From 73a76bdf16800c7f8ac35b3dea6af864f47f34e4 Mon Sep 17 00:00:00 2001 From: slonka Date: Mon, 9 Sep 2024 13:37:32 +0200 Subject: [PATCH 1/4] feat(meshexternalservice): remove unix support Signed-off-by: slonka --- .../api/v1alpha1/meshexternalservice.go | 3 +- .../v1alpha1/testdata/full-invalid.input.yaml | 2 -- .../testdata/full-invalid.output.yaml | 6 ++-- .../full-without-extension-valid.input.yaml | 1 - .../api/v1alpha1/validator.go | 21 ++----------- pkg/xds/topology/outbound.go | 26 +++++----------- pkg/xds/topology/outbound_test.go | 30 ------------------- 7 files changed, 12 insertions(+), 77 deletions(-) diff --git a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/meshexternalservice.go b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/meshexternalservice.go index 593d17e2efb8..96f445c0f44c 100644 --- a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/meshexternalservice.go +++ b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/meshexternalservice.go @@ -64,10 +64,9 @@ type Extension struct { type Port int type Endpoint struct { - // Address defines an address to which a user want to send a request. Is possible to provide `domain`, `ip` and `unix` sockets. + // Address defines an address to which a user want to send a request. Is possible to provide `domain`, `ip`. // +kubebuilder:example="127.0.0.1" // +kubebuilder:example="example.com" - // +kubebuilder:example="unix:///tmp/example.sock" // +kubebuilder:validation:MinLength=1 Address string `json:"address"` // Port of the endpoint diff --git a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-invalid.input.yaml b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-invalid.input.yaml index de475b963125..4024c5a34c26 100644 --- a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-invalid.input.yaml +++ b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-invalid.input.yaml @@ -7,8 +7,6 @@ endpoints: - address: 1.1.1.2 port: 999999 - address: example.com - - address: unix:///tmp/example.sock - port: 80 - port: 90 tls: version: diff --git a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-invalid.output.yaml b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-invalid.output.yaml index 21ed5e71fe83..32f9081faa9d 100644 --- a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-invalid.output.yaml +++ b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-invalid.output.yaml @@ -11,10 +11,8 @@ violations: message: port must be a valid (1-65535) - field: spec.endpoints[2].port message: must be defined when endpoint is a hostname -- field: spec.endpoints[3].port - message: must not be defined when endpoint is a unix path -- field: spec.endpoints[4].address - message: address has to be a valid IP or hostname or a unix path +- field: spec.endpoints[3].address + message: address has to be a valid IP or hostname - field: spec.tls.version.min message: '"min" must be one of ["TLSAuto", "TLS10", "TLS11", "TLS12", "TLS13"]' - field: spec.tls.version.max diff --git a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-without-extension-valid.input.yaml b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-without-extension-valid.input.yaml index 64a605a86875..c62f47d40295 100644 --- a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-without-extension-valid.input.yaml +++ b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/testdata/full-without-extension-valid.input.yaml @@ -7,7 +7,6 @@ endpoints: port: 12345 - address: example.com port: 80 - - address: unix:///tmp/example.sock tls: version: min: TLS12 diff --git a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/validator.go b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/validator.go index 252b56f8086e..d5df05378939 100644 --- a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/validator.go +++ b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/validator.go @@ -4,7 +4,6 @@ import ( "fmt" "math" "slices" - "strings" "github.com/asaskevich/govalidator" @@ -106,32 +105,16 @@ func validateEndpoints(endpoints []Endpoint) validators.ValidationError { } } - if isValidUnixPath(endpoint.Address) { - if endpoint.Port != nil { - verr.AddViolationAt(validators.Root().Index(i).Field("port"), validators.MustNotBeDefined+" when endpoint is a unix path") - } - } - if govalidator.IsDNSName(endpoint.Address) { if endpoint.Port == nil { verr.AddViolationAt(validators.Root().Index(i).Field("port"), validators.MustBeDefined+" when endpoint is a hostname") } } - if !(govalidator.IsIP(endpoint.Address) || govalidator.IsDNSName(endpoint.Address) || isValidUnixPath(endpoint.Address)) { - verr.AddViolationAt(validators.Root().Index(i).Field("address"), "address has to be a valid IP or hostname or a unix path") + if !(govalidator.IsIP(endpoint.Address) || govalidator.IsDNSName(endpoint.Address)) { + verr.AddViolationAt(validators.Root().Index(i).Field("address"), "address has to be a valid IP or hostname") } } return verr } - -func isValidUnixPath(path string) bool { - if strings.HasPrefix(path, "unix://") { - parts := strings.Split(path, "unix://") - filePath := parts[1] - return govalidator.IsUnixFilePath(filePath) - } else { - return false - } -} diff --git a/pkg/xds/topology/outbound.go b/pkg/xds/topology/outbound.go index 1896b79a3c6f..259b6ea2577f 100644 --- a/pkg/xds/topology/outbound.go +++ b/pkg/xds/topology/outbound.go @@ -5,7 +5,6 @@ import ( "maps" "net" "strconv" - "strings" "github.com/asaskevich/govalidator" "github.com/pkg/errors" @@ -734,24 +733,13 @@ func createMeshExternalServiceEndpoint( if i == 0 && es.ServerName == "" && govalidator.IsDNSName(endpoint.Address) && tls != nil && tls.Enabled { es.ServerName = endpoint.Address } - var outboundEndpoint *core_xds.Endpoint - if strings.HasPrefix(endpoint.Address, "unix://") { - outboundEndpoint = &core_xds.Endpoint{ - UnixDomainPath: endpoint.Address, - Weight: 1, - ExternalService: es, - Tags: tags, - Locality: GetLocality(zone, getZone(tags), mesh.LocalityAwareLbEnabled()), - } - } else { - outboundEndpoint = &core_xds.Endpoint{ - Target: endpoint.Address, - Port: uint32(*endpoint.Port), - Weight: 1, - ExternalService: es, - Tags: tags, - Locality: GetLocality(zone, getZone(tags), mesh.LocalityAwareLbEnabled()), - } + outboundEndpoint := &core_xds.Endpoint{ + Target: endpoint.Address, + Port: uint32(*endpoint.Port), + Weight: 1, + ExternalService: es, + Tags: tags, + Locality: GetLocality(zone, getZone(tags), mesh.LocalityAwareLbEnabled()), } outbounds[name] = append(outbounds[name], *outboundEndpoint) } diff --git a/pkg/xds/topology/outbound_test.go b/pkg/xds/topology/outbound_test.go index be951a7a3861..19f1d820daf7 100644 --- a/pkg/xds/topology/outbound_test.go +++ b/pkg/xds/topology/outbound_test.go @@ -1406,24 +1406,6 @@ var _ = Describe("TrafficRoute", func() { }, }, }, - { - Meta: &test_model.ResourceMeta{ - Mesh: "default", - Name: "no-tls-mes", - }, - Spec: &meshexternalservice_api.MeshExternalService{ - Match: meshexternalservice_api.Match{ - Type: pointer.To(meshexternalservice_api.HostnameGeneratorType), - Port: 10000, - Protocol: meshexternalservice_api.GrpcProtocol, - }, - Endpoints: []meshexternalservice_api.Endpoint{ - { - Address: "unix://no-tls-mes", - }, - }, - }, - }, }, zoneEgresses: []*core_mesh.ZoneEgressResource{ { @@ -1456,18 +1438,6 @@ var _ = Describe("TrafficRoute", func() { }, }, }, - "no-tls-mes": []core_xds.Endpoint{ - { - Target: "1.1.1.1", - Port: 10002, - Locality: nil, - Weight: 1, - ExternalService: &core_xds.ExternalService{ - Protocol: core_mesh.ProtocolGRPC, - TLSEnabled: false, - }, - }, - }, "example-mes": []core_xds.Endpoint{ { Target: "1.1.1.1", From 91869f9a575f7f045d57e17e58bac3cbabb76d1a Mon Sep 17 00:00:00 2001 From: slonka Date: Mon, 9 Sep 2024 15:42:41 +0200 Subject: [PATCH 2/4] feat(meshexternalservice): regenerate Signed-off-by: slonka --- .../charts/kuma/crds/kuma.io_meshexternalservices.yaml | 5 ++--- .../apis/meshexternalservice/api/v1alpha1/schema.yaml | 4 ++-- .../k8s/crd/kuma.io_meshexternalservices.yaml | 5 ++--- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/deployments/charts/kuma/crds/kuma.io_meshexternalservices.yaml b/deployments/charts/kuma/crds/kuma.io_meshexternalservices.yaml index 33b3e3b70f25..4e9e9bd17863 100644 --- a/deployments/charts/kuma/crds/kuma.io_meshexternalservices.yaml +++ b/deployments/charts/kuma/crds/kuma.io_meshexternalservices.yaml @@ -48,9 +48,8 @@ spec: properties: address: description: Address defines an address to which a user want - to send a request. Is possible to provide `domain`, `ip` and - `unix` sockets. - example: unix:///tmp/example.sock + to send a request. Is possible to provide `domain`, `ip`. + example: example.com minLength: 1 type: string port: diff --git a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/schema.yaml b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/schema.yaml index e3fe708ba4f4..d94af615b52f 100644 --- a/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/schema.yaml +++ b/pkg/core/resources/apis/meshexternalservice/api/v1alpha1/schema.yaml @@ -26,8 +26,8 @@ properties: items: properties: address: - description: Address defines an address to which a user want to send a request. Is possible to provide `domain`, `ip` and `unix` sockets. - example: unix:///tmp/example.sock + description: Address defines an address to which a user want to send a request. Is possible to provide `domain`, `ip`. + example: example.com minLength: 1 type: string port: diff --git a/pkg/core/resources/apis/meshexternalservice/k8s/crd/kuma.io_meshexternalservices.yaml b/pkg/core/resources/apis/meshexternalservice/k8s/crd/kuma.io_meshexternalservices.yaml index 33b3e3b70f25..4e9e9bd17863 100644 --- a/pkg/core/resources/apis/meshexternalservice/k8s/crd/kuma.io_meshexternalservices.yaml +++ b/pkg/core/resources/apis/meshexternalservice/k8s/crd/kuma.io_meshexternalservices.yaml @@ -48,9 +48,8 @@ spec: properties: address: description: Address defines an address to which a user want - to send a request. Is possible to provide `domain`, `ip` and - `unix` sockets. - example: unix:///tmp/example.sock + to send a request. Is possible to provide `domain`, `ip`. + example: example.com minLength: 1 type: string port: From 4e651c4f62bf4133429f3388870f0577f244b598 Mon Sep 17 00:00:00 2001 From: slonka Date: Mon, 9 Sep 2024 15:55:53 +0200 Subject: [PATCH 3/4] feat(meshexternalservice): regenerate docs Signed-off-by: slonka --- .../testdata/install-control-plane.defaults.golden.yaml | 5 ++--- .../testdata/install-control-plane.gateway-api-present.yaml | 5 ++--- .../testdata/install-control-plane.with-helm-set.yaml | 5 ++--- .../cmd/install/testdata/install-crds.all.golden.yaml | 5 ++--- docs/generated/openapi.yaml | 5 ++--- docs/generated/raw/crds/kuma.io_meshexternalservices.yaml | 5 ++--- 6 files changed, 12 insertions(+), 18 deletions(-) diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml index bfff84a385df..65d7af05558a 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml @@ -295,9 +295,8 @@ spec: properties: address: description: Address defines an address to which a user want - to send a request. Is possible to provide `domain`, `ip` and - `unix` sockets. - example: unix:///tmp/example.sock + to send a request. Is possible to provide `domain`, `ip`. + example: example.com minLength: 1 type: string port: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.gateway-api-present.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.gateway-api-present.yaml index 3c27504397a1..222b418a37bb 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.gateway-api-present.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.gateway-api-present.yaml @@ -295,9 +295,8 @@ spec: properties: address: description: Address defines an address to which a user want - to send a request. Is possible to provide `domain`, `ip` and - `unix` sockets. - example: unix:///tmp/example.sock + to send a request. Is possible to provide `domain`, `ip`. + example: example.com minLength: 1 type: string port: diff --git a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml index 9bb684a2b79b..2d3ab8b5e3ed 100644 --- a/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml +++ b/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml @@ -315,9 +315,8 @@ spec: properties: address: description: Address defines an address to which a user want - to send a request. Is possible to provide `domain`, `ip` and - `unix` sockets. - example: unix:///tmp/example.sock + to send a request. Is possible to provide `domain`, `ip`. + example: example.com minLength: 1 type: string port: diff --git a/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml b/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml index d8c8765658bf..bc68cce21f9d 100644 --- a/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml +++ b/app/kumactl/cmd/install/testdata/install-crds.all.golden.yaml @@ -1901,9 +1901,8 @@ spec: properties: address: description: Address defines an address to which a user want - to send a request. Is possible to provide `domain`, `ip` and - `unix` sockets. - example: unix:///tmp/example.sock + to send a request. Is possible to provide `domain`, `ip`. + example: example.com minLength: 1 type: string port: diff --git a/docs/generated/openapi.yaml b/docs/generated/openapi.yaml index da06dc2fd4f0..8e923b40074a 100644 --- a/docs/generated/openapi.yaml +++ b/docs/generated/openapi.yaml @@ -11171,9 +11171,8 @@ components: address: description: >- Address defines an address to which a user want to send a - request. Is possible to provide `domain`, `ip` and `unix` - sockets. - example: unix:///tmp/example.sock + request. Is possible to provide `domain`, `ip`. + example: example.com minLength: 1 type: string port: diff --git a/docs/generated/raw/crds/kuma.io_meshexternalservices.yaml b/docs/generated/raw/crds/kuma.io_meshexternalservices.yaml index 33b3e3b70f25..4e9e9bd17863 100644 --- a/docs/generated/raw/crds/kuma.io_meshexternalservices.yaml +++ b/docs/generated/raw/crds/kuma.io_meshexternalservices.yaml @@ -48,9 +48,8 @@ spec: properties: address: description: Address defines an address to which a user want - to send a request. Is possible to provide `domain`, `ip` and - `unix` sockets. - example: unix:///tmp/example.sock + to send a request. Is possible to provide `domain`, `ip`. + example: example.com minLength: 1 type: string port: From 71b623d2ed4d49bc9aaf5b5a58344ee063edf6f5 Mon Sep 17 00:00:00 2001 From: slonka Date: Tue, 10 Sep 2024 08:45:06 +0200 Subject: [PATCH 4/4] feat(meshexternalservice): upgrade.md updated Signed-off-by: slonka --- UPGRADE.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/UPGRADE.md b/UPGRADE.md index c9af21c3b009..73df98251393 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -8,6 +8,12 @@ does not have any particular instructions. ## Upgrade to `2.9.x` +### MeshExternalService + +#### Removal of unix sockets support + +It's no longer possible to define a unix domain socket on the `address` field. + ### Upgrading Transparent Proxy Configuration #### Removal of Deprecated IPv6 Redirection Flag and Annotation