Add support for field TransparentProxy to SvcDefaults and ProxyDefaults #485
Conversation
thisisnotashwin
force-pushed
the
cluster-resource
branch
2 times, most recently
from
654a3b2 to
92f8fe0
Compare
…th checks (#472) remove health checks controller and use endpoints controller for health checks.
thisisnotashwin
force-pushed
the
cluster-resource
branch
2 times, most recently
from
cd9bf12 to
71099b6
Compare
thisisnotashwin
force-pushed
the
cluster-resource
branch
8 times, most recently
from
8bddde2 to
1bdf2ad
Compare
- Update the spec of ServiceDefaults and ProxyDefaults to support transparent proxy changes that are introduced as a part of Consul 1.10
thisisnotashwin
force-pushed
the
cluster-resource
branch
from
1bdf2ad to
52f4fb9
Compare
thisisnotashwin
changed the title
thisisnotashwin
requested review from
lkysow,
a team and
ndhanushkodi
and removed request for
a team
thisisnotashwin
added
type/enhancement
| TransparentProxy: &capi.TransparentProxyConfig{ | ||
| OutboundListenerPort: 0, | ||
| }, |
| // Valid values are "http" and "http2", defaults to "http". | ||
| Protocol string `json:"protocol,omitempty"` | ||
| // TransparentProxy controls configuration specific to proxies in transparent mode. | ||
| TransparentProxy *TransparentProxyConfig `json:"transparentProxy,omitempty"` |
There was a problem hiding this comment.
nit: looks like our other config entries don't suffix Config for the helper structs so maybe we can just use TransparentProxy and swap MeshGatewayConfig to MeshGateway
There was a problem hiding this comment.
Updated ExposeConfig to Expose as well!!
api/v1alpha1/types.go
Outdated
| @@ -30,6 +30,37 @@ const ( | |||
| MeshGatewayModeRemote MeshGatewayMode = "remote" | |||
| ) | |||
|
|
|||
| // ExposeConfig describes HTTP paths to expose through Envoy outside of Connect. | |||
There was a problem hiding this comment.
nit: looks like the MeshGateway stuff above here isn't used at all and can be deleted
api/v1alpha1/types.go
Outdated
| @@ -39,8 +70,8 @@ type MeshGatewayConfig struct { | |||
| } | |||
|
|
|||
| // toConsul returns the MeshGatewayConfig for the entry | |||
| func (m MeshGatewayConfig) toConsul() capi.MeshGatewayConfig { | |||
| mode := capi.MeshGatewayMode(m.Mode) | |||
| func (in MeshGatewayConfig) toConsul() capi.MeshGatewayConfig { | |||
api/v1alpha1/types.go
Outdated
| } | ||
| return nil | ||
| } | ||
|
|
||
| // toConsul returns the ExposeConfig for the entry |
There was a problem hiding this comment.
can kill these doc blocks, none of the other entries have them for toConsul
- Remove unused contstants for MeshGateway modes.
| description: TransparentProxy controls configuration specific to proxies in transparent mode. | ||
| properties: | ||
| outboundListenerPort: | ||
| description: The port of the listener where outbound application traffic is being redirected to. |
There was a problem hiding this comment.
Do you think we should add something like "this would not typically be set via the CRD, but this field exists to match the config-entry", or is it not worth it with the validation error?
There was a problem hiding this comment.
When a user does try to explicitly set this field, a validation error is returned from the webhook 😄
The error message returned by the webhook is: Invalid value: v1alpha1.TransparentProxy{OutboundListenerPort:}: use the annotation consul.hashicorp.com/transparent-proxy-outbound-listener-port to configure the Outbound Listener Port
There was a problem hiding this comment.
Yeah I had noticed that, and that should be enough :)
| description: TransparentProxy controls configuration specific to proxies in transparent mode. | ||
| properties: | ||
| outboundListenerPort: | ||
| description: The port of the listener where outbound application traffic is being redirected to. |
There was a problem hiding this comment.
same answer as above ;)
| @@ -560,6 +560,7 @@ func TestReconcileCreateEndpoint(t *testing.T) { | |||
| DestinationServiceID: "pod1-service-created", | |||
| LocalServiceAddress: "", | |||
| LocalServicePort: 0, | |||
| TransparentProxy: &api.TransparentProxyConfig{}, | |||
There was a problem hiding this comment.
Are these necessary if empty?
There was a problem hiding this comment.
Unfortunately, not in this case as it expects a pointer. An empty value would equate to a nil and not an empty field. this should be fixed in the future and we should be able to revert this change when Consul returns a nil value when provided a nil value.
There was a problem hiding this comment.
Ah sweet, I wasn't sure if this fell under that case, thanks for the explanation!!
Changes proposed in this PR:
Add support for the new Transparent Proxy field on ServiceDefaults and ProxyDefaults. Something to note here is that currently, the state/config_entry.go always sets a zero value for the field if it is set to a
nilvalue when it gets returned from Consul. Hence a lot of text fixtures needed to be updated to ensure that they explicitly expect the TransparentProxy to be set. Additionally, if the incoming CRD does not have the value set, we explicitly set the value to its zero value so thatMatchesConsulreturns true.This will be fixed in Consul before the next beta release potentially and parts of the fixture can be reverted.
Update the webhook versions from v1beta1 to v1 and v1beta1 support is deprecated in Kubernetes 1.16+
How I've tested this PR: Added some test. Successful acceptance test when the CRDs were updated in helm.
How I expect reviewers to test this PR: Code Review.
Checklist: