Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: convert BackendTLSPolicies into service annotations #6753

Merged
merged 12 commits into from
Dec 11, 2024
Merged

feat: convert BackendTLSPolicies into service annotations #6753

merged 12 commits into from
Dec 11, 2024
+1,195 −249

Conversation

mlavacca
Copy link
Member

@mlavacca mlavacca commented Dec 2, 2024
edited by pmalek
Loading

What this PR does / why we need it:

This PR completes the logic needed to implement BackendTLSPolicy. The following 3 main parts have been implemented:

  • completed the BackendTLSPolicy controller by validating the policy and setting the Accepted condition accordingly.
  • completed the dataplane part, where all the BackendTLSPolicy features have been converted into the proper set of service annotations.
  • implemented the configMap controller, as the CACertificates referenced by the policies need to be set in configMaps by the specification.

Which issue this PR fixes:

Part of #6631

Special notes for your reviewer:

Integration and env tests are still missing as the PR size is already big enough. The next PR will be the last one, where I'll implement such tests and close #6631.

PR Readiness Checklist:

Complete these before marking the PR as ready to review:

  • the CHANGELOG.md release notes have been updated to reflect any significant (and particularly user-facing) changes introduced by this PR

@mlavacca mlavacca force-pushed the backendtlspolicy-customize-services branch from 03b4d14 to 9d8d427 Compare December 2, 2024 17:06
@mlavacca mlavacca changed the title feat: convert BackendTLSPolicies into service anns feat: convert BackendTLSPolicies into service annotations Dec 2, 2024
@codecov Codecov
Copy link

codecov bot commented Dec 2, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 46.30435% with 247 lines in your changes missing coverage. Please review.

Project coverage is 77.3%. Comparing base (63de014) to head (7736a59).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
internal/dataplane/translator/ingressrules.go 20.0% 54 Missing and 2 partials ⚠️
.../controllers/configuration/configmap_controller.go 35.0% 45 Missing and 5 partials ⚠️
...rnal/controllers/gateway/backendtlspolicy_utils.go 51.8% 36 Missing and 2 partials ⚠️
internal/controllers/reference/reference.go 46.1% 25 Missing and 3 partials ⚠️
internal/store/store.go 39.1% 25 Missing and 3 partials ⚠️
...controllers/gateway/backendtlspolicy_controller.go 11.1% 24 Missing ⚠️
internal/annotations/annotations.go 34.7% 15 Missing ⚠️
internal/store/fake_store.go 42.8% 3 Missing and 1 partial ⚠️
internal/dataplane/translator/translate_cacerts.go 91.1% 2 Missing and 1 partial ⚠️
internal/controllers/gateway/gateway_controller.go 87.5% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@           Coverage Diff            @@
##            main   #6753      +/-   ##
========================================
+ Coverage   53.7%   77.3%   +23.5%     
========================================
  Files        207     209       +2     
  Lines      24777   25149     +372     
========================================
+ Hits       13320   19448    +6128     
+ Misses     10349    4708    -5641     
+ Partials    1108     993     -115

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@pull-request-size pull-request-size bot added size/L and removed size/M labels Dec 5, 2024
@mlavacca mlavacca force-pushed the backendtlspolicy-customize-services branch from 250d107 to 343d922 Compare December 5, 2024 10:59
@pull-request-size pull-request-size bot added size/XL and removed size/L labels Dec 5, 2024
@mlavacca mlavacca force-pushed the backendtlspolicy-customize-services branch from c74c408 to 7800ee4 Compare December 5, 2024 11:23
@mlavacca mlavacca force-pushed the backendtlspolicy-customize-services branch 7 times, most recently from de488b5 to c095f6b Compare December 6, 2024 15:51
@mlavacca mlavacca marked this pull request as ready for review December 6, 2024 16:26
@mlavacca mlavacca requested a review from a team as a code owner December 6, 2024 16:26
@mlavacca
Copy link
Member Author

mlavacca commented Dec 6, 2024
edited
Loading

Note for the reviewers: take a look at the PR description where I've put some notes about what has been implemented and what's still missing.

@mlavacca mlavacca force-pushed the backendtlspolicy-customize-services branch from 7453d19 to ef08584 Compare December 9, 2024 11:32
@mlavacca mlavacca mentioned this pull request Dec 9, 2024
Draft
1 task
@mlavacca mlavacca force-pushed the backendtlspolicy-customize-services branch from 8e87773 to ecd4668 Compare December 10, 2024 11:43
programmer04
programmer04 reviewed Dec 10, 2024
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
CHANGELOG.md Show resolved Hide resolved
internal/controllers/gateway/backendtlspolicy_utils.go Outdated Show resolved Hide resolved
internal/controllers/gateway/backendtlspolicy_utils.go Outdated Show resolved Hide resolved
internal/controllers/reference/reference.go Outdated Show resolved Hide resolved
internal/dataplane/translator/translate_cacerts.go Outdated Show resolved Hide resolved
internal/dataplane/translator/translate_cacerts.go Outdated Show resolved Hide resolved
internal/store/fake_store.go Outdated Show resolved Hide resolved
internal/store/store.go Outdated Show resolved Hide resolved
internal/store/store.go Outdated Show resolved Hide resolved
pmalek
pmalek reviewed Dec 10, 2024
View reviewed changes
internal/annotations/annotations.go Outdated Show resolved Hide resolved
internal/annotations/annotations.go Outdated Show resolved Hide resolved
internal/annotations/annotations.go Outdated Show resolved Hide resolved
examples/ingress-upstream-tls.yaml Outdated Show resolved Hide resolved
internal/annotations/annotations.go Outdated Show resolved Hide resolved
internal/controllers/reference/reference.go Outdated Show resolved Hide resolved
internal/dataplane/translator/ingressrules.go Outdated Show resolved Hide resolved
internal/controllers/reference/reference.go Outdated Show resolved Hide resolved
@mlavacca mlavacca force-pushed the backendtlspolicy-customize-services branch 2 times, most recently from 1a741dc to dccbddf Compare December 10, 2024 16:30
@mlavacca mlavacca force-pushed the backendtlspolicy-customize-services branch 3 times, most recently from 1a392ac to de81f12 Compare December 10, 2024 16:41
pmalek
pmalek reviewed Dec 10, 2024
View reviewed changes
CHANGELOG.md Show resolved Hide resolved
docs/cli-arguments.md Outdated Show resolved Hide resolved
@pmalek pmalek added this to the KIC v3.4.x milestone Dec 10, 2024
pmalek
pmalek reviewed Dec 10, 2024
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
internal/controllers/configuration/object_references.go Outdated Show resolved Hide resolved
internal/controllers/gateway/backendtlspolicy_controller.go Outdated Show resolved Hide resolved
internal/controllers/gateway/gateway_controller.go Outdated Show resolved Hide resolved
internal/controllers/reference/reference.go Outdated Show resolved Hide resolved
internal/controllers/reference/reference.go Outdated Show resolved Hide resolved
pmalek
pmalek previously approved these changes Dec 10, 2024
View reviewed changes
@pmalek pmalek force-pushed the backendtlspolicy-customize-services branch from cc5ad38 to 08ed9fb Compare December 11, 2024 09:47
mlavacca and others added 12 commits December 11, 2024 10:55
@mlavacca @pmalek
feat: convert BackendTLSPolicies into service anns
acc7222 
All the BackendTLSPolicies are converted into a set of annotations that
are already supported by KIC.

Signed-off-by: Mattia Lavacca <[email protected]>
@mlavacca @pmalek
chore: CHANGELOG entry added
83777fc 
Signed-off-by: Mattia Lavacca <[email protected]>
@mlavacca @pmalek
address review comments
b05241b 
Signed-off-by: Mattia Lavacca <[email protected]>
@mlavacca @programmer04 @pmalek
Apply suggestions from code review
ecc2cc1 
Co-authored-by: Jakub Warczarek <[email protected]>
Co-authored-by: Patryk Małek <[email protected]>
@mlavacca @programmer04 @pmalek
Update internal/controllers/reference/reference.go
fc9bb5b 
Co-authored-by: Jakub Warczarek <[email protected]>
@mlavacca @pmalek
address reviews comments
f52fa34 
Signed-off-by: Mattia Lavacca <[email protected]>
@mlavacca @pmalek
add secret-label-selector
ff5296f 
Signed-off-by: Mattia Lavacca <[email protected]>
@mlavacca @pmalek
refactor getCACerts
2e97a1b 
Signed-off-by: Mattia Lavacca <[email protected]>
@mlavacca @pmalek
make lint
4939430 
Signed-off-by: Mattia Lavacca <[email protected]>
@mlavacca @pmalek
refactor UpdateReferencesToSecret and removeOutdatedReferencesToSecret
8beda63 
Signed-off-by: Mattia Lavacca <[email protected]>
@mlavacca @pmalek
add default for --configmap-label-selector
37cb2ef 
Signed-off-by: Mattia Lavacca <[email protected]>
@pmalek
Apply suggestions from code review
7736a59
@pmalek pmalek force-pushed the backendtlspolicy-customize-services branch from 08ed9fb to 7736a59 Compare December 11, 2024 09:56
@pmalek pmalek merged commit 4d17710 into main Dec 11, 2024
41 checks passed
@pmalek pmalek deleted the backendtlspolicy-customize-services branch December 11, 2024 10:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pmalek pmalek pmalek approved these changes

@randmonkey randmonkey Awaiting requested review from randmonkey

@programmer04 programmer04 Awaiting requested review from programmer04

Assignees

@mlavacca mlavacca

Labels
size/XXL
Projects
None yet
Milestone
KIC v3.4.x
Development

Successfully merging this pull request may close these issues.

Support attaching BackendTLSPolicy to Gateway API Services
4 participants
@mlavacca @pmalek @programmer04 @randmonkey