Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(kuma-cp): implement possibility to select proxies in policies by new kind Dataplane #12573

Merged
merged 24 commits into from
Jan 28, 2025

Conversation

Automaat
Copy link
Contributor

Motivation

We want to be able to target proxies by new kind Dataplane. We want to select Dataplanes by name/namespace, by labels and select single inbound by its name

Supporting documentation

This is based on Inbound policies MADR

Fix #12359

@Automaat Automaat requested a review from a team as a code owner January 16, 2025 13:52
Copy link
Contributor

Reviewer Checklist

🔍 Each of these sections need to be checked by the reviewer of the PR 🔍:
If something doesn't apply please check the box and add a justification if the reason is non obvious.

  • Is the PR title satisfactory? Is this part of a larger feature and should be grouped using > Changelog?
  • PR description is clear and complete. It Links to relevant issue as well as docs and UI issues
  • This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as an image registry)
  • IPv6 is taken into account (.e.g: no string concatenation of host port)
  • Tests (Unit test, E2E tests, manual test on universal and k8s)
    • Don't forget ci/ labels to run additional/fewer tests
  • Does this contain a change that needs to be notified to users? In this case, UPGRADE.md should be updated.
  • Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label)

Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
@lobkovilya
Copy link
Contributor

I think we need a more extensive set of tests, similar to resourcerules_test.go. We have to be sure targeting DPPs works on zone, on global, when policies are synced from various places, when DPP are synced from various places.

resourcerules_test.go contains function that simulate metadata changes. Maybe you can move them to something like testutils and reuse

@Automaat
Copy link
Contributor Author

@lobkovilya I've created few tests that basically covers:

  • selecting by policy from global
  • selecting by policy from other zone
  • selecting by namespace

all of this should work on both zone and global, since it is as simple as selecting stuff by labels, only specific cases are selecting per zone and per namespace.

Also I've reverted comparing policy and dpp by resource identifier, as it takes into account namespace and zone which won't match in case of system policies and policies synced from other zones

@lobkovilya
Copy link
Contributor

I've created few tests that basically covers:

  • selecting by policy from global
  • selecting by policy from other zone
  • selecting by namespace

it doesn't cover k8s, it doesn't cover matching on global (for Inspect API)

Also I've reverted comparing policy and dpp by resource identifier, as it takes into account namespace and zone which won't match in case of system policies and policies synced from other zones

we can't check for display name, we decided targetRef with the real types (like MeshService, Dataplane, etc) uses real name and namespace of the resource

api/common/v1alpha1/ref.go Outdated Show resolved Hide resolved
api/common/v1alpha1/ref.go Outdated Show resolved Hide resolved
Signed-off-by: Marcin Skalski <[email protected]>
@Automaat Automaat merged commit 173caaf into kumahq:master Jan 28, 2025
13 checks passed
@Automaat Automaat deleted the feat/kind-dataplane-implem branch January 28, 2025 09:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Implement matching for the new top-level targetRef kind Dataplane
2 participants