V2 MeshConfig Controller and TrafficPermissions CRD #2967
Conversation
thisisnotashwin
force-pushed
the
ashwin/NET-5317-v2-config-controller
branch
2 times, most recently
from
3c604a4 to
a1de453
Compare
There was a problem hiding this comment.
Looking awesome, @thisisnotashwin ! Left some comments as I was reading through it.
control-plane/config-entries/controllersv2/configentry_controller.go
Outdated
Show resolved
Hide resolved
control-plane/config-entries/controllersv2/configentry_controller.go
Outdated
Show resolved
Hide resolved
control-plane/config-entries/controllersv2/configentry_controller.go
Outdated
Show resolved
Hide resolved
thisisnotashwin
force-pushed
the
ashwin/NET-5317-v2-config-controller
branch
2 times, most recently
from
cb319c7 to
a8bf220
Compare
DanStough
force-pushed
the
ashwin/NET-5317-v2-config-controller
branch
from
f8eb943 to
bc68ecb
Compare
DanStough
changed the title
DanStough
added
pr/no-changelog
| // ConsulTenancyConfig manages settings related to Consul namespaces and partitions. | ||
| type ConsulTenancyConfig struct { | ||
| // EnableConsulPartitions indicates that a user is running Consul Enterprise. | ||
| EnableConsulPartitions bool | ||
| // ConsulPartition is the Consul Partition to which this controller belongs. | ||
| ConsulPartition string | ||
| // EnableConsulNamespaces indicates that a user is running Consul Enterprise. | ||
| EnableConsulNamespaces bool | ||
| // ConsulDestinationNamespace is the name of the Consul namespace to create | ||
| // all resources in. If EnableNSMirroring is true this is ignored. | ||
| ConsulDestinationNamespace string | ||
| // EnableNSMirroring causes Consul namespaces to be created to match the | ||
| // k8s namespace of any config entry custom resource. Resources will | ||
| // be created in the matching Consul namespace. | ||
| EnableNSMirroring bool | ||
| // NSMirroringPrefix is an optional prefix that can be added to the Consul | ||
| // namespaces created while mirroring. For example, if it is set to "k8s-", | ||
| // then the k8s `default` namespace will be mirrored in Consul's | ||
| // `k8s-default` namespace. | ||
| NSMirroringPrefix string | ||
| } |
There was a problem hiding this comment.
Refactored here since this is shared by both the connect and config controllers.
control-plane/config-entries/controllersv2/meshconfig_controller.go
Outdated
Show resolved
Hide resolved
| cases := []struct { | ||
| name string | ||
| meshConfig common.MeshConfig | ||
| expected *pbauth.TrafficPermissions |
There was a problem hiding this comment.
I realize these tests are suppose to be generic, but in the interest of time, I just hardcoded the TrafficPermissions structs in several places. I suspect they will get refactored shortly at the expense of some boilerplate to convert to a pbresource.Resource.
There was a problem hiding this comment.
Had a little time this evening and started reviewing, so I thought I'd leave my half review-- I got through the _types.go and _types_test.go and all the generated files and renames and the refactor, but didn't make it to the controller itself for a thorough review in case someone is reviewing in the east coast AM!
| @@ -1,21 +1,18 @@ | |||
| {{- if .Values.connectInject.enabled }} | |||
| # Copyright (c) HashiCorp, Inc. | |||
| # SPDX-License-Identifier: MPL-2.0 | |||
|
|
|||
There was a problem hiding this comment.
Do we want to bring back the license headers? Probably the generation script blew them away.
control-plane/PROJECT
Outdated
| group: auth | ||
| kind: TrafficPermissions | ||
| path: github.com/hashicorp/consul-k8s/control-plane/api/v2alpha1 | ||
| version: v2alpha1 |
There was a problem hiding this comment.
nit: looks like Iryna updated versions in core to v2beta1 rather than alpha so we should match
|
|
||
| TheirName string | ||
| TheirConsulNamespace string | ||
| TheirConsulPartition string |
There was a problem hiding this comment.
Wow, thanks for adding ent here, I don't think the other config entries had ent tests like this. So thorough!!
| @@ -0,0 +1,11 @@ | |||
| # Copyright (c) HashiCorp, Inc. | |||
There was a problem hiding this comment.
We usually delete the patches folder in config/crd
| @@ -0,0 +1,27 @@ | |||
| # Copyright (c) HashiCorp, Inc. | |||
There was a problem hiding this comment.
We usually delete this since it's a sample
| @@ -0,0 +1,23 @@ | |||
| # Copyright (c) HashiCorp, Inc. | |||
| # SPDX-License-Identifier: MPL-2.0 | |||
|
|
|||
There was a problem hiding this comment.
We usually delete since its a sample
| @@ -0,0 +1,14 @@ | |||
| # Copyright (c) HashiCorp, Inc. | |||
| # SPDX-License-Identifier: MPL-2.0 | |||
|
|
|||
There was a problem hiding this comment.
usually delete this since it's a sample
| @@ -113,7 +114,7 @@ func TestReconcile_CreateService(t *testing.T) { | |||
| // } | |||
| // return []runtime.Object{endpoints, service} | |||
| // }, | |||
| // expectedResource: &pbresource.Resource{ | |||
| // expectedResource: &pbresource.MeshConfig{ | |||
There was a problem hiding this comment.
I think this is not meant to be MeshConfig here since I see a Service below?
thisisnotashwin
force-pushed
the
ashwin/NET-5317-v2-config-controller
branch
from
43632ab to
72e3d0f
Compare
| - apiGroups: | ||
| - auth.consul.hashicorp.com | ||
| apiVersions: | ||
| - v2alpha1 |
There was a problem hiding this comment.
🚗 this should be v2beta1 once hashicorp/consul#18930 is merged
There was a problem hiding this comment.
yup!! i have incorporated those changes into this PR to ease the eventual rebase
| - v1 | ||
| clientConfig: | ||
| service: | ||
| name: {{ template "consul.fullname" . }}-connect-injector |
There was a problem hiding this comment.
nit: maybe we can call this mesh-injector? im OK moving away from the injector verbiage altogether but WDYT?
| - apiGroups: | ||
| - auth.consul.hashicorp.com | ||
| apiVersions: | ||
| - v2alpha1 |
There was a problem hiding this comment.
yup!! i have incorporated those changes into this PR to ease the eventual rebase
thisisnotashwin
force-pushed
the
ashwin/NET-5317-v2-config-controller
branch
from
6e6d74f to
37309df
Compare
Changes proposed in this PR:
Things that need to be done in a future PR:
How I've tested this PR:
How I expect reviewers to test this PR: ☕ ☕ ☕ ☕ ☕ ☕ 👓
Checklist:
CHANGELOG entry added