-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create istio exclusion for CSI Driver in case of codeModules or public registry #3343
Closed
Closed
Changes from 16 commits
Commits
Show all changes
22 commits
Select commit
Hold shift + click to select a range
f9d2522
Create istio exclusion for CSI Driver in case of codeModules or publi…
waodim a4ea79f
Merge branch 'main' into feature/csi-istio-exclusion
waodim c5f59e5
Remove unnecessary check and complete mock interface
waodim 9a2ba7b
Merge branch 'feature/csi-istio-exclusion' of github.com:Dynatrace/dy…
waodim 8bd069e
Fix linting
waodim b5566bd
Move istio reconciliation and use CodeModulesImage()
waodim 8d971bd
Fix linting by removing cyclomatic complexity
waodim c92b4c3
Use url library to properly parse url
waodim 8075a65
Add unit tests for parseCodeModuleUrl
waodim eeb60eb
Move csi istio reconciliation to already present istio check
waodim 1564bbe
Fix linting
waodim 81d0714
Update pkg/controllers/dynakube/istio/config.go
waodim 0105021
Fix linting
waodim fdc1c92
Move CSI Driver reconciliation into comm hosts reconciliation
waodim a7c72c4
Update pkg/controllers/dynakube/istio/reconciler_test.go
waodim 619e50a
Extend tests and apply feedback from review
waodim ea80b58
Set docker.io as default host for image url
waodim 379c22d
Fix docker host
waodim ad97487
Merge branch 'main' into feature/csi-istio-exclusion
waodim d23af95
Fix handling of docker case
waodim 9cd9a5d
Fix linting
waodim 6bfb710
Further linting fix
waodim File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there is a special case that was missed:
codeModulesImage: dynatrace/dynatrace-codemodules:1.283.139.20240209-194956
the resulting
ServiceEntry
:which doesn't help the CSI-driver:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how to figure out if the URL is incomplete because its referencing a dockerhub image?
I have no clue really 😬
How the image library does it: https://github.com/google/go-containerregistry/blob/main/pkg/name/repository.go#L80-L87
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
very nice catch, did not consider it. I will have a look 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did it now that way, this ONLY covers docker so I am not sure if we should go for it, pls let me know.
ea80b58
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
still doesn't work: 😢 (probably need
index.docker.io
)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After configuring my istio as you suggested:
istioctl install --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY
I can confirm that the csi driver is injected with the istio containers.
dynatrace-oneagent-csi-driver-5htgs 5/5 Running 0 5m55s
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you are going to love this (IMO, I don't even want to do anything like this, because this shows how unpredictable this whole scenario is)
It still does not work:
so just add
auth.docker.io
, right?nope, then you will get:
so you have to add
production.cloudflare.docker.com
as wellSidenote:
*.docker.io
or*.docker.com
is not that simple (you have to mess with the DNS within your application if I understand it correctly)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done in d23af95 although i do not like this solution at all tbh. Seems to constructed for this case...