-c", "hba_file=/var/lib/postgresql/pg_hba.conf"] FROM postgres:latest AS pg-standard From 1d984c8dfcc0011d6f474dfa1052f37ac3c3a739 Mon Sep 17 00:00:00 2001 From: Jakub Dyszkiewicz Date: Wed, 8 Dec 2021 17:00:11 +0100 Subject: [PATCH 3/9] chore(*) remove old Ingress (#3435) Signed-off-by: Jakub Dyszkiewicz --- UPGRADE.md | 7 +- api/mesh/v1alpha1/dataplane.pb.go | 447 +++++------------- api/mesh/v1alpha1/dataplane.proto | 31 +- api/mesh/v1alpha1/dataplane_helpers.go | 36 -- api/mesh/v1alpha1/dataplane_helpers_test.go | 17 - .../dataplane_overview_endpoints.go | 10 - .../dataplane_overview_endpoints_test.go | 54 +-- .../apis/mesh/dataplane_validator.go | 65 --- .../apis/mesh/dataplane_validator_test.go | 235 --------- .../apis/mesh/generated_resources.go | 2 +- .../apis/mesh/zone_ingress_helpers.go | 37 -- pkg/dns/vips_allocator.go | 22 - pkg/dns/vips_allocator_test.go | 132 ------ pkg/dns/vips_synchronizer_test.go | 32 +- pkg/kds/context/context.go | 2 +- pkg/kds/global/components_test.go | 1 + pkg/kds/server/server_test.go | 6 +- pkg/kds/zone/components.go | 5 - pkg/kds/zone/components_test.go | 38 +- .../k8s/xds/hooks/api_server_bypass.go | 3 +- .../k8s/controllers/configmap_controller.go | 16 - .../controllers/configmap_controller_test.go | 19 +- .../runtime/k8s/controllers/endpoints.go | 3 - .../runtime/k8s/controllers/pod_controller.go | 2 +- pkg/test/kds/samples/resources.go | 12 - pkg/xds/auth/universal/auth_test.go | 51 -- pkg/xds/auth/universal/authenticator.go | 16 - pkg/xds/cache/mesh/cache_test.go | 6 +- pkg/xds/cache/mesh/snapshot.go | 12 +- .../direct_access_proxy_generator.go | 5 - pkg/xds/generator/ingress_generator_test.go | 163 +++---- pkg/xds/ingress/dataplane.go | 60 --- pkg/xds/ingress/dataplane_test.go | 53 +-- pkg/xds/ingress/outbound.go | 3 - pkg/xds/ingress/router_test.go | 32 +- pkg/xds/sync/dataplane_watchdog.go | 14 - pkg/xds/sync/ingress_proxy_builder.go | 48 +- pkg/xds/topology/dataplanes.go | 56 +-- pkg/xds/topology/outbound.go | 45 +- pkg/xds/topology/outbound_test.go | 203 ++++---- 40 files changed, 390 insertions(+), 1611 deletions(-) diff --git a/UPGRADE.md b/UPGRADE.md index ce69e1f66c9b..8bd03ffbd4e9 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -11,7 +11,12 @@ does not have any particular instructions. ### Kubernetes Please migrate your `kuma.io/sidecar-injection` annotations to labels. -The new version still supports annotation, but to have a guarantee that applications can only start with sidecar, you must use label instead of annotation. +The new version still supports annotation, but to have a guarantee that applications can only start with sidecar, you must use label instead of annotation. + +### Universal + +We removed support for old Ingress (`Dataplane#networking.ingress`) from pre 1.2 days. +If you are still using it, please migrate to `ZoneIngress` first (see `Upgrade to 1.2.0` section). ## Upgrade to `1.4.0` diff --git a/api/mesh/v1alpha1/dataplane.pb.go b/api/mesh/v1alpha1/dataplane.pb.go index 530085fcd24e..28004015360c 100644 --- a/api/mesh/v1alpha1/dataplane.pb.go +++ b/api/mesh/v1alpha1/dataplane.pb.go @@ -71,7 +71,7 @@ func (x Dataplane_Networking_Gateway_GatewayType) Number() protoreflect.EnumNumb // Deprecated: Use Dataplane_Networking_Gateway_GatewayType.Descriptor instead. func (Dataplane_Networking_Gateway_GatewayType) EnumDescriptor() ([]byte, []int) { - return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 3, 0} + return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 2, 0} } // Dataplane defines configuration of a side-car proxy. @@ -152,8 +152,6 @@ type Dataplane_Networking struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // Ingress if not nil, dataplane will be work in the Ingress mode - Ingress *Dataplane_Networking_Ingress `protobuf:"bytes,6,opt,name=ingress,proto3" json:"ingress,omitempty"` // Public IP on which the dataplane is accessible in the network. Address string `protobuf:"bytes,5,opt,name=address,proto3" json:"address,omitempty"` // In some situation, dataplane resides in a private network and not @@ -204,13 +202,6 @@ func (*Dataplane_Networking) Descriptor() ([]byte, []int) { return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0} } -func (x *Dataplane_Networking) GetIngress() *Dataplane_Networking_Ingress { - if x != nil { - return x.Ingress - } - return nil -} - func (x *Dataplane_Networking) GetAddress() string { if x != nil { return x.Address @@ -308,77 +299,6 @@ func (x *Dataplane_Probes) GetEndpoints() []*Dataplane_Probes_Endpoint { return nil } -// Ingress allows us to configure dataplane in the Ingress mode. In this -// mode, dataplane has only inbound interfaces (outbound and gateway -// prohibited). Every inbound interface matches with services that reside in -// that cluster. -type Dataplane_Networking_Ingress struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - AvailableServices []*Dataplane_Networking_Ingress_AvailableService `protobuf:"bytes,1,rep,name=availableServices,proto3" json:"availableServices,omitempty"` - // PublicAddress defines IP or DNS name on which Ingress is accessible to - // other Kuma clusters. - PublicAddress string `protobuf:"bytes,2,opt,name=publicAddress,proto3" json:"publicAddress,omitempty"` - // PublicPort defines port on which Ingress is accessible to other Kuma - // clusters. - PublicPort uint32 `protobuf:"varint,3,opt,name=publicPort,proto3" json:"publicPort,omitempty"` -} - -func (x *Dataplane_Networking_Ingress) Reset() { - *x = Dataplane_Networking_Ingress{} - if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Dataplane_Networking_Ingress) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Dataplane_Networking_Ingress) ProtoMessage() {} - -func (x *Dataplane_Networking_Ingress) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Dataplane_Networking_Ingress.ProtoReflect.Descriptor instead. -func (*Dataplane_Networking_Ingress) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 0} -} - -func (x *Dataplane_Networking_Ingress) GetAvailableServices() []*Dataplane_Networking_Ingress_AvailableService { - if x != nil { - return x.AvailableServices - } - return nil -} - -func (x *Dataplane_Networking_Ingress) GetPublicAddress() string { - if x != nil { - return x.PublicAddress - } - return "" -} - -func (x *Dataplane_Networking_Ingress) GetPublicPort() uint32 { - if x != nil { - return x.PublicPort - } - return 0 -} - // Inbound describes a service implemented by the dataplane. type Dataplane_Networking_Inbound struct { state protoimpl.MessageState @@ -413,7 +333,7 @@ type Dataplane_Networking_Inbound struct { func (x *Dataplane_Networking_Inbound) Reset() { *x = Dataplane_Networking_Inbound{} if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[4] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -426,7 +346,7 @@ func (x *Dataplane_Networking_Inbound) String() string { func (*Dataplane_Networking_Inbound) ProtoMessage() {} func (x *Dataplane_Networking_Inbound) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[4] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -439,7 +359,7 @@ func (x *Dataplane_Networking_Inbound) ProtoReflect() protoreflect.Message { // Deprecated: Use Dataplane_Networking_Inbound.ProtoReflect.Descriptor instead. func (*Dataplane_Networking_Inbound) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 1} + return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 0} } func (x *Dataplane_Networking_Inbound) GetPort() uint32 { @@ -514,7 +434,7 @@ type Dataplane_Networking_Outbound struct { func (x *Dataplane_Networking_Outbound) Reset() { *x = Dataplane_Networking_Outbound{} if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[5] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -527,7 +447,7 @@ func (x *Dataplane_Networking_Outbound) String() string { func (*Dataplane_Networking_Outbound) ProtoMessage() {} func (x *Dataplane_Networking_Outbound) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[5] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -540,7 +460,7 @@ func (x *Dataplane_Networking_Outbound) ProtoReflect() protoreflect.Message { // Deprecated: Use Dataplane_Networking_Outbound.ProtoReflect.Descriptor instead. func (*Dataplane_Networking_Outbound) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 2} + return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 1} } func (x *Dataplane_Networking_Outbound) GetAddress() string { @@ -591,7 +511,7 @@ type Dataplane_Networking_Gateway struct { func (x *Dataplane_Networking_Gateway) Reset() { *x = Dataplane_Networking_Gateway{} if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[6] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -604,7 +524,7 @@ func (x *Dataplane_Networking_Gateway) String() string { func (*Dataplane_Networking_Gateway) ProtoMessage() {} func (x *Dataplane_Networking_Gateway) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[6] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -617,7 +537,7 @@ func (x *Dataplane_Networking_Gateway) ProtoReflect() protoreflect.Message { // Deprecated: Use Dataplane_Networking_Gateway.ProtoReflect.Descriptor instead. func (*Dataplane_Networking_Gateway) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 3} + return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 2} } func (x *Dataplane_Networking_Gateway) GetTags() map[string]string { @@ -654,7 +574,7 @@ type Dataplane_Networking_TransparentProxying struct { func (x *Dataplane_Networking_TransparentProxying) Reset() { *x = Dataplane_Networking_TransparentProxying{} if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[7] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -667,7 +587,7 @@ func (x *Dataplane_Networking_TransparentProxying) String() string { func (*Dataplane_Networking_TransparentProxying) ProtoMessage() {} func (x *Dataplane_Networking_TransparentProxying) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[7] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -680,7 +600,7 @@ func (x *Dataplane_Networking_TransparentProxying) ProtoReflect() protoreflect.M // Deprecated: Use Dataplane_Networking_TransparentProxying.ProtoReflect.Descriptor instead. func (*Dataplane_Networking_TransparentProxying) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 4} + return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 3} } func (x *Dataplane_Networking_TransparentProxying) GetRedirectPortInbound() uint32 { @@ -711,74 +631,6 @@ func (x *Dataplane_Networking_TransparentProxying) GetRedirectPortInboundV6() ui return 0 } -// AvailableService contains tags that represent unique subset of -// endpoints -type Dataplane_Networking_Ingress_AvailableService struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // tags of the service - Tags map[string]string `protobuf:"bytes,1,rep,name=tags,proto3" json:"tags,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // number of instances available for given tags - Instances uint32 `protobuf:"varint,2,opt,name=instances,proto3" json:"instances,omitempty"` - // mesh of the instances available for given tags - Mesh string `protobuf:"bytes,3,opt,name=mesh,proto3" json:"mesh,omitempty"` -} - -func (x *Dataplane_Networking_Ingress_AvailableService) Reset() { - *x = Dataplane_Networking_Ingress_AvailableService{} - if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Dataplane_Networking_Ingress_AvailableService) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Dataplane_Networking_Ingress_AvailableService) ProtoMessage() {} - -func (x *Dataplane_Networking_Ingress_AvailableService) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Dataplane_Networking_Ingress_AvailableService.ProtoReflect.Descriptor instead. -func (*Dataplane_Networking_Ingress_AvailableService) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 0, 0} -} - -func (x *Dataplane_Networking_Ingress_AvailableService) GetTags() map[string]string { - if x != nil { - return x.Tags - } - return nil -} - -func (x *Dataplane_Networking_Ingress_AvailableService) GetInstances() uint32 { - if x != nil { - return x.Instances - } - return 0 -} - -func (x *Dataplane_Networking_Ingress_AvailableService) GetMesh() string { - if x != nil { - return x.Mesh - } - return "" -} - // Health describes the status of an inbound type Dataplane_Networking_Inbound_Health struct { state protoimpl.MessageState @@ -791,7 +643,7 @@ type Dataplane_Networking_Inbound_Health struct { func (x *Dataplane_Networking_Inbound_Health) Reset() { *x = Dataplane_Networking_Inbound_Health{} if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[11] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -804,7 +656,7 @@ func (x *Dataplane_Networking_Inbound_Health) String() string { func (*Dataplane_Networking_Inbound_Health) ProtoMessage() {} func (x *Dataplane_Networking_Inbound_Health) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[11] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -817,7 +669,7 @@ func (x *Dataplane_Networking_Inbound_Health) ProtoReflect() protoreflect.Messag // Deprecated: Use Dataplane_Networking_Inbound_Health.ProtoReflect.Descriptor instead. func (*Dataplane_Networking_Inbound_Health) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 1, 1} + return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 0, 1} } func (x *Dataplane_Networking_Inbound_Health) GetReady() bool { @@ -850,7 +702,7 @@ type Dataplane_Networking_Inbound_ServiceProbe struct { func (x *Dataplane_Networking_Inbound_ServiceProbe) Reset() { *x = Dataplane_Networking_Inbound_ServiceProbe{} if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[12] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -863,7 +715,7 @@ func (x *Dataplane_Networking_Inbound_ServiceProbe) String() string { func (*Dataplane_Networking_Inbound_ServiceProbe) ProtoMessage() {} func (x *Dataplane_Networking_Inbound_ServiceProbe) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[12] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -876,7 +728,7 @@ func (x *Dataplane_Networking_Inbound_ServiceProbe) ProtoReflect() protoreflect. // Deprecated: Use Dataplane_Networking_Inbound_ServiceProbe.ProtoReflect.Descriptor instead. func (*Dataplane_Networking_Inbound_ServiceProbe) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 1, 2} + return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 0, 2} } func (x *Dataplane_Networking_Inbound_ServiceProbe) GetInterval() *durationpb.Duration { @@ -923,7 +775,7 @@ type Dataplane_Networking_Inbound_ServiceProbe_Tcp struct { func (x *Dataplane_Networking_Inbound_ServiceProbe_Tcp) Reset() { *x = Dataplane_Networking_Inbound_ServiceProbe_Tcp{} if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[13] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -936,7 +788,7 @@ func (x *Dataplane_Networking_Inbound_ServiceProbe_Tcp) String() string { func (*Dataplane_Networking_Inbound_ServiceProbe_Tcp) ProtoMessage() {} func (x *Dataplane_Networking_Inbound_ServiceProbe_Tcp) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[13] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -949,7 +801,7 @@ func (x *Dataplane_Networking_Inbound_ServiceProbe_Tcp) ProtoReflect() protorefl // Deprecated: Use Dataplane_Networking_Inbound_ServiceProbe_Tcp.ProtoReflect.Descriptor instead. func (*Dataplane_Networking_Inbound_ServiceProbe_Tcp) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 1, 2, 0} + return file_mesh_v1alpha1_dataplane_proto_rawDescGZIP(), []int{0, 0, 0, 2, 0} } type Dataplane_Probes_Endpoint struct { @@ -965,7 +817,7 @@ type Dataplane_Probes_Endpoint struct { func (x *Dataplane_Probes_Endpoint) Reset() { *x = Dataplane_Probes_Endpoint{} if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[16] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -978,7 +830,7 @@ func (x *Dataplane_Probes_Endpoint) String() string { func (*Dataplane_Probes_Endpoint) ProtoMessage() {} func (x *Dataplane_Probes_Endpoint) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[16] + mi := &file_mesh_v1alpha1_dataplane_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1029,7 +881,7 @@ var file_mesh_v1alpha1_dataplane_proto_rawDesc = []byte{ 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x97, 0x18, + 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa3, 0x14, 0x0a, 0x09, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x12, 0x48, 0x0a, 0x0a, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, @@ -1043,64 +895,33 @@ var file_mesh_v1alpha1_dataplane_proto_rawDesc = []byte{ 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x52, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, - 0x73, 0x1a, 0x92, 0x14, 0x0a, 0x0a, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x12, 0x4a, 0x0a, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x30, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, - 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, 0x67, 0x72, - 0x65, 0x73, 0x73, 0x52, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, - 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, - 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x61, 0x64, 0x76, 0x65, 0x72, 0x74, - 0x69, 0x73, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x11, 0x61, 0x64, 0x76, 0x65, 0x72, 0x74, 0x69, 0x73, 0x65, 0x64, 0x41, 0x64, 0x64, - 0x72, 0x65, 0x73, 0x73, 0x12, 0x4a, 0x0a, 0x07, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, - 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, - 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x52, 0x07, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x12, 0x4a, 0x0a, 0x07, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x30, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, - 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, 0x62, 0x6f, - 0x75, 0x6e, 0x64, 0x52, 0x07, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x4d, 0x0a, 0x08, - 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, - 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x4e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, - 0x64, 0x52, 0x08, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x6f, 0x0a, 0x14, 0x74, - 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, - 0x69, 0x6e, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x6b, 0x75, 0x6d, 0x61, + 0x73, 0x1a, 0xa8, 0x10, 0x0a, 0x0a, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x2c, 0x0a, 0x11, 0x61, 0x64, + 0x76, 0x65, 0x72, 0x74, 0x69, 0x73, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x61, 0x64, 0x76, 0x65, 0x72, 0x74, 0x69, 0x73, 0x65, + 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x4a, 0x0a, 0x07, 0x67, 0x61, 0x74, 0x65, + 0x77, 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, - 0x72, 0x6f, 0x78, 0x79, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, - 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x69, 0x6e, 0x67, 0x1a, 0xa1, 0x03, 0x0a, - 0x07, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x12, 0x6f, 0x0a, 0x11, 0x61, 0x76, 0x61, 0x69, - 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, - 0x6e, 0x65, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, - 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x41, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x11, 0x61, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, - 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x70, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, - 0x1e, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x50, 0x6f, 0x72, 0x74, 0x1a, - 0xde, 0x01, 0x0a, 0x10, 0x41, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x12, 0x5f, 0x0a, 0x04, 0x74, 0x61, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x4b, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, + 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x52, 0x07, 0x67, 0x61, 0x74, + 0x65, 0x77, 0x61, 0x79, 0x12, 0x4a, 0x0a, 0x07, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, + 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, + 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x07, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, + 0x12, 0x4d, 0x0a, 0x08, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, - 0x65, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x49, 0x6e, 0x67, - 0x72, 0x65, 0x73, 0x73, 0x2e, 0x41, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x04, 0x74, 0x61, 0x67, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, - 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, - 0x63, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x65, 0x73, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x6d, 0x65, 0x73, 0x68, 0x1a, 0x37, 0x0a, 0x09, 0x54, 0x61, 0x67, 0x73, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x65, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x4f, 0x75, 0x74, + 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x08, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x12, + 0x6f, 0x0a, 0x14, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x70, + 0x72, 0x6f, 0x78, 0x79, 0x69, 0x6e, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, + 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x4e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, + 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x74, 0x72, 0x61, + 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x69, 0x6e, 0x67, 0x1a, 0xdb, 0x06, 0x0a, 0x07, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x18, @@ -1204,29 +1025,29 @@ var file_mesh_v1alpha1_dataplane_proto_rawDesc = []byte{ 0x6f, 0x72, 0x74, 0x5f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x76, 0x36, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x09, 0xfa, 0x42, 0x06, 0x2a, 0x04, 0x18, 0xff, 0xff, 0x03, 0x52, 0x15, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x49, 0x6e, 0x62, - 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x36, 0x1a, 0xcf, 0x01, 0x0a, 0x06, 0x50, 0x72, 0x6f, 0x62, 0x65, - 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x4b, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, - 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, - 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x61, - 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x2e, 0x45, - 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, - 0x74, 0x73, 0x1a, 0x64, 0x0a, 0x08, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x21, - 0x0a, 0x0c, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x50, 0x6f, 0x72, - 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x70, 0x61, 0x74, - 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, - 0x50, 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x3a, 0x5d, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x13, - 0x0a, 0x11, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x0b, 0x12, 0x09, 0x44, 0x61, 0x74, 0x61, 0x70, - 0x6c, 0x61, 0x6e, 0x65, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x06, 0x22, 0x04, 0x6d, 0x65, 0x73, 0x68, - 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x04, 0x52, 0x02, 0x10, 0x01, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x04, - 0x52, 0x02, 0x08, 0x01, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x0d, 0x3a, 0x0b, 0x0a, 0x09, 0x64, 0x61, - 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x42, 0x2a, 0x5a, 0x28, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, 0x6d, - 0x61, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6f, 0x75, 0x6e, 0x64, 0x56, 0x36, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x1a, 0xcf, 0x01, 0x0a, + 0x06, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x4b, 0x0a, 0x09, 0x65, + 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, + 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x50, 0x72, + 0x6f, 0x62, 0x65, 0x73, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x09, 0x65, + 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x1a, 0x64, 0x0a, 0x08, 0x45, 0x6e, 0x64, 0x70, + 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, + 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x69, 0x6e, 0x62, 0x6f, + 0x75, 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x62, 0x6f, 0x75, + 0x6e, 0x64, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69, + 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x50, 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, + 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x3a, 0x53, + 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x13, 0x0a, 0x11, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, + 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x0b, 0x12, + 0x09, 0x44, 0x61, 0x74, 0x61, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x06, + 0x22, 0x04, 0x6d, 0x65, 0x73, 0x68, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x04, 0x52, 0x02, 0x08, 0x01, + 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x0d, 0x3a, 0x0b, 0x0a, 0x09, 0x64, 0x61, 0x74, 0x61, 0x70, 0x6c, + 0x61, 0x6e, 0x65, 0x42, 0x2a, 0x5a, 0x28, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1242,58 +1063,52 @@ func file_mesh_v1alpha1_dataplane_proto_rawDescGZIP() []byte { } var file_mesh_v1alpha1_dataplane_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_mesh_v1alpha1_dataplane_proto_msgTypes = make([]protoimpl.MessageInfo, 17) +var file_mesh_v1alpha1_dataplane_proto_msgTypes = make([]protoimpl.MessageInfo, 14) var file_mesh_v1alpha1_dataplane_proto_goTypes = []interface{}{ (Dataplane_Networking_Gateway_GatewayType)(0), // 0: kuma.mesh.v1alpha1.Dataplane.Networking.Gateway.GatewayType - (*Dataplane)(nil), // 1: kuma.mesh.v1alpha1.Dataplane - (*Dataplane_Networking)(nil), // 2: kuma.mesh.v1alpha1.Dataplane.Networking - (*Dataplane_Probes)(nil), // 3: kuma.mesh.v1alpha1.Dataplane.Probes - (*Dataplane_Networking_Ingress)(nil), // 4: kuma.mesh.v1alpha1.Dataplane.Networking.Ingress - (*Dataplane_Networking_Inbound)(nil), // 5: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound - (*Dataplane_Networking_Outbound)(nil), // 6: kuma.mesh.v1alpha1.Dataplane.Networking.Outbound - (*Dataplane_Networking_Gateway)(nil), // 7: kuma.mesh.v1alpha1.Dataplane.Networking.Gateway - (*Dataplane_Networking_TransparentProxying)(nil), // 8: kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying - (*Dataplane_Networking_Ingress_AvailableService)(nil), // 9: kuma.mesh.v1alpha1.Dataplane.Networking.Ingress.AvailableService - nil, // 10: kuma.mesh.v1alpha1.Dataplane.Networking.Ingress.AvailableService.TagsEntry - nil, // 11: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.TagsEntry - (*Dataplane_Networking_Inbound_Health)(nil), // 12: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health - (*Dataplane_Networking_Inbound_ServiceProbe)(nil), // 13: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe - (*Dataplane_Networking_Inbound_ServiceProbe_Tcp)(nil), // 14: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp - nil, // 15: kuma.mesh.v1alpha1.Dataplane.Networking.Outbound.TagsEntry - nil, // 16: kuma.mesh.v1alpha1.Dataplane.Networking.Gateway.TagsEntry - (*Dataplane_Probes_Endpoint)(nil), // 17: kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint - (*MetricsBackend)(nil), // 18: kuma.mesh.v1alpha1.MetricsBackend - (*durationpb.Duration)(nil), // 19: google.protobuf.Duration - (*wrapperspb.UInt32Value)(nil), // 20: google.protobuf.UInt32Value + (*Dataplane)(nil), // 1: kuma.mesh.v1alpha1.Dataplane + (*Dataplane_Networking)(nil), // 2: kuma.mesh.v1alpha1.Dataplane.Networking + (*Dataplane_Probes)(nil), // 3: kuma.mesh.v1alpha1.Dataplane.Probes + (*Dataplane_Networking_Inbound)(nil), // 4: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound + (*Dataplane_Networking_Outbound)(nil), // 5: kuma.mesh.v1alpha1.Dataplane.Networking.Outbound + (*Dataplane_Networking_Gateway)(nil), // 6: kuma.mesh.v1alpha1.Dataplane.Networking.Gateway + (*Dataplane_Networking_TransparentProxying)(nil), // 7: kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying + nil, // 8: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.TagsEntry + (*Dataplane_Networking_Inbound_Health)(nil), // 9: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health + (*Dataplane_Networking_Inbound_ServiceProbe)(nil), // 10: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe + (*Dataplane_Networking_Inbound_ServiceProbe_Tcp)(nil), // 11: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp + nil, // 12: kuma.mesh.v1alpha1.Dataplane.Networking.Outbound.TagsEntry + nil, // 13: kuma.mesh.v1alpha1.Dataplane.Networking.Gateway.TagsEntry + (*Dataplane_Probes_Endpoint)(nil), // 14: kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint + (*MetricsBackend)(nil), // 15: kuma.mesh.v1alpha1.MetricsBackend + (*durationpb.Duration)(nil), // 16: google.protobuf.Duration + (*wrapperspb.UInt32Value)(nil), // 17: google.protobuf.UInt32Value } var file_mesh_v1alpha1_dataplane_proto_depIdxs = []int32{ 2, // 0: kuma.mesh.v1alpha1.Dataplane.networking:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking - 18, // 1: kuma.mesh.v1alpha1.Dataplane.metrics:type_name -> kuma.mesh.v1alpha1.MetricsBackend + 15, // 1: kuma.mesh.v1alpha1.Dataplane.metrics:type_name -> kuma.mesh.v1alpha1.MetricsBackend 3, // 2: kuma.mesh.v1alpha1.Dataplane.probes:type_name -> kuma.mesh.v1alpha1.Dataplane.Probes - 4, // 3: kuma.mesh.v1alpha1.Dataplane.Networking.ingress:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Ingress - 7, // 4: kuma.mesh.v1alpha1.Dataplane.Networking.gateway:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Gateway - 5, // 5: kuma.mesh.v1alpha1.Dataplane.Networking.inbound:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Inbound - 6, // 6: kuma.mesh.v1alpha1.Dataplane.Networking.outbound:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Outbound - 8, // 7: kuma.mesh.v1alpha1.Dataplane.Networking.transparent_proxying:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying - 17, // 8: kuma.mesh.v1alpha1.Dataplane.Probes.endpoints:type_name -> kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint - 9, // 9: kuma.mesh.v1alpha1.Dataplane.Networking.Ingress.availableServices:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Ingress.AvailableService - 11, // 10: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.tags:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.TagsEntry - 12, // 11: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.health:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health - 13, // 12: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.serviceProbe:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe - 15, // 13: kuma.mesh.v1alpha1.Dataplane.Networking.Outbound.tags:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Outbound.TagsEntry - 16, // 14: kuma.mesh.v1alpha1.Dataplane.Networking.Gateway.tags:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Gateway.TagsEntry - 0, // 15: kuma.mesh.v1alpha1.Dataplane.Networking.Gateway.type:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Gateway.GatewayType - 10, // 16: kuma.mesh.v1alpha1.Dataplane.Networking.Ingress.AvailableService.tags:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Ingress.AvailableService.TagsEntry - 19, // 17: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.interval:type_name -> google.protobuf.Duration - 19, // 18: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.timeout:type_name -> google.protobuf.Duration - 20, // 19: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.unhealthy_threshold:type_name -> google.protobuf.UInt32Value - 20, // 20: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.healthy_threshold:type_name -> google.protobuf.UInt32Value - 14, // 21: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.tcp:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp - 22, // [22:22] is the sub-list for method output_type - 22, // [22:22] is the sub-list for method input_type - 22, // [22:22] is the sub-list for extension type_name - 22, // [22:22] is the sub-list for extension extendee - 0, // [0:22] is the sub-list for field type_name + 6, // 3: kuma.mesh.v1alpha1.Dataplane.Networking.gateway:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Gateway + 4, // 4: kuma.mesh.v1alpha1.Dataplane.Networking.inbound:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Inbound + 5, // 5: kuma.mesh.v1alpha1.Dataplane.Networking.outbound:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Outbound + 7, // 6: kuma.mesh.v1alpha1.Dataplane.Networking.transparent_proxying:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.TransparentProxying + 14, // 7: kuma.mesh.v1alpha1.Dataplane.Probes.endpoints:type_name -> kuma.mesh.v1alpha1.Dataplane.Probes.Endpoint + 8, // 8: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.tags:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.TagsEntry + 9, // 9: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.health:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.Health + 10, // 10: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.serviceProbe:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe + 12, // 11: kuma.mesh.v1alpha1.Dataplane.Networking.Outbound.tags:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Outbound.TagsEntry + 13, // 12: kuma.mesh.v1alpha1.Dataplane.Networking.Gateway.tags:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Gateway.TagsEntry + 0, // 13: kuma.mesh.v1alpha1.Dataplane.Networking.Gateway.type:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Gateway.GatewayType + 16, // 14: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.interval:type_name -> google.protobuf.Duration + 16, // 15: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.timeout:type_name -> google.protobuf.Duration + 17, // 16: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.unhealthy_threshold:type_name -> google.protobuf.UInt32Value + 17, // 17: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.healthy_threshold:type_name -> google.protobuf.UInt32Value + 11, // 18: kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.tcp:type_name -> kuma.mesh.v1alpha1.Dataplane.Networking.Inbound.ServiceProbe.Tcp + 19, // [19:19] is the sub-list for method output_type + 19, // [19:19] is the sub-list for method input_type + 19, // [19:19] is the sub-list for extension type_name + 19, // [19:19] is the sub-list for extension extendee + 0, // [0:19] is the sub-list for field type_name } func init() { file_mesh_v1alpha1_dataplane_proto_init() } @@ -1340,18 +1155,6 @@ func file_mesh_v1alpha1_dataplane_proto_init() { } } file_mesh_v1alpha1_dataplane_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Dataplane_Networking_Ingress); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_mesh_v1alpha1_dataplane_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Dataplane_Networking_Inbound); i { case 0: return &v.state @@ -1363,7 +1166,7 @@ func file_mesh_v1alpha1_dataplane_proto_init() { return nil } } - file_mesh_v1alpha1_dataplane_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_mesh_v1alpha1_dataplane_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Dataplane_Networking_Outbound); i { case 0: return &v.state @@ -1375,7 +1178,7 @@ func file_mesh_v1alpha1_dataplane_proto_init() { return nil } } - file_mesh_v1alpha1_dataplane_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_mesh_v1alpha1_dataplane_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Dataplane_Networking_Gateway); i { case 0: return &v.state @@ -1387,7 +1190,7 @@ func file_mesh_v1alpha1_dataplane_proto_init() { return nil } } - file_mesh_v1alpha1_dataplane_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_mesh_v1alpha1_dataplane_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Dataplane_Networking_TransparentProxying); i { case 0: return &v.state @@ -1400,18 +1203,6 @@ func file_mesh_v1alpha1_dataplane_proto_init() { } } file_mesh_v1alpha1_dataplane_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Dataplane_Networking_Ingress_AvailableService); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_mesh_v1alpha1_dataplane_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Dataplane_Networking_Inbound_Health); i { case 0: return &v.state @@ -1423,7 +1214,7 @@ func file_mesh_v1alpha1_dataplane_proto_init() { return nil } } - file_mesh_v1alpha1_dataplane_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + file_mesh_v1alpha1_dataplane_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Dataplane_Networking_Inbound_ServiceProbe); i { case 0: return &v.state @@ -1435,7 +1226,7 @@ func file_mesh_v1alpha1_dataplane_proto_init() { return nil } } - file_mesh_v1alpha1_dataplane_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + file_mesh_v1alpha1_dataplane_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Dataplane_Networking_Inbound_ServiceProbe_Tcp); i { case 0: return &v.state @@ -1447,7 +1238,7 @@ func file_mesh_v1alpha1_dataplane_proto_init() { return nil } } - file_mesh_v1alpha1_dataplane_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + file_mesh_v1alpha1_dataplane_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Dataplane_Probes_Endpoint); i { case 0: return &v.state @@ -1466,7 +1257,7 @@ func file_mesh_v1alpha1_dataplane_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_mesh_v1alpha1_dataplane_proto_rawDesc, NumEnums: 1, - NumMessages: 17, + NumMessages: 14, NumExtensions: 0, NumServices: 0, }, diff --git a/api/mesh/v1alpha1/dataplane.proto b/api/mesh/v1alpha1/dataplane.proto index 3cf4416fa00d..899fce1dc385 100644 --- a/api/mesh/v1alpha1/dataplane.proto +++ b/api/mesh/v1alpha1/dataplane.proto @@ -16,44 +16,17 @@ message Dataplane { option (kuma.mesh.resource).name = "DataplaneResource"; option (kuma.mesh.resource).type = "Dataplane"; option (kuma.mesh.resource).package = "mesh"; - option (kuma.mesh.resource).kds.send_to_zone = true; option (kuma.mesh.resource).kds.send_to_global = true; option (kuma.mesh.resource).ws.name = "dataplane"; // Networking describes inbound and outbound interfaces of a dataplane. message Networking { - // Ingress allows us to configure dataplane in the Ingress mode. In this - // mode, dataplane has only inbound interfaces (outbound and gateway - // prohibited). Every inbound interface matches with services that reside in - // that cluster. - message Ingress { - // AvailableService contains tags that represent unique subset of - // endpoints - message AvailableService { - // tags of the service - map tags = 1; - // number of instances available for given tags - uint32 instances = 2; - // mesh of the instances available for given tags - string mesh = 3; - } - repeated AvailableService availableServices = 1; - - // PublicAddress defines IP or DNS name on which Ingress is accessible to - // other Kuma clusters. - string publicAddress = 2; - // PublicPort defines port on which Ingress is accessible to other Kuma - // clusters. - uint32 publicPort = 3; - } - - // Ingress if not nil, dataplane will be work in the Ingress mode - Ingress ingress = 6; - // Public IP on which the dataplane is accessible in the network. string address = 5; + reserved 6; // Formerly ingress mode message, see #3435 + // In some situation, dataplane resides in a private network and not // reachable via 'address'. advertisedAddress is configured with public // routable address for such dataplane so that other dataplanes in the mesh diff --git a/api/mesh/v1alpha1/dataplane_helpers.go b/api/mesh/v1alpha1/dataplane_helpers.go index 29829f2be561..11172e35d16a 100644 --- a/api/mesh/v1alpha1/dataplane_helpers.go +++ b/api/mesh/v1alpha1/dataplane_helpers.go @@ -402,17 +402,6 @@ func (d *Dataplane) GetIdentifyingService() string { return ServiceUnknown } -// IsIngress returns true if this Dataplane specifies an ingress -// configuration. -// -// Deprecated: use ZoneIngress instead. -func (d *Dataplane) IsIngress() bool { - if d.GetNetworking() == nil { - return false - } - return d.GetNetworking().GetIngress() != nil -} - func (d *Dataplane) IsDelegatedGateway() bool { return d.GetNetworking().GetGateway() != nil && d.GetNetworking().GetGateway().GetType() == Dataplane_Networking_Gateway_DELEGATED @@ -423,31 +412,6 @@ func (d *Dataplane) IsBuiltinGateway() bool { d.GetNetworking().GetGateway().GetType() == Dataplane_Networking_Gateway_BUILTIN } -func (d *Dataplane) HasPublicAddress() bool { - if !d.IsIngress() { - return false - } - return d.Networking.Ingress.PublicAddress != "" && d.Networking.Ingress.PublicPort != 0 -} - -func (d *Dataplane) HasAvailableServices() bool { - if !d.IsIngress() { - return false - } - return len(d.Networking.Ingress.AvailableServices) != 0 -} - -func (d *Dataplane) IsZoneIngress(localZone string) bool { - if !d.IsIngress() { - return false - } - zone, ok := d.Networking.Inbound[0].Tags[ZoneTag] - if !ok { - return false - } - return zone != localZone -} - func (t MultiValueTagSet) String() string { var tags []string for tag := range t { diff --git a/api/mesh/v1alpha1/dataplane_helpers_test.go b/api/mesh/v1alpha1/dataplane_helpers_test.go index 9edc85052a4e..25054fd57f59 100644 --- a/api/mesh/v1alpha1/dataplane_helpers_test.go +++ b/api/mesh/v1alpha1/dataplane_helpers_test.go @@ -364,7 +364,6 @@ var _ = Describe("Dataplane classification", func() { } Expect(dp.IsDelegatedGateway()).To(BeFalse()) Expect(dp.IsBuiltinGateway()).To(BeFalse()) - Expect(dp.IsIngress()).To(BeFalse()) }) }) @@ -377,7 +376,6 @@ var _ = Describe("Dataplane classification", func() { } Expect(gw.IsDelegatedGateway()).To(BeTrue()) Expect(gw.IsBuiltinGateway()).To(BeFalse()) - Expect(gw.IsIngress()).To(BeFalse()) }) }) @@ -392,7 +390,6 @@ var _ = Describe("Dataplane classification", func() { } Expect(gw.IsDelegatedGateway()).To(BeTrue()) Expect(gw.IsBuiltinGateway()).To(BeFalse()) - Expect(gw.IsIngress()).To(BeFalse()) }) }) @@ -407,20 +404,6 @@ var _ = Describe("Dataplane classification", func() { } Expect(gw.IsDelegatedGateway()).To(BeFalse()) Expect(gw.IsBuiltinGateway()).To(BeTrue()) - Expect(gw.IsIngress()).To(BeFalse()) - }) - }) - - Describe("with ingress networking", func() { - It("should be an ingress gateway", func() { - in := Dataplane{ - Networking: &Dataplane_Networking{ - Ingress: &Dataplane_Networking_Ingress{}, - }, - } - Expect(in.IsDelegatedGateway()).To(BeFalse()) - Expect(in.IsBuiltinGateway()).To(BeFalse()) - Expect(in.IsIngress()).To(BeTrue()) }) }) }) diff --git a/pkg/api-server/dataplane_overview_endpoints.go b/pkg/api-server/dataplane_overview_endpoints.go index e560e196b521..90fb8143c4c7 100644 --- a/pkg/api-server/dataplane_overview_endpoints.go +++ b/pkg/api-server/dataplane_overview_endpoints.go @@ -204,25 +204,15 @@ func genFilter(request *restful.Request) (store.ListFilterFunc, error) { return nil, err } - ingressMode, err := modeFromParameter(request, "ingress") - if err != nil { - return nil, err - } - tags := parseTags(request.QueryParameters("tag")) return func(rs core_model.Resource) bool { gatewayFilter := modeToFilter(gatewayMode) - ingressFilter := modeToFilter(ingressMode) dataplane := rs.(*mesh.DataplaneResource) if !gatewayFilter(dataplane.Spec.GetNetworking().GetGateway()) { return false } - if !ingressFilter(dataplane.Spec.GetNetworking().GetIngress()) { - return false - } - if !dataplane.Spec.MatchTags(tags) { return false } diff --git a/pkg/api-server/dataplane_overview_endpoints_test.go b/pkg/api-server/dataplane_overview_endpoints_test.go index 74e933351c88..3c4eb26ce572 100644 --- a/pkg/api-server/dataplane_overview_endpoints_test.go +++ b/pkg/api-server/dataplane_overview_endpoints_test.go @@ -105,18 +105,6 @@ var _ = Describe("Dataplane Overview Endpoints", func() { }, }, }) - - createDpWithInsights("dp-3", &v1alpha1.Dataplane{ - Networking: &v1alpha1.Dataplane_Networking{ - Address: "127.0.0.1", - Ingress: &v1alpha1.Dataplane_Networking_Ingress{}, - Inbound: []*v1alpha1.Dataplane_Networking_Inbound{ - { - Port: 1234, - }, - }, - }, - }) }) dp1Json := ` @@ -193,42 +181,6 @@ var _ = Describe("Dataplane Overview Endpoints", func() { } }` - dp3Json := ` -{ - "type": "DataplaneOverview", - "name": "dp-3", - "mesh": "mesh1", - "creationTime": "2018-07-17T16:05:36.995Z", - "modificationTime": "2018-07-17T16:05:36.995Z", - "dataplane": { - "networking": { - "address": "127.0.0.1", - "ingress": {}, - "inbound": [ - { - "port": 1234 - } - ] - } - }, - "dataplaneInsight": { - "subscriptions": [ - { - "id": "stream-id-1", - "controlPlaneInstanceId": "cp-1", - "connectTime": "2019-07-01T00:00:00Z", - "status": { - "total": {}, - "cds": {}, - "eds": {}, - "lds": {}, - "rds": {} - } - } - ] - } -}` - Describe("On GET", func() { It("should return an existing resource", func() { // when @@ -262,7 +214,7 @@ var _ = Describe("Dataplane Overview Endpoints", func() { }, Entry("should list all when no tag is provided", testCase{ url: "/meshes/mesh1/dataplanes+insights", - expectedJson: fmt.Sprintf(`{"total": 3, "items": [%s,%s,%s], "next": null}`, dp1Json, dp2Json, dp3Json), + expectedJson: fmt.Sprintf(`{"total": 2, "items": [%s,%s], "next": null}`, dp1Json, dp2Json), }), Entry("should list with only one matching tag", testCase{ url: "/meshes/mesh1/dataplanes+insights?tag=service:backend", @@ -280,10 +232,6 @@ var _ = Describe("Dataplane Overview Endpoints", func() { url: "/meshes/mesh1/dataplanes+insights?gateway=true", expectedJson: fmt.Sprintf(`{"total": 1, "items": [%s], "next": null}`, dp1Json), }), - Entry("should list only ingress dataplanes", testCase{ - url: "/meshes/mesh1/dataplanes+insights?ingress=true", - expectedJson: fmt.Sprintf(`{"total": 1, "items": [%s], "next": null}`, dp3Json), - }), ) }) }) diff --git a/pkg/core/resources/apis/mesh/dataplane_validator.go b/pkg/core/resources/apis/mesh/dataplane_validator.go index 46c330aa1a6e..5e5d0056b9b2 100644 --- a/pkg/core/resources/apis/mesh/dataplane_validator.go +++ b/pkg/core/resources/apis/mesh/dataplane_validator.go @@ -27,10 +27,6 @@ func (d *DataplaneResource) Validate() error { } switch { - case d.Spec.IsIngress(): - err.Add(validateIngressNetworking(d.Spec.GetNetworking())) - err.Add(validateIngress(net.Field("ingress"), d.Spec.GetNetworking().GetIngress())) - case d.Spec.IsDelegatedGateway(): if len(d.Spec.GetNetworking().GetInbound()) > 0 { err.AddViolationAt(net.Field("inbound"), @@ -128,67 +124,6 @@ func validateAddress(path validators.PathBuilder, address string) validators.Val return err } -func validateIngressNetworking(networking *mesh_proto.Dataplane_Networking) validators.ValidationError { - var err validators.ValidationError - path := validators.RootedAt("networking") - if networking.Gateway != nil { - err.AddViolationAt(path, "gateway cannot be defined in the ingress mode") - } - if len(networking.GetOutbound()) != 0 { - err.AddViolationAt(path, "dataplane cannot have outbounds in the ingress mode") - } - if len(networking.GetInbound()) != 1 { - err.AddViolationAt(path, "dataplane must have one inbound interface") - } - for i, inbound := range networking.GetInbound() { - p := path.Field("inbound").Index(i) - err.Add(ValidatePort(p.Field("port"), inbound.GetPort())) - if inbound.ServicePort != 0 { - err.AddViolationAt(p.Field("servicePort"), `cannot be defined in the ingress mode`) - } - if inbound.ServiceAddress != "" { - err.AddViolationAt(p.Field("serviceAddress"), `cannot be defined in the ingress mode`) - } - if inbound.Address != "" { - err.AddViolationAt(p.Field("address"), `cannot be defined in the ingress mode`) - } - err.AddErrorAt(p.Field("tags"), validateTags(inbound.Tags)) - if protocol, exist := inbound.Tags[mesh_proto.ProtocolTag]; exist { - if protocol != ProtocolTCP { - err.AddViolationAt(validators.RootedAt("tags").Key(mesh_proto.ProtocolTag), `other values than TCP are not allowed`) - } - } - } - return err -} - -func validateIngress(path validators.PathBuilder, ingress *mesh_proto.Dataplane_Networking_Ingress) validators.ValidationError { - if ingress == nil { - return validators.ValidationError{} - } - var err validators.ValidationError - if ingress.GetPublicAddress() == "" && ingress.GetPublicPort() != 0 { - err.AddViolationAt(path.Field("publicAddress"), `has to be defined with publicPort`) - } - if ingress.GetPublicPort() == 0 && ingress.GetPublicAddress() != "" { - err.AddViolationAt(path.Field("publicPort"), `has to be defined with publicAddress`) - } - if ingress.GetPublicAddress() != "" { - err.Add(validateAddress(path.Field("publicAddress"), ingress.GetPublicAddress())) - } - if ingress.GetPublicPort() != 0 { - err.Add(ValidatePort(path.Field("publicPort"), ingress.GetPublicPort())) - } - for i, ingressInterface := range ingress.GetAvailableServices() { - p := path.Field("availableService").Index(i) - if _, ok := ingressInterface.Tags[mesh_proto.ServiceTag]; !ok { - err.AddViolationAt(p.Field("tags").Key(mesh_proto.ServiceTag), "cannot be empty") - } - err.AddErrorAt(p.Field("tags"), validateTags(ingressInterface.GetTags())) - } - return err -} - func validateInbound(inbound *mesh_proto.Dataplane_Networking_Inbound, dpAddress string) validators.ValidationError { var result validators.ValidationError result.Add(ValidatePort(validators.RootedAt("port"), inbound.GetPort())) diff --git a/pkg/core/resources/apis/mesh/dataplane_validator_test.go b/pkg/core/resources/apis/mesh/dataplane_validator_test.go index a4395363d07b..97cb1df29ab8 100644 --- a/pkg/core/resources/apis/mesh/dataplane_validator_test.go +++ b/pkg/core/resources/apis/mesh/dataplane_validator_test.go @@ -131,60 +131,6 @@ var _ = Describe("Dataplane", func() { tags: kuma.io/service: redis`, ), - Entry("dataplane in ingress mode with public address and port", ` - type: Dataplane - name: dp-1 - mesh: default - networking: - address: 192.168.0.1 - ingress: - publicAddress: 10.0.0.1 - publicPort: 1234 - availableServices: - - tags: - kuma.io/service: backend - version: "1" - region: us - - tags: - kuma.io/service: web - version: v2 - region: eu - inbound: - - port: 10001`, - ), - Entry("dataplane in ingress mode with public ipv6 address and port", ` - type: Dataplane - name: dp-1 - mesh: default - networking: - address: 192.168.0.1 - ingress: - publicAddress: ::ffff:0a00:0001 - publicPort: 1234 - availableServices: - - tags: - kuma.io/service: backend - version: "1" - region: us - - tags: - kuma.io/service: web - version: v2 - region: eu - inbound: - - port: 10001`, - ), - // no public address and port is valid because we may be waiting for Kubernetes to reconcile it - Entry("dataplane in ingress mode without public address and port", ` - type: Dataplane - name: dp-1 - mesh: default - networking: - address: 192.168.0.1 - ingress: - availableServices: [] - inbound: - - port: 10001`, - ), Entry("dataplane domain name in the address", ` type: Dataplane name: dp-1 @@ -201,21 +147,6 @@ var _ = Describe("Dataplane", func() { tags: kuma.io/service: redis`, ), - Entry("dataplane in ingress mode with protocol tag", ` - type: Dataplane - name: dp-1 - mesh: default - networking: - address: 192.168.0.1 - ingress: - availableServices: - - tags: - kuma.io/service: backend - inbound: - - port: 10001 - tags: - kuma.io/protocol: tcp`, - ), Entry("dataplane with probes", ` type: Dataplane name: dp-1 @@ -815,140 +746,6 @@ var _ = Describe("Dataplane", func() { - field: networking.inbound[0].tags["invalidTagValue"] message: tag value must consist of alphanumeric characters, dots, dashes and underscores`, }), - Entry("networking.ingress: outbound is not empty", testCase{ - dataplane: ` - type: Dataplane - name: dp-1 - mesh: default - networking: - address: 192.168.0.1 - ingress: - availableServices: - - tags: - kuma.io/service: backend - version: "1" - region: us - - tags: - kuma.io/service: web - version: v2 - region: eu - inbound: - - port: 10001 - outbound: - - port: 3333 - service: redis`, - expected: ` - violations: - - field: networking - message: dataplane cannot have outbounds in the ingress mode`, - }), - Entry("networking.ingress: gateway defined", testCase{ - dataplane: ` - type: Dataplane - name: dp-1 - mesh: default - networking: - address: 192.168.0.1 - ingress: - availableServices: - - tags: - kuma.io/service: backend - version: "1" - region: us - - tags: - kuma.io/service: web - version: v2 - region: eu - gateway: {} - inbound: - - port: 10001`, - expected: ` - violations: - - field: networking - message: gateway cannot be defined in the ingress mode`, - }), - Entry("networking.ingress: no inbound defined", testCase{ - dataplane: ` - type: Dataplane - name: dp-1 - mesh: default - networking: - address: 192.168.0.1 - ingress: - availableServices: - - tags: - kuma.io/service: backend - version: "1" - region: us - - tags: - kuma.io/service: web - version: v2 - region: eu`, - expected: ` - violations: - - field: networking - message: dataplane must have one inbound interface`, - }), - Entry("networking.ingress: inbound with redundant fields", testCase{ - dataplane: ` - type: Dataplane - name: dp-1 - mesh: default - networking: - address: 192.168.0.1 - ingress: - availableServices: - - tags: - kuma.io/service: backend - version: "1" - region: us - - tags: - kuma.io/service: web - version: v2 - region: eu - inbound: - - port: 10001 - servicePort: 5050 - address: 1.1.1.1 - tags: - name: ingress-dp`, - expected: ` - violations: - - field: networking.inbound[0].servicePort - message: cannot be defined in the ingress mode - - field: networking.inbound[0].address - message: cannot be defined in the ingress mode`, - }), - Entry("networking.ingress: invalid public address and port", testCase{ - dataplane: ` - type: Dataplane - name: dp-1 - mesh: default - networking: - address: 192.168.0.1 - ingress: - publicAddress: "!@#$" - publicPort: 100000 - availableServices: - - tags: - kuma.io/service: backend - version: "1" - region: us - - tags: - kuma.io/service: web - version: v2 - region: eu - inbound: - - port: 10001 - tags: - name: ingress-dp`, - expected: ` - violations: - - field: networking.ingress.publicAddress.address - message: address has to be valid IP address or domain name - - field: networking.ingress.publicPort - message: port must be in the range [1, 65535]`, - }), Entry("inbound service address", testCase{ dataplane: ` type: Dataplane @@ -1031,38 +828,6 @@ var _ = Describe("Dataplane", func() { tags: kuma.io/service: backend`, }), - Entry("inbound service address and ingress", testCase{ - dataplane: ` - type: Dataplane - name: dp-1 - mesh: default - networking: - address: 192.168.0.1 - ingress: - availableServices: - - tags: - kuma.io/service: backend - version: "1" - region: us - inbound: - - port: 10001 - serviceAddress: 192.168.0.2 - servicePort: 5050 - address: 1.1.1.1 - tags: - name: ingress-dp - kuma.io/protocol: http`, - expected: ` - violations: - - field: networking.inbound[0].servicePort - message: cannot be defined in the ingress mode - - field: networking.inbound[0].serviceAddress - message: cannot be defined in the ingress mode - - field: networking.inbound[0].address - message: cannot be defined in the ingress mode - - field: tags["kuma.io/protocol"] - message: other values than TCP are not allowed`, - }), Entry("dataplane with virtual probe", testCase{ dataplane: ` type: Dataplane diff --git a/pkg/core/resources/apis/mesh/generated_resources.go b/pkg/core/resources/apis/mesh/generated_resources.go index 02b8ba9e450b..88ca6c5760ee 100644 --- a/pkg/core/resources/apis/mesh/generated_resources.go +++ b/pkg/core/resources/apis/mesh/generated_resources.go @@ -202,7 +202,7 @@ var DataplaneResourceTypeDescriptor = model.ResourceTypeDescriptor{ ReadOnly: false, AdminOnly: false, Scope: model.ScopeMesh, - KDSFlags: model.FromZoneToGlobal | model.FromGlobalToZone, + KDSFlags: model.FromZoneToGlobal, WsPath: "dataplanes", KumactlArg: "dataplane", KumactlListArg: "dataplanes", diff --git a/pkg/core/resources/apis/mesh/zone_ingress_helpers.go b/pkg/core/resources/apis/mesh/zone_ingress_helpers.go index 6af1ae64fc24..93dc95bf8402 100644 --- a/pkg/core/resources/apis/mesh/zone_ingress_helpers.go +++ b/pkg/core/resources/apis/mesh/zone_ingress_helpers.go @@ -3,8 +3,6 @@ package mesh import ( "net" - "github.com/pkg/errors" - mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" "github.com/kumahq/kuma/pkg/core/resources/model" ) @@ -36,41 +34,6 @@ func (r *ZoneIngressResource) HasPublicAddress() bool { return r.Spec.GetNetworking().GetAdvertisedAddress() != "" && r.Spec.GetNetworking().GetAdvertisedPort() != 0 } -func NewZoneIngressResourceFromDataplane(dataplane *DataplaneResource) (*ZoneIngressResource, error) { - spec, err := convert(dataplane.Spec) - if err != nil { - return nil, err - } - return &ZoneIngressResource{ - Meta: dataplane.Meta, - Spec: spec, - }, nil -} - -func convert(dataplane *mesh_proto.Dataplane) (*mesh_proto.ZoneIngress, error) { - if !dataplane.IsIngress() { - return nil, errors.New("provided dataplane is not an ingress") - } - if len(dataplane.GetNetworking().Inbound) == 0 { - return nil, errors.New("provided dataplane is not an ingress") - } - var availableServices []*mesh_proto.ZoneIngress_AvailableService - for _, as := range dataplane.GetNetworking().GetIngress().GetAvailableServices() { - availableServices = append(availableServices, &mesh_proto.ZoneIngress_AvailableService{ - Tags: as.GetTags(), - Instances: as.GetInstances(), - Mesh: as.GetMesh(), - }) - } - return &mesh_proto.ZoneIngress{ - Networking: &mesh_proto.ZoneIngress_Networking{ - Address: dataplane.GetNetworking().GetAddress(), - Port: dataplane.GetNetworking().Inbound[0].GetPort(), - }, - AvailableServices: availableServices, - }, nil -} - func NewZoneIngressOverviews(zoneIngresses ZoneIngressResourceList, insights ZoneIngressInsightResourceList) ZoneIngressOverviewResourceList { insightsByKey := map[model.ResourceKey]*ZoneIngressInsightResource{} for _, insight := range insights.Items { diff --git a/pkg/dns/vips_allocator.go b/pkg/dns/vips_allocator.go index f8a8a257034d..4463768b0339 100644 --- a/pkg/dns/vips_allocator.go +++ b/pkg/dns/vips_allocator.go @@ -139,12 +139,6 @@ func (d *VIPsAllocator) createOrUpdateVIPConfigs(meshes ...string) (errs error) return errs } -var ingressOpts = store.ListOptionsFunc(func(options *store.ListOptions) { - options.FilterFunc = func(rs model.Resource) bool { - return rs.GetSpec().(*mesh_proto.Dataplane).IsIngress() - } -}) - func BuildVirtualOutboundMeshView(rm manager.ReadOnlyResourceManager, serviceVipEnabled bool, mesh string) (*vips.VirtualOutboundMeshView, error) { outboundSet := vips.NewEmptyVirtualOutboundView() ctx := context.Background() @@ -159,9 +153,6 @@ func BuildVirtualOutboundMeshView(rm manager.ReadOnlyResourceManager, serviceVip } var errs error for _, dp := range dataplanes.Items { - if dp.Spec.IsIngress() { - continue - } for _, inbound := range dp.Spec.GetNetworking().GetInbound() { if serviceVipEnabled { errs = multierr.Append(errs, addDefault(outboundSet, inbound.GetService(), 0)) @@ -172,19 +163,6 @@ func BuildVirtualOutboundMeshView(rm manager.ReadOnlyResourceManager, serviceVip } } - // backwards compatibility with ingress mesh - legacyIngresses := core_mesh.DataplaneResourceList{} - if err := rm.List(ctx, &legacyIngresses, store.ListByMesh("default"), ingressOpts); err != nil { - return nil, err - } - for _, dp := range legacyIngresses.Items { - for _, service := range dp.Spec.GetNetworking().GetIngress().GetAvailableServices() { - if service.Mesh == mesh && serviceVipEnabled { - errs = multierr.Append(errs, addDefault(outboundSet, service.GetTags()[mesh_proto.ServiceTag], 0)) - } - } - } - zoneIngresses := core_mesh.ZoneIngressResourceList{} if err := rm.List(ctx, &zoneIngresses); err != nil { return nil, err diff --git a/pkg/dns/vips_allocator_test.go b/pkg/dns/vips_allocator_test.go index 8b7561880677..12996bba42c1 100644 --- a/pkg/dns/vips_allocator_test.go +++ b/pkg/dns/vips_allocator_test.go @@ -180,138 +180,6 @@ var _ = Describe("VIP Allocator", func() { }) }) -var _ = Describe("BuildVirtualOutboundMeshView", func() { - var rm manager.ResourceManager - - BeforeEach(func() { - rm = manager.NewResourceManager(memory.NewStore()) - }) - - It("should build service set for mesh", func() { - // setup meshes - err := rm.Create(context.Background(), mesh.NewMeshResource(), store.CreateByKey("default", model.NoMesh)) - Expect(err).ToNot(HaveOccurred()) - - err = rm.Create(context.Background(), mesh.NewMeshResource(), store.CreateByKey("mesh-1", model.NoMesh)) - Expect(err).ToNot(HaveOccurred()) - - err = rm.Create(context.Background(), mesh.NewMeshResource(), store.CreateByKey("mesh-2", model.NoMesh)) - Expect(err).ToNot(HaveOccurred()) - - err = rm.Create(context.Background(), mesh.NewMeshResource(), store.CreateByKey("mesh-3", model.NoMesh)) - Expect(err).ToNot(HaveOccurred()) - - // setup dataplanes - err = rm.Create(context.Background(), &mesh.DataplaneResource{Spec: dp("backend")}, store.CreateByKey("backend-1", "mesh-1")) - Expect(err).ToNot(HaveOccurred()) - - err = rm.Create(context.Background(), &mesh.DataplaneResource{Spec: dp("frontend")}, store.CreateByKey("frontend-1", "mesh-1")) - Expect(err).ToNot(HaveOccurred()) - - err = rm.Create(context.Background(), &mesh.DataplaneResource{Spec: dp("frontend")}, store.CreateByKey("frontend-2", "mesh-1")) - Expect(err).ToNot(HaveOccurred()) - - err = rm.Create(context.Background(), &mesh.DataplaneResource{Spec: dp("database", "metrics")}, store.CreateByKey("db-m-1", "mesh-1")) - Expect(err).ToNot(HaveOccurred()) - - err = rm.Create(context.Background(), &mesh.DataplaneResource{Spec: dp("another-mesh-svc")}, store.CreateByKey("another-mesh-dp-1", "mesh-2")) - Expect(err).ToNot(HaveOccurred()) - - err = rm.Create(context.Background(), &mesh.DataplaneResource{Spec: dp("only-mesh-3-service")}, store.CreateByKey("dp-m-3", "mesh-3")) - Expect(err).ToNot(HaveOccurred()) - - err = rm.Create(context.Background(), &mesh.VirtualOutboundResource{Spec: &mesh_proto.VirtualOutbound{ - Selectors: []*mesh_proto.Selector{ - { - Match: map[string]string{mesh_proto.ServiceTag: mesh_proto.MatchAllTag}, - }, - }, - Conf: &mesh_proto.VirtualOutbound_Conf{ - Host: "{{.service}}.mesh3", - Port: "8081", - Parameters: []*mesh_proto.VirtualOutbound_Conf_TemplateParameter{ - {Name: "service", TagKey: "kuma.io/service"}, - }, - }, - }}, store.CreateByKey("vob-m-1", "mesh-1")) - Expect(err).ToNot(HaveOccurred()) - - // setup ingress - err = rm.Create(context.Background(), &mesh.DataplaneResource{ - Spec: &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ - Inbound: []*mesh_proto.Dataplane_Networking_Inbound{ - { - Port: 10001, - }, - }, - Ingress: &mesh_proto.Dataplane_Networking_Ingress{ - AvailableServices: []*mesh_proto.Dataplane_Networking_Ingress_AvailableService{ - { - Mesh: "mesh-1", - Instances: 2, - Tags: map[string]string{ - mesh_proto.ServiceTag: "ingress-svc", - }, - }, - { - Mesh: "mesh-2", - Instances: 3, - Tags: map[string]string{ - mesh_proto.ServiceTag: "another-mesh-ingress-svc", - }, - }, - }, - }, - }, - }}, store.CreateByKey("ingress-1", "default")) - Expect(err).ToNot(HaveOccurred()) - - // setup external services - es := func(service string) *mesh_proto.ExternalService { - return &mesh_proto.ExternalService{ - Networking: &mesh_proto.ExternalService_Networking{ - Address: "external.service.com:8080", - }, - Tags: map[string]string{ - mesh_proto.ServiceTag: service, - }, - } - } - - err = rm.Create(context.Background(), &mesh.ExternalServiceResource{Spec: es("es-backend")}, store.CreateByKey("es-backend-1", "mesh-1")) - Expect(err).ToNot(HaveOccurred()) - - err = rm.Create(context.Background(), &mesh.ExternalServiceResource{Spec: es("another-mesh-es")}, store.CreateByKey("es-backend-1", "mesh-2")) - Expect(err).ToNot(HaveOccurred()) - - // when - serviceSet, err := dns.BuildVirtualOutboundMeshView(rm, true, "mesh-1") - Expect(err).ToNot(HaveOccurred()) - - // then - expected := vips.NewEmptyVirtualOutboundView() - Expect(expected.Add(vips.NewServiceEntry("backend"), vips.OutboundEntry{Port: 0, TagSet: map[string]string{mesh_proto.ServiceTag: "backend"}, Origin: "service"})).ToNot(HaveOccurred()) - Expect(expected.Add(vips.NewServiceEntry("database"), vips.OutboundEntry{Port: 0, TagSet: map[string]string{mesh_proto.ServiceTag: "database"}, Origin: "service"})).ToNot(HaveOccurred()) - Expect(expected.Add(vips.NewServiceEntry("metrics"), vips.OutboundEntry{Port: 0, TagSet: map[string]string{mesh_proto.ServiceTag: "metrics"}, Origin: "service"})).ToNot(HaveOccurred()) - Expect(expected.Add(vips.NewServiceEntry("frontend"), vips.OutboundEntry{Port: 0, TagSet: map[string]string{mesh_proto.ServiceTag: "frontend"}, Origin: "service"})).ToNot(HaveOccurred()) - Expect(expected.Add(vips.NewServiceEntry("ingress-svc"), vips.OutboundEntry{Port: 0, TagSet: map[string]string{mesh_proto.ServiceTag: "ingress-svc"}, Origin: "service"})).ToNot(HaveOccurred()) - Expect(expected.Add(vips.NewServiceEntry("es-backend"), vips.OutboundEntry{Port: 8080, TagSet: map[string]string{mesh_proto.ServiceTag: "es-backend"}, Origin: "service"})).ToNot(HaveOccurred()) - Expect(expected.Add(vips.NewHostEntry("external.service.com"), vips.OutboundEntry{Port: 8080, TagSet: map[string]string{mesh_proto.ServiceTag: "es-backend"}, Origin: "host"})).ToNot(HaveOccurred()) - Expect(expected.Add(vips.NewFqdnEntry("backend.mesh3"), vips.OutboundEntry{Port: 8081, TagSet: map[string]string{mesh_proto.ServiceTag: "backend"}, Origin: "virtual-outbound:vob-m-1"})).ToNot(HaveOccurred()) - Expect(expected.Add(vips.NewFqdnEntry("database.mesh3"), vips.OutboundEntry{Port: 8081, TagSet: map[string]string{mesh_proto.ServiceTag: "database"}, Origin: "virtual-outbound:vob-m-1"})).ToNot(HaveOccurred()) - Expect(expected.Add(vips.NewFqdnEntry("es-backend.mesh3"), vips.OutboundEntry{Port: 8081, TagSet: map[string]string{mesh_proto.ServiceTag: "es-backend"}, Origin: "virtual-outbound:vob-m-1"})).ToNot(HaveOccurred()) - Expect(expected.Add(vips.NewFqdnEntry("frontend.mesh3"), vips.OutboundEntry{Port: 8081, TagSet: map[string]string{mesh_proto.ServiceTag: "frontend"}, Origin: "virtual-outbound:vob-m-1"})).ToNot(HaveOccurred()) - Expect(expected.Add(vips.NewFqdnEntry("metrics.mesh3"), vips.OutboundEntry{Port: 8081, TagSet: map[string]string{mesh_proto.ServiceTag: "metrics"}, Origin: "virtual-outbound:vob-m-1"})).ToNot(HaveOccurred()) - - Expect(serviceSet.HostnameEntries()).To(Equal(expected.HostnameEntries())) - for _, k := range serviceSet.HostnameEntries() { - Expect(serviceSet.Get(k)).To(Equal(expected.Get(k)), "Idx:"+k.String()) - } - }) - -}) - type outboundViewTestCase struct { givenResources map[model.ResourceKey]model.Resource whenMesh string diff --git a/pkg/dns/vips_synchronizer_test.go b/pkg/dns/vips_synchronizer_test.go index 193102a62170..51861562c47e 100644 --- a/pkg/dns/vips_synchronizer_test.go +++ b/pkg/dns/vips_synchronizer_test.go @@ -95,32 +95,24 @@ var _ = Describe("DNS sync", func() { It("should sync another service", func() { // when "backend" service is up - backendDp := core_mesh.DataplaneResource{ - Spec: &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ + zoneIngress := core_mesh.ZoneIngressResource{ + Spec: &mesh_proto.ZoneIngress{ + Zone: "zone-2", + Networking: &mesh_proto.ZoneIngress_Networking{ Address: "192.168.0.1", - Ingress: &mesh_proto.Dataplane_Networking_Ingress{ - AvailableServices: []*mesh_proto.Dataplane_Networking_Ingress_AvailableService{ - { - Mesh: "default", - Tags: map[string]string{ - "kuma.io/service": "backend", - }, - }, - }, - }, - Inbound: []*mesh_proto.Dataplane_Networking_Inbound{ - { - Port: 1234, - Tags: map[string]string{ - mesh_proto.ZoneTag: "zone-2", - }, + Port: 1234, + }, + AvailableServices: []*mesh_proto.ZoneIngress_AvailableService{ + { + Mesh: "default", + Tags: map[string]string{ + "kuma.io/service": "backend", }, }, }, }, } - err := resManager.Create(context.Background(), &backendDp, core_store.CreateByKey("dp-2", "default")) + err := resManager.Create(context.Background(), &zoneIngress, core_store.CreateByKey("zone-2-ingress", model.NoMesh)) Expect(err).ToNot(HaveOccurred()) // then service "backend" is synchronized to DNS Resolver diff --git a/pkg/kds/context/context.go b/pkg/kds/context/context.go index 640a5edadc37..c4511cf3854e 100644 --- a/pkg/kds/context/context.go +++ b/pkg/kds/context/context.go @@ -54,7 +54,7 @@ func GlobalProvidedFilter(rm manager.ResourceManager, configs map[string]bool) r if resType != mesh.DataplaneType && resType != mesh.ZoneIngressType { return true } - if resType == mesh.DataplaneType && !r.(*mesh.DataplaneResource).Spec.IsIngress() { + if resType == mesh.DataplaneType { return false } if clusterID == util.ZoneTag(r) { diff --git a/pkg/kds/global/components_test.go b/pkg/kds/global/components_test.go index 776eff1b7e0c..0a564d12a6d3 100644 --- a/pkg/kds/global/components_test.go +++ b/pkg/kds/global/components_test.go @@ -167,6 +167,7 @@ var _ = Describe("Global Sync", func() { It("should have up to date list of provided types", func() { excludeTypes := map[model.ResourceType]bool{ mesh.DataplaneInsightType: true, + mesh.DataplaneType: true, mesh.DataplaneOverviewType: true, mesh.ServiceOverviewType: true, sample.TrafficRouteType: true, diff --git a/pkg/kds/server/server_test.go b/pkg/kds/server/server_test.go index ab15a0887ef8..e81f45a9da5d 100644 --- a/pkg/kds/server/server_test.go +++ b/pkg/kds/server/server_test.go @@ -61,13 +61,13 @@ var _ = Describe("KDS Server", func() { Expect(registry.Global().ObjectTypes(model.HasKdsEnabled())). To(HaveLen(len([]proto.Message{ kds_samples.CircuitBreaker, + kds_samples.Dataplane, kds_samples.DataplaneInsight, kds_samples.ServiceInsight, kds_samples.ExternalService, kds_samples.FaultInjection, kds_samples.GlobalSecret, kds_samples.HealthCheck, - kds_samples.Ingress, // mesh.DataplaneType kds_samples.Mesh1, kds_samples.ProxyTemplate, kds_samples.RateLimit, @@ -95,7 +95,7 @@ var _ = Describe("KDS Server", func() { Exec(kds_verifier.Create(ctx, &mesh.CircuitBreakerResource{Spec: kds_samples.CircuitBreaker}, store.CreateByKey("cb-1", "mesh-1"))). Exec(kds_verifier.Create(ctx, &mesh.DataplaneInsightResource{Spec: kds_samples.DataplaneInsight}, store.CreateByKey("insight-1", "mesh-1"))). - Exec(kds_verifier.Create(ctx, &mesh.DataplaneResource{Spec: kds_samples.Ingress}, store.CreateByKey("Ingress-1", "mesh-1"))). + Exec(kds_verifier.Create(ctx, &mesh.DataplaneResource{Spec: kds_samples.Dataplane}, store.CreateByKey("dp-1", "mesh-1"))). Exec(kds_verifier.Create(ctx, &mesh.ExternalServiceResource{Spec: kds_samples.ExternalService}, store.CreateByKey("es-1", "mesh-1"))). Exec(kds_verifier.Create(ctx, &mesh.FaultInjectionResource{Spec: kds_samples.FaultInjection}, store.CreateByKey("fi-1", "mesh-1"))). Exec(kds_verifier.Create(ctx, &mesh.HealthCheckResource{Spec: kds_samples.HealthCheck}, store.CreateByKey("hc-1", "mesh-1"))). @@ -117,7 +117,7 @@ var _ = Describe("KDS Server", func() { Exec(kds_verifier.DiscoveryRequest(node, mesh.DataplaneType)). Exec(kds_verifier.WaitResponse(defaultTimeout, func(rs []model.Resource) { Expect(rs).To(HaveLen(1)) - Expect(rs[0].GetSpec()).To(MatchProto(kds_samples.Ingress)) + Expect(rs[0].GetSpec()).To(MatchProto(kds_samples.Dataplane)) })). Exec(kds_verifier.DiscoveryRequest(node, mesh.DataplaneInsightType)). Exec(kds_verifier.WaitResponse(defaultTimeout, func(rs []model.Resource) { diff --git a/pkg/kds/zone/components.go b/pkg/kds/zone/components.go index 3bc61d3ce11b..9abbfc8ebb2f 100644 --- a/pkg/kds/zone/components.go +++ b/pkg/kds/zone/components.go @@ -92,11 +92,6 @@ func Callbacks(rt core_runtime.Runtime, syncer sync_store.ResourceSyncer, k8sSto util.AddSuffixToNames(rs.GetItems(), "default") } } - if rs.GetItemType() == mesh.DataplaneType { - return syncer.Sync(rs, sync_store.PrefilterBy(func(r model.Resource) bool { - return r.(*mesh.DataplaneResource).Spec.IsZoneIngress(localZone) - })) - } if rs.GetItemType() == mesh.ZoneIngressType { return syncer.Sync(rs, sync_store.PrefilterBy(func(r model.Resource) bool { return r.(*mesh.ZoneIngressResource).IsRemoteIngress(localZone) diff --git a/pkg/kds/zone/components_test.go b/pkg/kds/zone/components_test.go index 2d7322d8b276..97cf9d2c6b9b 100644 --- a/pkg/kds/zone/components_test.go +++ b/pkg/kds/zone/components_test.go @@ -46,25 +46,20 @@ var _ = Describe("Zone Sync", func() { newPolicySink := func(zoneName string, resourceSyncer sync_store.ResourceSyncer, cs *grpc.MockClientStream, rt core_runtime.Runtime) kds_client.KDSSink { return kds_client.NewKDSSink(core.Log.WithName("kds-sink"), registry.Global().ObjectTypes(model.HasKDSFlag(model.ConsumedByZone)), kds_client.NewKDSStream(cs, zoneName, ""), zone.Callbacks(rt, resourceSyncer, false, zoneName, nil)) } - ingressFunc := func(zone string) *mesh_proto.Dataplane { - return &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ + ingressFunc := func(zone string) *mesh_proto.ZoneIngress { + return &mesh_proto.ZoneIngress{ + Zone: zone, + Networking: &mesh_proto.ZoneIngress_Networking{ Address: "192.168.0.1", - Ingress: &mesh_proto.Dataplane_Networking_Ingress{ - AvailableServices: []*mesh_proto.Dataplane_Networking_Ingress_AvailableService{{ - Tags: map[string]string{ - mesh_proto.ServiceTag: "backend", - mesh_proto.ZoneTag: fmt.Sprintf("not-%s", zone), - }, - }}, - }, - Inbound: []*mesh_proto.Dataplane_Networking_Inbound{{ - Port: 1212, + Port: 1212, + }, + AvailableServices: []*mesh_proto.ZoneIngress_AvailableService{ + { Tags: map[string]string{ - mesh_proto.ZoneTag: zone, - mesh_proto.ServiceTag: "ingress", + mesh_proto.ServiceTag: "backend", + mesh_proto.ZoneTag: fmt.Sprintf("not-%s", zone), }, - }}, + }, }, } } @@ -124,21 +119,21 @@ var _ = Describe("Zone Sync", func() { It("should sync ingresses", func() { // create Ingress for current zone, shouldn't be synced - err := globalStore.Create(context.Background(), &mesh.DataplaneResource{Spec: ingressFunc(zoneName)}, store.CreateByKey("dp-1", "mesh-1")) + err := globalStore.Create(context.Background(), &mesh.ZoneIngressResource{Spec: ingressFunc(zoneName)}, store.CreateByKey("dp-1", model.NoMesh)) Expect(err).ToNot(HaveOccurred()) - err = globalStore.Create(context.Background(), &mesh.DataplaneResource{Spec: ingressFunc("another-zone-1")}, store.CreateByKey("dp-2", "mesh-1")) + err = globalStore.Create(context.Background(), &mesh.ZoneIngressResource{Spec: ingressFunc("another-zone-1")}, store.CreateByKey("dp-2", model.NoMesh)) Expect(err).ToNot(HaveOccurred()) - err = globalStore.Create(context.Background(), &mesh.DataplaneResource{Spec: ingressFunc("another-zone-2")}, store.CreateByKey("dp-3", "mesh-1")) + err = globalStore.Create(context.Background(), &mesh.ZoneIngressResource{Spec: ingressFunc("another-zone-2")}, store.CreateByKey("dp-3", model.NoMesh)) Expect(err).ToNot(HaveOccurred()) Eventually(func() int { - actual := mesh.DataplaneResourceList{} + actual := mesh.ZoneIngressResourceList{} err := zoneStore.List(context.Background(), &actual) Expect(err).ToNot(HaveOccurred()) return len(actual.Items) }, "5s", "100ms").Should(Equal(2)) - actual := mesh.DataplaneResourceList{} + actual := mesh.ZoneIngressResourceList{} err = zoneStore.List(context.Background(), &actual) Expect(err).ToNot(HaveOccurred()) }) @@ -148,6 +143,7 @@ var _ = Describe("Zone Sync", func() { mesh.DataplaneInsightType: true, mesh.DataplaneOverviewType: true, mesh.ServiceOverviewType: true, + mesh.DataplaneType: true, sample.TrafficRouteType: true, } diff --git a/pkg/plugins/bootstrap/k8s/xds/hooks/api_server_bypass.go b/pkg/plugins/bootstrap/k8s/xds/hooks/api_server_bypass.go index 864c704cc273..acdaab9368b7 100644 --- a/pkg/plugins/bootstrap/k8s/xds/hooks/api_server_bypass.go +++ b/pkg/plugins/bootstrap/k8s/xds/hooks/api_server_bypass.go @@ -34,8 +34,7 @@ func (h ApiServerBypass) Modify(resources *core_xds.ResourceSet, ctx xds_context if proxy.Dataplane == nil { return nil } - // backwards compatibility - if proxy.Dataplane.Spec.IsIngress() || ctx.Mesh.Resource.Spec.IsPassthrough() { + if ctx.Mesh.Resource.Spec.IsPassthrough() { return nil } diff --git a/pkg/plugins/runtime/k8s/controllers/configmap_controller.go b/pkg/plugins/runtime/k8s/controllers/configmap_controller.go index 9862b2866d49..1ba1ddff0ed9 100644 --- a/pkg/plugins/runtime/k8s/controllers/configmap_controller.go +++ b/pkg/plugins/runtime/k8s/controllers/configmap_controller.go @@ -120,22 +120,6 @@ func DataplaneToMeshMapper(l logr.Logger, ns string, resourceConverter k8s_commo return nil } - // backwards compatibility - if dp.Spec.IsIngress() { - meshSet := map[string]bool{} - for _, service := range dp.Spec.GetNetworking().GetIngress().GetAvailableServices() { - meshSet[service.Mesh] = true - } - - var requests []kube_reconile.Request - for mesh := range meshSet { - requests = append(requests, kube_reconile.Request{ - NamespacedName: kube_types.NamespacedName{Namespace: ns, Name: vips.ConfigKey(mesh)}, - }) - } - return requests - } - return []kube_reconile.Request{{ NamespacedName: kube_types.NamespacedName{Namespace: ns, Name: vips.ConfigKey(cause.Mesh)}, }} diff --git a/pkg/plugins/runtime/k8s/controllers/configmap_controller_test.go b/pkg/plugins/runtime/k8s/controllers/configmap_controller_test.go index a09b3db0c598..7ff5727a7503 100644 --- a/pkg/plugins/runtime/k8s/controllers/configmap_controller_test.go +++ b/pkg/plugins/runtime/k8s/controllers/configmap_controller_test.go @@ -15,27 +15,16 @@ var _ = Describe("DataplaneToMeshMapper", func() { l := log.NewLogger(log.InfoLevel) mapper := DataplaneToMeshMapper(l, "ns", k8s.NewSimpleConverter()) requests := mapper(&mesh_k8s.Dataplane{ + Mesh: "mesh-1", Spec: map[string]interface{}{ "networking": map[string]interface{}{ "address": "10.20.1.2", "inbound": []map[string]interface{}{ { - "tags": map[string]string{mesh_proto.ServiceTag: "ingress", mesh_proto.ZoneTag: "zone-2"}, + "tags": map[string]string{mesh_proto.ServiceTag: "redis"}, "port": 10001, }, }, - "ingress": map[string]interface{}{ - "publicAddress": "192.168.0.100", - "publicPort": 12345, - "availableServices": []map[string]interface{}{ - {"instances": 2, "mesh": "mesh-1", "tags": map[string]string{mesh_proto.ServiceTag: "redis", "version": "v2"}}, - {"instances": 3, "mesh": "mesh-1", "tags": map[string]string{mesh_proto.ServiceTag: "redis", "version": "v3"}}, - {"instances": 3, "mesh": "mesh-1", "tags": map[string]string{mesh_proto.ServiceTag: "backend", "version": "v3"}}, - {"instances": 3, "mesh": "mesh-2", "tags": map[string]string{mesh_proto.ServiceTag: "db", "version": "v3"}}, - {"instances": 3, "mesh": "mesh-2", "tags": map[string]string{mesh_proto.ServiceTag: "web", "version": "v3"}}, - {"instances": 3, "mesh": "mesh-3", "tags": map[string]string{mesh_proto.ServiceTag: "frontend", "version": "v3"}}, - }, - }, }, }, }) @@ -43,7 +32,7 @@ var _ = Describe("DataplaneToMeshMapper", func() { for _, r := range requests { requestsStr = append(requestsStr, r.Name) } - Expect(requestsStr).To(HaveLen(3)) - Expect(requestsStr).To(ConsistOf("kuma-mesh-3-dns-vips", "kuma-mesh-2-dns-vips", "kuma-mesh-1-dns-vips")) + Expect(requestsStr).To(HaveLen(1)) + Expect(requestsStr).To(ConsistOf("kuma-mesh-1-dns-vips")) }) }) diff --git a/pkg/plugins/runtime/k8s/controllers/endpoints.go b/pkg/plugins/runtime/k8s/controllers/endpoints.go index 77549438c905..e4e800dad0aa 100644 --- a/pkg/plugins/runtime/k8s/controllers/endpoints.go +++ b/pkg/plugins/runtime/k8s/controllers/endpoints.go @@ -27,9 +27,6 @@ func (e EndpointsByService) Services() []string { func endpointsByService(dataplanes []*core_mesh.DataplaneResource) EndpointsByService { result := EndpointsByService{} for _, other := range dataplanes { - if other.Spec.IsIngress() { - continue - } for _, inbound := range other.Spec.Networking.GetInbound() { svc, ok := inbound.GetTags()[mesh_proto.ServiceTag] if !ok { diff --git a/pkg/plugins/runtime/k8s/controllers/pod_controller.go b/pkg/plugins/runtime/k8s/controllers/pod_controller.go index 50aa1f358050..a56a853a8d85 100644 --- a/pkg/plugins/runtime/k8s/controllers/pod_controller.go +++ b/pkg/plugins/runtime/k8s/controllers/pod_controller.go @@ -187,7 +187,7 @@ func (r *PodReconciler) findOtherDataplanes(ctx context.Context, pod *kube_core. converterLog.Error(err, "failed to parse Dataplane", "dataplane", dataplane.Spec) continue // one invalid Dataplane definition should not break the entire mesh } - if dataplane.Mesh == mesh || dp.Spec.IsIngress() { + if dataplane.Mesh == mesh { otherDataplanes = append(otherDataplanes, &dataplane) } } diff --git a/pkg/test/kds/samples/resources.go b/pkg/test/kds/samples/resources.go index e65c065ca88f..c3166af69019 100644 --- a/pkg/test/kds/samples/resources.go +++ b/pkg/test/kds/samples/resources.go @@ -108,18 +108,6 @@ var ( ServiceInsight = &mesh_proto.ServiceInsight{ Services: map[string]*mesh_proto.ServiceInsight_Service{}, } - Ingress = &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ - Ingress: &mesh_proto.Dataplane_Networking_Ingress{ - AvailableServices: []*mesh_proto.Dataplane_Networking_Ingress_AvailableService{{ - Tags: map[string]string{ - "service": "backend", - }}, - }, - }, - Address: "192.168.0.1", - }, - } ZoneIngress = &mesh_proto.ZoneIngress{ Networking: &mesh_proto.ZoneIngress_Networking{ Address: "127.0.0.1", diff --git a/pkg/xds/auth/universal/auth_test.go b/pkg/xds/auth/universal/auth_test.go index 814d8179810e..432f74124ff4 100644 --- a/pkg/xds/auth/universal/auth_test.go +++ b/pkg/xds/auth/universal/auth_test.go @@ -58,27 +58,6 @@ var _ = Describe("Authentication flow", func() { }, } - ingressDp := core_mesh.DataplaneResource{ - Meta: &test_model.ResourceMeta{ - Name: "ingress-1", - Mesh: "default", - }, - Spec: &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ - Ingress: &mesh_proto.Dataplane_Networking_Ingress{}, - Inbound: []*mesh_proto.Dataplane_Networking_Inbound{ - { - Port: 8080, - ServicePort: 8081, - Tags: map[string]string{ - "kuma.io/service": "ingress", - }, - }, - }, - }, - }, - } - BeforeEach(func() { ctx = context.Background() resStore = memory.NewStore() @@ -146,13 +125,6 @@ var _ = Describe("Authentication flow", func() { }, dpRes: &dpRes, }), - Entry("should auth with ingress token", testCase{ - id: builtin_issuer.DataplaneIdentity{ - Mesh: "default", - Type: mesh_proto.IngressProxyType, - }, - dpRes: &ingressDp, - }), ) DescribeTable("should fail auth", @@ -223,29 +195,6 @@ var _ = Describe("Authentication flow", func() { dpRes: &dpRes, err: `which is not allowed with this token. Allowed values in token are ["web"]`, // web and web-api order is not stable }), - Entry("regular dataplane and ingress type", testCase{ - id: builtin_issuer.DataplaneIdentity{ - Mesh: "default", - Type: mesh_proto.IngressProxyType, - }, - dpRes: &dpRes, - err: `dataplane is of type Dataplane but token allows only for the "ingress" type`, - }), - Entry("ingress dataplane and dataplane type", testCase{ - id: builtin_issuer.DataplaneIdentity{ - Mesh: "default", - Type: mesh_proto.DataplaneProxyType, - }, - dpRes: &ingressDp, - err: `dataplane is of type Ingress but token allows only for the "dataplane" type`, - }), - Entry("ingress dataplane and dataplane type (but not explicitly specified)", testCase{ - id: builtin_issuer.DataplaneIdentity{ - Mesh: "default", - }, - dpRes: &ingressDp, - err: `dataplane is of type Ingress but token allows only for the "dataplane" type`, - }), ) It("should throw an error on invalid token", func() { diff --git a/pkg/xds/auth/universal/authenticator.go b/pkg/xds/auth/universal/authenticator.go index 0b5a49b71bac..3a80df2d3a67 100644 --- a/pkg/xds/auth/universal/authenticator.go +++ b/pkg/xds/auth/universal/authenticator.go @@ -61,9 +61,6 @@ func (u *universalAuthenticator) authDataplane(ctx context.Context, dataplane *c if dpIdentity.Mesh != "" && dataplane.Meta.GetMesh() != dpIdentity.Mesh { return errors.Errorf("proxy mesh from requestor: %s is different than in token: %s", dataplane.Meta.GetMesh(), dpIdentity.Mesh) } - if err := validateType(dataplane, dpIdentity.Type); err != nil { - return err - } if err := validateTags(dpIdentity.Tags, dataplane.Spec.TagSet()); err != nil { return err } @@ -82,19 +79,6 @@ func (u *universalAuthenticator) authZoneIngress(ctx context.Context, zoneIngres return nil } -func validateType(dataplane *core_mesh.DataplaneResource, proxyType mesh_proto.ProxyType) error { - if proxyType == "" { // if dp type is not explicitly specified we assume it's dataplane so we force Ingress token - proxyType = mesh_proto.DataplaneProxyType - } - if dataplane.Spec.IsIngress() && proxyType != mesh_proto.IngressProxyType { - return errors.Errorf("dataplane is of type Ingress but token allows only for the %q type", proxyType) - } - if !dataplane.Spec.IsIngress() && proxyType == mesh_proto.IngressProxyType { - return errors.Errorf("dataplane is of type Dataplane but token allows only for the %q type", proxyType) - } - return nil -} - func validateTags(tokenTags mesh_proto.MultiValueTagSet, dpTags mesh_proto.MultiValueTagSet) error { for tagName, allowedValues := range tokenTags { dpValues, exist := dpTags[tagName] diff --git a/pkg/xds/cache/mesh/cache_test.go b/pkg/xds/cache/mesh/cache_test.go index 8fcc038042da..c6fabafc26d3 100644 --- a/pkg/xds/cache/mesh/cache_test.go +++ b/pkg/xds/cache/mesh/cache_test.go @@ -119,7 +119,7 @@ var _ = Describe("MeshSnapshot Cache", func() { By("getting Hash for the first time") hash, err := meshCache.GetHash(context.Background(), "mesh-0") Expect(err).ToNot(HaveOccurred()) - expectedHash := sha256.Hash(`Dataplane:mesh-0:dp-0:1:192.168.0.1:,Dataplane:mesh-0:dp-10:1:192.168.0.1:,Dataplane:mesh-0:dp-11:1:192.168.0.1:,Dataplane:mesh-0:dp-12:1:192.168.0.1:,Dataplane:mesh-0:dp-13:1:192.168.0.1:,Dataplane:mesh-0:dp-14:1:192.168.0.1:,Dataplane:mesh-0:dp-15:1:192.168.0.1:,Dataplane:mesh-0:dp-16:1:192.168.0.1:,Dataplane:mesh-0:dp-17:1:192.168.0.1:,Dataplane:mesh-0:dp-18:1:192.168.0.1:,Dataplane:mesh-0:dp-19:1:192.168.0.1:,Dataplane:mesh-0:dp-1:1:192.168.0.1:,Dataplane:mesh-0:dp-20:1:192.168.0.1:,Dataplane:mesh-0:dp-21:1:192.168.0.1:,Dataplane:mesh-0:dp-22:1:192.168.0.1:,Dataplane:mesh-0:dp-23:1:192.168.0.1:,Dataplane:mesh-0:dp-24:1:192.168.0.1:,Dataplane:mesh-0:dp-25:1:192.168.0.1:,Dataplane:mesh-0:dp-26:1:192.168.0.1:,Dataplane:mesh-0:dp-27:1:192.168.0.1:,Dataplane:mesh-0:dp-28:1:192.168.0.1:,Dataplane:mesh-0:dp-29:1:192.168.0.1:,Dataplane:mesh-0:dp-2:1:192.168.0.1:,Dataplane:mesh-0:dp-30:1:192.168.0.1:,Dataplane:mesh-0:dp-31:1:192.168.0.1:,Dataplane:mesh-0:dp-32:1:192.168.0.1:,Dataplane:mesh-0:dp-33:1:192.168.0.1:,Dataplane:mesh-0:dp-34:1:192.168.0.1:,Dataplane:mesh-0:dp-35:1:192.168.0.1:,Dataplane:mesh-0:dp-36:1:192.168.0.1:,Dataplane:mesh-0:dp-37:1:192.168.0.1:,Dataplane:mesh-0:dp-38:1:192.168.0.1:,Dataplane:mesh-0:dp-39:1:192.168.0.1:,Dataplane:mesh-0:dp-3:1:192.168.0.1:,Dataplane:mesh-0:dp-40:1:192.168.0.1:,Dataplane:mesh-0:dp-41:1:192.168.0.1:,Dataplane:mesh-0:dp-42:1:192.168.0.1:,Dataplane:mesh-0:dp-43:1:192.168.0.1:,Dataplane:mesh-0:dp-44:1:192.168.0.1:,Dataplane:mesh-0:dp-45:1:192.168.0.1:,Dataplane:mesh-0:dp-46:1:192.168.0.1:,Dataplane:mesh-0:dp-47:1:192.168.0.1:,Dataplane:mesh-0:dp-48:1:192.168.0.1:,Dataplane:mesh-0:dp-49:1:192.168.0.1:,Dataplane:mesh-0:dp-4:1:192.168.0.1:,Dataplane:mesh-0:dp-50:1:192.168.0.1:,Dataplane:mesh-0:dp-51:1:192.168.0.1:,Dataplane:mesh-0:dp-52:1:192.168.0.1:,Dataplane:mesh-0:dp-53:1:192.168.0.1:,Dataplane:mesh-0:dp-54:1:192.168.0.1:,Dataplane:mesh-0:dp-55:1:192.168.0.1:,Dataplane:mesh-0:dp-56:1:192.168.0.1:,Dataplane:mesh-0:dp-57:1:192.168.0.1:,Dataplane:mesh-0:dp-58:1:192.168.0.1:,Dataplane:mesh-0:dp-59:1:192.168.0.1:,Dataplane:mesh-0:dp-5:1:192.168.0.1:,Dataplane:mesh-0:dp-60:1:192.168.0.1:,Dataplane:mesh-0:dp-61:1:192.168.0.1:,Dataplane:mesh-0:dp-62:1:192.168.0.1:,Dataplane:mesh-0:dp-63:1:192.168.0.1:,Dataplane:mesh-0:dp-64:1:192.168.0.1:,Dataplane:mesh-0:dp-65:1:192.168.0.1:,Dataplane:mesh-0:dp-66:1:192.168.0.1:,Dataplane:mesh-0:dp-67:1:192.168.0.1:,Dataplane:mesh-0:dp-68:1:192.168.0.1:,Dataplane:mesh-0:dp-69:1:192.168.0.1:,Dataplane:mesh-0:dp-6:1:192.168.0.1:,Dataplane:mesh-0:dp-70:1:192.168.0.1:,Dataplane:mesh-0:dp-71:1:192.168.0.1:,Dataplane:mesh-0:dp-72:1:192.168.0.1:,Dataplane:mesh-0:dp-73:1:192.168.0.1:,Dataplane:mesh-0:dp-74:1:192.168.0.1:,Dataplane:mesh-0:dp-75:1:192.168.0.1:,Dataplane:mesh-0:dp-76:1:192.168.0.1:,Dataplane:mesh-0:dp-77:1:192.168.0.1:,Dataplane:mesh-0:dp-78:1:192.168.0.1:,Dataplane:mesh-0:dp-79:1:192.168.0.1:,Dataplane:mesh-0:dp-7:1:192.168.0.1:,Dataplane:mesh-0:dp-80:1:192.168.0.1:,Dataplane:mesh-0:dp-81:1:192.168.0.1:,Dataplane:mesh-0:dp-82:1:192.168.0.1:,Dataplane:mesh-0:dp-83:1:192.168.0.1:,Dataplane:mesh-0:dp-84:1:192.168.0.1:,Dataplane:mesh-0:dp-85:1:192.168.0.1:,Dataplane:mesh-0:dp-86:1:192.168.0.1:,Dataplane:mesh-0:dp-87:1:192.168.0.1:,Dataplane:mesh-0:dp-88:1:192.168.0.1:,Dataplane:mesh-0:dp-89:1:192.168.0.1:,Dataplane:mesh-0:dp-8:1:192.168.0.1:,Dataplane:mesh-0:dp-90:1:192.168.0.1:,Dataplane:mesh-0:dp-91:1:192.168.0.1:,Dataplane:mesh-0:dp-92:1:192.168.0.1:,Dataplane:mesh-0:dp-93:1:192.168.0.1:,Dataplane:mesh-0:dp-94:1:192.168.0.1:,Dataplane:mesh-0:dp-95:1:192.168.0.1:,Dataplane:mesh-0:dp-96:1:192.168.0.1:,Dataplane:mesh-0:dp-97:1:192.168.0.1:,Dataplane:mesh-0:dp-98:1:192.168.0.1:,Dataplane:mesh-0:dp-99:1:192.168.0.1:,Dataplane:mesh-0:dp-9:1:192.168.0.1:,Mesh::mesh-0:1,TrafficRoute:mesh-0:tr-0:1,TrafficRoute:mesh-0:tr-10:1,TrafficRoute:mesh-0:tr-11:1,TrafficRoute:mesh-0:tr-12:1,TrafficRoute:mesh-0:tr-13:1,TrafficRoute:mesh-0:tr-14:1,TrafficRoute:mesh-0:tr-15:1,TrafficRoute:mesh-0:tr-16:1,TrafficRoute:mesh-0:tr-17:1,TrafficRoute:mesh-0:tr-18:1,TrafficRoute:mesh-0:tr-19:1,TrafficRoute:mesh-0:tr-1:1,TrafficRoute:mesh-0:tr-20:1,TrafficRoute:mesh-0:tr-21:1,TrafficRoute:mesh-0:tr-22:1,TrafficRoute:mesh-0:tr-23:1,TrafficRoute:mesh-0:tr-24:1,TrafficRoute:mesh-0:tr-25:1,TrafficRoute:mesh-0:tr-26:1,TrafficRoute:mesh-0:tr-27:1,TrafficRoute:mesh-0:tr-28:1,TrafficRoute:mesh-0:tr-29:1,TrafficRoute:mesh-0:tr-2:1,TrafficRoute:mesh-0:tr-30:1,TrafficRoute:mesh-0:tr-31:1,TrafficRoute:mesh-0:tr-32:1,TrafficRoute:mesh-0:tr-33:1,TrafficRoute:mesh-0:tr-34:1,TrafficRoute:mesh-0:tr-35:1,TrafficRoute:mesh-0:tr-36:1,TrafficRoute:mesh-0:tr-37:1,TrafficRoute:mesh-0:tr-38:1,TrafficRoute:mesh-0:tr-39:1,TrafficRoute:mesh-0:tr-3:1,TrafficRoute:mesh-0:tr-40:1,TrafficRoute:mesh-0:tr-41:1,TrafficRoute:mesh-0:tr-42:1,TrafficRoute:mesh-0:tr-43:1,TrafficRoute:mesh-0:tr-44:1,TrafficRoute:mesh-0:tr-45:1,TrafficRoute:mesh-0:tr-46:1,TrafficRoute:mesh-0:tr-47:1,TrafficRoute:mesh-0:tr-48:1,TrafficRoute:mesh-0:tr-49:1,TrafficRoute:mesh-0:tr-4:1,TrafficRoute:mesh-0:tr-50:1,TrafficRoute:mesh-0:tr-51:1,TrafficRoute:mesh-0:tr-52:1,TrafficRoute:mesh-0:tr-53:1,TrafficRoute:mesh-0:tr-54:1,TrafficRoute:mesh-0:tr-55:1,TrafficRoute:mesh-0:tr-56:1,TrafficRoute:mesh-0:tr-57:1,TrafficRoute:mesh-0:tr-58:1,TrafficRoute:mesh-0:tr-59:1,TrafficRoute:mesh-0:tr-5:1,TrafficRoute:mesh-0:tr-60:1,TrafficRoute:mesh-0:tr-61:1,TrafficRoute:mesh-0:tr-62:1,TrafficRoute:mesh-0:tr-63:1,TrafficRoute:mesh-0:tr-64:1,TrafficRoute:mesh-0:tr-65:1,TrafficRoute:mesh-0:tr-66:1,TrafficRoute:mesh-0:tr-67:1,TrafficRoute:mesh-0:tr-68:1,TrafficRoute:mesh-0:tr-69:1,TrafficRoute:mesh-0:tr-6:1,TrafficRoute:mesh-0:tr-70:1,TrafficRoute:mesh-0:tr-71:1,TrafficRoute:mesh-0:tr-72:1,TrafficRoute:mesh-0:tr-73:1,TrafficRoute:mesh-0:tr-74:1,TrafficRoute:mesh-0:tr-75:1,TrafficRoute:mesh-0:tr-76:1,TrafficRoute:mesh-0:tr-77:1,TrafficRoute:mesh-0:tr-78:1,TrafficRoute:mesh-0:tr-79:1,TrafficRoute:mesh-0:tr-7:1,TrafficRoute:mesh-0:tr-80:1,TrafficRoute:mesh-0:tr-81:1,TrafficRoute:mesh-0:tr-82:1,TrafficRoute:mesh-0:tr-83:1,TrafficRoute:mesh-0:tr-84:1,TrafficRoute:mesh-0:tr-85:1,TrafficRoute:mesh-0:tr-86:1,TrafficRoute:mesh-0:tr-87:1,TrafficRoute:mesh-0:tr-88:1,TrafficRoute:mesh-0:tr-89:1,TrafficRoute:mesh-0:tr-8:1,TrafficRoute:mesh-0:tr-90:1,TrafficRoute:mesh-0:tr-91:1,TrafficRoute:mesh-0:tr-92:1,TrafficRoute:mesh-0:tr-93:1,TrafficRoute:mesh-0:tr-94:1,TrafficRoute:mesh-0:tr-95:1,TrafficRoute:mesh-0:tr-96:1,TrafficRoute:mesh-0:tr-97:1,TrafficRoute:mesh-0:tr-98:1,TrafficRoute:mesh-0:tr-99:1,TrafficRoute:mesh-0:tr-9:1`) + expectedHash := sha256.Hash(`Dataplane:mesh-0:dp-0:1:192.168.0.1,Dataplane:mesh-0:dp-10:1:192.168.0.1,Dataplane:mesh-0:dp-11:1:192.168.0.1,Dataplane:mesh-0:dp-12:1:192.168.0.1,Dataplane:mesh-0:dp-13:1:192.168.0.1,Dataplane:mesh-0:dp-14:1:192.168.0.1,Dataplane:mesh-0:dp-15:1:192.168.0.1,Dataplane:mesh-0:dp-16:1:192.168.0.1,Dataplane:mesh-0:dp-17:1:192.168.0.1,Dataplane:mesh-0:dp-18:1:192.168.0.1,Dataplane:mesh-0:dp-19:1:192.168.0.1,Dataplane:mesh-0:dp-1:1:192.168.0.1,Dataplane:mesh-0:dp-20:1:192.168.0.1,Dataplane:mesh-0:dp-21:1:192.168.0.1,Dataplane:mesh-0:dp-22:1:192.168.0.1,Dataplane:mesh-0:dp-23:1:192.168.0.1,Dataplane:mesh-0:dp-24:1:192.168.0.1,Dataplane:mesh-0:dp-25:1:192.168.0.1,Dataplane:mesh-0:dp-26:1:192.168.0.1,Dataplane:mesh-0:dp-27:1:192.168.0.1,Dataplane:mesh-0:dp-28:1:192.168.0.1,Dataplane:mesh-0:dp-29:1:192.168.0.1,Dataplane:mesh-0:dp-2:1:192.168.0.1,Dataplane:mesh-0:dp-30:1:192.168.0.1,Dataplane:mesh-0:dp-31:1:192.168.0.1,Dataplane:mesh-0:dp-32:1:192.168.0.1,Dataplane:mesh-0:dp-33:1:192.168.0.1,Dataplane:mesh-0:dp-34:1:192.168.0.1,Dataplane:mesh-0:dp-35:1:192.168.0.1,Dataplane:mesh-0:dp-36:1:192.168.0.1,Dataplane:mesh-0:dp-37:1:192.168.0.1,Dataplane:mesh-0:dp-38:1:192.168.0.1,Dataplane:mesh-0:dp-39:1:192.168.0.1,Dataplane:mesh-0:dp-3:1:192.168.0.1,Dataplane:mesh-0:dp-40:1:192.168.0.1,Dataplane:mesh-0:dp-41:1:192.168.0.1,Dataplane:mesh-0:dp-42:1:192.168.0.1,Dataplane:mesh-0:dp-43:1:192.168.0.1,Dataplane:mesh-0:dp-44:1:192.168.0.1,Dataplane:mesh-0:dp-45:1:192.168.0.1,Dataplane:mesh-0:dp-46:1:192.168.0.1,Dataplane:mesh-0:dp-47:1:192.168.0.1,Dataplane:mesh-0:dp-48:1:192.168.0.1,Dataplane:mesh-0:dp-49:1:192.168.0.1,Dataplane:mesh-0:dp-4:1:192.168.0.1,Dataplane:mesh-0:dp-50:1:192.168.0.1,Dataplane:mesh-0:dp-51:1:192.168.0.1,Dataplane:mesh-0:dp-52:1:192.168.0.1,Dataplane:mesh-0:dp-53:1:192.168.0.1,Dataplane:mesh-0:dp-54:1:192.168.0.1,Dataplane:mesh-0:dp-55:1:192.168.0.1,Dataplane:mesh-0:dp-56:1:192.168.0.1,Dataplane:mesh-0:dp-57:1:192.168.0.1,Dataplane:mesh-0:dp-58:1:192.168.0.1,Dataplane:mesh-0:dp-59:1:192.168.0.1,Dataplane:mesh-0:dp-5:1:192.168.0.1,Dataplane:mesh-0:dp-60:1:192.168.0.1,Dataplane:mesh-0:dp-61:1:192.168.0.1,Dataplane:mesh-0:dp-62:1:192.168.0.1,Dataplane:mesh-0:dp-63:1:192.168.0.1,Dataplane:mesh-0:dp-64:1:192.168.0.1,Dataplane:mesh-0:dp-65:1:192.168.0.1,Dataplane:mesh-0:dp-66:1:192.168.0.1,Dataplane:mesh-0:dp-67:1:192.168.0.1,Dataplane:mesh-0:dp-68:1:192.168.0.1,Dataplane:mesh-0:dp-69:1:192.168.0.1,Dataplane:mesh-0:dp-6:1:192.168.0.1,Dataplane:mesh-0:dp-70:1:192.168.0.1,Dataplane:mesh-0:dp-71:1:192.168.0.1,Dataplane:mesh-0:dp-72:1:192.168.0.1,Dataplane:mesh-0:dp-73:1:192.168.0.1,Dataplane:mesh-0:dp-74:1:192.168.0.1,Dataplane:mesh-0:dp-75:1:192.168.0.1,Dataplane:mesh-0:dp-76:1:192.168.0.1,Dataplane:mesh-0:dp-77:1:192.168.0.1,Dataplane:mesh-0:dp-78:1:192.168.0.1,Dataplane:mesh-0:dp-79:1:192.168.0.1,Dataplane:mesh-0:dp-7:1:192.168.0.1,Dataplane:mesh-0:dp-80:1:192.168.0.1,Dataplane:mesh-0:dp-81:1:192.168.0.1,Dataplane:mesh-0:dp-82:1:192.168.0.1,Dataplane:mesh-0:dp-83:1:192.168.0.1,Dataplane:mesh-0:dp-84:1:192.168.0.1,Dataplane:mesh-0:dp-85:1:192.168.0.1,Dataplane:mesh-0:dp-86:1:192.168.0.1,Dataplane:mesh-0:dp-87:1:192.168.0.1,Dataplane:mesh-0:dp-88:1:192.168.0.1,Dataplane:mesh-0:dp-89:1:192.168.0.1,Dataplane:mesh-0:dp-8:1:192.168.0.1,Dataplane:mesh-0:dp-90:1:192.168.0.1,Dataplane:mesh-0:dp-91:1:192.168.0.1,Dataplane:mesh-0:dp-92:1:192.168.0.1,Dataplane:mesh-0:dp-93:1:192.168.0.1,Dataplane:mesh-0:dp-94:1:192.168.0.1,Dataplane:mesh-0:dp-95:1:192.168.0.1,Dataplane:mesh-0:dp-96:1:192.168.0.1,Dataplane:mesh-0:dp-97:1:192.168.0.1,Dataplane:mesh-0:dp-98:1:192.168.0.1,Dataplane:mesh-0:dp-99:1:192.168.0.1,Dataplane:mesh-0:dp-9:1:192.168.0.1,Mesh::mesh-0:1,TrafficRoute:mesh-0:tr-0:1,TrafficRoute:mesh-0:tr-10:1,TrafficRoute:mesh-0:tr-11:1,TrafficRoute:mesh-0:tr-12:1,TrafficRoute:mesh-0:tr-13:1,TrafficRoute:mesh-0:tr-14:1,TrafficRoute:mesh-0:tr-15:1,TrafficRoute:mesh-0:tr-16:1,TrafficRoute:mesh-0:tr-17:1,TrafficRoute:mesh-0:tr-18:1,TrafficRoute:mesh-0:tr-19:1,TrafficRoute:mesh-0:tr-1:1,TrafficRoute:mesh-0:tr-20:1,TrafficRoute:mesh-0:tr-21:1,TrafficRoute:mesh-0:tr-22:1,TrafficRoute:mesh-0:tr-23:1,TrafficRoute:mesh-0:tr-24:1,TrafficRoute:mesh-0:tr-25:1,TrafficRoute:mesh-0:tr-26:1,TrafficRoute:mesh-0:tr-27:1,TrafficRoute:mesh-0:tr-28:1,TrafficRoute:mesh-0:tr-29:1,TrafficRoute:mesh-0:tr-2:1,TrafficRoute:mesh-0:tr-30:1,TrafficRoute:mesh-0:tr-31:1,TrafficRoute:mesh-0:tr-32:1,TrafficRoute:mesh-0:tr-33:1,TrafficRoute:mesh-0:tr-34:1,TrafficRoute:mesh-0:tr-35:1,TrafficRoute:mesh-0:tr-36:1,TrafficRoute:mesh-0:tr-37:1,TrafficRoute:mesh-0:tr-38:1,TrafficRoute:mesh-0:tr-39:1,TrafficRoute:mesh-0:tr-3:1,TrafficRoute:mesh-0:tr-40:1,TrafficRoute:mesh-0:tr-41:1,TrafficRoute:mesh-0:tr-42:1,TrafficRoute:mesh-0:tr-43:1,TrafficRoute:mesh-0:tr-44:1,TrafficRoute:mesh-0:tr-45:1,TrafficRoute:mesh-0:tr-46:1,TrafficRoute:mesh-0:tr-47:1,TrafficRoute:mesh-0:tr-48:1,TrafficRoute:mesh-0:tr-49:1,TrafficRoute:mesh-0:tr-4:1,TrafficRoute:mesh-0:tr-50:1,TrafficRoute:mesh-0:tr-51:1,TrafficRoute:mesh-0:tr-52:1,TrafficRoute:mesh-0:tr-53:1,TrafficRoute:mesh-0:tr-54:1,TrafficRoute:mesh-0:tr-55:1,TrafficRoute:mesh-0:tr-56:1,TrafficRoute:mesh-0:tr-57:1,TrafficRoute:mesh-0:tr-58:1,TrafficRoute:mesh-0:tr-59:1,TrafficRoute:mesh-0:tr-5:1,TrafficRoute:mesh-0:tr-60:1,TrafficRoute:mesh-0:tr-61:1,TrafficRoute:mesh-0:tr-62:1,TrafficRoute:mesh-0:tr-63:1,TrafficRoute:mesh-0:tr-64:1,TrafficRoute:mesh-0:tr-65:1,TrafficRoute:mesh-0:tr-66:1,TrafficRoute:mesh-0:tr-67:1,TrafficRoute:mesh-0:tr-68:1,TrafficRoute:mesh-0:tr-69:1,TrafficRoute:mesh-0:tr-6:1,TrafficRoute:mesh-0:tr-70:1,TrafficRoute:mesh-0:tr-71:1,TrafficRoute:mesh-0:tr-72:1,TrafficRoute:mesh-0:tr-73:1,TrafficRoute:mesh-0:tr-74:1,TrafficRoute:mesh-0:tr-75:1,TrafficRoute:mesh-0:tr-76:1,TrafficRoute:mesh-0:tr-77:1,TrafficRoute:mesh-0:tr-78:1,TrafficRoute:mesh-0:tr-79:1,TrafficRoute:mesh-0:tr-7:1,TrafficRoute:mesh-0:tr-80:1,TrafficRoute:mesh-0:tr-81:1,TrafficRoute:mesh-0:tr-82:1,TrafficRoute:mesh-0:tr-83:1,TrafficRoute:mesh-0:tr-84:1,TrafficRoute:mesh-0:tr-85:1,TrafficRoute:mesh-0:tr-86:1,TrafficRoute:mesh-0:tr-87:1,TrafficRoute:mesh-0:tr-88:1,TrafficRoute:mesh-0:tr-89:1,TrafficRoute:mesh-0:tr-8:1,TrafficRoute:mesh-0:tr-90:1,TrafficRoute:mesh-0:tr-91:1,TrafficRoute:mesh-0:tr-92:1,TrafficRoute:mesh-0:tr-93:1,TrafficRoute:mesh-0:tr-94:1,TrafficRoute:mesh-0:tr-95:1,TrafficRoute:mesh-0:tr-96:1,TrafficRoute:mesh-0:tr-97:1,TrafficRoute:mesh-0:tr-98:1,TrafficRoute:mesh-0:tr-99:1,TrafficRoute:mesh-0:tr-9:1`) Expect(hash).To(Equal(expectedHash)) Expect(countingManager.getQueries).To(Equal(1)) // one Get to obtain Mesh Expect(countingManager.listQueries).To(Equal(2)) // 2 List to fetch Dataplanes and TrafficRoutes @@ -142,7 +142,7 @@ var _ = Describe("MeshSnapshot Cache", func() { hash, err = meshCache.GetHash(context.Background(), "mesh-0") Expect(err).ToNot(HaveOccurred()) - expectedHash = sha256.Hash(`Dataplane:mesh-0:dp-0:1:192.168.0.1:,Dataplane:mesh-0:dp-10:1:192.168.0.1:,Dataplane:mesh-0:dp-11:1:192.168.0.1:,Dataplane:mesh-0:dp-12:1:192.168.0.1:,Dataplane:mesh-0:dp-13:1:192.168.0.1:,Dataplane:mesh-0:dp-14:1:192.168.0.1:,Dataplane:mesh-0:dp-15:1:192.168.0.1:,Dataplane:mesh-0:dp-16:1:192.168.0.1:,Dataplane:mesh-0:dp-17:1:192.168.0.1:,Dataplane:mesh-0:dp-18:1:192.168.0.1:,Dataplane:mesh-0:dp-19:1:192.168.0.1:,Dataplane:mesh-0:dp-1:2:1.1.1.1:,Dataplane:mesh-0:dp-20:1:192.168.0.1:,Dataplane:mesh-0:dp-21:1:192.168.0.1:,Dataplane:mesh-0:dp-22:1:192.168.0.1:,Dataplane:mesh-0:dp-23:1:192.168.0.1:,Dataplane:mesh-0:dp-24:1:192.168.0.1:,Dataplane:mesh-0:dp-25:1:192.168.0.1:,Dataplane:mesh-0:dp-26:1:192.168.0.1:,Dataplane:mesh-0:dp-27:1:192.168.0.1:,Dataplane:mesh-0:dp-28:1:192.168.0.1:,Dataplane:mesh-0:dp-29:1:192.168.0.1:,Dataplane:mesh-0:dp-2:1:192.168.0.1:,Dataplane:mesh-0:dp-30:1:192.168.0.1:,Dataplane:mesh-0:dp-31:1:192.168.0.1:,Dataplane:mesh-0:dp-32:1:192.168.0.1:,Dataplane:mesh-0:dp-33:1:192.168.0.1:,Dataplane:mesh-0:dp-34:1:192.168.0.1:,Dataplane:mesh-0:dp-35:1:192.168.0.1:,Dataplane:mesh-0:dp-36:1:192.168.0.1:,Dataplane:mesh-0:dp-37:1:192.168.0.1:,Dataplane:mesh-0:dp-38:1:192.168.0.1:,Dataplane:mesh-0:dp-39:1:192.168.0.1:,Dataplane:mesh-0:dp-3:1:192.168.0.1:,Dataplane:mesh-0:dp-40:1:192.168.0.1:,Dataplane:mesh-0:dp-41:1:192.168.0.1:,Dataplane:mesh-0:dp-42:1:192.168.0.1:,Dataplane:mesh-0:dp-43:1:192.168.0.1:,Dataplane:mesh-0:dp-44:1:192.168.0.1:,Dataplane:mesh-0:dp-45:1:192.168.0.1:,Dataplane:mesh-0:dp-46:1:192.168.0.1:,Dataplane:mesh-0:dp-47:1:192.168.0.1:,Dataplane:mesh-0:dp-48:1:192.168.0.1:,Dataplane:mesh-0:dp-49:1:192.168.0.1:,Dataplane:mesh-0:dp-4:1:192.168.0.1:,Dataplane:mesh-0:dp-50:1:192.168.0.1:,Dataplane:mesh-0:dp-51:1:192.168.0.1:,Dataplane:mesh-0:dp-52:1:192.168.0.1:,Dataplane:mesh-0:dp-53:1:192.168.0.1:,Dataplane:mesh-0:dp-54:1:192.168.0.1:,Dataplane:mesh-0:dp-55:1:192.168.0.1:,Dataplane:mesh-0:dp-56:1:192.168.0.1:,Dataplane:mesh-0:dp-57:1:192.168.0.1:,Dataplane:mesh-0:dp-58:1:192.168.0.1:,Dataplane:mesh-0:dp-59:1:192.168.0.1:,Dataplane:mesh-0:dp-5:1:192.168.0.1:,Dataplane:mesh-0:dp-60:1:192.168.0.1:,Dataplane:mesh-0:dp-61:1:192.168.0.1:,Dataplane:mesh-0:dp-62:1:192.168.0.1:,Dataplane:mesh-0:dp-63:1:192.168.0.1:,Dataplane:mesh-0:dp-64:1:192.168.0.1:,Dataplane:mesh-0:dp-65:1:192.168.0.1:,Dataplane:mesh-0:dp-66:1:192.168.0.1:,Dataplane:mesh-0:dp-67:1:192.168.0.1:,Dataplane:mesh-0:dp-68:1:192.168.0.1:,Dataplane:mesh-0:dp-69:1:192.168.0.1:,Dataplane:mesh-0:dp-6:1:192.168.0.1:,Dataplane:mesh-0:dp-70:1:192.168.0.1:,Dataplane:mesh-0:dp-71:1:192.168.0.1:,Dataplane:mesh-0:dp-72:1:192.168.0.1:,Dataplane:mesh-0:dp-73:1:192.168.0.1:,Dataplane:mesh-0:dp-74:1:192.168.0.1:,Dataplane:mesh-0:dp-75:1:192.168.0.1:,Dataplane:mesh-0:dp-76:1:192.168.0.1:,Dataplane:mesh-0:dp-77:1:192.168.0.1:,Dataplane:mesh-0:dp-78:1:192.168.0.1:,Dataplane:mesh-0:dp-79:1:192.168.0.1:,Dataplane:mesh-0:dp-7:1:192.168.0.1:,Dataplane:mesh-0:dp-80:1:192.168.0.1:,Dataplane:mesh-0:dp-81:1:192.168.0.1:,Dataplane:mesh-0:dp-82:1:192.168.0.1:,Dataplane:mesh-0:dp-83:1:192.168.0.1:,Dataplane:mesh-0:dp-84:1:192.168.0.1:,Dataplane:mesh-0:dp-85:1:192.168.0.1:,Dataplane:mesh-0:dp-86:1:192.168.0.1:,Dataplane:mesh-0:dp-87:1:192.168.0.1:,Dataplane:mesh-0:dp-88:1:192.168.0.1:,Dataplane:mesh-0:dp-89:1:192.168.0.1:,Dataplane:mesh-0:dp-8:1:192.168.0.1:,Dataplane:mesh-0:dp-90:1:192.168.0.1:,Dataplane:mesh-0:dp-91:1:192.168.0.1:,Dataplane:mesh-0:dp-92:1:192.168.0.1:,Dataplane:mesh-0:dp-93:1:192.168.0.1:,Dataplane:mesh-0:dp-94:1:192.168.0.1:,Dataplane:mesh-0:dp-95:1:192.168.0.1:,Dataplane:mesh-0:dp-96:1:192.168.0.1:,Dataplane:mesh-0:dp-97:1:192.168.0.1:,Dataplane:mesh-0:dp-98:1:192.168.0.1:,Dataplane:mesh-0:dp-99:1:192.168.0.1:,Dataplane:mesh-0:dp-9:1:192.168.0.1:,Mesh::mesh-0:1,TrafficRoute:mesh-0:tr-0:1,TrafficRoute:mesh-0:tr-10:1,TrafficRoute:mesh-0:tr-11:1,TrafficRoute:mesh-0:tr-12:1,TrafficRoute:mesh-0:tr-13:1,TrafficRoute:mesh-0:tr-14:1,TrafficRoute:mesh-0:tr-15:1,TrafficRoute:mesh-0:tr-16:1,TrafficRoute:mesh-0:tr-17:1,TrafficRoute:mesh-0:tr-18:1,TrafficRoute:mesh-0:tr-19:1,TrafficRoute:mesh-0:tr-1:1,TrafficRoute:mesh-0:tr-20:1,TrafficRoute:mesh-0:tr-21:1,TrafficRoute:mesh-0:tr-22:1,TrafficRoute:mesh-0:tr-23:1,TrafficRoute:mesh-0:tr-24:1,TrafficRoute:mesh-0:tr-25:1,TrafficRoute:mesh-0:tr-26:1,TrafficRoute:mesh-0:tr-27:1,TrafficRoute:mesh-0:tr-28:1,TrafficRoute:mesh-0:tr-29:1,TrafficRoute:mesh-0:tr-2:1,TrafficRoute:mesh-0:tr-30:1,TrafficRoute:mesh-0:tr-31:1,TrafficRoute:mesh-0:tr-32:1,TrafficRoute:mesh-0:tr-33:1,TrafficRoute:mesh-0:tr-34:1,TrafficRoute:mesh-0:tr-35:1,TrafficRoute:mesh-0:tr-36:1,TrafficRoute:mesh-0:tr-37:1,TrafficRoute:mesh-0:tr-38:1,TrafficRoute:mesh-0:tr-39:1,TrafficRoute:mesh-0:tr-3:1,TrafficRoute:mesh-0:tr-40:1,TrafficRoute:mesh-0:tr-41:1,TrafficRoute:mesh-0:tr-42:1,TrafficRoute:mesh-0:tr-43:1,TrafficRoute:mesh-0:tr-44:1,TrafficRoute:mesh-0:tr-45:1,TrafficRoute:mesh-0:tr-46:1,TrafficRoute:mesh-0:tr-47:1,TrafficRoute:mesh-0:tr-48:1,TrafficRoute:mesh-0:tr-49:1,TrafficRoute:mesh-0:tr-4:1,TrafficRoute:mesh-0:tr-50:1,TrafficRoute:mesh-0:tr-51:1,TrafficRoute:mesh-0:tr-52:1,TrafficRoute:mesh-0:tr-53:1,TrafficRoute:mesh-0:tr-54:1,TrafficRoute:mesh-0:tr-55:1,TrafficRoute:mesh-0:tr-56:1,TrafficRoute:mesh-0:tr-57:1,TrafficRoute:mesh-0:tr-58:1,TrafficRoute:mesh-0:tr-59:1,TrafficRoute:mesh-0:tr-5:1,TrafficRoute:mesh-0:tr-60:1,TrafficRoute:mesh-0:tr-61:1,TrafficRoute:mesh-0:tr-62:1,TrafficRoute:mesh-0:tr-63:1,TrafficRoute:mesh-0:tr-64:1,TrafficRoute:mesh-0:tr-65:1,TrafficRoute:mesh-0:tr-66:1,TrafficRoute:mesh-0:tr-67:1,TrafficRoute:mesh-0:tr-68:1,TrafficRoute:mesh-0:tr-69:1,TrafficRoute:mesh-0:tr-6:1,TrafficRoute:mesh-0:tr-70:1,TrafficRoute:mesh-0:tr-71:1,TrafficRoute:mesh-0:tr-72:1,TrafficRoute:mesh-0:tr-73:1,TrafficRoute:mesh-0:tr-74:1,TrafficRoute:mesh-0:tr-75:1,TrafficRoute:mesh-0:tr-76:1,TrafficRoute:mesh-0:tr-77:1,TrafficRoute:mesh-0:tr-78:1,TrafficRoute:mesh-0:tr-79:1,TrafficRoute:mesh-0:tr-7:1,TrafficRoute:mesh-0:tr-80:1,TrafficRoute:mesh-0:tr-81:1,TrafficRoute:mesh-0:tr-82:1,TrafficRoute:mesh-0:tr-83:1,TrafficRoute:mesh-0:tr-84:1,TrafficRoute:mesh-0:tr-85:1,TrafficRoute:mesh-0:tr-86:1,TrafficRoute:mesh-0:tr-87:1,TrafficRoute:mesh-0:tr-88:1,TrafficRoute:mesh-0:tr-89:1,TrafficRoute:mesh-0:tr-8:1,TrafficRoute:mesh-0:tr-90:1,TrafficRoute:mesh-0:tr-91:1,TrafficRoute:mesh-0:tr-92:1,TrafficRoute:mesh-0:tr-93:1,TrafficRoute:mesh-0:tr-94:1,TrafficRoute:mesh-0:tr-95:1,TrafficRoute:mesh-0:tr-96:1,TrafficRoute:mesh-0:tr-97:1,TrafficRoute:mesh-0:tr-98:1,TrafficRoute:mesh-0:tr-99:1,TrafficRoute:mesh-0:tr-9:1`) + expectedHash = sha256.Hash(`Dataplane:mesh-0:dp-0:1:192.168.0.1,Dataplane:mesh-0:dp-10:1:192.168.0.1,Dataplane:mesh-0:dp-11:1:192.168.0.1,Dataplane:mesh-0:dp-12:1:192.168.0.1,Dataplane:mesh-0:dp-13:1:192.168.0.1,Dataplane:mesh-0:dp-14:1:192.168.0.1,Dataplane:mesh-0:dp-15:1:192.168.0.1,Dataplane:mesh-0:dp-16:1:192.168.0.1,Dataplane:mesh-0:dp-17:1:192.168.0.1,Dataplane:mesh-0:dp-18:1:192.168.0.1,Dataplane:mesh-0:dp-19:1:192.168.0.1,Dataplane:mesh-0:dp-1:2:1.1.1.1,Dataplane:mesh-0:dp-20:1:192.168.0.1,Dataplane:mesh-0:dp-21:1:192.168.0.1,Dataplane:mesh-0:dp-22:1:192.168.0.1,Dataplane:mesh-0:dp-23:1:192.168.0.1,Dataplane:mesh-0:dp-24:1:192.168.0.1,Dataplane:mesh-0:dp-25:1:192.168.0.1,Dataplane:mesh-0:dp-26:1:192.168.0.1,Dataplane:mesh-0:dp-27:1:192.168.0.1,Dataplane:mesh-0:dp-28:1:192.168.0.1,Dataplane:mesh-0:dp-29:1:192.168.0.1,Dataplane:mesh-0:dp-2:1:192.168.0.1,Dataplane:mesh-0:dp-30:1:192.168.0.1,Dataplane:mesh-0:dp-31:1:192.168.0.1,Dataplane:mesh-0:dp-32:1:192.168.0.1,Dataplane:mesh-0:dp-33:1:192.168.0.1,Dataplane:mesh-0:dp-34:1:192.168.0.1,Dataplane:mesh-0:dp-35:1:192.168.0.1,Dataplane:mesh-0:dp-36:1:192.168.0.1,Dataplane:mesh-0:dp-37:1:192.168.0.1,Dataplane:mesh-0:dp-38:1:192.168.0.1,Dataplane:mesh-0:dp-39:1:192.168.0.1,Dataplane:mesh-0:dp-3:1:192.168.0.1,Dataplane:mesh-0:dp-40:1:192.168.0.1,Dataplane:mesh-0:dp-41:1:192.168.0.1,Dataplane:mesh-0:dp-42:1:192.168.0.1,Dataplane:mesh-0:dp-43:1:192.168.0.1,Dataplane:mesh-0:dp-44:1:192.168.0.1,Dataplane:mesh-0:dp-45:1:192.168.0.1,Dataplane:mesh-0:dp-46:1:192.168.0.1,Dataplane:mesh-0:dp-47:1:192.168.0.1,Dataplane:mesh-0:dp-48:1:192.168.0.1,Dataplane:mesh-0:dp-49:1:192.168.0.1,Dataplane:mesh-0:dp-4:1:192.168.0.1,Dataplane:mesh-0:dp-50:1:192.168.0.1,Dataplane:mesh-0:dp-51:1:192.168.0.1,Dataplane:mesh-0:dp-52:1:192.168.0.1,Dataplane:mesh-0:dp-53:1:192.168.0.1,Dataplane:mesh-0:dp-54:1:192.168.0.1,Dataplane:mesh-0:dp-55:1:192.168.0.1,Dataplane:mesh-0:dp-56:1:192.168.0.1,Dataplane:mesh-0:dp-57:1:192.168.0.1,Dataplane:mesh-0:dp-58:1:192.168.0.1,Dataplane:mesh-0:dp-59:1:192.168.0.1,Dataplane:mesh-0:dp-5:1:192.168.0.1,Dataplane:mesh-0:dp-60:1:192.168.0.1,Dataplane:mesh-0:dp-61:1:192.168.0.1,Dataplane:mesh-0:dp-62:1:192.168.0.1,Dataplane:mesh-0:dp-63:1:192.168.0.1,Dataplane:mesh-0:dp-64:1:192.168.0.1,Dataplane:mesh-0:dp-65:1:192.168.0.1,Dataplane:mesh-0:dp-66:1:192.168.0.1,Dataplane:mesh-0:dp-67:1:192.168.0.1,Dataplane:mesh-0:dp-68:1:192.168.0.1,Dataplane:mesh-0:dp-69:1:192.168.0.1,Dataplane:mesh-0:dp-6:1:192.168.0.1,Dataplane:mesh-0:dp-70:1:192.168.0.1,Dataplane:mesh-0:dp-71:1:192.168.0.1,Dataplane:mesh-0:dp-72:1:192.168.0.1,Dataplane:mesh-0:dp-73:1:192.168.0.1,Dataplane:mesh-0:dp-74:1:192.168.0.1,Dataplane:mesh-0:dp-75:1:192.168.0.1,Dataplane:mesh-0:dp-76:1:192.168.0.1,Dataplane:mesh-0:dp-77:1:192.168.0.1,Dataplane:mesh-0:dp-78:1:192.168.0.1,Dataplane:mesh-0:dp-79:1:192.168.0.1,Dataplane:mesh-0:dp-7:1:192.168.0.1,Dataplane:mesh-0:dp-80:1:192.168.0.1,Dataplane:mesh-0:dp-81:1:192.168.0.1,Dataplane:mesh-0:dp-82:1:192.168.0.1,Dataplane:mesh-0:dp-83:1:192.168.0.1,Dataplane:mesh-0:dp-84:1:192.168.0.1,Dataplane:mesh-0:dp-85:1:192.168.0.1,Dataplane:mesh-0:dp-86:1:192.168.0.1,Dataplane:mesh-0:dp-87:1:192.168.0.1,Dataplane:mesh-0:dp-88:1:192.168.0.1,Dataplane:mesh-0:dp-89:1:192.168.0.1,Dataplane:mesh-0:dp-8:1:192.168.0.1,Dataplane:mesh-0:dp-90:1:192.168.0.1,Dataplane:mesh-0:dp-91:1:192.168.0.1,Dataplane:mesh-0:dp-92:1:192.168.0.1,Dataplane:mesh-0:dp-93:1:192.168.0.1,Dataplane:mesh-0:dp-94:1:192.168.0.1,Dataplane:mesh-0:dp-95:1:192.168.0.1,Dataplane:mesh-0:dp-96:1:192.168.0.1,Dataplane:mesh-0:dp-97:1:192.168.0.1,Dataplane:mesh-0:dp-98:1:192.168.0.1,Dataplane:mesh-0:dp-99:1:192.168.0.1,Dataplane:mesh-0:dp-9:1:192.168.0.1,Mesh::mesh-0:1,TrafficRoute:mesh-0:tr-0:1,TrafficRoute:mesh-0:tr-10:1,TrafficRoute:mesh-0:tr-11:1,TrafficRoute:mesh-0:tr-12:1,TrafficRoute:mesh-0:tr-13:1,TrafficRoute:mesh-0:tr-14:1,TrafficRoute:mesh-0:tr-15:1,TrafficRoute:mesh-0:tr-16:1,TrafficRoute:mesh-0:tr-17:1,TrafficRoute:mesh-0:tr-18:1,TrafficRoute:mesh-0:tr-19:1,TrafficRoute:mesh-0:tr-1:1,TrafficRoute:mesh-0:tr-20:1,TrafficRoute:mesh-0:tr-21:1,TrafficRoute:mesh-0:tr-22:1,TrafficRoute:mesh-0:tr-23:1,TrafficRoute:mesh-0:tr-24:1,TrafficRoute:mesh-0:tr-25:1,TrafficRoute:mesh-0:tr-26:1,TrafficRoute:mesh-0:tr-27:1,TrafficRoute:mesh-0:tr-28:1,TrafficRoute:mesh-0:tr-29:1,TrafficRoute:mesh-0:tr-2:1,TrafficRoute:mesh-0:tr-30:1,TrafficRoute:mesh-0:tr-31:1,TrafficRoute:mesh-0:tr-32:1,TrafficRoute:mesh-0:tr-33:1,TrafficRoute:mesh-0:tr-34:1,TrafficRoute:mesh-0:tr-35:1,TrafficRoute:mesh-0:tr-36:1,TrafficRoute:mesh-0:tr-37:1,TrafficRoute:mesh-0:tr-38:1,TrafficRoute:mesh-0:tr-39:1,TrafficRoute:mesh-0:tr-3:1,TrafficRoute:mesh-0:tr-40:1,TrafficRoute:mesh-0:tr-41:1,TrafficRoute:mesh-0:tr-42:1,TrafficRoute:mesh-0:tr-43:1,TrafficRoute:mesh-0:tr-44:1,TrafficRoute:mesh-0:tr-45:1,TrafficRoute:mesh-0:tr-46:1,TrafficRoute:mesh-0:tr-47:1,TrafficRoute:mesh-0:tr-48:1,TrafficRoute:mesh-0:tr-49:1,TrafficRoute:mesh-0:tr-4:1,TrafficRoute:mesh-0:tr-50:1,TrafficRoute:mesh-0:tr-51:1,TrafficRoute:mesh-0:tr-52:1,TrafficRoute:mesh-0:tr-53:1,TrafficRoute:mesh-0:tr-54:1,TrafficRoute:mesh-0:tr-55:1,TrafficRoute:mesh-0:tr-56:1,TrafficRoute:mesh-0:tr-57:1,TrafficRoute:mesh-0:tr-58:1,TrafficRoute:mesh-0:tr-59:1,TrafficRoute:mesh-0:tr-5:1,TrafficRoute:mesh-0:tr-60:1,TrafficRoute:mesh-0:tr-61:1,TrafficRoute:mesh-0:tr-62:1,TrafficRoute:mesh-0:tr-63:1,TrafficRoute:mesh-0:tr-64:1,TrafficRoute:mesh-0:tr-65:1,TrafficRoute:mesh-0:tr-66:1,TrafficRoute:mesh-0:tr-67:1,TrafficRoute:mesh-0:tr-68:1,TrafficRoute:mesh-0:tr-69:1,TrafficRoute:mesh-0:tr-6:1,TrafficRoute:mesh-0:tr-70:1,TrafficRoute:mesh-0:tr-71:1,TrafficRoute:mesh-0:tr-72:1,TrafficRoute:mesh-0:tr-73:1,TrafficRoute:mesh-0:tr-74:1,TrafficRoute:mesh-0:tr-75:1,TrafficRoute:mesh-0:tr-76:1,TrafficRoute:mesh-0:tr-77:1,TrafficRoute:mesh-0:tr-78:1,TrafficRoute:mesh-0:tr-79:1,TrafficRoute:mesh-0:tr-7:1,TrafficRoute:mesh-0:tr-80:1,TrafficRoute:mesh-0:tr-81:1,TrafficRoute:mesh-0:tr-82:1,TrafficRoute:mesh-0:tr-83:1,TrafficRoute:mesh-0:tr-84:1,TrafficRoute:mesh-0:tr-85:1,TrafficRoute:mesh-0:tr-86:1,TrafficRoute:mesh-0:tr-87:1,TrafficRoute:mesh-0:tr-88:1,TrafficRoute:mesh-0:tr-89:1,TrafficRoute:mesh-0:tr-8:1,TrafficRoute:mesh-0:tr-90:1,TrafficRoute:mesh-0:tr-91:1,TrafficRoute:mesh-0:tr-92:1,TrafficRoute:mesh-0:tr-93:1,TrafficRoute:mesh-0:tr-94:1,TrafficRoute:mesh-0:tr-95:1,TrafficRoute:mesh-0:tr-96:1,TrafficRoute:mesh-0:tr-97:1,TrafficRoute:mesh-0:tr-98:1,TrafficRoute:mesh-0:tr-99:1,TrafficRoute:mesh-0:tr-9:1`) Expect(hash).To(Equal(expectedHash)) Expect(countingManager.getQueries).To(Equal(2)) Expect(countingManager.listQueries).To(Equal(4)) @@ -226,7 +226,7 @@ var _ = Describe("MeshSnapshot Cache", func() { countingManager.err = nil hash, err = meshCache.GetHash(context.Background(), "mesh-0") Expect(err).ToNot(HaveOccurred()) - expectedHash := sha256.Hash(`Dataplane:mesh-0:dp-0:1:192.168.0.1:,Dataplane:mesh-0:dp-10:1:192.168.0.1:,Dataplane:mesh-0:dp-11:1:192.168.0.1:,Dataplane:mesh-0:dp-12:1:192.168.0.1:,Dataplane:mesh-0:dp-13:1:192.168.0.1:,Dataplane:mesh-0:dp-14:1:192.168.0.1:,Dataplane:mesh-0:dp-15:1:192.168.0.1:,Dataplane:mesh-0:dp-16:1:192.168.0.1:,Dataplane:mesh-0:dp-17:1:192.168.0.1:,Dataplane:mesh-0:dp-18:1:192.168.0.1:,Dataplane:mesh-0:dp-19:1:192.168.0.1:,Dataplane:mesh-0:dp-1:1:192.168.0.1:,Dataplane:mesh-0:dp-20:1:192.168.0.1:,Dataplane:mesh-0:dp-21:1:192.168.0.1:,Dataplane:mesh-0:dp-22:1:192.168.0.1:,Dataplane:mesh-0:dp-23:1:192.168.0.1:,Dataplane:mesh-0:dp-24:1:192.168.0.1:,Dataplane:mesh-0:dp-25:1:192.168.0.1:,Dataplane:mesh-0:dp-26:1:192.168.0.1:,Dataplane:mesh-0:dp-27:1:192.168.0.1:,Dataplane:mesh-0:dp-28:1:192.168.0.1:,Dataplane:mesh-0:dp-29:1:192.168.0.1:,Dataplane:mesh-0:dp-2:1:192.168.0.1:,Dataplane:mesh-0:dp-30:1:192.168.0.1:,Dataplane:mesh-0:dp-31:1:192.168.0.1:,Dataplane:mesh-0:dp-32:1:192.168.0.1:,Dataplane:mesh-0:dp-33:1:192.168.0.1:,Dataplane:mesh-0:dp-34:1:192.168.0.1:,Dataplane:mesh-0:dp-35:1:192.168.0.1:,Dataplane:mesh-0:dp-36:1:192.168.0.1:,Dataplane:mesh-0:dp-37:1:192.168.0.1:,Dataplane:mesh-0:dp-38:1:192.168.0.1:,Dataplane:mesh-0:dp-39:1:192.168.0.1:,Dataplane:mesh-0:dp-3:1:192.168.0.1:,Dataplane:mesh-0:dp-40:1:192.168.0.1:,Dataplane:mesh-0:dp-41:1:192.168.0.1:,Dataplane:mesh-0:dp-42:1:192.168.0.1:,Dataplane:mesh-0:dp-43:1:192.168.0.1:,Dataplane:mesh-0:dp-44:1:192.168.0.1:,Dataplane:mesh-0:dp-45:1:192.168.0.1:,Dataplane:mesh-0:dp-46:1:192.168.0.1:,Dataplane:mesh-0:dp-47:1:192.168.0.1:,Dataplane:mesh-0:dp-48:1:192.168.0.1:,Dataplane:mesh-0:dp-49:1:192.168.0.1:,Dataplane:mesh-0:dp-4:1:192.168.0.1:,Dataplane:mesh-0:dp-50:1:192.168.0.1:,Dataplane:mesh-0:dp-51:1:192.168.0.1:,Dataplane:mesh-0:dp-52:1:192.168.0.1:,Dataplane:mesh-0:dp-53:1:192.168.0.1:,Dataplane:mesh-0:dp-54:1:192.168.0.1:,Dataplane:mesh-0:dp-55:1:192.168.0.1:,Dataplane:mesh-0:dp-56:1:192.168.0.1:,Dataplane:mesh-0:dp-57:1:192.168.0.1:,Dataplane:mesh-0:dp-58:1:192.168.0.1:,Dataplane:mesh-0:dp-59:1:192.168.0.1:,Dataplane:mesh-0:dp-5:1:192.168.0.1:,Dataplane:mesh-0:dp-60:1:192.168.0.1:,Dataplane:mesh-0:dp-61:1:192.168.0.1:,Dataplane:mesh-0:dp-62:1:192.168.0.1:,Dataplane:mesh-0:dp-63:1:192.168.0.1:,Dataplane:mesh-0:dp-64:1:192.168.0.1:,Dataplane:mesh-0:dp-65:1:192.168.0.1:,Dataplane:mesh-0:dp-66:1:192.168.0.1:,Dataplane:mesh-0:dp-67:1:192.168.0.1:,Dataplane:mesh-0:dp-68:1:192.168.0.1:,Dataplane:mesh-0:dp-69:1:192.168.0.1:,Dataplane:mesh-0:dp-6:1:192.168.0.1:,Dataplane:mesh-0:dp-70:1:192.168.0.1:,Dataplane:mesh-0:dp-71:1:192.168.0.1:,Dataplane:mesh-0:dp-72:1:192.168.0.1:,Dataplane:mesh-0:dp-73:1:192.168.0.1:,Dataplane:mesh-0:dp-74:1:192.168.0.1:,Dataplane:mesh-0:dp-75:1:192.168.0.1:,Dataplane:mesh-0:dp-76:1:192.168.0.1:,Dataplane:mesh-0:dp-77:1:192.168.0.1:,Dataplane:mesh-0:dp-78:1:192.168.0.1:,Dataplane:mesh-0:dp-79:1:192.168.0.1:,Dataplane:mesh-0:dp-7:1:192.168.0.1:,Dataplane:mesh-0:dp-80:1:192.168.0.1:,Dataplane:mesh-0:dp-81:1:192.168.0.1:,Dataplane:mesh-0:dp-82:1:192.168.0.1:,Dataplane:mesh-0:dp-83:1:192.168.0.1:,Dataplane:mesh-0:dp-84:1:192.168.0.1:,Dataplane:mesh-0:dp-85:1:192.168.0.1:,Dataplane:mesh-0:dp-86:1:192.168.0.1:,Dataplane:mesh-0:dp-87:1:192.168.0.1:,Dataplane:mesh-0:dp-88:1:192.168.0.1:,Dataplane:mesh-0:dp-89:1:192.168.0.1:,Dataplane:mesh-0:dp-8:1:192.168.0.1:,Dataplane:mesh-0:dp-90:1:192.168.0.1:,Dataplane:mesh-0:dp-91:1:192.168.0.1:,Dataplane:mesh-0:dp-92:1:192.168.0.1:,Dataplane:mesh-0:dp-93:1:192.168.0.1:,Dataplane:mesh-0:dp-94:1:192.168.0.1:,Dataplane:mesh-0:dp-95:1:192.168.0.1:,Dataplane:mesh-0:dp-96:1:192.168.0.1:,Dataplane:mesh-0:dp-97:1:192.168.0.1:,Dataplane:mesh-0:dp-98:1:192.168.0.1:,Dataplane:mesh-0:dp-99:1:192.168.0.1:,Dataplane:mesh-0:dp-9:1:192.168.0.1:,Mesh::mesh-0:1,TrafficRoute:mesh-0:tr-0:1,TrafficRoute:mesh-0:tr-10:1,TrafficRoute:mesh-0:tr-11:1,TrafficRoute:mesh-0:tr-12:1,TrafficRoute:mesh-0:tr-13:1,TrafficRoute:mesh-0:tr-14:1,TrafficRoute:mesh-0:tr-15:1,TrafficRoute:mesh-0:tr-16:1,TrafficRoute:mesh-0:tr-17:1,TrafficRoute:mesh-0:tr-18:1,TrafficRoute:mesh-0:tr-19:1,TrafficRoute:mesh-0:tr-1:1,TrafficRoute:mesh-0:tr-20:1,TrafficRoute:mesh-0:tr-21:1,TrafficRoute:mesh-0:tr-22:1,TrafficRoute:mesh-0:tr-23:1,TrafficRoute:mesh-0:tr-24:1,TrafficRoute:mesh-0:tr-25:1,TrafficRoute:mesh-0:tr-26:1,TrafficRoute:mesh-0:tr-27:1,TrafficRoute:mesh-0:tr-28:1,TrafficRoute:mesh-0:tr-29:1,TrafficRoute:mesh-0:tr-2:1,TrafficRoute:mesh-0:tr-30:1,TrafficRoute:mesh-0:tr-31:1,TrafficRoute:mesh-0:tr-32:1,TrafficRoute:mesh-0:tr-33:1,TrafficRoute:mesh-0:tr-34:1,TrafficRoute:mesh-0:tr-35:1,TrafficRoute:mesh-0:tr-36:1,TrafficRoute:mesh-0:tr-37:1,TrafficRoute:mesh-0:tr-38:1,TrafficRoute:mesh-0:tr-39:1,TrafficRoute:mesh-0:tr-3:1,TrafficRoute:mesh-0:tr-40:1,TrafficRoute:mesh-0:tr-41:1,TrafficRoute:mesh-0:tr-42:1,TrafficRoute:mesh-0:tr-43:1,TrafficRoute:mesh-0:tr-44:1,TrafficRoute:mesh-0:tr-45:1,TrafficRoute:mesh-0:tr-46:1,TrafficRoute:mesh-0:tr-47:1,TrafficRoute:mesh-0:tr-48:1,TrafficRoute:mesh-0:tr-49:1,TrafficRoute:mesh-0:tr-4:1,TrafficRoute:mesh-0:tr-50:1,TrafficRoute:mesh-0:tr-51:1,TrafficRoute:mesh-0:tr-52:1,TrafficRoute:mesh-0:tr-53:1,TrafficRoute:mesh-0:tr-54:1,TrafficRoute:mesh-0:tr-55:1,TrafficRoute:mesh-0:tr-56:1,TrafficRoute:mesh-0:tr-57:1,TrafficRoute:mesh-0:tr-58:1,TrafficRoute:mesh-0:tr-59:1,TrafficRoute:mesh-0:tr-5:1,TrafficRoute:mesh-0:tr-60:1,TrafficRoute:mesh-0:tr-61:1,TrafficRoute:mesh-0:tr-62:1,TrafficRoute:mesh-0:tr-63:1,TrafficRoute:mesh-0:tr-64:1,TrafficRoute:mesh-0:tr-65:1,TrafficRoute:mesh-0:tr-66:1,TrafficRoute:mesh-0:tr-67:1,TrafficRoute:mesh-0:tr-68:1,TrafficRoute:mesh-0:tr-69:1,TrafficRoute:mesh-0:tr-6:1,TrafficRoute:mesh-0:tr-70:1,TrafficRoute:mesh-0:tr-71:1,TrafficRoute:mesh-0:tr-72:1,TrafficRoute:mesh-0:tr-73:1,TrafficRoute:mesh-0:tr-74:1,TrafficRoute:mesh-0:tr-75:1,TrafficRoute:mesh-0:tr-76:1,TrafficRoute:mesh-0:tr-77:1,TrafficRoute:mesh-0:tr-78:1,TrafficRoute:mesh-0:tr-79:1,TrafficRoute:mesh-0:tr-7:1,TrafficRoute:mesh-0:tr-80:1,TrafficRoute:mesh-0:tr-81:1,TrafficRoute:mesh-0:tr-82:1,TrafficRoute:mesh-0:tr-83:1,TrafficRoute:mesh-0:tr-84:1,TrafficRoute:mesh-0:tr-85:1,TrafficRoute:mesh-0:tr-86:1,TrafficRoute:mesh-0:tr-87:1,TrafficRoute:mesh-0:tr-88:1,TrafficRoute:mesh-0:tr-89:1,TrafficRoute:mesh-0:tr-8:1,TrafficRoute:mesh-0:tr-90:1,TrafficRoute:mesh-0:tr-91:1,TrafficRoute:mesh-0:tr-92:1,TrafficRoute:mesh-0:tr-93:1,TrafficRoute:mesh-0:tr-94:1,TrafficRoute:mesh-0:tr-95:1,TrafficRoute:mesh-0:tr-96:1,TrafficRoute:mesh-0:tr-97:1,TrafficRoute:mesh-0:tr-98:1,TrafficRoute:mesh-0:tr-99:1,TrafficRoute:mesh-0:tr-9:1`) + expectedHash := sha256.Hash(`Dataplane:mesh-0:dp-0:1:192.168.0.1,Dataplane:mesh-0:dp-10:1:192.168.0.1,Dataplane:mesh-0:dp-11:1:192.168.0.1,Dataplane:mesh-0:dp-12:1:192.168.0.1,Dataplane:mesh-0:dp-13:1:192.168.0.1,Dataplane:mesh-0:dp-14:1:192.168.0.1,Dataplane:mesh-0:dp-15:1:192.168.0.1,Dataplane:mesh-0:dp-16:1:192.168.0.1,Dataplane:mesh-0:dp-17:1:192.168.0.1,Dataplane:mesh-0:dp-18:1:192.168.0.1,Dataplane:mesh-0:dp-19:1:192.168.0.1,Dataplane:mesh-0:dp-1:1:192.168.0.1,Dataplane:mesh-0:dp-20:1:192.168.0.1,Dataplane:mesh-0:dp-21:1:192.168.0.1,Dataplane:mesh-0:dp-22:1:192.168.0.1,Dataplane:mesh-0:dp-23:1:192.168.0.1,Dataplane:mesh-0:dp-24:1:192.168.0.1,Dataplane:mesh-0:dp-25:1:192.168.0.1,Dataplane:mesh-0:dp-26:1:192.168.0.1,Dataplane:mesh-0:dp-27:1:192.168.0.1,Dataplane:mesh-0:dp-28:1:192.168.0.1,Dataplane:mesh-0:dp-29:1:192.168.0.1,Dataplane:mesh-0:dp-2:1:192.168.0.1,Dataplane:mesh-0:dp-30:1:192.168.0.1,Dataplane:mesh-0:dp-31:1:192.168.0.1,Dataplane:mesh-0:dp-32:1:192.168.0.1,Dataplane:mesh-0:dp-33:1:192.168.0.1,Dataplane:mesh-0:dp-34:1:192.168.0.1,Dataplane:mesh-0:dp-35:1:192.168.0.1,Dataplane:mesh-0:dp-36:1:192.168.0.1,Dataplane:mesh-0:dp-37:1:192.168.0.1,Dataplane:mesh-0:dp-38:1:192.168.0.1,Dataplane:mesh-0:dp-39:1:192.168.0.1,Dataplane:mesh-0:dp-3:1:192.168.0.1,Dataplane:mesh-0:dp-40:1:192.168.0.1,Dataplane:mesh-0:dp-41:1:192.168.0.1,Dataplane:mesh-0:dp-42:1:192.168.0.1,Dataplane:mesh-0:dp-43:1:192.168.0.1,Dataplane:mesh-0:dp-44:1:192.168.0.1,Dataplane:mesh-0:dp-45:1:192.168.0.1,Dataplane:mesh-0:dp-46:1:192.168.0.1,Dataplane:mesh-0:dp-47:1:192.168.0.1,Dataplane:mesh-0:dp-48:1:192.168.0.1,Dataplane:mesh-0:dp-49:1:192.168.0.1,Dataplane:mesh-0:dp-4:1:192.168.0.1,Dataplane:mesh-0:dp-50:1:192.168.0.1,Dataplane:mesh-0:dp-51:1:192.168.0.1,Dataplane:mesh-0:dp-52:1:192.168.0.1,Dataplane:mesh-0:dp-53:1:192.168.0.1,Dataplane:mesh-0:dp-54:1:192.168.0.1,Dataplane:mesh-0:dp-55:1:192.168.0.1,Dataplane:mesh-0:dp-56:1:192.168.0.1,Dataplane:mesh-0:dp-57:1:192.168.0.1,Dataplane:mesh-0:dp-58:1:192.168.0.1,Dataplane:mesh-0:dp-59:1:192.168.0.1,Dataplane:mesh-0:dp-5:1:192.168.0.1,Dataplane:mesh-0:dp-60:1:192.168.0.1,Dataplane:mesh-0:dp-61:1:192.168.0.1,Dataplane:mesh-0:dp-62:1:192.168.0.1,Dataplane:mesh-0:dp-63:1:192.168.0.1,Dataplane:mesh-0:dp-64:1:192.168.0.1,Dataplane:mesh-0:dp-65:1:192.168.0.1,Dataplane:mesh-0:dp-66:1:192.168.0.1,Dataplane:mesh-0:dp-67:1:192.168.0.1,Dataplane:mesh-0:dp-68:1:192.168.0.1,Dataplane:mesh-0:dp-69:1:192.168.0.1,Dataplane:mesh-0:dp-6:1:192.168.0.1,Dataplane:mesh-0:dp-70:1:192.168.0.1,Dataplane:mesh-0:dp-71:1:192.168.0.1,Dataplane:mesh-0:dp-72:1:192.168.0.1,Dataplane:mesh-0:dp-73:1:192.168.0.1,Dataplane:mesh-0:dp-74:1:192.168.0.1,Dataplane:mesh-0:dp-75:1:192.168.0.1,Dataplane:mesh-0:dp-76:1:192.168.0.1,Dataplane:mesh-0:dp-77:1:192.168.0.1,Dataplane:mesh-0:dp-78:1:192.168.0.1,Dataplane:mesh-0:dp-79:1:192.168.0.1,Dataplane:mesh-0:dp-7:1:192.168.0.1,Dataplane:mesh-0:dp-80:1:192.168.0.1,Dataplane:mesh-0:dp-81:1:192.168.0.1,Dataplane:mesh-0:dp-82:1:192.168.0.1,Dataplane:mesh-0:dp-83:1:192.168.0.1,Dataplane:mesh-0:dp-84:1:192.168.0.1,Dataplane:mesh-0:dp-85:1:192.168.0.1,Dataplane:mesh-0:dp-86:1:192.168.0.1,Dataplane:mesh-0:dp-87:1:192.168.0.1,Dataplane:mesh-0:dp-88:1:192.168.0.1,Dataplane:mesh-0:dp-89:1:192.168.0.1,Dataplane:mesh-0:dp-8:1:192.168.0.1,Dataplane:mesh-0:dp-90:1:192.168.0.1,Dataplane:mesh-0:dp-91:1:192.168.0.1,Dataplane:mesh-0:dp-92:1:192.168.0.1,Dataplane:mesh-0:dp-93:1:192.168.0.1,Dataplane:mesh-0:dp-94:1:192.168.0.1,Dataplane:mesh-0:dp-95:1:192.168.0.1,Dataplane:mesh-0:dp-96:1:192.168.0.1,Dataplane:mesh-0:dp-97:1:192.168.0.1,Dataplane:mesh-0:dp-98:1:192.168.0.1,Dataplane:mesh-0:dp-99:1:192.168.0.1,Dataplane:mesh-0:dp-9:1:192.168.0.1,Mesh::mesh-0:1,TrafficRoute:mesh-0:tr-0:1,TrafficRoute:mesh-0:tr-10:1,TrafficRoute:mesh-0:tr-11:1,TrafficRoute:mesh-0:tr-12:1,TrafficRoute:mesh-0:tr-13:1,TrafficRoute:mesh-0:tr-14:1,TrafficRoute:mesh-0:tr-15:1,TrafficRoute:mesh-0:tr-16:1,TrafficRoute:mesh-0:tr-17:1,TrafficRoute:mesh-0:tr-18:1,TrafficRoute:mesh-0:tr-19:1,TrafficRoute:mesh-0:tr-1:1,TrafficRoute:mesh-0:tr-20:1,TrafficRoute:mesh-0:tr-21:1,TrafficRoute:mesh-0:tr-22:1,TrafficRoute:mesh-0:tr-23:1,TrafficRoute:mesh-0:tr-24:1,TrafficRoute:mesh-0:tr-25:1,TrafficRoute:mesh-0:tr-26:1,TrafficRoute:mesh-0:tr-27:1,TrafficRoute:mesh-0:tr-28:1,TrafficRoute:mesh-0:tr-29:1,TrafficRoute:mesh-0:tr-2:1,TrafficRoute:mesh-0:tr-30:1,TrafficRoute:mesh-0:tr-31:1,TrafficRoute:mesh-0:tr-32:1,TrafficRoute:mesh-0:tr-33:1,TrafficRoute:mesh-0:tr-34:1,TrafficRoute:mesh-0:tr-35:1,TrafficRoute:mesh-0:tr-36:1,TrafficRoute:mesh-0:tr-37:1,TrafficRoute:mesh-0:tr-38:1,TrafficRoute:mesh-0:tr-39:1,TrafficRoute:mesh-0:tr-3:1,TrafficRoute:mesh-0:tr-40:1,TrafficRoute:mesh-0:tr-41:1,TrafficRoute:mesh-0:tr-42:1,TrafficRoute:mesh-0:tr-43:1,TrafficRoute:mesh-0:tr-44:1,TrafficRoute:mesh-0:tr-45:1,TrafficRoute:mesh-0:tr-46:1,TrafficRoute:mesh-0:tr-47:1,TrafficRoute:mesh-0:tr-48:1,TrafficRoute:mesh-0:tr-49:1,TrafficRoute:mesh-0:tr-4:1,TrafficRoute:mesh-0:tr-50:1,TrafficRoute:mesh-0:tr-51:1,TrafficRoute:mesh-0:tr-52:1,TrafficRoute:mesh-0:tr-53:1,TrafficRoute:mesh-0:tr-54:1,TrafficRoute:mesh-0:tr-55:1,TrafficRoute:mesh-0:tr-56:1,TrafficRoute:mesh-0:tr-57:1,TrafficRoute:mesh-0:tr-58:1,TrafficRoute:mesh-0:tr-59:1,TrafficRoute:mesh-0:tr-5:1,TrafficRoute:mesh-0:tr-60:1,TrafficRoute:mesh-0:tr-61:1,TrafficRoute:mesh-0:tr-62:1,TrafficRoute:mesh-0:tr-63:1,TrafficRoute:mesh-0:tr-64:1,TrafficRoute:mesh-0:tr-65:1,TrafficRoute:mesh-0:tr-66:1,TrafficRoute:mesh-0:tr-67:1,TrafficRoute:mesh-0:tr-68:1,TrafficRoute:mesh-0:tr-69:1,TrafficRoute:mesh-0:tr-6:1,TrafficRoute:mesh-0:tr-70:1,TrafficRoute:mesh-0:tr-71:1,TrafficRoute:mesh-0:tr-72:1,TrafficRoute:mesh-0:tr-73:1,TrafficRoute:mesh-0:tr-74:1,TrafficRoute:mesh-0:tr-75:1,TrafficRoute:mesh-0:tr-76:1,TrafficRoute:mesh-0:tr-77:1,TrafficRoute:mesh-0:tr-78:1,TrafficRoute:mesh-0:tr-79:1,TrafficRoute:mesh-0:tr-7:1,TrafficRoute:mesh-0:tr-80:1,TrafficRoute:mesh-0:tr-81:1,TrafficRoute:mesh-0:tr-82:1,TrafficRoute:mesh-0:tr-83:1,TrafficRoute:mesh-0:tr-84:1,TrafficRoute:mesh-0:tr-85:1,TrafficRoute:mesh-0:tr-86:1,TrafficRoute:mesh-0:tr-87:1,TrafficRoute:mesh-0:tr-88:1,TrafficRoute:mesh-0:tr-89:1,TrafficRoute:mesh-0:tr-8:1,TrafficRoute:mesh-0:tr-90:1,TrafficRoute:mesh-0:tr-91:1,TrafficRoute:mesh-0:tr-92:1,TrafficRoute:mesh-0:tr-93:1,TrafficRoute:mesh-0:tr-94:1,TrafficRoute:mesh-0:tr-95:1,TrafficRoute:mesh-0:tr-96:1,TrafficRoute:mesh-0:tr-97:1,TrafficRoute:mesh-0:tr-98:1,TrafficRoute:mesh-0:tr-99:1,TrafficRoute:mesh-0:tr-9:1`) Expect(hash).To(Equal(expectedHash)) Expect(countingManager.getQueries).To(Equal(3)) // one Get to obtain Mesh Expect(countingManager.listQueries).To(Equal(2)) // 2 List to fetch Dataplanes and TrafficRoutes diff --git a/pkg/xds/cache/mesh/snapshot.go b/pkg/xds/cache/mesh/snapshot.go index c7f6dc5cbbc3..26f78c2d7c07 100644 --- a/pkg/xds/cache/mesh/snapshot.go +++ b/pkg/xds/cache/mesh/snapshot.go @@ -46,17 +46,10 @@ func GetMeshSnapshot(ctx context.Context, meshName string, rm manager.ReadOnlyRe switch typ { case core_mesh.DataplaneType: dataplanes := &core_mesh.DataplaneResourceList{} - if err := rm.List(ctx, dataplanes); err != nil { + if err := rm.List(ctx, dataplanes, core_store.ListByMesh(meshName)); err != nil { return nil, err } - // backwards compatibility - meshedDpsAndIngresses := &core_mesh.DataplaneResourceList{} - for _, d := range dataplanes.Items { - if d.GetMeta().GetMesh() == meshName || d.Spec.IsIngress() { - _ = meshedDpsAndIngresses.AddItem(d) - } - } - snapshot.resources[typ] = meshedDpsAndIngresses + snapshot.resources[typ] = dataplanes case core_mesh.ZoneIngressType: zoneIngresses := &core_mesh.ZoneIngressResourceList{} if err := rm.List(ctx, zoneIngresses); err != nil { @@ -140,7 +133,6 @@ func (m *meshSnapshot) hashResource(r core_model.Resource) string { v.GetMeta().GetName(), v.GetMeta().GetVersion(), m.hashResolvedIPs(v.Spec.GetNetworking().GetAddress()), - m.hashResolvedIPs(v.Spec.GetNetworking().GetIngress().GetPublicAddress()), }, ":") case *core_mesh.ZoneIngressResource: return strings.Join( diff --git a/pkg/xds/generator/direct_access_proxy_generator.go b/pkg/xds/generator/direct_access_proxy_generator.go index 0cbb0324d730..5f516eab0d89 100644 --- a/pkg/xds/generator/direct_access_proxy_generator.go +++ b/pkg/xds/generator/direct_access_proxy_generator.go @@ -95,11 +95,6 @@ func directAccessEndpoints(dataplane *core_mesh.DataplaneResource, other *core_m if dp.Meta.GetName() == dataplane.Meta.GetName() { // skip itself continue } - // ingress doesn't have inbounds[0].Tags[ServiceTag] set, so right now - // there is no way to create direct access outbound to ingress - if dp.Spec.IsIngress() { - continue - } inbounds, err := manager_dataplane.AdditionalInbounds(dp, mesh) if err != nil { return nil, err diff --git a/pkg/xds/generator/ingress_generator_test.go b/pkg/xds/generator/ingress_generator_test.go index 996e82974c64..670c59480c65 100644 --- a/pkg/xds/generator/ingress_generator_test.go +++ b/pkg/xds/generator/ingress_generator_test.go @@ -30,19 +30,18 @@ var _ = Describe("IngressGenerator", func() { func(given testCase) { gen := generator.IngressGenerator{} - dataplane := &mesh_proto.Dataplane{} - Expect(util_proto.FromYAML([]byte(given.dataplane), dataplane)).To(Succeed()) + zoneIngress := &mesh_proto.ZoneIngress{} + Expect(util_proto.FromYAML([]byte(given.dataplane), zoneIngress)).To(Succeed()) - zoneIngress, err := core_mesh.NewZoneIngressResourceFromDataplane(&core_mesh.DataplaneResource{ + zoneIngressRes := &core_mesh.ZoneIngressResource{ Meta: &test_model.ResourceMeta{ Version: "1", }, - Spec: dataplane, - }) - Expect(err).ToNot(HaveOccurred()) + Spec: zoneIngress, + } proxy := &core_xds.Proxy{ Id: *core_xds.BuildProxyId("default", "ingress"), - ZoneIngress: zoneIngress, + ZoneIngress: zoneIngressRes, APIVersion: envoy_common.APIV3, Routing: core_xds.Routing{ OutboundTargets: given.outboundTargets, @@ -71,20 +70,18 @@ var _ = Describe("IngressGenerator", func() { dataplane: ` networking: address: 10.0.0.1 - ingress: - availableServices: - - mesh: mesh1 - tags: - kuma.io/service: backend - version: v1 - region: eu - - mesh: mesh1 - tags: - kuma.io/service: backend - version: v2 - region: us - inbound: - - port: 10001 + port: 10001 + availableServices: + - mesh: mesh1 + tags: + kuma.io/service: backend + version: v1 + region: eu + - mesh: mesh1 + tags: + kuma.io/service: backend + version: v2 + region: us `, expected: "01.envoy.golden.yaml", outboundTargets: map[core_xds.ServiceName][]core_xds.Endpoint{ @@ -135,9 +132,7 @@ var _ = Describe("IngressGenerator", func() { dataplane: ` networking: address: 10.0.0.1 - ingress: {} - inbound: - - port: 10001 + port: 10001 `, expected: "02.envoy.golden.yaml", outboundTargets: map[core_xds.ServiceName][]core_xds.Endpoint{}, @@ -163,20 +158,18 @@ var _ = Describe("IngressGenerator", func() { dataplane: ` networking: address: 10.0.0.1 - ingress: - availableServices: - - mesh: mesh1 - tags: - kuma.io/service: backend - version: v1 - region: eu - - mesh: mesh1 - tags: - kuma.io/service: backend - version: v2 - region: us - inbound: - - port: 10001 + port: 10001 + availableServices: + - mesh: mesh1 + tags: + kuma.io/service: backend + version: v1 + region: eu + - mesh: mesh1 + tags: + kuma.io/service: backend + version: v2 + region: us `, expected: "03.envoy.golden.yaml", outboundTargets: map[core_xds.ServiceName][]core_xds.Endpoint{ @@ -255,41 +248,39 @@ var _ = Describe("IngressGenerator", func() { dataplane: ` networking: address: 10.0.0.1 - ingress: - availableServices: - - mesh: mesh1 - tags: - kuma.io/service: backend - version: v1 - region: eu - - mesh: mesh1 - tags: - kuma.io/service: backend - version: v2 - region: us - - mesh: mesh2 - tags: - kuma.io/service: backend - cloud: eks - arch: ARM - os: ubuntu - region: asia - version: v3 - - mesh: mesh2 - tags: - kuma.io/service: frontend - cloud: gke - arch: x86 - os: debian - region: eu - version: v1 - - mesh: mesh2 - tags: - kuma.io/service: frontend - cloud: aks - version: v2 - inbound: - - port: 10001 + port: 10001 + availableServices: + - mesh: mesh1 + tags: + kuma.io/service: backend + version: v1 + region: eu + - mesh: mesh1 + tags: + kuma.io/service: backend + version: v2 + region: us + - mesh: mesh2 + tags: + kuma.io/service: backend + cloud: eks + arch: ARM + os: ubuntu + region: asia + version: v3 + - mesh: mesh2 + tags: + kuma.io/service: frontend + cloud: gke + arch: x86 + os: debian + region: eu + version: v1 + - mesh: mesh2 + tags: + kuma.io/service: frontend + cloud: aks + version: v2 `, expected: "04.envoy.golden.yaml", outboundTargets: map[core_xds.ServiceName][]core_xds.Endpoint{ @@ -452,20 +443,18 @@ var _ = Describe("IngressGenerator", func() { dataplane: ` networking: address: 10.0.0.1 - ingress: - availableServices: - - mesh: mesh1 - tags: - kuma.io/service: backend - version: v1 - region: eu - - mesh: mesh1 - tags: - kuma.io/service: backend - version: v2 - region: us - inbound: - - port: 10001 + port: 10001 + availableServices: + - mesh: mesh1 + tags: + kuma.io/service: backend + version: v1 + region: eu + - mesh: mesh1 + tags: + kuma.io/service: backend + version: v2 + region: us `, expected: "05.envoy.golden.yaml", outboundTargets: map[core_xds.ServiceName][]core_xds.Endpoint{ diff --git a/pkg/xds/ingress/dataplane.go b/pkg/xds/ingress/dataplane.go index 3b902d9c274d..a3680ee7d115 100644 --- a/pkg/xds/ingress/dataplane.go +++ b/pkg/xds/ingress/dataplane.go @@ -38,26 +38,6 @@ func (s tagSets) addInstanceOfTags(mesh string, tags envoy.Tags) { s[serviceKey{tags: strTags, mesh: mesh}]++ } -func (s tagSets) toAvailableServicesCompat() []*mesh_proto.Dataplane_Networking_Ingress_AvailableService { - var result []*mesh_proto.Dataplane_Networking_Ingress_AvailableService - - var keys []serviceKey - for key := range s { - keys = append(keys, key) - } - sort.Sort(serviceKeySlice(keys)) - - for _, key := range keys { - tags, _ := envoy.TagsFromString(key.tags) // ignore error since we control how string looks like - result = append(result, &mesh_proto.Dataplane_Networking_Ingress_AvailableService{ - Tags: tags, - Instances: s[key], - Mesh: key.mesh, - }) - } - return result -} - func (s tagSets) toAvailableServices() []*mesh_proto.ZoneIngress_AvailableService { var result []*mesh_proto.ZoneIngress_AvailableService @@ -78,18 +58,6 @@ func (s tagSets) toAvailableServices() []*mesh_proto.ZoneIngress_AvailableServic return result } -func UpdateAvailableServicesCompat(ctx context.Context, rm manager.ResourceManager, ingress *core_mesh.DataplaneResource, others []*core_mesh.DataplaneResource) error { - availableServices := GetIngressAvailableServicesCompat(others) - if availableServicesEqualCompat(availableServices, ingress.Spec.GetNetworking().GetIngress().GetAvailableServices()) { - return nil - } - ingress.Spec.Networking.Ingress.AvailableServices = availableServices - if err := rm.Update(ctx, ingress); err != nil { - return err - } - return nil -} - func UpdateAvailableServices(ctx context.Context, rm manager.ResourceManager, ingress *core_mesh.ZoneIngressResource, others []*core_mesh.DataplaneResource) error { availableServices := GetIngressAvailableServices(others) if availableServicesEqual(availableServices, ingress.Spec.GetAvailableServices()) { @@ -102,18 +70,6 @@ func UpdateAvailableServices(ctx context.Context, rm manager.ResourceManager, in return nil } -func availableServicesEqualCompat(services []*mesh_proto.Dataplane_Networking_Ingress_AvailableService, other []*mesh_proto.Dataplane_Networking_Ingress_AvailableService) bool { - if len(services) != len(other) { - return false - } - for i := range services { - if !proto.Equal(services[i], other[i]) { - return false - } - } - return true -} - func availableServicesEqual(services []*mesh_proto.ZoneIngress_AvailableService, other []*mesh_proto.ZoneIngress_AvailableService) bool { if len(services) != len(other) { return false @@ -126,25 +82,9 @@ func availableServicesEqual(services []*mesh_proto.ZoneIngress_AvailableService, return true } -func GetIngressAvailableServicesCompat(others []*core_mesh.DataplaneResource) []*mesh_proto.Dataplane_Networking_Ingress_AvailableService { - tagSets := tagSets{} - for _, dp := range others { - if dp.Spec.IsIngress() { - continue - } - for _, dpInbound := range dp.Spec.GetNetworking().GetHealthyInbounds() { - tagSets.addInstanceOfTags(dp.GetMeta().GetMesh(), dpInbound.Tags) - } - } - return tagSets.toAvailableServicesCompat() -} - func GetIngressAvailableServices(others []*core_mesh.DataplaneResource) []*mesh_proto.ZoneIngress_AvailableService { tagSets := tagSets{} for _, dp := range others { - if dp.Spec.IsIngress() { - continue - } for _, dpInbound := range dp.Spec.GetNetworking().GetHealthyInbounds() { tagSets.addInstanceOfTags(dp.GetMeta().GetMesh(), dpInbound.Tags) } diff --git a/pkg/xds/ingress/dataplane_test.go b/pkg/xds/ingress/dataplane_test.go index 350b76d7b0e4..7bb333c0e7e0 100644 --- a/pkg/xds/ingress/dataplane_test.go +++ b/pkg/xds/ingress/dataplane_test.go @@ -162,38 +162,33 @@ var _ = Describe("Ingress Dataplane", func() { ctx := context.Background() mgr := &fakeResourceManager{} - ing, err := core_mesh.NewZoneIngressResourceFromDataplane(&core_mesh.DataplaneResource{ - Spec: &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ - Inbound: []*mesh_proto.Dataplane_Networking_Inbound{{ - Port: 10001, - }}, - Ingress: &mesh_proto.Dataplane_Networking_Ingress{ - AvailableServices: []*mesh_proto.Dataplane_Networking_Ingress_AvailableService{ - { - Instances: 1, - Tags: map[string]string{ - "service": "backend", - "version": "v1", - "region": "eu", - }, - Mesh: "mesh1", - }, - { - Instances: 2, - Tags: map[string]string{ - "service": "web", - "version": "v2", - "region": "us", - }, - Mesh: "mesh1", - }, + ing := &core_mesh.ZoneIngressResource{ + Spec: &mesh_proto.ZoneIngress{ + Networking: &mesh_proto.ZoneIngress_Networking{ + Port: 10001, + }, + AvailableServices: []*mesh_proto.ZoneIngress_AvailableService{ + { + Instances: 1, + Tags: map[string]string{ + "service": "backend", + "version": "v1", + "region": "eu", }, + Mesh: "mesh1", + }, + { + Instances: 2, + Tags: map[string]string{ + "service": "web", + "version": "v2", + "region": "us", + }, + Mesh: "mesh1", }, }, }, - }) - Expect(err).ToNot(HaveOccurred()) + } others := []*core_mesh.DataplaneResource{ { @@ -245,7 +240,7 @@ var _ = Describe("Ingress Dataplane", func() { }, }, } - err = ingress.UpdateAvailableServices(ctx, mgr, ing, others) + err := ingress.UpdateAvailableServices(ctx, mgr, ing, others) Expect(err).ToNot(HaveOccurred()) Expect(mgr.updCounter).To(Equal(0)) }) diff --git a/pkg/xds/ingress/outbound.go b/pkg/xds/ingress/outbound.go index cc75ae8b24c6..7a6c8a3877fb 100644 --- a/pkg/xds/ingress/outbound.go +++ b/pkg/xds/ingress/outbound.go @@ -13,9 +13,6 @@ func BuildEndpointMap(destinations core_xds.DestinationMap, dataplanes []*core_m } outbound := core_xds.EndpointMap{} for _, dataplane := range dataplanes { - if dataplane.Spec.IsIngress() { - continue - } for _, inbound := range dataplane.Spec.GetNetworking().GetHealthyInbounds() { service := inbound.Tags[mesh_proto.ServiceTag] selectors, ok := destinations[service] diff --git a/pkg/xds/ingress/router_test.go b/pkg/xds/ingress/router_test.go index a594a6c02ce6..7c55a98d50d1 100644 --- a/pkg/xds/ingress/router_test.go +++ b/pkg/xds/ingress/router_test.go @@ -11,29 +11,21 @@ import ( var _ = Describe("Ingress BuildDestinationMap", func() { It("should generate destination map by ingress", func() { - ingress, err := mesh.NewZoneIngressResourceFromDataplane(&mesh.DataplaneResource{ - Spec: &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ - Inbound: []*mesh_proto.Dataplane_Networking_Inbound{{ - Port: 10001, - }}, - Ingress: &mesh_proto.Dataplane_Networking_Ingress{ - AvailableServices: []*mesh_proto.Dataplane_Networking_Ingress_AvailableService{ - { - Tags: map[string]string{"kuma.io/service": "backend", "version": "v1", "region": "us"}, - }, - { - Tags: map[string]string{"kuma.io/service": "backend"}, - }, - { - Tags: map[string]string{"kuma.io/service": "web", "version": "v2", "region": "eu"}, - }, - }, + ingress := &mesh.ZoneIngressResource{ + Spec: &mesh_proto.ZoneIngress{ + AvailableServices: []*mesh_proto.ZoneIngress_AvailableService{ + { + Tags: map[string]string{"kuma.io/service": "backend", "version": "v1", "region": "us"}, + }, + { + Tags: map[string]string{"kuma.io/service": "backend"}, + }, + { + Tags: map[string]string{"kuma.io/service": "web", "version": "v2", "region": "eu"}, }, }, }, - }) - Expect(err).ToNot(HaveOccurred()) + } actual := BuildDestinationMap(ingress) expected := xds.DestinationMap{ diff --git a/pkg/xds/sync/dataplane_watchdog.go b/pkg/xds/sync/dataplane_watchdog.go index d30423c7cf3a..57d67cb7ec3c 100644 --- a/pkg/xds/sync/dataplane_watchdog.go +++ b/pkg/xds/sync/dataplane_watchdog.go @@ -8,9 +8,7 @@ import ( mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" "github.com/kumahq/kuma/pkg/core" - core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" core_model "github.com/kumahq/kuma/pkg/core/resources/model" - "github.com/kumahq/kuma/pkg/core/resources/store" core_xds "github.com/kumahq/kuma/pkg/core/xds" "github.com/kumahq/kuma/pkg/xds/cache/mesh" "github.com/kumahq/kuma/pkg/xds/secrets" @@ -48,7 +46,6 @@ func NewDataplaneWatchdog(deps DataplaneWatchdogDependencies, dpKey core_model.R } func (d *DataplaneWatchdog) Sync() error { - ctx := context.Background() metadata := d.metadataTracker.Metadata(d.key) if metadata == nil { return errors.New("metadata cannot be nil") @@ -57,17 +54,6 @@ func (d *DataplaneWatchdog) Sync() error { if d.dpType == "" { d.dpType = metadata.GetProxyType() } - // backwards compatibility - if d.dpType == mesh_proto.DataplaneProxyType && !d.proxyTypeSettled { - dataplane := core_mesh.NewDataplaneResource() - if err := d.dataplaneProxyBuilder.CachingResManager.Get(ctx, dataplane, store.GetBy(d.key)); err != nil { - return err - } - if dataplane.Spec.IsIngress() { - d.dpType = mesh_proto.IngressProxyType - } - d.proxyTypeSettled = true - } switch d.dpType { case mesh_proto.DataplaneProxyType: return d.syncDataplane() diff --git a/pkg/xds/sync/ingress_proxy_builder.go b/pkg/xds/sync/ingress_proxy_builder.go index 199b863b9496..732180457bbe 100644 --- a/pkg/xds/sync/ingress_proxy_builder.go +++ b/pkg/xds/sync/ingress_proxy_builder.go @@ -60,47 +60,16 @@ func (p *IngressProxyBuilder) getZoneIngress(key core_model.ResourceKey) (*core_ ctx := context.Background() zoneIngress := core_mesh.NewZoneIngressResource() - err := p.ReadOnlyResManager.Get(ctx, zoneIngress, core_store.GetBy(key)) - if err == nil { - // Update Ingress' Available Services - // This was placed as an operation of DataplaneWatchdog out of the convenience. - // Consider moving to the outside of this component (follow the pattern of updating VIP outbounds) - if err := p.updateIngress(zoneIngress); err != nil { - return nil, err - } - return zoneIngress, nil - } - if !core_store.IsResourceNotFound(err) { - return nil, err - } - - // for backward compatibility with dataplane-based ingresses - oldTypeIngress, err := p.resolveDataplane(ctx, key) - if err != nil { + if err := p.ReadOnlyResManager.Get(ctx, zoneIngress, core_store.GetBy(key)); err != nil { return nil, err } // Update Ingress' Available Services // This was placed as an operation of DataplaneWatchdog out of the convenience. // Consider moving to the outside of this component (follow the pattern of updating VIP outbounds) - if err := p.updateIngressCompat(oldTypeIngress); err != nil { + if err := p.updateIngress(zoneIngress); err != nil { return nil, err } - return core_mesh.NewZoneIngressResourceFromDataplane(oldTypeIngress) -} - -func (p *IngressProxyBuilder) resolveDataplane(ctx context.Context, key core_model.ResourceKey) (*core_mesh.DataplaneResource, error) { - dataplane := core_mesh.NewDataplaneResource() - - if err := p.ReadOnlyResManager.Get(ctx, dataplane, core_store.GetBy(key)); err != nil { - return nil, err - } - - // Envoy requires IPs instead of Hostname therefore we need to resolve an address. Consider moving this outside of this component. - resolvedDp, err := xds_topology.ResolveAddress(p.LookupIP, dataplane) - if err != nil { - return nil, err - } - return resolvedDp, nil + return zoneIngress, nil } func (p *IngressProxyBuilder) resolveRouting(ctx context.Context, zoneIngress *core_mesh.ZoneIngressResource, dataplanes *core_mesh.DataplaneResourceList) (*xds.Routing, error) { @@ -118,17 +87,6 @@ func (p *IngressProxyBuilder) resolveRouting(ctx context.Context, zoneIngress *c return routing, nil } -func (p *IngressProxyBuilder) updateIngressCompat(dpIngress *core_mesh.DataplaneResource) error { - ctx := context.Background() - - allMeshDataplanes := &core_mesh.DataplaneResourceList{} - if err := p.ReadOnlyResManager.List(ctx, allMeshDataplanes); err != nil { - return err - } - allMeshDataplanes.Items = xds_topology.ResolveAddresses(syncLog, p.LookupIP, allMeshDataplanes.Items) - return ingress.UpdateAvailableServicesCompat(ctx, p.ResManager, dpIngress, allMeshDataplanes.Items) -} - func (p *IngressProxyBuilder) updateIngress(zoneIngress *core_mesh.ZoneIngressResource) error { ctx := context.Background() diff --git a/pkg/xds/topology/dataplanes.go b/pkg/xds/topology/dataplanes.go index 201a3d035188..20c0779d8783 100644 --- a/pkg/xds/topology/dataplanes.go +++ b/pkg/xds/topology/dataplanes.go @@ -12,24 +12,17 @@ import ( "github.com/kumahq/kuma/pkg/core/dns/lookup" core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" "github.com/kumahq/kuma/pkg/core/resources/manager" + core_store "github.com/kumahq/kuma/pkg/core/resources/store" ) -// GetDataplanes returns list of Dataplane in provided Mesh and Ingresses (which are cluster-scoped, not mesh-scoped) +// GetDataplanes returns list of Dataplane in provided Mesh func GetDataplanes(log logr.Logger, ctx context.Context, rm manager.ReadOnlyResourceManager, lookupIPFunc lookup.LookupIPFunc, mesh string) (*core_mesh.DataplaneResourceList, error) { dataplanes := &core_mesh.DataplaneResourceList{} - if err := rm.List(ctx, dataplanes); err != nil { + if err := rm.List(ctx, dataplanes, core_store.ListByMesh(mesh)); err != nil { return nil, err } dataplanes.Items = ResolveAddresses(log, lookupIPFunc, dataplanes.Items) - filteredDataplanes := &core_mesh.DataplaneResourceList{} - for _, d := range dataplanes.Items { - // backwards compatibility - if d.GetMeta().GetMesh() == mesh || d.Spec.IsIngress() { - _ = filteredDataplanes.AddItem(d) - } - } - - return filteredDataplanes, nil + return dataplanes, nil } func GetZoneIngresses(log logr.Logger, ctx context.Context, rm manager.ReadOnlyResourceManager, lookupIPFunc lookup.LookupIPFunc) (*core_mesh.ZoneIngressResourceList, error) { @@ -86,28 +79,6 @@ func ResolveAddress(lookupIPFunc lookup.LookupIPFunc, dataplane *core_mesh.Datap return dataplane, nil } -func ResolveIngressPublicAddress(lookupIPFunc lookup.LookupIPFunc, dataplane *core_mesh.DataplaneResource) (*core_mesh.DataplaneResource, error) { - if dataplane.Spec.Networking.Ingress.PublicAddress == "" { // Ingress may not have public address yet. - return dataplane, nil - } - ips, err := lookupIPFunc(dataplane.Spec.Networking.Ingress.PublicAddress) - if err != nil { - return nil, err - } - if len(ips) == 0 { - return nil, errors.Errorf("can't resolve address %v", dataplane.Spec.Networking.Ingress.PublicAddress) - } - if dataplane.Spec.Networking.Ingress.PublicAddress != ips[0].String() { // only if we resolve any address, in most cases this is IP not a hostname - dpSpec := proto.Clone(dataplane.Spec).(*mesh_proto.Dataplane) - dpSpec.Networking.Ingress.PublicAddress = ips[0].String() - return &core_mesh.DataplaneResource{ - Meta: dataplane.Meta, - Spec: dpSpec, - }, nil - } - return dataplane, nil -} - func ResolveZoneIngressPublicAddress(lookupIPFunc lookup.LookupIPFunc, zoneIngress *core_mesh.ZoneIngressResource) (*core_mesh.ZoneIngressResource, error) { if zoneIngress.Spec.GetNetworking().GetAdvertisedAddress() == "" { // Ingress may not have public address yet. return zoneIngress, nil @@ -133,21 +104,12 @@ func ResolveZoneIngressPublicAddress(lookupIPFunc lookup.LookupIPFunc, zoneIngre func ResolveAddresses(log logr.Logger, lookupIPFunc lookup.LookupIPFunc, dataplanes []*core_mesh.DataplaneResource) []*core_mesh.DataplaneResource { rv := []*core_mesh.DataplaneResource{} for _, d := range dataplanes { - if d.Spec.IsIngress() { - dp, err := ResolveIngressPublicAddress(lookupIPFunc, d) - if err != nil { - log.Error(err, "failed to resolve ingress's public name, skipping dataplane") - continue - } - rv = append(rv, dp) - } else { - dp, err := ResolveAddress(lookupIPFunc, d) - if err != nil { - log.Error(err, "failed to resolve dataplane's domain name, skipping dataplane") - continue - } - rv = append(rv, dp) + dp, err := ResolveAddress(lookupIPFunc, d) + if err != nil { + log.Error(err, "failed to resolve dataplane's domain name, skipping dataplane") + continue } + rv = append(rv, dp) } return rv } diff --git a/pkg/xds/topology/outbound.go b/pkg/xds/topology/outbound.go index ed2c3b2c4a4e..3c04e581a3ac 100644 --- a/pkg/xds/topology/outbound.go +++ b/pkg/xds/topology/outbound.go @@ -43,7 +43,7 @@ func BuildEdsEndpointMap( zoneIngresses []*core_mesh.ZoneIngressResource, ) core_xds.EndpointMap { outbound := core_xds.EndpointMap{} - ingressInstances := fillIngressOutbounds(outbound, zoneIngresses, dataplanes, zone, mesh) + ingressInstances := fillIngressOutbounds(outbound, zoneIngresses, zone, mesh) endpointWeight := uint32(1) if ingressInstances > 0 { endpointWeight = ingressInstances @@ -74,9 +74,6 @@ func BuildEdsEndpointMap( // * ingress-zone2-2 - weight: 3 func fillDataplaneOutbounds(outbound core_xds.EndpointMap, dataplanes []*core_mesh.DataplaneResource, mesh *core_mesh.MeshResource, endpointWeight uint32) { for _, dataplane := range dataplanes { - if dataplane.Spec.IsIngress() { - continue - } for _, inbound := range dataplane.Spec.GetNetworking().GetHealthyInbounds() { service := inbound.Tags[mesh_proto.ServiceTag] iface := dataplane.Spec.Networking.ToInboundInterface(inbound) @@ -96,12 +93,10 @@ func fillDataplaneOutbounds(outbound core_xds.EndpointMap, dataplanes []*core_me func fillIngressOutbounds( outbound core_xds.EndpointMap, zoneIngresses []*core_mesh.ZoneIngressResource, - dataplanes []*core_mesh.DataplaneResource, zone string, mesh *core_mesh.MeshResource, ) uint32 { ingressInstances := map[string]bool{} - for _, zi := range zoneIngresses { if !zi.IsRemoteIngress(zone) { continue @@ -118,6 +113,7 @@ func fillIngressOutbounds( if ingressInstances[ingressCoordinates] { continue // many Ingress instances can be placed in front of one load balancer (all instances can have the same public address and port). In this case we only need one Instance avoiding creating unnecessary duplicated endpoints } + ingressInstances[ingressCoordinates] = true for _, service := range zi.Spec.GetAvailableServices() { if service.Mesh != mesh.GetMeta().GetName() { continue @@ -132,43 +128,6 @@ func fillIngressOutbounds( }) } } - - // backwards compatibility - for _, dataplane := range dataplanes { - if !dataplane.Spec.IsIngress() { - continue - } - if !dataplane.Spec.IsZoneIngress(zone) { - continue // we only need Ingress for other zones, we don't want to direct request to the same zone through Ingress - } - if !mesh.MTLSEnabled() { - // Ingress routes the request by TLS SNI, therefore for cross cluster communication MTLS is required - // We ignore Ingress from endpoints if MTLS is disabled, otherwise we would fail anyway. - continue - } - if !dataplane.Spec.HasPublicAddress() { - continue // Dataplane is not reachable yet from other clusters. This may happen when Ingress Service is pending waiting on External IP on Kubernetes. - } - ingressCoordinates := net.JoinHostPort(dataplane.Spec.Networking.Ingress.PublicAddress, - strconv.FormatUint(uint64(dataplane.Spec.Networking.Ingress.PublicPort), 10)) - if ingressInstances[ingressCoordinates] { - continue // many Ingress instances can be placed in front of one load balancer (all instances can have the same public address and port). In this case we only need one Instance avoiding creating unnecessary duplicated endpoints - } - ingressInstances[ingressCoordinates] = true - for _, service := range dataplane.Spec.Networking.GetIngress().GetAvailableServices() { - if service.Mesh != mesh.GetMeta().GetName() { - continue - } - serviceName := service.Tags[mesh_proto.ServiceTag] - outbound[serviceName] = append(outbound[serviceName], core_xds.Endpoint{ - Target: dataplane.Spec.Networking.Ingress.PublicAddress, - Port: dataplane.Spec.Networking.Ingress.PublicPort, - Tags: service.Tags, - Weight: service.Instances, - Locality: localityFromTags(mesh, priorityRemote, service.Tags), - }) - } - } return uint32(len(ingressInstances)) } diff --git a/pkg/xds/topology/outbound_test.go b/pkg/xds/topology/outbound_test.go index 91b4a8f07f07..39cc2d4577ea 100644 --- a/pkg/xds/topology/outbound_test.go +++ b/pkg/xds/topology/outbound_test.go @@ -244,6 +244,7 @@ var _ = Describe("TrafficRoute", func() { Describe("BuildEndpointMap()", func() { type testCase struct { dataplanes []*core_mesh.DataplaneResource + zoneIngresses []*core_mesh.ZoneIngressResource externalServices []*core_mesh.ExternalServiceResource mesh *core_mesh.MeshResource expected core_xds.EndpointMap @@ -251,7 +252,7 @@ var _ = Describe("TrafficRoute", func() { DescribeTable("should include only those dataplanes that match given selectors", func(given testCase) { // when - endpoints := BuildEndpointMap(given.mesh, "zone-1", given.dataplanes, nil, given.externalServices, dataSourceLoader) + endpoints := BuildEndpointMap(given.mesh, "zone-1", given.dataplanes, given.zoneIngresses, given.externalServices, dataSourceLoader) // then Expect(endpoints).To(Equal(given.expected)) }, @@ -277,89 +278,73 @@ var _ = Describe("TrafficRoute", func() { }, }, }, + }, + zoneIngresses: []*core_mesh.ZoneIngressResource{ { - Spec: &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ - Address: "10.20.1.2", - Inbound: []*mesh_proto.Dataplane_Networking_Inbound{ - { - Tags: map[string]string{mesh_proto.ServiceTag: "ingress", mesh_proto.ZoneTag: "zone-2"}, - Port: 10001, - }, + Spec: &mesh_proto.ZoneIngress{ + Zone: "zone-2", + Networking: &mesh_proto.ZoneIngress_Networking{ + Address: "10.20.1.2", + Port: 10001, + AdvertisedAddress: "192.168.0.100", + AdvertisedPort: 12345, + }, + AvailableServices: []*mesh_proto.ZoneIngress_AvailableService{ + { + Instances: 2, + Mesh: defaultMeshName, + Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v2", mesh_proto.ZoneTag: "eu"}, }, - Ingress: &mesh_proto.Dataplane_Networking_Ingress{ - PublicAddress: "192.168.0.100", - PublicPort: 12345, - AvailableServices: []*mesh_proto.Dataplane_Networking_Ingress_AvailableService{ - { - Instances: 2, - Mesh: defaultMeshName, - Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v2", mesh_proto.ZoneTag: "eu"}, - }, - { - Instances: 3, - Mesh: defaultMeshName, - Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v3"}, - }, - }, + { + Instances: 3, + Mesh: defaultMeshName, + Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v3"}, }, }, }, }, { - Spec: &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ - Address: "10.20.1.3", // another instance of the same ingress will be ignored - Inbound: []*mesh_proto.Dataplane_Networking_Inbound{ - { - Tags: map[string]string{mesh_proto.ServiceTag: "ingress", mesh_proto.ZoneTag: "zone-2"}, - Port: 10001, - }, + Spec: &mesh_proto.ZoneIngress{ + Zone: "zone-2", + Networking: &mesh_proto.ZoneIngress_Networking{ + Address: "10.20.1.3", // another instance of the same ingress will be ignored + Port: 10001, + AdvertisedAddress: "192.168.0.100", + AdvertisedPort: 12345, + }, + AvailableServices: []*mesh_proto.ZoneIngress_AvailableService{ + { + Instances: 2, + Mesh: defaultMeshName, + Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v2", mesh_proto.ZoneTag: "eu"}, }, - Ingress: &mesh_proto.Dataplane_Networking_Ingress{ - PublicAddress: "192.168.0.100", - PublicPort: 12345, - AvailableServices: []*mesh_proto.Dataplane_Networking_Ingress_AvailableService{ - { - Instances: 2, - Mesh: defaultMeshName, - Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v2", mesh_proto.ZoneTag: "eu"}, - }, - { - Instances: 3, - Mesh: defaultMeshName, - Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v3"}, - }, - }, + { + Instances: 3, + Mesh: defaultMeshName, + Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v3"}, }, }, }, }, { - Spec: &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ - Address: "10.20.1.4", - Inbound: []*mesh_proto.Dataplane_Networking_Inbound{ - { - Tags: map[string]string{mesh_proto.ServiceTag: "ingress", mesh_proto.ZoneTag: "zone-2"}, - Port: 10001, - }, + Spec: &mesh_proto.ZoneIngress{ + Zone: "zone-2", + Networking: &mesh_proto.ZoneIngress_Networking{ + Address: "10.20.1.4", + Port: 10001, + AdvertisedAddress: "192.168.0.101", + AdvertisedPort: 12345, + }, + AvailableServices: []*mesh_proto.ZoneIngress_AvailableService{ + { + Instances: 2, + Mesh: defaultMeshName, + Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v2", mesh_proto.ZoneTag: "eu"}, }, - Ingress: &mesh_proto.Dataplane_Networking_Ingress{ - PublicAddress: "192.168.0.101", // instance of the ingress with different public coordinates - PublicPort: 12345, - AvailableServices: []*mesh_proto.Dataplane_Networking_Ingress_AvailableService{ - { - Instances: 2, - Mesh: defaultMeshName, - Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v2", mesh_proto.ZoneTag: "eu"}, - }, - { - Instances: 3, - Mesh: defaultMeshName, - Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v3"}, - }, - }, + { + Instances: 3, + Mesh: defaultMeshName, + Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v3"}, }, }, }, @@ -424,31 +409,27 @@ var _ = Describe("TrafficRoute", func() { }, }, }, + }, + zoneIngresses: []*core_mesh.ZoneIngressResource{ { - Spec: &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ - Address: "10.20.1.2", - Inbound: []*mesh_proto.Dataplane_Networking_Inbound{ - { - Tags: map[string]string{mesh_proto.ServiceTag: "ingress", mesh_proto.ZoneTag: "zone-2"}, - Port: 10001, - }, + Spec: &mesh_proto.ZoneIngress{ + Zone: "zone-2", + Networking: &mesh_proto.ZoneIngress_Networking{ + Address: "10.20.1.2", + Port: 10001, + AdvertisedAddress: "192.168.0.100", + AdvertisedPort: 12345, + }, + AvailableServices: []*mesh_proto.ZoneIngress_AvailableService{ + { + Instances: 2, + Mesh: defaultMeshName, + Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v2", mesh_proto.ZoneTag: "eu"}, }, - Ingress: &mesh_proto.Dataplane_Networking_Ingress{ - PublicAddress: "192.168.0.100", - PublicPort: 12345, - AvailableServices: []*mesh_proto.Dataplane_Networking_Ingress_AvailableService{ - { - Instances: 2, - Mesh: defaultMeshName, - Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v2", mesh_proto.ZoneTag: "eu"}, - }, - { - Instances: 3, - Mesh: nonDefaultMesh, - Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v3"}, - }, - }, + { + Instances: 3, + Mesh: nonDefaultMesh, + Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v3"}, }, }, }, @@ -492,29 +473,25 @@ var _ = Describe("TrafficRoute", func() { }, }, }, + }, + zoneIngresses: []*core_mesh.ZoneIngressResource{ { - Spec: &mesh_proto.Dataplane{ - Networking: &mesh_proto.Dataplane_Networking{ + Spec: &mesh_proto.ZoneIngress{ + Zone: "zone-2", + Networking: &mesh_proto.ZoneIngress_Networking{ Address: "10.20.1.2", - Inbound: []*mesh_proto.Dataplane_Networking_Inbound{ - { - Tags: map[string]string{mesh_proto.ServiceTag: "ingress", mesh_proto.ZoneTag: "zone-2"}, - Port: 10001, - }, + Port: 10001, + }, + AvailableServices: []*mesh_proto.ZoneIngress_AvailableService{ + { + Instances: 2, + Mesh: defaultMeshName, + Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v2", mesh_proto.ZoneTag: "eu"}, }, - Ingress: &mesh_proto.Dataplane_Networking_Ingress{ - AvailableServices: []*mesh_proto.Dataplane_Networking_Ingress_AvailableService{ - { - Instances: 2, - Mesh: defaultMeshName, - Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v2", mesh_proto.ZoneTag: "eu"}, - }, - { - Instances: 3, - Mesh: nonDefaultMesh, - Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v3"}, - }, - }, + { + Instances: 3, + Mesh: nonDefaultMesh, + Tags: map[string]string{mesh_proto.ServiceTag: "redis", "version": "v3"}, }, }, }, From 9dbcf4d2e3bfae78a7783b692c47aeda66aa24d1 Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Wed, 8 Dec 2021 20:51:25 -0500 Subject: [PATCH 4/9] refactor(runtime/k8s): refactor dp container handling (#3449) Signed-off-by: Mike Beaumont --- pkg/config/plugins/runtime/k8s/config.go | 75 ++--- pkg/plugins/runtime/k8s/containers/factory.go | 260 +++++++++++++++++ .../runtime/k8s/webhooks/injector/injector.go | 274 +----------------- 3 files changed, 317 insertions(+), 292 deletions(-) create mode 100644 pkg/plugins/runtime/k8s/containers/factory.go diff --git a/pkg/config/plugins/runtime/k8s/config.go b/pkg/config/plugins/runtime/k8s/config.go index 37ee2f5f9421..5de87181802c 100644 --- a/pkg/config/plugins/runtime/k8s/config.go +++ b/pkg/config/plugins/runtime/k8s/config.go @@ -22,36 +22,38 @@ func DefaultKubernetesRuntimeConfig() *KubernetesRuntimeConfig { VirtualProbesEnabled: true, VirtualProbesPort: 9000, SidecarContainer: SidecarContainer{ - Image: "kuma/kuma-dp:latest", RedirectPortInbound: 15006, RedirectPortInboundV6: 15010, RedirectPortOutbound: 15001, - UID: 5678, - GID: 5678, - AdminPort: 9901, - DrainTime: 30 * time.Second, - - ReadinessProbe: SidecarReadinessProbe{ - InitialDelaySeconds: 1, - TimeoutSeconds: 3, - PeriodSeconds: 5, - SuccessThreshold: 1, - FailureThreshold: 12, - }, - LivenessProbe: SidecarLivenessProbe{ - InitialDelaySeconds: 60, - TimeoutSeconds: 3, - PeriodSeconds: 5, - FailureThreshold: 12, - }, - Resources: SidecarResources{ - Requests: SidecarResourceRequests{ - CPU: "50m", - Memory: "64Mi", + DataplaneContainer: DataplaneContainer{ + Image: "kuma/kuma-dp:latest", + UID: 5678, + GID: 5678, + AdminPort: 9901, + DrainTime: 30 * time.Second, + + ReadinessProbe: SidecarReadinessProbe{ + InitialDelaySeconds: 1, + TimeoutSeconds: 3, + PeriodSeconds: 5, + SuccessThreshold: 1, + FailureThreshold: 12, + }, + LivenessProbe: SidecarLivenessProbe{ + InitialDelaySeconds: 60, + TimeoutSeconds: 3, + PeriodSeconds: 5, + FailureThreshold: 12, }, - Limits: SidecarResourceLimits{ - CPU: "1000m", - Memory: "512Mi", + Resources: SidecarResources{ + Requests: SidecarResourceRequests{ + CPU: "50m", + Memory: "64Mi", + }, + Limits: SidecarResourceLimits{ + CPU: "1000m", + Memory: "512Mi", + }, }, }, }, @@ -144,16 +146,10 @@ type SidecarTraffic struct { ExcludeOutboundPorts []uint32 `yaml:"excludeOutboundPorts" envconfig:"kuma_runtime_kubernetes_sidecar_traffic_exclude_outbound_ports"` } -// SidecarContainer defines configuration of the Kuma sidecar container. -type SidecarContainer struct { +// DataplaneContainer defines the configuration of a Kuma dataplane proxy container. +type DataplaneContainer struct { // Image name. Image string `yaml:"image,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_image"` - // Redirect port for inbound traffic. - RedirectPortInbound uint32 `yaml:"redirectPortInbound,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_redirect_port_inbound"` - // Redirect port for inbound IPv6 traffic. - RedirectPortInboundV6 uint32 `yaml:"redirectPortInboundV6,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_redirect_port_inbound_v6"` - // Redirect port for outbound traffic. - RedirectPortOutbound uint32 `yaml:"redirectPortOutbound,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_redirect_port_outbound"` // User ID. UID int64 `yaml:"uid,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_uid"` // Group ID. @@ -172,6 +168,17 @@ type SidecarContainer struct { EnvVars map[string]string `yaml:"envVars" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_env_vars"` } +// SidecarContainer defines configuration of the Kuma sidecar container. +type SidecarContainer struct { + DataplaneContainer `yaml:",inline"` + // Redirect port for inbound traffic. + RedirectPortInbound uint32 `yaml:"redirectPortInbound,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_redirect_port_inbound"` + // Redirect port for inbound IPv6 traffic. + RedirectPortInboundV6 uint32 `yaml:"redirectPortInboundV6,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_redirect_port_inbound_v6"` + // Redirect port for outbound traffic. + RedirectPortOutbound uint32 `yaml:"redirectPortOutbound,omitempty" envconfig:"kuma_runtime_kubernetes_injector_sidecar_container_redirect_port_outbound"` +} + // SidecarReadinessProbe defines periodic probe of container service readiness. type SidecarReadinessProbe struct { // Number of seconds after the container has started before readiness probes are initiated. diff --git a/pkg/plugins/runtime/k8s/containers/factory.go b/pkg/plugins/runtime/k8s/containers/factory.go new file mode 100644 index 000000000000..6e5776ca215a --- /dev/null +++ b/pkg/plugins/runtime/k8s/containers/factory.go @@ -0,0 +1,260 @@ +package containers + +import ( + "fmt" + "sort" + "strconv" + + kube_core "k8s.io/api/core/v1" + kube_api "k8s.io/apimachinery/pkg/api/resource" + kube_intstr "k8s.io/apimachinery/pkg/util/intstr" + + runtime_k8s "github.com/kumahq/kuma/pkg/config/plugins/runtime/k8s" + core_model "github.com/kumahq/kuma/pkg/core/resources/model" + "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/metadata" +) + +type EnvVarsByName []kube_core.EnvVar + +func (a EnvVarsByName) Len() int { return len(a) } +func (a EnvVarsByName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } +func (a EnvVarsByName) Less(i, j int) bool { + return a[i].Name < a[j].Name +} + +type DataplaneProxyFactory struct { + ControlPlaneURL string + ControlPlaneCACert string + ContainerConfig runtime_k8s.DataplaneContainer + BuiltinDNS runtime_k8s.BuiltinDNS +} + +func (i *DataplaneProxyFactory) proxyConcurrencyFor(annotations map[string]string) (int64, error) { + count, ok, err := metadata.Annotations(annotations).GetUint32(metadata.KumaSidecarConcurrencyAnnotation) + if ok { + return int64(count), err + } + + // Note that validation requires the resource limit is not empty. + cpuRequest := kube_api.MustParse(i.ContainerConfig.Resources.Limits.CPU) + ncpu := cpuRequest.MilliValue() / 1000 + if ncpu < 2 { + // Only autotune to down to 2 to mitigate the latency + // risk if a worker thread blocks. + ncpu = 2 + } + + return ncpu, nil +} + +func meshName(annotations map[string]string, ns *kube_core.Namespace) string { + if mesh, exist := metadata.Annotations(annotations).GetString(metadata.KumaMeshAnnotation); exist { + return mesh + } + if mesh, exist := metadata.Annotations(ns.Annotations).GetString(metadata.KumaMeshAnnotation); exist { + return mesh + } + return core_model.DefaultMesh +} + +func (i *DataplaneProxyFactory) NewContainer( + annotations map[string]string, + ns *kube_core.Namespace, +) (kube_core.Container, error) { + mesh := meshName(annotations, ns) + env, err := i.sidecarEnvVars(mesh, annotations) + if err != nil { + return kube_core.Container{}, err + } + + cpuCount, err := i.proxyConcurrencyFor(annotations) + if err != nil { + return kube_core.Container{}, err + } + + args := []string{ + "run", + "--log-level=info", + } + + if cpuCount > 0 { + args = append(args, + "--concurrency="+strconv.FormatInt(cpuCount, 10)) + } + + return kube_core.Container{ + Image: i.ContainerConfig.Image, + ImagePullPolicy: kube_core.PullIfNotPresent, + Args: args, + Env: env, + SecurityContext: &kube_core.SecurityContext{ + RunAsUser: &i.ContainerConfig.UID, + RunAsGroup: &i.ContainerConfig.GID, + }, + LivenessProbe: &kube_core.Probe{ + Handler: kube_core.Handler{ + HTTPGet: &kube_core.HTTPGetAction{ + Path: "/ready", + Port: kube_intstr.IntOrString{ + IntVal: int32(i.ContainerConfig.AdminPort), + }, + }, + }, + InitialDelaySeconds: i.ContainerConfig.LivenessProbe.InitialDelaySeconds, + TimeoutSeconds: i.ContainerConfig.LivenessProbe.TimeoutSeconds, + PeriodSeconds: i.ContainerConfig.LivenessProbe.PeriodSeconds, + SuccessThreshold: 1, + FailureThreshold: i.ContainerConfig.LivenessProbe.FailureThreshold, + }, + ReadinessProbe: &kube_core.Probe{ + Handler: kube_core.Handler{ + HTTPGet: &kube_core.HTTPGetAction{ + Path: "/ready", + Port: kube_intstr.IntOrString{ + IntVal: int32(i.ContainerConfig.AdminPort), + }, + }, + }, + InitialDelaySeconds: i.ContainerConfig.ReadinessProbe.InitialDelaySeconds, + TimeoutSeconds: i.ContainerConfig.ReadinessProbe.TimeoutSeconds, + PeriodSeconds: i.ContainerConfig.ReadinessProbe.PeriodSeconds, + SuccessThreshold: i.ContainerConfig.ReadinessProbe.SuccessThreshold, + FailureThreshold: i.ContainerConfig.ReadinessProbe.FailureThreshold, + }, + Resources: kube_core.ResourceRequirements{ + Requests: kube_core.ResourceList{ + kube_core.ResourceCPU: kube_api.MustParse(i.ContainerConfig.Resources.Requests.CPU), + kube_core.ResourceMemory: kube_api.MustParse(i.ContainerConfig.Resources.Requests.Memory), + }, + Limits: kube_core.ResourceList{ + kube_core.ResourceCPU: kube_api.MustParse(i.ContainerConfig.Resources.Limits.CPU), + kube_core.ResourceMemory: kube_api.MustParse(i.ContainerConfig.Resources.Limits.Memory), + }, + }, + }, nil +} + +func (i *DataplaneProxyFactory) sidecarEnvVars(mesh string, podAnnotations map[string]string) ([]kube_core.EnvVar, error) { + envVars := map[string]kube_core.EnvVar{ + "KUMA_CONTROL_PLANE_URL": { + Name: "KUMA_CONTROL_PLANE_URL", + Value: i.ControlPlaneURL, + }, + "KUMA_DATAPLANE_MESH": { + Name: "KUMA_DATAPLANE_MESH", + Value: mesh, + }, + "KUMA_DATAPLANE_NAME": { + Name: "KUMA_DATAPLANE_NAME", + // notice that Pod name might not be available at this time (in case of Deployment, ReplicaSet, etc) + // that is why we have to use a runtime reference to POD_NAME instead + Value: "$(POD_NAME).$(POD_NAMESPACE)", // variable references get expanded by Kubernetes + }, + "KUMA_DATAPLANE_ADMIN_PORT": { + Name: "KUMA_DATAPLANE_ADMIN_PORT", + Value: fmt.Sprintf("%d", i.ContainerConfig.AdminPort), + }, + "KUMA_DATAPLANE_DRAIN_TIME": { + Name: "KUMA_DATAPLANE_DRAIN_TIME", + Value: i.ContainerConfig.DrainTime.String(), + }, + "KUMA_DATAPLANE_RUNTIME_TOKEN_PATH": { + Name: "KUMA_DATAPLANE_RUNTIME_TOKEN_PATH", + Value: "/var/run/secrets/kubernetes.io/serviceaccount/token", + }, + "KUMA_CONTROL_PLANE_CA_CERT": { + Name: "KUMA_CONTROL_PLANE_CA_CERT", + Value: i.ControlPlaneCACert, + }, + } + if i.BuiltinDNS.Enabled { + envVars["KUMA_DNS_ENABLED"] = kube_core.EnvVar{ + Name: "KUMA_DNS_ENABLED", + Value: "true", + } + + envVars["KUMA_DNS_CORE_DNS_PORT"] = kube_core.EnvVar{ + Name: "KUMA_DNS_CORE_DNS_PORT", + Value: strconv.FormatInt(int64(i.BuiltinDNS.Port), 10), + } + + envVars["KUMA_DNS_CORE_DNS_EMPTY_PORT"] = kube_core.EnvVar{ + Name: "KUMA_DNS_CORE_DNS_EMPTY_PORT", + Value: strconv.FormatInt(int64(i.BuiltinDNS.Port+1), 10), + } + + envVars["KUMA_DNS_ENVOY_DNS_PORT"] = kube_core.EnvVar{ + Name: "KUMA_DNS_ENVOY_DNS_PORT", + Value: strconv.FormatInt(int64(i.BuiltinDNS.Port+2), 10), + } + + envVars["KUMA_DNS_CORE_DNS_BINARY_PATH"] = kube_core.EnvVar{ + Name: "KUMA_DNS_CORE_DNS_BINARY_PATH", + Value: "coredns", + } + } else { + envVars["KUMA_DNS_ENABLED"] = kube_core.EnvVar{ + Name: "KUMA_DNS_ENABLED", + Value: "false", + } + } + + // override defaults with cfg env vars + for envName, envVal := range i.ContainerConfig.EnvVars { + envVars[envName] = kube_core.EnvVar{ + Name: envName, + Value: envVal, + } + } + + // override defaults and cfg env vars with annotations + annotationEnvVars, err := metadata.Annotations(podAnnotations).GetMap(metadata.KumaSidecarEnvVarsAnnotation) + if err != nil { + return nil, err + } + for envName, envVal := range annotationEnvVars { + envVars[envName] = kube_core.EnvVar{ + Name: envName, + Value: envVal, + } + } + + var result []kube_core.EnvVar + for _, v := range envVars { + result = append(result, v) + } + sort.Stable(EnvVarsByName(result)) + + // those values needs to be added before other vars, otherwise expressions like "$(POD_NAME).$(POD_NAMESPACE)" won't be evaluated + result = append([]kube_core.EnvVar{ + { + Name: "POD_NAME", + ValueFrom: &kube_core.EnvVarSource{ + FieldRef: &kube_core.ObjectFieldSelector{ + APIVersion: "v1", + FieldPath: "metadata.name", + }, + }, + }, + { + Name: "POD_NAMESPACE", + ValueFrom: &kube_core.EnvVarSource{ + FieldRef: &kube_core.ObjectFieldSelector{ + APIVersion: "v1", + FieldPath: "metadata.namespace", + }, + }, + }, + { + Name: "INSTANCE_IP", + ValueFrom: &kube_core.EnvVarSource{ + FieldRef: &kube_core.ObjectFieldSelector{ + APIVersion: "v1", + FieldPath: "status.podIP", + }, + }, + }, + }, result...) + + return result, nil +} diff --git a/pkg/plugins/runtime/k8s/webhooks/injector/injector.go b/pkg/plugins/runtime/k8s/webhooks/injector/injector.go index a46ee708ce87..5b206e6c8bf5 100644 --- a/pkg/plugins/runtime/k8s/webhooks/injector/injector.go +++ b/pkg/plugins/runtime/k8s/webhooks/injector/injector.go @@ -4,7 +4,6 @@ import ( "context" "fmt" "os" - "sort" "strconv" "strings" @@ -12,7 +11,6 @@ import ( kube_core "k8s.io/api/core/v1" kube_api "k8s.io/apimachinery/pkg/api/resource" kube_types "k8s.io/apimachinery/pkg/types" - kube_intstr "k8s.io/apimachinery/pkg/util/intstr" kube_client "sigs.k8s.io/controller-runtime/pkg/client" runtime_k8s "github.com/kumahq/kuma/pkg/config/plugins/runtime/k8s" @@ -21,6 +19,7 @@ import ( core_model "github.com/kumahq/kuma/pkg/core/resources/model" k8s_common "github.com/kumahq/kuma/pkg/plugins/common/k8s" mesh_k8s "github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/api/v1alpha1" + "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/containers" "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/metadata" "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/util" tp_k8s "github.com/kumahq/kuma/pkg/transparentproxy/kubernetes" @@ -35,7 +34,7 @@ var log = core.Log.WithName("injector") func New( cfg runtime_k8s.Injector, - controlPlaneUrl string, + controlPlaneURL string, client kube_client.Client, converter k8s_common.Converter, ) (*KumaInjector, error) { @@ -48,20 +47,23 @@ func New( caCert = string(bytes) } return &KumaInjector{ - cfg: cfg, - controlPlaneUrl: controlPlaneUrl, - client: client, - converter: converter, - caCert: caCert, + cfg: cfg, + client: client, + converter: converter, + proxyFactory: containers.DataplaneProxyFactory{ + ControlPlaneURL: controlPlaneURL, + ControlPlaneCACert: caCert, + ContainerConfig: cfg.SidecarContainer.DataplaneContainer, + BuiltinDNS: cfg.BuiltinDNS, + }, }, nil } type KumaInjector struct { - cfg runtime_k8s.Injector - controlPlaneUrl string - client kube_client.Client - converter k8s_common.Converter - caCert string + cfg runtime_k8s.Injector + client kube_client.Client + converter k8s_common.Converter + proxyFactory containers.DataplaneProxyFactory } func (i *KumaInjector) InjectKuma(pod *kube_core.Pod) error { @@ -233,29 +235,11 @@ func (i *KumaInjector) namespaceFor(pod *kube_core.Pod) (*kube_core.Namespace, e return ns, nil } -func (i *KumaInjector) proxyConcurrencyFor(annotations map[string]string) (int64, error) { - count, ok, err := metadata.Annotations(annotations).GetUint32(metadata.KumaSidecarConcurrencyAnnotation) - if ok { - return int64(count), err - } - - // Note that validation requires the resource limit is not empty. - cpuRequest := kube_api.MustParse(i.cfg.SidecarContainer.Resources.Limits.CPU) - ncpu := cpuRequest.MilliValue() / 1000 - if ncpu < 2 { - // Only autotune to down to 2 to mitigate the latency - // risk if a worker thread blocks. - ncpu = 2 - } - - return ncpu, nil -} - func (i *KumaInjector) NewSidecarContainer( pod *kube_core.Pod, ns *kube_core.Namespace, ) (kube_core.Container, error) { - container, err := i.newDpContainer(pod.Annotations, ns) + container, err := i.proxyFactory.NewContainer(pod.Annotations, ns) if err != nil { return container, err } @@ -271,224 +255,6 @@ func (i *KumaInjector) NewSidecarContainer( return container, nil } -func (i *KumaInjector) NewGatewayContainer( - annotations map[string]string, - ns *kube_core.Namespace, -) (kube_core.PodSpec, error) { - container, err := i.newDpContainer(annotations, ns) - if err != nil { - return kube_core.PodSpec{}, err - } - - container.Name = util.KumaGatewayContainerName - - return kube_core.PodSpec{ - Containers: []kube_core.Container{container}, - }, nil -} - -func (i *KumaInjector) newDpContainer( - annotations map[string]string, - ns *kube_core.Namespace, -) (kube_core.Container, error) { - mesh := meshName(annotations, ns) - env, err := i.sidecarEnvVars(mesh, annotations) - if err != nil { - return kube_core.Container{}, err - } - - cpuCount, err := i.proxyConcurrencyFor(annotations) - if err != nil { - return kube_core.Container{}, err - } - - args := []string{ - "run", - "--log-level=info", - } - - if cpuCount > 0 { - args = append(args, - "--concurrency="+strconv.FormatInt(cpuCount, 10)) - } - - return kube_core.Container{ - Image: i.cfg.SidecarContainer.Image, - ImagePullPolicy: kube_core.PullIfNotPresent, - Args: args, - Env: env, - SecurityContext: &kube_core.SecurityContext{ - RunAsUser: &i.cfg.SidecarContainer.UID, - RunAsGroup: &i.cfg.SidecarContainer.GID, - }, - LivenessProbe: &kube_core.Probe{ - Handler: kube_core.Handler{ - HTTPGet: &kube_core.HTTPGetAction{ - Path: "/ready", - Port: kube_intstr.IntOrString{ - IntVal: int32(i.cfg.SidecarContainer.AdminPort), - }, - }, - }, - InitialDelaySeconds: i.cfg.SidecarContainer.LivenessProbe.InitialDelaySeconds, - TimeoutSeconds: i.cfg.SidecarContainer.LivenessProbe.TimeoutSeconds, - PeriodSeconds: i.cfg.SidecarContainer.LivenessProbe.PeriodSeconds, - SuccessThreshold: 1, - FailureThreshold: i.cfg.SidecarContainer.LivenessProbe.FailureThreshold, - }, - ReadinessProbe: &kube_core.Probe{ - Handler: kube_core.Handler{ - HTTPGet: &kube_core.HTTPGetAction{ - Path: "/ready", - Port: kube_intstr.IntOrString{ - IntVal: int32(i.cfg.SidecarContainer.AdminPort), - }, - }, - }, - InitialDelaySeconds: i.cfg.SidecarContainer.ReadinessProbe.InitialDelaySeconds, - TimeoutSeconds: i.cfg.SidecarContainer.ReadinessProbe.TimeoutSeconds, - PeriodSeconds: i.cfg.SidecarContainer.ReadinessProbe.PeriodSeconds, - SuccessThreshold: i.cfg.SidecarContainer.ReadinessProbe.SuccessThreshold, - FailureThreshold: i.cfg.SidecarContainer.ReadinessProbe.FailureThreshold, - }, - Resources: kube_core.ResourceRequirements{ - Requests: kube_core.ResourceList{ - kube_core.ResourceCPU: kube_api.MustParse(i.cfg.SidecarContainer.Resources.Requests.CPU), - kube_core.ResourceMemory: kube_api.MustParse(i.cfg.SidecarContainer.Resources.Requests.Memory), - }, - Limits: kube_core.ResourceList{ - kube_core.ResourceCPU: kube_api.MustParse(i.cfg.SidecarContainer.Resources.Limits.CPU), - kube_core.ResourceMemory: kube_api.MustParse(i.cfg.SidecarContainer.Resources.Limits.Memory), - }, - }, - }, nil -} - -func (i *KumaInjector) sidecarEnvVars(mesh string, podAnnotations map[string]string) ([]kube_core.EnvVar, error) { - envVars := map[string]kube_core.EnvVar{ - "KUMA_CONTROL_PLANE_URL": { - Name: "KUMA_CONTROL_PLANE_URL", - Value: i.controlPlaneUrl, - }, - "KUMA_DATAPLANE_MESH": { - Name: "KUMA_DATAPLANE_MESH", - Value: mesh, - }, - "KUMA_DATAPLANE_NAME": { - Name: "KUMA_DATAPLANE_NAME", - // notice that Pod name might not be available at this time (in case of Deployment, ReplicaSet, etc) - // that is why we have to use a runtime reference to POD_NAME instead - Value: "$(POD_NAME).$(POD_NAMESPACE)", // variable references get expanded by Kubernetes - }, - "KUMA_DATAPLANE_ADMIN_PORT": { - Name: "KUMA_DATAPLANE_ADMIN_PORT", - Value: fmt.Sprintf("%d", i.cfg.SidecarContainer.AdminPort), - }, - "KUMA_DATAPLANE_DRAIN_TIME": { - Name: "KUMA_DATAPLANE_DRAIN_TIME", - Value: i.cfg.SidecarContainer.DrainTime.String(), - }, - "KUMA_DATAPLANE_RUNTIME_TOKEN_PATH": { - Name: "KUMA_DATAPLANE_RUNTIME_TOKEN_PATH", - Value: "/var/run/secrets/kubernetes.io/serviceaccount/token", - }, - "KUMA_CONTROL_PLANE_CA_CERT": { - Name: "KUMA_CONTROL_PLANE_CA_CERT", - Value: i.caCert, - }, - } - if i.cfg.BuiltinDNS.Enabled { - envVars["KUMA_DNS_ENABLED"] = kube_core.EnvVar{ - Name: "KUMA_DNS_ENABLED", - Value: "true", - } - - envVars["KUMA_DNS_CORE_DNS_PORT"] = kube_core.EnvVar{ - Name: "KUMA_DNS_CORE_DNS_PORT", - Value: strconv.FormatInt(int64(i.cfg.BuiltinDNS.Port), 10), - } - - envVars["KUMA_DNS_CORE_DNS_EMPTY_PORT"] = kube_core.EnvVar{ - Name: "KUMA_DNS_CORE_DNS_EMPTY_PORT", - Value: strconv.FormatInt(int64(i.cfg.BuiltinDNS.Port+1), 10), - } - - envVars["KUMA_DNS_ENVOY_DNS_PORT"] = kube_core.EnvVar{ - Name: "KUMA_DNS_ENVOY_DNS_PORT", - Value: strconv.FormatInt(int64(i.cfg.BuiltinDNS.Port+2), 10), - } - - envVars["KUMA_DNS_CORE_DNS_BINARY_PATH"] = kube_core.EnvVar{ - Name: "KUMA_DNS_CORE_DNS_BINARY_PATH", - Value: "coredns", - } - } else { - envVars["KUMA_DNS_ENABLED"] = kube_core.EnvVar{ - Name: "KUMA_DNS_ENABLED", - Value: "false", - } - } - - // override defaults with cfg env vars - for envName, envVal := range i.cfg.SidecarContainer.EnvVars { - envVars[envName] = kube_core.EnvVar{ - Name: envName, - Value: envVal, - } - } - - // override defaults and cfg env vars with annotations - annotationEnvVars, err := metadata.Annotations(podAnnotations).GetMap(metadata.KumaSidecarEnvVarsAnnotation) - if err != nil { - return nil, err - } - for envName, envVal := range annotationEnvVars { - envVars[envName] = kube_core.EnvVar{ - Name: envName, - Value: envVal, - } - } - - var result []kube_core.EnvVar - for _, v := range envVars { - result = append(result, v) - } - sort.Stable(EnvVarsByName(result)) - - // those values needs to be added before other vars, otherwise expressions like "$(POD_NAME).$(POD_NAMESPACE)" won't be evaluated - result = append([]kube_core.EnvVar{ - { - Name: "POD_NAME", - ValueFrom: &kube_core.EnvVarSource{ - FieldRef: &kube_core.ObjectFieldSelector{ - APIVersion: "v1", - FieldPath: "metadata.name", - }, - }, - }, - { - Name: "POD_NAMESPACE", - ValueFrom: &kube_core.EnvVarSource{ - FieldRef: &kube_core.ObjectFieldSelector{ - APIVersion: "v1", - FieldPath: "metadata.namespace", - }, - }, - }, - { - Name: "INSTANCE_IP", - ValueFrom: &kube_core.EnvVarSource{ - FieldRef: &kube_core.ObjectFieldSelector{ - APIVersion: "v1", - FieldPath: "status.podIP", - }, - }, - }, - }, result...) - - return result, nil -} - func (i *KumaInjector) NewVolumeMounts(pod *kube_core.Pod) []kube_core.VolumeMount { if tokenVolumeMount := i.FindServiceAccountToken(&pod.Spec); tokenVolumeMount != nil { return []kube_core.VolumeMount{*tokenVolumeMount} @@ -591,11 +357,3 @@ func portsToAnnotationValue(ports []uint32) string { } return strings.Join(stringPorts, ",") } - -type EnvVarsByName []kube_core.EnvVar - -func (a EnvVarsByName) Len() int { return len(a) } -func (a EnvVarsByName) Swap(i, j int) { a[i], a[j] = a[j], a[i] } -func (a EnvVarsByName) Less(i, j int) bool { - return a[i].Name < a[j].Name -} From b76f57d8412da503a1a153a8ee68a0294a0677c8 Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Fri, 5 Nov 2021 13:35:31 +0100 Subject: [PATCH 5/9] feat(gateway): add Gateway API CRDs + RBAC Signed-off-by: Mike Beaumont --- .../charts/kuma/templates/cp-rbac.yaml | 35 +++++++++++++++++++ go.mod | 3 +- go.sum | 22 +++++++++++- pkg/plugins/bootstrap/k8s/scheme.go | 4 +++ 4 files changed, 62 insertions(+), 2 deletions(-) diff --git a/deployments/charts/kuma/templates/cp-rbac.yaml b/deployments/charts/kuma/templates/cp-rbac.yaml index 9370bc9bd8d2..5d4b5f1ac148 100644 --- a/deployments/charts/kuma/templates/cp-rbac.yaml +++ b/deployments/charts/kuma/templates/cp-rbac.yaml @@ -24,6 +24,41 @@ rules: - get - list - watch + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - referencepolicies + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - patch + - update - apiGroups: - coordination.k8s.io resources: diff --git a/go.mod b/go.mod index d9770a3137a4..476232dd59e3 100644 --- a/go.mod +++ b/go.mod @@ -65,6 +65,7 @@ require ( k8s.io/utils v0.0.0-20210820185131-d34e5cb4466e sigs.k8s.io/controller-runtime v0.10.3 sigs.k8s.io/controller-tools v0.7.0 + sigs.k8s.io/gateway-api v0.4.0 sigs.k8s.io/testing_frameworks v0.1.2 ) @@ -188,7 +189,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect k8s.io/component-base v0.22.4 // indirect - k8s.io/klog/v2 v2.9.0 // indirect + k8s.io/klog/v2 v2.10.0 // indirect k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c // indirect sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect sigs.k8s.io/yaml v1.2.0 // indirect diff --git a/go.sum b/go.sum index f674b9587045..3655147960aa 100644 --- a/go.sum +++ b/go.sum @@ -175,6 +175,7 @@ github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= +github.com/ahmetb/gen-crd-api-reference-docs v0.3.0/go.mod h1:TdjdkYhlOifCQWPs1UdTma97kQQMozf5h26hTuG70u8= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -1702,6 +1703,7 @@ go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= +go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= @@ -2420,11 +2422,13 @@ k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= k8s.io/api v0.21.1/go.mod h1:FstGROTmsSHBarKc8bylzXih8BLNYTiS3TZcsoEDg2s= +k8s.io/api v0.21.3/go.mod h1:hUgeYHUbBp23Ue4qdX9tR8/ANi/g3ehylAqDn9NWVOg= k8s.io/api v0.22.1/go.mod h1:bh13rkTp3F1XEaLGykbyRD2QaTTzPm0e/BMd8ptFONY= k8s.io/api v0.22.2/go.mod h1:y3ydYpLJAaDI+BbSe2xmGcqxiWHmWjkEeIbiwHvnPR8= k8s.io/api v0.22.4 h1:UvyHW0ezB2oIgHAxlYoo6UJQObYXU7awuNarwoHEOjw= k8s.io/api v0.22.4/go.mod h1:Rgs+9gIGYC5laXQSZZ9JqT5NevNgoGiOdVWi1BAB3qk= k8s.io/apiextensions-apiserver v0.21.1/go.mod h1:KESQFCGjqVcVsZ9g0xX5bacMjyX5emuWcS2arzdEouA= +k8s.io/apiextensions-apiserver v0.21.3/go.mod h1:kl6dap3Gd45+21Jnh6utCx8Z2xxLm8LGDkprcd+KbsE= k8s.io/apiextensions-apiserver v0.22.1/go.mod h1:HeGmorjtRmRLE+Q8dJu6AYRoZccvCMsghwS8XTUYb2c= k8s.io/apiextensions-apiserver v0.22.2/go.mod h1:2E0Ve/isxNl7tWLSUDgi6+cmwHi5fQRdwGVCxbC+KFA= k8s.io/apiextensions-apiserver v0.22.4 h1:2iGpcVyw4MnAyyXVJU2Xg6ZsbIxAOfRHo0LF5A5J0RA= @@ -2433,6 +2437,7 @@ k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRp k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= k8s.io/apimachinery v0.21.1/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY= +k8s.io/apimachinery v0.21.3/go.mod h1:H/IM+5vH9kZRNJ4l3x/fXP/5bOPJaVP/guptnZPeCFI= k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= k8s.io/apimachinery v0.22.2/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= k8s.io/apimachinery v0.22.4 h1:9uwcvPpukBw/Ri0EUmWz+49cnFtaoiyEhQTK+xOe7Ck= @@ -2441,6 +2446,7 @@ k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q= k8s.io/apiserver v0.21.1/go.mod h1:nLLYZvMWn35glJ4/FZRhzLG/3MPxAaZTgV4FJZdr+tY= +k8s.io/apiserver v0.21.3/go.mod h1:eDPWlZG6/cCCMj/JBcEpDoK+I+6i3r9GsChYBHSbAzU= k8s.io/apiserver v0.22.1/go.mod h1:2mcM6dzSt+XndzVQJX21Gx0/Klo7Aen7i0Ai6tIa400= k8s.io/apiserver v0.22.2/go.mod h1:vrpMmbyjWrgdyOvZTSpsusQq5iigKNWv9o9KlDAbBHI= k8s.io/apiserver v0.22.4/go.mod h1:38WmcUZiiy41A7Aty8/VorWRa8vDGqoUzDf2XYlku0E= @@ -2449,11 +2455,14 @@ k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0= k8s.io/client-go v0.21.1/go.mod h1:/kEw4RgW+3xnBGzvp9IWxKSNA+lXn3A7AuH3gdOAzLs= +k8s.io/client-go v0.21.3/go.mod h1:+VPhCgTsaFmGILxR/7E1N0S+ryO010QBeNCv5JwRGYU= k8s.io/client-go v0.22.1/go.mod h1:BquC5A4UOo4qVDUtoc04/+Nxp1MeHcVc1HJm1KmG8kk= k8s.io/client-go v0.22.2/go.mod h1:sAlhrkVDf50ZHx6z4K0S40wISNTarf1r800F+RlCF6U= k8s.io/client-go v0.22.4 h1:aAQ1Wk+I3bjCNk35YWUqbaueqrIonkfDPJSPDDe8Kfg= k8s.io/client-go v0.22.4/go.mod h1:Yzw4e5e7h1LNHA4uqnMVrpEpUs1hJOiuBsJKIlRCHDA= k8s.io/code-generator v0.21.1/go.mod h1:hUlps5+9QaTrKx+jiM4rmq7YmH8wPOIko64uZCHDh6Q= +k8s.io/code-generator v0.21.3/go.mod h1:K3y0Bv9Cz2cOW2vXUrNZlFbflhuPvuadW6JdnN6gGKo= +k8s.io/code-generator v0.22.0/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= k8s.io/code-generator v0.22.1/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= k8s.io/code-generator v0.22.2/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= k8s.io/code-generator v0.22.4/go.mod h1:qjYl54pQ/emhkT0UxbufbREYJMWsHNNV/jSVwhYZQGw= @@ -2461,6 +2470,7 @@ k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeY k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI= k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM= k8s.io/component-base v0.21.1/go.mod h1:NgzFZ2qu4m1juby4TnrmpR8adRk6ka62YdH5DkIIyKA= +k8s.io/component-base v0.21.3/go.mod h1:kkuhtfEHeZM6LkX0saqSK8PbdO7A0HigUngmhhrwfGQ= k8s.io/component-base v0.22.1/go.mod h1:0D+Bl8rrnsPN9v0dyYvkqFfBeAd4u7n77ze+p8CMiPo= k8s.io/component-base v0.22.2/go.mod h1:5Br2QhI9OTe79p+TzPe9JKNQYvEKbq9rTJDWllunGug= k8s.io/component-base v0.22.4 h1:7qwLJnua2ppGNZrRGDQ0vhsFebI39VGbZ4zdR5ArViI= @@ -2471,13 +2481,17 @@ k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/klog v0.2.0 h1:0ElL0OHzF3N+OhoJTL0uca20SxtYt4X4+bzHeqrB83c= +k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.8.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/klog/v2 v2.9.0 h1:D7HV+n1V57XeZ0m6tdRkfknthUaM06VFbWldOFh8kzM= k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= +k8s.io/klog/v2 v2.10.0 h1:R2HDMDJsHVTHA2n4RjwbeYXdOcBymXdX/JRb1v0VGhE= +k8s.io/klog/v2 v2.10.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/kube-aggregator v0.22.2/go.mod h1:hsd0LEmVQSvMc0UzAwmcm/Gk3HzLp50mq/o6cu1ky2A= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE= @@ -2490,6 +2504,7 @@ k8s.io/metrics v0.22.1/go.mod h1:i/ZNap89UkV1gLa26dn7fhKAdheJaKy+moOqJbiif7E= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210527160623-6fdb442a123b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20210722164352-7f3ee0f31471/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210820185131-d34e5cb4466e h1:ldQh+neBabomh7+89dTpiFAB8tGdfVmuIzAHbvtl+9I= k8s.io/utils v0.0.0-20210820185131-d34e5cb4466e/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= @@ -2527,14 +2542,19 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.19/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/controller-runtime v0.9.0/go.mod h1:TgkfvrhhEw3PlI0BRL/5xM+89y3/yc0ZDfdbTl84si8= +sigs.k8s.io/controller-runtime v0.9.6/go.mod h1:q6PpkM5vqQubEKUKOM6qr06oXGzOBcCby1DA9FbyZeA= sigs.k8s.io/controller-runtime v0.10.2/go.mod h1:CQp8eyUQZ/Q7PJvnIrB6/hgfTC1kBkGylwsLgOQi1WY= sigs.k8s.io/controller-runtime v0.10.3 h1:s5Ttmw/B4AuIbwrXD3sfBkXwnPMMWrqpVj4WRt1dano= sigs.k8s.io/controller-runtime v0.10.3/go.mod h1:CQp8eyUQZ/Q7PJvnIrB6/hgfTC1kBkGylwsLgOQi1WY= sigs.k8s.io/controller-tools v0.6.0/go.mod h1:baRMVPrctU77F+rfAuH2uPqW93k6yQnZA2dhUOr7ihc= +sigs.k8s.io/controller-tools v0.6.2/go.mod h1:oaeGpjXn6+ZSEIQkUe/+3I40PNiDYp9aeawbt3xTgJ8= sigs.k8s.io/controller-tools v0.7.0 h1:iZIz1vEcavyEfxjcTLs1WH/MPf4vhPCtTKhoHqV8/G0= sigs.k8s.io/controller-tools v0.7.0/go.mod h1:bpBAo0VcSDDLuWt47evLhMLPxRPxMDInTEH/YbdeMK0= +sigs.k8s.io/gateway-api v0.4.0 h1:07IJkTt21NetZTHtPKJk2I4XIgDN4BAlTIq1wK7V11o= +sigs.k8s.io/gateway-api v0.4.0/go.mod h1:r3eiNP+0el+NTLwaTfOrCNXy8TukC+dIM3ggc+fbNWk= sigs.k8s.io/kustomize/api v0.8.11/go.mod h1:a77Ls36JdfCWojpUqR6m60pdGY1AYFix4AH83nJtY1g= sigs.k8s.io/kustomize/cmd/config v0.9.13/go.mod h1:7547FLF8W/lTaDf0BDqFTbZxM9zqwEJqCKN9sSR0xSs= sigs.k8s.io/kustomize/kustomize/v4 v4.2.0/go.mod h1:MOkR6fmhwG7hEDRXBYELTi5GSFcLwfqwzTRHW3kv5go= diff --git a/pkg/plugins/bootstrap/k8s/scheme.go b/pkg/plugins/bootstrap/k8s/scheme.go index ce11975f138b..d6b08fa60100 100644 --- a/pkg/plugins/bootstrap/k8s/scheme.go +++ b/pkg/plugins/bootstrap/k8s/scheme.go @@ -5,6 +5,7 @@ import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" kube_runtime "k8s.io/apimachinery/pkg/runtime" kube_client_scheme "k8s.io/client-go/kubernetes/scheme" + gatewayapi "sigs.k8s.io/gateway-api/apis/v1alpha2" mesh_k8s "github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/api/v1alpha1" k8scnicncfio "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/apis/k8s.cni.cncf.io" @@ -25,5 +26,8 @@ func NewScheme() (*kube_runtime.Scheme, error) { if err := apiextensionsv1.AddToScheme(s); err != nil { return nil, errors.Wrapf(err, "could not add %q to scheme", apiextensionsv1.SchemeGroupVersion) } + if err := gatewayapi.Install(s); err != nil { + return nil, errors.Wrapf(err, "could not add %q to scheme", gatewayapi.SchemeGroupVersion) + } return s, nil } From c43337aa5ca33e60c999d2882cc71274a8260eef Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Tue, 9 Nov 2021 12:47:30 +0100 Subject: [PATCH 6/9] test(install-control-plane): add new resources to golden files Signed-off-by: Mike Beaumont --- ...tall-control-plane.cni-enabled.golden.yaml | 35 +++++++++++++++++++ ...install-control-plane.defaults.golden.yaml | 35 +++++++++++++++++++ .../install-control-plane.global.golden.yaml | 35 +++++++++++++++++++ ...ontrol-plane.override-env-vars.golden.yaml | 35 +++++++++++++++++++ ...nstall-control-plane.overrides.golden.yaml | 35 +++++++++++++++++++ ...all-control-plane.with-ingress.golden.yaml | 35 +++++++++++++++++++ .../install-control-plane.zone.golden.yaml | 35 +++++++++++++++++++ 7 files changed, 245 insertions(+) diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml index 83a8cb397962..5debf3b23035 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml @@ -723,6 +723,41 @@ rules: - get - list - watch + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - referencepolicies + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - patch + - update - apiGroups: - coordination.k8s.io resources: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml index 9113fa8eeb46..e5175634377c 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml @@ -670,6 +670,41 @@ rules: - get - list - watch + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - referencepolicies + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - patch + - update - apiGroups: - coordination.k8s.io resources: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml index c968e53f3009..bf21b715cdd2 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml @@ -670,6 +670,41 @@ rules: - get - list - watch + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - referencepolicies + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - patch + - update - apiGroups: - coordination.k8s.io resources: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml index 4cae99241191..e0d238455209 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml @@ -670,6 +670,41 @@ rules: - get - list - watch + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - referencepolicies + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - patch + - update - apiGroups: - coordination.k8s.io resources: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml index 9bdf750d78f2..a3fd7b79d2f4 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml @@ -670,6 +670,41 @@ rules: - get - list - watch + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - referencepolicies + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - patch + - update - apiGroups: - coordination.k8s.io resources: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml index 8e2f827f402d..b122623e16fa 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml @@ -679,6 +679,41 @@ rules: - get - list - watch + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - referencepolicies + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - patch + - update - apiGroups: - coordination.k8s.io resources: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml index 358dc7e34c59..f410d53733e4 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml @@ -670,6 +670,41 @@ rules: - get - list - watch + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - referencepolicies + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/status + verbs: + - get + - patch + - update - apiGroups: - coordination.k8s.io resources: From 0f8ed2dbec57ef126ed7409f848d95222c1dee91 Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Fri, 5 Nov 2021 13:37:59 +0100 Subject: [PATCH 7/9] feat(gateway): add initial gatewayapi.Gateway controller Signed-off-by: Mike Beaumont --- api/mesh/v1alpha1/dataplane_helpers.go | 3 + .../k8s/controllers/gatewayapi/condition.go | 51 +++++ .../k8s/controllers/gatewayapi/converter.go | 174 ++++++++++++++++ .../k8s/controllers/gatewayapi/deployment.go | 134 +++++++++++++ .../gatewayapi/gateway_controller.go | 186 ++++++++++++++++++ .../gatewayapi/http_route_controller.go | 175 ++++++++++++++++ pkg/plugins/runtime/k8s/plugin.go | 3 + pkg/plugins/runtime/k8s/plugin_gateway.go | 78 ++++++++ 8 files changed, 804 insertions(+) create mode 100644 pkg/plugins/runtime/k8s/controllers/gatewayapi/condition.go create mode 100644 pkg/plugins/runtime/k8s/controllers/gatewayapi/converter.go create mode 100644 pkg/plugins/runtime/k8s/controllers/gatewayapi/deployment.go create mode 100644 pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_controller.go create mode 100644 pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_controller.go create mode 100644 pkg/plugins/runtime/k8s/plugin_gateway.go diff --git a/api/mesh/v1alpha1/dataplane_helpers.go b/api/mesh/v1alpha1/dataplane_helpers.go index 11172e35d16a..c7e685d7c916 100644 --- a/api/mesh/v1alpha1/dataplane_helpers.go +++ b/api/mesh/v1alpha1/dataplane_helpers.go @@ -29,6 +29,9 @@ const ( // External service tag ExternalServiceTag = "kuma.io/external-service-name" + // Listener tag is used to select Gateway listeners + ListenerTag = "gateways.kuma.io/listener-name" + // Used for Service-less dataplanes TCPPortReserved = 49151 // IANA Reserved ) diff --git a/pkg/plugins/runtime/k8s/controllers/gatewayapi/condition.go b/pkg/plugins/runtime/k8s/controllers/gatewayapi/condition.go new file mode 100644 index 000000000000..09d431606b3e --- /dev/null +++ b/pkg/plugins/runtime/k8s/controllers/gatewayapi/condition.go @@ -0,0 +1,51 @@ +package controllers + +import ( + kube_apps "k8s.io/api/apps/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kube_client "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi "sigs.k8s.io/gateway-api/apis/v1alpha2" +) + +func conditionOn( + obj kube_client.Object, typ gatewayapi.GatewayConditionType, status metav1.ConditionStatus, reason gatewayapi.GatewayConditionReason, +) metav1.Condition { + return metav1.Condition{ + Type: string(typ), Status: status, Reason: string(reason), LastTransitionTime: metav1.Now(), ObservedGeneration: obj.GetGeneration(), + } +} + +func getCondition(deployment *kube_apps.Deployment, typ kube_apps.DeploymentConditionType) *metav1.ConditionStatus { + for _, c := range deployment.Status.Conditions { + if c.Type == typ { + status := metav1.ConditionStatus(c.Status) + return &status + } + } + + return nil +} + +func setConditions(gateway *gatewayapi.Gateway, deployment *kube_apps.Deployment) { + conditions := []metav1.Condition{ + conditionOn(gateway, gatewayapi.GatewayConditionScheduled, metav1.ConditionTrue, gatewayapi.GatewayReasonScheduled), + } + + // TODO(michaelbeaumont) it'd be nice to get more up to date info from the + // kuma-dp instance to tell whether listeners are _really_ ready + if len(gateway.Status.Addresses) == 0 { + conditions = append(conditions, + conditionOn(gateway, gatewayapi.GatewayConditionReady, metav1.ConditionFalse, gatewayapi.GatewayReasonAddressNotAssigned), + ) + } else if condition := getCondition(deployment, kube_apps.DeploymentAvailable); condition == nil || *condition != metav1.ConditionTrue { + conditions = append(conditions, + conditionOn(gateway, gatewayapi.GatewayConditionReady, metav1.ConditionFalse, gatewayapi.GatewayReasonListenersNotReady), + ) + } else { + conditions = append(conditions, + conditionOn(gateway, gatewayapi.GatewayConditionReady, metav1.ConditionTrue, gatewayapi.GatewayReasonReady), + ) + } + + gateway.Status.Conditions = conditions +} diff --git a/pkg/plugins/runtime/k8s/controllers/gatewayapi/converter.go b/pkg/plugins/runtime/k8s/controllers/gatewayapi/converter.go new file mode 100644 index 000000000000..828ca7905251 --- /dev/null +++ b/pkg/plugins/runtime/k8s/controllers/gatewayapi/converter.go @@ -0,0 +1,174 @@ +package controllers + +import ( + "errors" + "fmt" + + gatewayapi "sigs.k8s.io/gateway-api/apis/v1alpha2" + + mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" + util_proto "github.com/kumahq/kuma/pkg/util/proto" +) + +func k8sToKumaHeader(header gatewayapi.HTTPHeader) *mesh_proto.GatewayRoute_HttpRoute_Filter_RequestHeader_Header { + return &mesh_proto.GatewayRoute_HttpRoute_Filter_RequestHeader_Header{ + Name: string(header.Name), + Value: header.Value, + } +} + +func gapiToKumaRef(objectNamespace string, ref gatewayapi.BackendObjectReference) (map[string]string, error) { + // References to Services are required by GAPI to include a port + // TODO remove when https://github.com/kubernetes-sigs/gateway-api/pull/944 + // is in master + if ref.Port == nil { + return nil, errors.New("backend reference must include port") + } + + if *ref.Kind != "Service" { + return nil, errors.New("backend reference must be a Service") // TODO setappropriate status on gateway + } + + namespace := objectNamespace + if ref.Namespace != nil { + namespace = string(*ref.Namespace) + } + + return map[string]string{ + mesh_proto.ServiceTag: fmt.Sprintf("%s_%s_svc_%d", ref.Name, namespace, *ref.Port), + }, nil +} + +func gapiToKumaMatch(match gatewayapi.HTTPRouteMatch) (*mesh_proto.GatewayRoute_HttpRoute_Match, error) { + kumaMatch := &mesh_proto.GatewayRoute_HttpRoute_Match{} + + if m := match.Method; m != nil { + if kumaMethod, ok := mesh_proto.HttpMethod_value[string(*m)]; ok { + kumaMatch.Method = mesh_proto.HttpMethod(kumaMethod) + } else if *m != "" { + return nil, fmt.Errorf("unexpected HTTP method %s", *m) + } + } + + if p := match.Path; p != nil { + path := &mesh_proto.GatewayRoute_HttpRoute_Match_Path{ + Value: *p.Value, + } + + switch *p.Type { + case gatewayapi.PathMatchExact: + path.Match = mesh_proto.GatewayRoute_HttpRoute_Match_Path_EXACT + case gatewayapi.PathMatchPathPrefix: + path.Match = mesh_proto.GatewayRoute_HttpRoute_Match_Path_PREFIX + case gatewayapi.PathMatchRegularExpression: + path.Match = mesh_proto.GatewayRoute_HttpRoute_Match_Path_REGEX + } + + kumaMatch.Path = path + } + + for _, header := range match.Headers { + kumaHeader := &mesh_proto.GatewayRoute_HttpRoute_Match_Header{ + Name: string(header.Name), + Value: header.Value, + } + + switch *header.Type { + case gatewayapi.HeaderMatchExact: + kumaHeader.Match = mesh_proto.GatewayRoute_HttpRoute_Match_Header_EXACT + case gatewayapi.HeaderMatchRegularExpression: + kumaHeader.Match = mesh_proto.GatewayRoute_HttpRoute_Match_Header_REGEX + } + + kumaMatch.Headers = append(kumaMatch.Headers, kumaHeader) + } + + for _, query := range match.QueryParams { + kumaQuery := &mesh_proto.GatewayRoute_HttpRoute_Match_Query{ + Name: query.Name, + Value: query.Value, + } + + switch *query.Type { + case gatewayapi.QueryParamMatchExact: + kumaQuery.Match = mesh_proto.GatewayRoute_HttpRoute_Match_Query_EXACT + case gatewayapi.QueryParamMatchRegularExpression: + kumaQuery.Match = mesh_proto.GatewayRoute_HttpRoute_Match_Query_REGEX + } + + kumaMatch.QueryParameters = append(kumaMatch.QueryParameters, kumaQuery) + } + + return kumaMatch, nil +} + +func gapiToKumaFilter(namespace string, filter gatewayapi.HTTPRouteFilter) (*mesh_proto.GatewayRoute_HttpRoute_Filter, error) { + var kumaFilter mesh_proto.GatewayRoute_HttpRoute_Filter + + switch filter.Type { + case gatewayapi.HTTPRouteFilterRequestHeaderModifier: + filter := filter.RequestHeaderModifier + + var kumaInnerFilter mesh_proto.GatewayRoute_HttpRoute_Filter_RequestHeader + + for _, set := range filter.Set { + kumaInnerFilter.Set = append(kumaInnerFilter.Set, k8sToKumaHeader(set)) + } + + for _, add := range filter.Add { + kumaInnerFilter.Add = append(kumaInnerFilter.Add, k8sToKumaHeader(add)) + } + + kumaInnerFilter.Remove = filter.Remove + + kumaFilter.Filter = &mesh_proto.GatewayRoute_HttpRoute_Filter_RequestHeader_{ + RequestHeader: &kumaInnerFilter, + } + case gatewayapi.HTTPRouteFilterRequestMirror: + filter := filter.RequestMirror + + destinationRef, err := gapiToKumaRef(namespace, filter.BackendRef) + if err != nil { + return nil, err + } + + kumaInnerFilter := mesh_proto.GatewayRoute_HttpRoute_Filter_Mirror{ + Backend: &mesh_proto.GatewayRoute_Backend{ + Destination: destinationRef, + }, + Percentage: util_proto.Double(100), + } + + kumaFilter.Filter = &mesh_proto.GatewayRoute_HttpRoute_Filter_Mirror_{ + Mirror: &kumaInnerFilter, + } + case gatewayapi.HTTPRouteFilterRequestRedirect: + filter := filter.RequestRedirect + + kumaInnerFilter := mesh_proto.GatewayRoute_HttpRoute_Filter_Redirect{} + + if s := filter.Scheme; s != nil { + kumaInnerFilter.Scheme = *s + } + + if h := filter.Hostname; h != nil { + kumaInnerFilter.Hostname = string(*h) + } + + if p := filter.Port; p != nil { + kumaInnerFilter.Port = uint32(*p) + } + + if sc := filter.StatusCode; sc != nil { + kumaInnerFilter.StatusCode = uint32(*sc) + } + + kumaFilter.Filter = &mesh_proto.GatewayRoute_HttpRoute_Filter_Redirect_{ + Redirect: &kumaInnerFilter, + } + default: + return nil, fmt.Errorf("unsupported filter type %v", filter.Type) + } + + return &kumaFilter, nil +} diff --git a/pkg/plugins/runtime/k8s/controllers/gatewayapi/deployment.go b/pkg/plugins/runtime/k8s/controllers/gatewayapi/deployment.go new file mode 100644 index 000000000000..48a7a15fb3f3 --- /dev/null +++ b/pkg/plugins/runtime/k8s/controllers/gatewayapi/deployment.go @@ -0,0 +1,134 @@ +package controllers + +import ( + "context" + "fmt" + "strconv" + + "github.com/pkg/errors" + kube_apps "k8s.io/api/apps/v1" + kube_core "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kube_types "k8s.io/apimachinery/pkg/types" + kube_controllerutil "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + gatewayapi "sigs.k8s.io/gateway-api/apis/v1alpha2" + + core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" + "github.com/kumahq/kuma/pkg/core/resources/model" + "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/metadata" + util_k8s "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/util" +) + +func k8sResourceName(name string) string { + return fmt.Sprintf("%s-kuma-gateway", name) +} + +func k8sSelector(name string) map[string]string { + return map[string]string{"app": k8sResourceName(name)} +} + +func (r *GatewayReconciler) createOrUpdateService( + ctx context.Context, + gateway *core_mesh.GatewayResource, + k8sGateway *gatewayapi.Gateway, +) (*kube_core.Service, error) { + service := &kube_core.Service{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: k8sGateway.Namespace, + Name: k8sResourceName(k8sGateway.Name), + }, + } + + ns := kube_core.Namespace{} + if err := r.Client.Get(ctx, kube_types.NamespacedName{Name: k8sGateway.Namespace}, &ns); err != nil { + return nil, errors.Wrap(err, "unable to get Namespace for gateway") + } + + if _, err := kube_controllerutil.CreateOrUpdate(ctx, r.Client, service, func() error { + var ports []kube_core.ServicePort + + for _, listener := range gateway.Spec.GetConf().GetListeners() { + ports = append(ports, kube_core.ServicePort{ + Name: strconv.Itoa(int(listener.Port)), + Protocol: kube_core.ProtocolTCP, + Port: int32(listener.Port), + }) + } + + service.Spec = kube_core.ServiceSpec{ + Selector: k8sSelector(k8sGateway.Name), + Ports: ports, + Type: kube_core.ServiceTypeLoadBalancer, + } + + err := kube_controllerutil.SetControllerReference(k8sGateway, service, r.Scheme) + return errors.Wrap(err, "unable to set Service's controller reference to Gateway") + }); err != nil { + return nil, errors.Wrap(err, "unable to create or update Service for Gateway") + } + + return service, nil +} + +func (r *GatewayReconciler) createOrUpdateDeployment( + ctx context.Context, + gateway *core_mesh.GatewayResource, + k8sGateway *gatewayapi.Gateway, +) (*kube_apps.Deployment, error) { + ns := kube_core.Namespace{} + if err := r.Client.Get(ctx, kube_types.NamespacedName{Name: k8sGateway.Namespace}, &ns); err != nil { + return nil, errors.Wrap(err, "unable to get Namespace for gateway") + } + + deployment := &kube_apps.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: k8sGateway.GetNamespace(), + Name: k8sResourceName(k8sGateway.GetName()), + }, + } + + if _, err := kube_controllerutil.CreateOrUpdate(ctx, r.Client, deployment, func() error { + // TODO(michaelbeaumont) fix the resource limits ro fit use as a gateway + // proxy + container, err := r.ProxyFactory.NewContainer(k8sGateway.Annotations, &ns) + if err != nil { + return errors.Wrap(err, "unable to create Gateway container") + } + + container.Name = util_k8s.KumaGatewayContainerName + + podSpec := kube_core.PodSpec{ + Containers: []kube_core.Container{container}, + } + + annotations := map[string]string{ + metadata.KumaGatewayAnnotation: metadata.AnnotationBuiltin, + metadata.KumaSidecarInjectionAnnotation: metadata.AnnotationDisabled, + } + + if mesh := util_k8s.MeshFor(k8sGateway); mesh != model.DefaultMesh { + annotations[metadata.KumaMeshAnnotation] = mesh + } + + var replicas int32 = 1 + + deployment.Spec.Replicas = &replicas + deployment.Spec.Selector = &metav1.LabelSelector{ + MatchLabels: k8sSelector(k8sGateway.Name), + } + deployment.Spec.Template = kube_core.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: k8sSelector(k8sGateway.Name), + Annotations: annotations, + }, + Spec: podSpec, + } + + err = kube_controllerutil.SetControllerReference(k8sGateway, deployment, r.Scheme) + return errors.Wrap(err, "unable to set Deployments's controller reference to Gateway") + }); err != nil { + return nil, errors.Wrap(err, "unable to create or update Deployment for Gateway") + } + + return deployment, nil +} diff --git a/pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_controller.go b/pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_controller.go new file mode 100644 index 000000000000..af0839b3a8f7 --- /dev/null +++ b/pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_controller.go @@ -0,0 +1,186 @@ +package controllers + +import ( + "context" + "fmt" + + "github.com/go-logr/logr" + "github.com/pkg/errors" + kube_apps "k8s.io/api/apps/v1" + kube_core "k8s.io/api/core/v1" + kube_apierrs "k8s.io/apimachinery/pkg/api/errors" + kube_runtime "k8s.io/apimachinery/pkg/runtime" + kube_types "k8s.io/apimachinery/pkg/types" + kube_ctrl "sigs.k8s.io/controller-runtime" + kube_client "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi "sigs.k8s.io/gateway-api/apis/v1alpha2" + + mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" + core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" + "github.com/kumahq/kuma/pkg/core/resources/manager" + "github.com/kumahq/kuma/pkg/core/resources/model" + k8s_common "github.com/kumahq/kuma/pkg/plugins/common/k8s" + mesh_k8s "github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/api/v1alpha1" + "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/containers" + k8s_util "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/util" + util_k8s "github.com/kumahq/kuma/pkg/util/k8s" +) + +const controllerName = "gateways.kuma.io/controller" + +// GatewayReconciler reconciles a GatewayAPI Gateway object. +type GatewayReconciler struct { + kube_client.Client + Reader kube_client.Reader + Log logr.Logger + + Scheme *kube_runtime.Scheme + Converter k8s_common.Converter + SystemNamespace string + ProxyFactory containers.DataplaneProxyFactory + ResourceManager manager.ResourceManager +} + +// Reconcile handles transforming a gateway-api Gateway into a Kuma Gateway and +// managing the status of the gateway-api objects. +func (r *GatewayReconciler) Reconcile(ctx context.Context, req kube_ctrl.Request) (kube_ctrl.Result, error) { + gateway := &gatewayapi.Gateway{} + if err := r.Get(ctx, req.NamespacedName, gateway); err != nil { + if kube_apierrs.IsNotFound(err) { + return kube_ctrl.Result{}, nil + } + + return kube_ctrl.Result{}, err + } + + class, err := r.getGatewayClass(ctx, gateway.Spec.GatewayClassName) + if err != nil { + return kube_ctrl.Result{}, errors.Wrap(err, "unable to retrieve GatewayClass referenced by Gateway") + } else if class == nil { + return kube_ctrl.Result{}, nil + } + + coreName := util_k8s.K8sNamespacedNameToCoreName(gateway.Name, gateway.Namespace) + mesh := k8s_util.MeshFor(gateway) + + resource := core_mesh.NewGatewayResource() + + if err := manager.Upsert(r.ResourceManager, model.ResourceKey{Mesh: mesh, Name: coreName}, resource, func(resource model.Resource) error { + gatewaySpec, err := r.gapiToKumaGateway(gateway) + if err != nil { + return errors.Wrap(err, "could not create Kuma Gateway spec") + } + + return resource.SetSpec(gatewaySpec) + }); err != nil { + return kube_ctrl.Result{}, errors.Wrap(err, "could not upsert Gateway") + } + + deployment, err := r.createOrUpdateDeployment(ctx, resource, gateway) + if err != nil { + return kube_ctrl.Result{}, errors.Wrap(err, "unable to create Deployment for Gateway") + } + + svc, err := r.createOrUpdateService(ctx, resource, gateway) + if err != nil { + return kube_ctrl.Result{}, errors.Wrap(err, "unable to create Service for Gateway") + } + + r.updateStatus(gateway, svc, deployment) + + if err := r.Get(ctx, req.NamespacedName, gateway); err != nil { + return kube_ctrl.Result{}, errors.Wrap(err, "unable to get Gateway") + } + + if err := r.Client.Status().Update(ctx, gateway); err != nil { + return kube_ctrl.Result{}, errors.Wrap(err, "unable to update Gateway status") + } + + return kube_ctrl.Result{}, nil +} + +func (r *GatewayReconciler) getGatewayClass(ctx context.Context, name gatewayapi.ObjectName) (*gatewayapi.GatewayClass, error) { + class := &gatewayapi.GatewayClass{} + classObjectKey := kube_types.NamespacedName{Name: string(name)} + + if err := r.Client.Get(ctx, classObjectKey, class); err != nil { + if kube_apierrs.IsNotFound(err) { + return nil, nil + } + + return nil, errors.Wrapf(err, "failed to get GatewayClass %s", classObjectKey) + } + + if class.Spec.ControllerName != controllerName { + return nil, nil + } + + return class, nil +} + +func (r *GatewayReconciler) gapiToKumaGateway(gateway *gatewayapi.Gateway) (*mesh_proto.Gateway, error) { + var listeners []*mesh_proto.Gateway_Listener + + for _, l := range gateway.Spec.Listeners { + listener := &mesh_proto.Gateway_Listener{ + Port: uint32(l.Port), + Tags: map[string]string{ + // gateway-api routes are configured using direct references to + // Gateways, so just create a tag specifically for this listener + mesh_proto.ListenerTag: string(l.Name), + }, + } + + if protocol, ok := mesh_proto.Gateway_Listener_Protocol_value[string(l.Protocol)]; ok { + listener.Protocol = mesh_proto.Gateway_Listener_Protocol(protocol) + } else if l.Protocol != "" { + return nil, errors.Errorf("unexpected protocol %s", l.Protocol) + } + + listener.Hostname = "*" + if l.Hostname != nil { + listener.Hostname = string(*l.Hostname) + } + + listeners = append(listeners, listener) + } + + match := map[string]string{ + mesh_proto.ServiceTag: fmt.Sprintf("%s-kuma-gateway_%s_svc", gateway.Name, gateway.Namespace), + } + + return &mesh_proto.Gateway{ + Selectors: []*mesh_proto.Selector{ + {Match: match}, + }, + Conf: &mesh_proto.Gateway_Conf{ + Listeners: listeners, + }, + }, nil +} + +func (r *GatewayReconciler) updateStatus(gateway *gatewayapi.Gateway, svc *kube_core.Service, deployment *kube_apps.Deployment) { + ipType := gatewayapi.IPAddressType + + var addrs []gatewayapi.GatewayAddress + + for _, addr := range svc.Status.LoadBalancer.Ingress { + addrs = append(addrs, gatewayapi.GatewayAddress{ + Type: &ipType, + Value: addr.IP, + }) + } + + gateway.Status.Addresses = addrs + + setConditions(gateway, deployment) +} + +func (r *GatewayReconciler) SetupWithManager(mgr kube_ctrl.Manager) error { + return kube_ctrl.NewControllerManagedBy(mgr). + For(&gatewayapi.Gateway{}). + Owns(&mesh_k8s.Gateway{}). + Owns(&kube_core.Service{}). + Owns(&kube_apps.Deployment{}). + Complete(r) +} diff --git a/pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_controller.go b/pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_controller.go new file mode 100644 index 000000000000..2db2b6b0c4e7 --- /dev/null +++ b/pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_controller.go @@ -0,0 +1,175 @@ +package controllers + +import ( + "context" + "fmt" + + "github.com/go-logr/logr" + "github.com/pkg/errors" + kube_apierrs "k8s.io/apimachinery/pkg/api/errors" + kube_runtime "k8s.io/apimachinery/pkg/runtime" + kube_ctrl "sigs.k8s.io/controller-runtime" + kube_client "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi "sigs.k8s.io/gateway-api/apis/v1alpha2" + + mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" + "github.com/kumahq/kuma/pkg/core" + core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" + "github.com/kumahq/kuma/pkg/core/resources/manager" + "github.com/kumahq/kuma/pkg/core/resources/model" + "github.com/kumahq/kuma/pkg/core/resources/store" + k8s_common "github.com/kumahq/kuma/pkg/plugins/common/k8s" + k8s_util "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/util" + util_k8s "github.com/kumahq/kuma/pkg/util/k8s" +) + +// HTTPRouteReconciler reconciles a GatewayAPI object into Kuma-native objects +type HTTPRouteReconciler struct { + kube_client.Client + Reader kube_client.Reader + Log logr.Logger + + Scheme *kube_runtime.Scheme + Converter k8s_common.Converter + SystemNamespace string + ResourceManager manager.ResourceManager +} + +// Reconcile handles transforming a gateway-api HTTPRoute into a Kuma +// GatewayRoute and managing the status of the gateway-api objects. +func (r *HTTPRouteReconciler) Reconcile(ctx context.Context, req kube_ctrl.Request) (kube_ctrl.Result, error) { + httpRoute := &gatewayapi.HTTPRoute{} + if err := r.Get(ctx, req.NamespacedName, httpRoute); err != nil { + if kube_apierrs.IsNotFound(err) { + return kube_ctrl.Result{}, nil + } + + return kube_ctrl.Result{}, err + } + + // TODO check that gateways exist etc + // TODO set status on gapi resources + + coreName := util_k8s.K8sNamespacedNameToCoreName(httpRoute.Name, httpRoute.Namespace) + mesh := k8s_util.MeshFor(httpRoute) + + resource := core_mesh.NewGatewayRouteResource() + + if err := manager.Upsert(r.ResourceManager, model.ResourceKey{Mesh: mesh, Name: coreName}, resource, func(resource model.Resource) error { + spec, err := r.gapiToKumaRoute(httpRoute.Namespace, httpRoute) + if err != nil { + return errors.Wrap(err, "error generating GatewayRoute") + } + + return resource.SetSpec(spec) + }); err != nil { + return kube_ctrl.Result{}, errors.Wrap(err, "could not upsert GatewayRoute") + } + + var err error + + resource.Spec, err = r.gapiToKumaRoute(httpRoute.Namespace, httpRoute) + if err != nil { + return kube_ctrl.Result{}, err + } + + err = r.ResourceManager.Update(ctx, resource, store.ModifiedAt(core.Now())) + + return kube_ctrl.Result{}, errors.Wrap(err, "could not update GatewayRoute resource") +} + +func (r *HTTPRouteReconciler) gapiToKumaRoute(namespace string, route *gatewayapi.HTTPRoute) (*mesh_proto.GatewayRoute, error) { + var selectors []*mesh_proto.Selector + + // Convert GAPI parent refs into Kuma tag matchers + for _, ref := range route.Spec.ParentRefs { + namespace := route.Namespace + if ns := ref.Namespace; ns != nil { + namespace = string(*ns) + } + + match := map[string]string{ + mesh_proto.ServiceTag: fmt.Sprintf("%s-kuma-gateway_%s_svc", string(ref.Name), namespace), + } + if ref.SectionName != nil { + match[mesh_proto.ListenerTag] = string(*ref.SectionName) + } + + selectors = append(selectors, &mesh_proto.Selector{ + Match: match, + }) + } + + var hostnames []string + + for _, hn := range route.Spec.Hostnames { + hostnames = append(hostnames, string(hn)) + } + + var rules []*mesh_proto.GatewayRoute_HttpRoute_Rule + + for _, rule := range route.Spec.Rules { + var backends []*mesh_proto.GatewayRoute_Backend + + for _, backend := range rule.BackendRefs { + ref := backend.BackendObjectReference + + destination, err := gapiToKumaRef(namespace, ref) + if err != nil { + return nil, err + } + + backends = append(backends, &mesh_proto.GatewayRoute_Backend{ + // Weight has a default of 1 + Weight: uint32(*backend.Weight), + Destination: destination, + }) + } + + var matches []*mesh_proto.GatewayRoute_HttpRoute_Match + + for _, match := range rule.Matches { + kumaMatch, err := gapiToKumaMatch(match) + if err != nil { + return nil, errors.Wrap(err, "couldn't convert match") + } + + matches = append(matches, kumaMatch) + } + + var filters []*mesh_proto.GatewayRoute_HttpRoute_Filter + + for _, filter := range rule.Filters { + kumaFilter, err := gapiToKumaFilter(namespace, filter) + if err != nil { + return nil, err + } + + filters = append(filters, kumaFilter) + } + + rules = append(rules, &mesh_proto.GatewayRoute_HttpRoute_Rule{ + Matches: matches, + Filters: filters, + Backends: backends, + }) + } + + return &mesh_proto.GatewayRoute{ + Selectors: selectors, + Conf: &mesh_proto.GatewayRoute_Conf{ + Route: &mesh_proto.GatewayRoute_Conf_Http{ + Http: &mesh_proto.GatewayRoute_HttpRoute{ + Hostnames: hostnames, + Rules: rules, + }, + }, + }, + }, nil +} + +func (r *HTTPRouteReconciler) SetupWithManager(mgr kube_ctrl.Manager) error { + return kube_ctrl.NewControllerManagedBy(mgr). + For(&gatewayapi.HTTPRoute{}). + Complete(r) +} diff --git a/pkg/plugins/runtime/k8s/plugin.go b/pkg/plugins/runtime/k8s/plugin.go index 5ee5b46ded23..c8277130716a 100644 --- a/pkg/plugins/runtime/k8s/plugin.go +++ b/pkg/plugins/runtime/k8s/plugin.go @@ -87,6 +87,9 @@ func addControllers(mgr kube_ctrl.Manager, rt core_runtime.Runtime, converter k8 if err := addMeshReconciler(mgr, rt, converter); err != nil { return err } + if err := addGatewayReconciler(mgr, rt, converter); err != nil { + return err + } if err := addPodReconciler(mgr, rt, converter); err != nil { return err } diff --git a/pkg/plugins/runtime/k8s/plugin_gateway.go b/pkg/plugins/runtime/k8s/plugin_gateway.go new file mode 100644 index 000000000000..107d5cad9296 --- /dev/null +++ b/pkg/plugins/runtime/k8s/plugin_gateway.go @@ -0,0 +1,78 @@ +package k8s + +import ( + "fmt" + "os" + + "github.com/pkg/errors" + kube_ctrl "sigs.k8s.io/controller-runtime" + + mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" + "github.com/kumahq/kuma/pkg/core" + core_runtime "github.com/kumahq/kuma/pkg/core/runtime" + k8s_common "github.com/kumahq/kuma/pkg/plugins/common/k8s" + "github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/pkg/registry" + "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/containers" + gatewayapi_controllers "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/controllers/gatewayapi" +) + +func addGatewayReconciler(mgr kube_ctrl.Manager, rt core_runtime.Runtime, converter k8s_common.Converter) error { + // If we haven't registered our type, we're not reconciling gatewayapi + // objects. + if _, err := registry.Global().NewObject(&mesh_proto.Gateway{}); err != nil { + var unknownTypeError *registry.UnknownTypeError + if errors.As(err, &unknownTypeError) { + return nil + } + } + + cpURL := fmt.Sprintf("https://%s.%s:%d", rt.Config().Runtime.Kubernetes.ControlPlaneServiceName, rt.Config().Store.Kubernetes.SystemNamespace, rt.Config().DpServer.Port) + + // TODO don't use injector config + cfg := rt.Config().Runtime.Kubernetes.Injector + + var caCert string + if cfg.CaCertFile != "" { + bytes, err := os.ReadFile(cfg.CaCertFile) + if err != nil { + return errors.Wrapf(err, "could not read provided CA cert file %s", cfg.CaCertFile) + } + caCert = string(bytes) + } + + proxyFactory := containers.DataplaneProxyFactory{ + ControlPlaneURL: cpURL, + ControlPlaneCACert: caCert, + ContainerConfig: cfg.SidecarContainer.DataplaneContainer, + BuiltinDNS: cfg.BuiltinDNS, + } + + gatewayAPIGatewayReconciler := &gatewayapi_controllers.GatewayReconciler{ + Client: mgr.GetClient(), + Reader: mgr.GetAPIReader(), + Log: core.Log.WithName("controllers").WithName("gatewayapi").WithName("Gateway"), + Scheme: mgr.GetScheme(), + Converter: converter, + SystemNamespace: rt.Config().Store.Kubernetes.SystemNamespace, + ProxyFactory: proxyFactory, + ResourceManager: rt.ResourceManager(), + } + if err := gatewayAPIGatewayReconciler.SetupWithManager(mgr); err != nil { + return errors.Wrap(err, "could not setup Gateway API Gateway reconciler") + } + + gatewayAPIHTTPRouteReconciler := &gatewayapi_controllers.HTTPRouteReconciler{ + Client: mgr.GetClient(), + Reader: mgr.GetAPIReader(), + Log: core.Log.WithName("controllers").WithName("gatewayapi").WithName("HTTPRoute"), + Scheme: mgr.GetScheme(), + Converter: converter, + SystemNamespace: rt.Config().Store.Kubernetes.SystemNamespace, + ResourceManager: rt.ResourceManager(), + } + if err := gatewayAPIHTTPRouteReconciler.SetupWithManager(mgr); err != nil { + return errors.Wrap(err, "could not setup Gateway API HTTPRoute reconciler") + } + + return nil +} From 6ef4fb5fb1af19a0348f99fd20fe5cc4aa779ace Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Fri, 3 Dec 2021 21:14:14 +0100 Subject: [PATCH 8/9] feat(runtime/k8s): only run Gateway API controllers if registered Signed-off-by: Mike Beaumont --- pkg/plugins/runtime/k8s/plugin_gateway.go | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/pkg/plugins/runtime/k8s/plugin_gateway.go b/pkg/plugins/runtime/k8s/plugin_gateway.go index 107d5cad9296..0f0298a6b29d 100644 --- a/pkg/plugins/runtime/k8s/plugin_gateway.go +++ b/pkg/plugins/runtime/k8s/plugin_gateway.go @@ -5,7 +5,9 @@ import ( "os" "github.com/pkg/errors" + "k8s.io/apimachinery/pkg/runtime/schema" kube_ctrl "sigs.k8s.io/controller-runtime" + gatewayapi "sigs.k8s.io/gateway-api/apis/v1alpha2" mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" "github.com/kumahq/kuma/pkg/core" @@ -16,6 +18,20 @@ import ( gatewayapi_controllers "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/controllers/gatewayapi" ) +func crdsPresent(mgr kube_ctrl.Manager) bool { + gk := schema.GroupKind{ + Group: gatewayapi.SchemeGroupVersion.Group, + Kind: "Gateway", + } + + mappings, _ := mgr.GetClient().RESTMapper().RESTMappings( + gk, + gatewayapi.SchemeGroupVersion.Version, + ) + + return len(mappings) > 0 +} + func addGatewayReconciler(mgr kube_ctrl.Manager, rt core_runtime.Runtime, converter k8s_common.Converter) error { // If we haven't registered our type, we're not reconciling gatewayapi // objects. @@ -26,6 +42,11 @@ func addGatewayReconciler(mgr kube_ctrl.Manager, rt core_runtime.Runtime, conver } } + if !crdsPresent(mgr) { + log.Info("Gateway API CRDs not registered") + return nil + } + cpURL := fmt.Sprintf("https://%s.%s:%d", rt.Config().Runtime.Kubernetes.ControlPlaneServiceName, rt.Config().Store.Kubernetes.SystemNamespace, rt.Config().DpServer.Port) // TODO don't use injector config From 5b69e489942cd59dcbf0ac27c9bebff0733561d0 Mon Sep 17 00:00:00 2001 From: Mike Beaumont Date: Tue, 7 Dec 2021 15:51:52 -0800 Subject: [PATCH 9/9] feat(gateway): add support for ExternalService refs Signed-off-by: Mike Beaumont --- .../k8s/controllers/gatewayapi/converter.go | 49 ++++++++++++++----- .../gatewayapi/http_route_controller.go | 10 ++-- 2 files changed, 42 insertions(+), 17 deletions(-) diff --git a/pkg/plugins/runtime/k8s/controllers/gatewayapi/converter.go b/pkg/plugins/runtime/k8s/controllers/gatewayapi/converter.go index 828ca7905251..549877c1fe53 100644 --- a/pkg/plugins/runtime/k8s/controllers/gatewayapi/converter.go +++ b/pkg/plugins/runtime/k8s/controllers/gatewayapi/converter.go @@ -1,12 +1,16 @@ package controllers import ( + "context" "errors" "fmt" gatewayapi "sigs.k8s.io/gateway-api/apis/v1alpha2" mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" + core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" + "github.com/kumahq/kuma/pkg/core/resources/model" + "github.com/kumahq/kuma/pkg/core/resources/store" util_proto "github.com/kumahq/kuma/pkg/util/proto" ) @@ -17,7 +21,7 @@ func k8sToKumaHeader(header gatewayapi.HTTPHeader) *mesh_proto.GatewayRoute_Http } } -func gapiToKumaRef(objectNamespace string, ref gatewayapi.BackendObjectReference) (map[string]string, error) { +func (r *HTTPRouteReconciler) gapiToKumaRef(ctx context.Context, objectNamespace string, ref gatewayapi.BackendObjectReference) (map[string]string, error) { // References to Services are required by GAPI to include a port // TODO remove when https://github.com/kubernetes-sigs/gateway-api/pull/944 // is in master @@ -25,18 +29,39 @@ func gapiToKumaRef(objectNamespace string, ref gatewayapi.BackendObjectReference return nil, errors.New("backend reference must include port") } - if *ref.Kind != "Service" { - return nil, errors.New("backend reference must be a Service") // TODO setappropriate status on gateway - } + switch *ref.Kind { + case "Service": + namespace := objectNamespace + if ref.Namespace != nil { + namespace = string(*ref.Namespace) + } + + return map[string]string{ + mesh_proto.ServiceTag: fmt.Sprintf("%s_%s_svc_%d", ref.Name, namespace, *ref.Port), + }, nil + case "ExternalService": + if *ref.Group != "kuma.io" { + break + } + + name := string(ref.Name) + // TODO get the mesh somehow + mesh := model.DefaultMesh + + resource := core_mesh.NewExternalServiceResource() + if err := r.ResourceManager.Get(ctx, resource, store.GetByKey(name, mesh)); err != nil { + // TODO this shouldn't be a fatal error + return nil, fmt.Errorf("backend reference references a non-existent ExternalService %s", name) + } + + service := resource.Spec.GetService() - namespace := objectNamespace - if ref.Namespace != nil { - namespace = string(*ref.Namespace) + return map[string]string{ + mesh_proto.ServiceTag: service, + }, nil } - return map[string]string{ - mesh_proto.ServiceTag: fmt.Sprintf("%s_%s_svc_%d", ref.Name, namespace, *ref.Port), - }, nil + return nil, errors.New("backend reference must be a Service or an externalservice.kuma.io") // TODO setappropriate status on gateway } func gapiToKumaMatch(match gatewayapi.HTTPRouteMatch) (*mesh_proto.GatewayRoute_HttpRoute_Match, error) { @@ -102,7 +127,7 @@ func gapiToKumaMatch(match gatewayapi.HTTPRouteMatch) (*mesh_proto.GatewayRoute_ return kumaMatch, nil } -func gapiToKumaFilter(namespace string, filter gatewayapi.HTTPRouteFilter) (*mesh_proto.GatewayRoute_HttpRoute_Filter, error) { +func (r *HTTPRouteReconciler) gapiToKumaFilter(ctx context.Context, namespace string, filter gatewayapi.HTTPRouteFilter) (*mesh_proto.GatewayRoute_HttpRoute_Filter, error) { var kumaFilter mesh_proto.GatewayRoute_HttpRoute_Filter switch filter.Type { @@ -127,7 +152,7 @@ func gapiToKumaFilter(namespace string, filter gatewayapi.HTTPRouteFilter) (*mes case gatewayapi.HTTPRouteFilterRequestMirror: filter := filter.RequestMirror - destinationRef, err := gapiToKumaRef(namespace, filter.BackendRef) + destinationRef, err := r.gapiToKumaRef(ctx, namespace, filter.BackendRef) if err != nil { return nil, err } diff --git a/pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_controller.go b/pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_controller.go index 2db2b6b0c4e7..cf532e6d49b8 100644 --- a/pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_controller.go +++ b/pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_controller.go @@ -56,7 +56,7 @@ func (r *HTTPRouteReconciler) Reconcile(ctx context.Context, req kube_ctrl.Reque resource := core_mesh.NewGatewayRouteResource() if err := manager.Upsert(r.ResourceManager, model.ResourceKey{Mesh: mesh, Name: coreName}, resource, func(resource model.Resource) error { - spec, err := r.gapiToKumaRoute(httpRoute.Namespace, httpRoute) + spec, err := r.gapiToKumaRoute(ctx, httpRoute.Namespace, httpRoute) if err != nil { return errors.Wrap(err, "error generating GatewayRoute") } @@ -68,7 +68,7 @@ func (r *HTTPRouteReconciler) Reconcile(ctx context.Context, req kube_ctrl.Reque var err error - resource.Spec, err = r.gapiToKumaRoute(httpRoute.Namespace, httpRoute) + resource.Spec, err = r.gapiToKumaRoute(ctx, httpRoute.Namespace, httpRoute) if err != nil { return kube_ctrl.Result{}, err } @@ -78,7 +78,7 @@ func (r *HTTPRouteReconciler) Reconcile(ctx context.Context, req kube_ctrl.Reque return kube_ctrl.Result{}, errors.Wrap(err, "could not update GatewayRoute resource") } -func (r *HTTPRouteReconciler) gapiToKumaRoute(namespace string, route *gatewayapi.HTTPRoute) (*mesh_proto.GatewayRoute, error) { +func (r *HTTPRouteReconciler) gapiToKumaRoute(ctx context.Context, namespace string, route *gatewayapi.HTTPRoute) (*mesh_proto.GatewayRoute, error) { var selectors []*mesh_proto.Selector // Convert GAPI parent refs into Kuma tag matchers @@ -114,7 +114,7 @@ func (r *HTTPRouteReconciler) gapiToKumaRoute(namespace string, route *gatewayap for _, backend := range rule.BackendRefs { ref := backend.BackendObjectReference - destination, err := gapiToKumaRef(namespace, ref) + destination, err := r.gapiToKumaRef(ctx, namespace, ref) if err != nil { return nil, err } @@ -140,7 +140,7 @@ func (r *HTTPRouteReconciler) gapiToKumaRoute(namespace string, route *gatewayap var filters []*mesh_proto.GatewayRoute_HttpRoute_Filter for _, filter := range rule.Filters { - kumaFilter, err := gapiToKumaFilter(namespace, filter) + kumaFilter, err := r.gapiToKumaFilter(ctx, namespace, filter) if err != nil { return nil, err }