-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(kuma-cp): implement possibility to select proxies in policies by new kind Dataplane #12573
Conversation
… new kind Dataplane Signed-off-by: Marcin Skalski <[email protected]>
Reviewer Checklist🔍 Each of these sections need to be checked by the reviewer of the PR 🔍:
|
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
I think we need a more extensive set of tests, similar to resourcerules_test.go. We have to be sure targeting DPPs works on zone, on global, when policies are synced from various places, when DPP are synced from various places. resourcerules_test.go contains function that simulate metadata changes. Maybe you can move them to something like testutils and reuse |
…ind-dataplane-implem
Signed-off-by: Marcin Skalski <[email protected]>
@lobkovilya I've created few tests that basically covers:
all of this should work on both zone and global, since it is as simple as selecting stuff by labels, only specific cases are selecting per zone and per namespace. Also I've reverted comparing policy and dpp by resource identifier, as it takes into account namespace and zone which won't match in case of system policies and policies synced from other zones |
Signed-off-by: Marcin Skalski <[email protected]>
it doesn't cover k8s, it doesn't cover matching on global (for Inspect API)
we can't check for display name, we decided targetRef with the real types (like MeshService, Dataplane, etc) uses real |
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
.../testdata/matchedpolicies/dataplane-kind/select-by-labels/policy-form-k8s-to-k8s.golden.yaml
Outdated
Show resolved
Hide resolved
...es/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name/k8s-zone.golden.yaml
Show resolved
Hide resolved
.../policies/core/matchers/testdata/matchedpolicies/dataplane-kind/select-by-name.policies.yaml
Outdated
Show resolved
Hide resolved
...s/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/simple-policy.policies.yaml
Outdated
Show resolved
Hide resolved
...olicies/core/matchers/testdata/matchedpolicies/fromrules/select-single-inbound.policies.yaml
Show resolved
Hide resolved
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Motivation
We want to be able to target proxies by new kind Dataplane. We want to select Dataplanes by name/namespace, by labels and select single inbound by its name
Supporting documentation
This is based on Inbound policies MADR
Fix #12359