forked from hashicorp/consul
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Service Intentions L4 support (hashicorp#634)
* Add support for L4 intentions
- Loading branch information
1 parent
c3ab672
commit d47ce5e
Showing
10 changed files
with
228 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
{{- if .Values.controller.enabled }} | ||
--- | ||
apiVersion: apiextensions.k8s.io/v1beta1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
controller-gen.kubebuilder.io/version: v0.4.0 | ||
creationTimestamp: null | ||
name: serviceintentions.consul.hashicorp.com | ||
spec: | ||
group: consul.hashicorp.com | ||
names: | ||
kind: ServiceIntentions | ||
listKind: ServiceIntentionsList | ||
plural: serviceintentions | ||
singular: serviceintentions | ||
scope: Namespaced | ||
subresources: | ||
status: {} | ||
validation: | ||
openAPIV3Schema: | ||
description: ServiceIntentions is the Schema for the serviceintentions API | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | ||
type: string | ||
metadata: | ||
type: object | ||
spec: | ||
description: ServiceIntentionsSpec defines the desired state of ServiceIntentions | ||
properties: | ||
destination: | ||
properties: | ||
name: | ||
type: string | ||
namespace: | ||
type: string | ||
type: object | ||
sources: | ||
items: | ||
properties: | ||
action: | ||
description: IntentionAction is the action that the intention represents. This can be "allow" or "deny" to allowlist or denylist intentions. | ||
type: string | ||
description: | ||
type: string | ||
name: | ||
type: string | ||
namespace: | ||
type: string | ||
type: object | ||
type: array | ||
type: object | ||
status: | ||
properties: | ||
conditions: | ||
description: Conditions indicate the latest available observations of a resource's current state. | ||
items: | ||
description: 'Conditions define a readiness condition for a Consul resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' | ||
properties: | ||
lastTransitionTime: | ||
description: LastTransitionTime is the last time the condition transitioned from one status to another. | ||
format: date-time | ||
type: string | ||
message: | ||
description: A human readable message indicating details about the transition. | ||
type: string | ||
reason: | ||
description: The reason for the condition's last transition. | ||
type: string | ||
status: | ||
description: Status of the condition, one of True, False, Unknown. | ||
type: string | ||
type: | ||
description: Type of condition. | ||
type: string | ||
required: | ||
- status | ||
- type | ||
type: object | ||
type: array | ||
type: object | ||
type: object | ||
version: v1alpha1 | ||
versions: | ||
- name: v1alpha1 | ||
served: true | ||
storage: true | ||
status: | ||
acceptedNames: | ||
kind: "" | ||
plural: "" | ||
conditions: [] | ||
storedVersions: [] | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20 changes: 20 additions & 0 deletions
20
test/acceptance/tests/fixtures/crds/serviceintentions.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
apiVersion: consul.hashicorp.com/v1alpha1 | ||
kind: ServiceDefaults | ||
metadata: | ||
name: svc1 | ||
--- | ||
apiVersion: consul.hashicorp.com/v1alpha1 | ||
kind: ServiceDefaults | ||
metadata: | ||
name: svc2 | ||
--- | ||
apiVersion: consul.hashicorp.com/v1alpha1 | ||
kind: ServiceIntentions | ||
metadata: | ||
name: intentions | ||
spec: | ||
destination: | ||
name: svc1 | ||
sources: | ||
- name: svc2 | ||
action: allow |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
#!/usr/bin/env bats | ||
|
||
load _helpers | ||
|
||
@test "serviceintentions/CustomResourceDefinitions: disabled by default" { | ||
cd `chart_dir` | ||
assert_empty helm template \ | ||
-s templates/crd-serviceintentions.yaml \ | ||
. | ||
} | ||
|
||
@test "serviceintentions/CustomResourceDefinitions: enabled with controller.enabled=true" { | ||
cd `chart_dir` | ||
local actual=$(helm template \ | ||
-s templates/crd-serviceintentions.yaml \ | ||
--set 'controller.enabled=true' \ | ||
. | tee /dev/stderr | | ||
# The generated CRDs have "---" at the top which results in two objects | ||
# being detected by yq, the first of which is null. We must therefore use | ||
# yq -s so that length operates on both objects at once rather than | ||
# individually, which would output false\ntrue and fail the test. | ||
yq -s 'length > 0' | tee /dev/stderr) | ||
[ "${actual}" = "true" ] | ||
} |