Skip to content

Commit

Permalink
Introduce Mesh resource (#513)
Browse files Browse the repository at this point in the history
  • Loading branch information
Ashwin Venkatesh authored May 6, 2021
1 parent f850545 commit 91a170d
Show file tree
Hide file tree
Showing 17 changed files with 967 additions and 5 deletions.
4 changes: 2 additions & 2 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ executors:
- image: docker.mirror.hashicorp.services/circleci/golang:1.14
environment:
TEST_RESULTS: /tmp/test-results # path to where test results are saved
CONSUL_VERSION: 1.10.0-beta1 # Consul's OSS version to use in tests
CONSUL_ENT_VERSION: 1.10.0+ent-beta1 # Consul's enterprise version to use in tests
CONSUL_VERSION: 1.10.0-beta2 # Consul's OSS version to use in tests
CONSUL_ENT_VERSION: 1.10.0+ent-beta2 # Consul's enterprise version to use in tests

jobs:
go-fmt-and-vet:
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ IMPROVEMENTS:
using this CRD but via annotations. [[GH-502](https://github.com/hashicorp/consul-k8s/pull/502)], [[GH-485](https://github.com/hashicorp/consul-k8s/pull/485)]
* CRDs: Update ProxyDefaults with Mode and TransparentProxy fields. Note: Mode and TransparentProxy should not be set
using the CRD but via annotations. [[GH-505](https://github.com/hashicorp/consul-k8s/pull/505)], [[GH-485](https://github.com/hashicorp/consul-k8s/pull/485)]
* CRDs: Add CRD for MeshConfigEntry. Supported in Consul 1.10+ [[GH-513](https://github.com/hashicorp/consul-k8s/pull/513)]
* Connect: No longer set multiple tagged addresses in Consul when k8s service has multiple ports and Transparent Proxy is enabled.
[[GH-511](https://github.com/hashicorp/consul-k8s/pull/511)]
* Connect: Allow exclusion of inbound ports, outbound ports and CIDRs, and additional user IDs when
Expand Down
1 change: 1 addition & 0 deletions api/common/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ const (
TerminatingGateway string = "terminatinggateway"

Global string = "global"
Mesh string = "mesh"
DefaultConsulNamespace string = "default"
WildcardNamespace string = "*"

Expand Down
163 changes: 163 additions & 0 deletions api/v1alpha1/mesh_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,163 @@
package v1alpha1

import (
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
"github.com/hashicorp/consul-k8s/api/common"
capi "github.com/hashicorp/consul/api"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

const (
MeshKubeKind = "mesh"
)

func init() {
SchemeBuilder.Register(&Mesh{}, &MeshList{})
}

//+kubebuilder:object:root=true
//+kubebuilder:subresource:status

// Mesh is the Schema for the mesh API
// +kubebuilder:printcolumn:name="Synced",type="string",JSONPath=".status.conditions[?(@.type==\"Synced\")].status",description="The sync status of the resource with Consul"
// +kubebuilder:printcolumn:name="Last Synced",type="date",JSONPath=".status.lastSyncedTime",description="The last successful synced time of the resource with Consul"
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="The age of the resource"
type Mesh struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec MeshSpec `json:"spec,omitempty"`
Status `json:"status,omitempty"`
}

//+kubebuilder:object:root=true

// MeshList contains a list of Mesh
type MeshList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Mesh `json:"items"`
}

// MeshSpec defines the desired state of Mesh
type MeshSpec struct {
TransparentProxy TransparentProxyMeshConfig `json:"transparentProxy,omitempty"`
}

// TransparentProxyMeshConfig controls configuration specific to proxies in "transparent" mode. Added in v1.10.0.
type TransparentProxyMeshConfig struct {
// CatalogDestinationsOnly determines whether sidecar proxies operating in "transparent" mode can proxy traffic
// to IP addresses not registered in Consul's catalog. If enabled, traffic will only be proxied to upstreams
// with service registrations in the catalog.
CatalogDestinationsOnly bool `json:"catalogDestinationsOnly,omitempty"`
}

func (in *TransparentProxyMeshConfig) toConsul() capi.TransparentProxyMeshConfig {
return capi.TransparentProxyMeshConfig{CatalogDestinationsOnly: in.CatalogDestinationsOnly}
}

func (in *Mesh) GetObjectMeta() metav1.ObjectMeta {
return in.ObjectMeta
}

func (in *Mesh) AddFinalizer(name string) {
in.ObjectMeta.Finalizers = append(in.Finalizers(), name)
}

func (in *Mesh) RemoveFinalizer(name string) {
var newFinalizers []string
for _, oldF := range in.Finalizers() {
if oldF != name {
newFinalizers = append(newFinalizers, oldF)
}
}
in.ObjectMeta.Finalizers = newFinalizers

}

func (in *Mesh) Finalizers() []string {
return in.ObjectMeta.Finalizers
}

func (in *Mesh) ConsulKind() string {
return capi.MeshConfig
}

func (in *Mesh) ConsulMirroringNS() string {
return common.DefaultConsulNamespace
}

func (in *Mesh) KubeKind() string {
return MeshKubeKind
}

func (in *Mesh) SyncedCondition() (status corev1.ConditionStatus, reason, message string) {
cond := in.Status.GetCondition(ConditionSynced)
if cond == nil {
return corev1.ConditionUnknown, "", ""
}
return cond.Status, cond.Reason, cond.Message
}

func (in *Mesh) SyncedConditionStatus() corev1.ConditionStatus {
cond := in.Status.GetCondition(ConditionSynced)
if cond == nil {
return corev1.ConditionUnknown
}
return cond.Status
}

func (in *Mesh) ConsulName() string {
return in.ObjectMeta.Name
}

func (in *Mesh) ConsulGlobalResource() bool {
return true
}

func (in *Mesh) KubernetesName() string {
return in.ObjectMeta.Name
}

func (in *Mesh) SetSyncedCondition(status corev1.ConditionStatus, reason string, message string) {
in.Status.Conditions = Conditions{
{
Type: ConditionSynced,
Status: status,
LastTransitionTime: metav1.Now(),
Reason: reason,
Message: message,
},
}
}

func (in *Mesh) SetLastSyncedTime(time *metav1.Time) {
in.Status.LastSyncedTime = time
}

func (in *Mesh) ToConsul(datacenter string) capi.ConfigEntry {
return &capi.MeshConfigEntry{
TransparentProxy: in.Spec.TransparentProxy.toConsul(),
Meta: meta(datacenter),
}
}

func (in *Mesh) MatchesConsul(candidate capi.ConfigEntry) bool {
configEntry, ok := candidate.(*capi.MeshConfigEntry)
if !ok {
return false
}
// No datacenter is passed to ToConsul as we ignore the Meta field when checking for equality.
return cmp.Equal(in.ToConsul(""), configEntry, cmpopts.IgnoreFields(capi.MeshConfigEntry{}, "Namespace", "Meta", "ModifyIndex", "CreateIndex"), cmpopts.IgnoreUnexported(), cmpopts.EquateEmpty())
}

func (in *Mesh) Validate(_ bool) error {
return nil
}

// DefaultNamespaceFields has no behaviour here as meshes have no namespace specific fields.
func (in *Mesh) DefaultNamespaceFields(_ bool, _ string, _ bool, _ string) {
return
}
Loading

0 comments on commit 91a170d

Please sign in to comment.