-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reconcile Authorino when OSSM #111
Conversation
4c36822
to
bfb429b
Compare
Does this mean that Kuadrant will add |
It does (indirectly). Actually we add the |
How do you know to which service mesh add the namespace? OSSM supports multiple meshes on the same cluster |
Right now, Kuadrant is only aware of one service mesh. The implementation finds the Yesterday it was proposed in the Kuadrant tech discussion meeting to make this explicit in the Implementation-wise, it's not a big deal. We can iterate over the list of service mesh control planes in the Kuadrant CR and inject the Kuadrant instance in each one of them. It could look something like the following maybe: apiVersion: kuadrant.io/v1beta1
kind: Kuadrant
metadata:
name: kuadrant
spec:
meshes:
- group: install.istio.io/v1alpha1
kind: IstioOperator
name: istiocontrolplane
namespace: istio-system
- group: maistra.io/v2
kind: ServiceMeshControlPlane
name: basic
namespace: ossm-system
- group: maistra.io/v2
kind: ServiceMeshControlPlane
name: enterprise
namespace: ossm-system Anyway, this for a future iteration. Not for this PR. |
Thanks for explanation :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm in favor of merging this… to main
actually. I understand that's a heuristic we'd say we'd rather not have. But we can open the RFC to change the Kuadrant
CR accordingly. But in the meantime this would work in both environments…
That's a great milestone for v0.1
I think…
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good.
I am not entirely happy with the rules implemented to find out which mesh is installed in the cluster. What if OSSM is up and running but IstioOperator CRD is installed?
Having to add maistra api's code to our repo is a bad smell. Any good reason to do so?
Documentation?
Plans for testing?
@@ -0,0 +1,279 @@ | |||
package status |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why do we need this code in the kuadrant operator repo?
why not import them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm afraid the types cannot be imported directly.
The packages have deep dependencies that are based on old golang version and libraries not compatible with the version of our code. Luckily we don't depend on those incompatible bit as we only need the type definitions.
For the record, this wasn't my first option either, but it turned out to be the best approach until Maistra team upgrades to newer version of Operator SDK, something I was told to be in their roadmap.
BTW, the approach of hosting copies the types is adopted by https://github.com/maistra/istio-operator itself.
controllers/kuadrant_controller.go
Outdated
|
||
smcp := &maistrav2.ServiceMeshControlPlane{} | ||
|
||
smcpKey := client.ObjectKey{Name: iopName(), Namespace: iopNamespace()} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick: iopName
stands for IstioOperator (object) Name. Maybe we should find another name.
bfb429b
to
7e0e6fe
Compare
* utilise wasm as the integration point (Kuadrant#111) * utilise wasm as the integration point * increase no. of retries * update broken manifests * fetch operations from virtualservice (Kuadrant#112) * fetch operation from virtualservice * use operations instead of 'operation' * update sha256 checksum * update wasm module sha256 checksum (Kuadrant#113) * Handle httproute signal from ratelimitpolicy controller (Kuadrant#116) * handle httproute signal from rlp controller * send signal to RLP from route reconciler * remove hosts field from SignalingNetwork * add comment over SendSignal * fix signal trigger in routing resources * remove hosts from RLP operations * bring back EnvoyFilter for route controller
IstioOperator
firstServiceMeshControlPlane
when there's no match for kindIstioOperator
IstioOperator
orServiceMeshControlPlane
kuadrant-system
to the mesh (OSSM only)Related to #68.
Verification steps
Prerequisites:
oc
CLI toolLogin:
Install Gateway API:
Deploy the service mesh control plane:
Deploy the Istio gateway:
Deploy the API to be protected (toystore):
Add the API namespace to the mesh:
Connect the API to the gateway:
Install the Kuadrant Operator:
Deploy the Kuadrant instance:
Expose the API for N/S traffic:
oc expose -n istio-system service/istio-ingressgateway --port 8080 --name toystore --hostname=api.toystore.apps.$CLUSTER_DOMAIN
Try the API unprotected:
Create an AuthPolicy:
Try the API while missing the API key:
Create an API key:
Try the API with a valid the API key: