-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Egress via Ingress VirtualServer Resource #3491
Egress via Ingress VirtualServer Resource #3491
Conversation
@nginxinc/service-mesh Looking for a review from someone on our team also. I can't add us as reviewers, so just adding a comment tagging our team. |
c64939f
to
570c589
Compare
Codecov Report
@@ Coverage Diff @@
## main #3491 +/- ##
==========================================
+ Coverage 52.34% 52.36% +0.01%
==========================================
Files 59 59
Lines 16880 16890 +10
==========================================
+ Hits 8836 8844 +8
- Misses 7747 7749 +2
Partials 297 297
... and 1 file with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
0f677bc
to
54e2ad0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, be sure to update commit messages and PR description with the new approach.
…resource - added internalRoute field to the virtualserver CRD - added templates for internal routes in virtualserver templates for n+ and oss - added unit test to validate virtualserver internal routes - added enableInternalRoutes boolean to virtualServerConfigurator type - updated virtualserver configuration items to include internRoute docs
9222a59
to
7d1ca30
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks so much @chase-kiefer ! Great work 😄
Head branch was pushed to by a user without write access
@chase-kiefer I think we need a couple of changes:
Also #3602 might remove the CLI arguments, so we might need to change the logic and look at the annotation instead... |
- Add warning to catch cases where a virtual server internal route should not be created - Switch variable names to match ingress naming scheme
* Add ability for nginx service mesh to egress through a virtualserver resource - added internalRoute field to the virtualserver CRD - added templates for internal routes in virtualserver templates for n+ and oss - added unit test to validate virtualserver internal routes - added enableInternalRoutes boolean to virtualServerConfigurator type - updated virtualserver configuration items to include internRoute docs * Add a description for the InternalRoute field in the VS CRD * Add test case for nsmEgress being true in TestIsTLSEnabled * Update the isTLSEnabled function for clarity * Reverse function params for isTLSEnabled * Add virtual server internal route validation and warning - Add warning to catch cases where a virtual server internal route should not be created - Switch variable names to match ingress naming scheme * Add refactored VS templates to avoid duplicate listen blocks * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Add conditional to prevent SpiffeClientCerts being set for internal routes * Fix unit tests --------- Co-authored-by: Ciara Stacke <18287516+ciarams87@users.noreply.github.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Tomás Ó hAodha <86358393+tomasohaodha@users.noreply.github.com> Co-authored-by: Venktesh Shivam Patel <ve.patel@f5.com> (cherry picked from commit 36ac2ef)
* Add ability for nginx service mesh to egress through a virtualserver resource - added internalRoute field to the virtualserver CRD - added templates for internal routes in virtualserver templates for n+ and oss - added unit test to validate virtualserver internal routes - added enableInternalRoutes boolean to virtualServerConfigurator type - updated virtualserver configuration items to include internRoute docs * Add a description for the InternalRoute field in the VS CRD * Add test case for nsmEgress being true in TestIsTLSEnabled * Update the isTLSEnabled function for clarity * Reverse function params for isTLSEnabled * Add virtual server internal route validation and warning - Add warning to catch cases where a virtual server internal route should not be created - Switch variable names to match ingress naming scheme * Add refactored VS templates to avoid duplicate listen blocks * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Add conditional to prevent SpiffeClientCerts being set for internal routes * Fix unit tests --------- Co-authored-by: Ciara Stacke <18287516+ciarams87@users.noreply.github.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Tomás Ó hAodha <86358393+tomasohaodha@users.noreply.github.com> Co-authored-by: Venktesh Shivam Patel <ve.patel@f5.com> (cherry picked from commit 36ac2ef) Co-authored-by: Chase Kiefer <112438922+chase-kiefer@users.noreply.github.com>
Proposed changes
NSM would like the ability to egress traffic through a KIC VirtualServer. This PR adds the functionality and templating necessary to configure a VS resource for NSM egress. It diverges from the pattern implemented for ingress by using a CRD field instead of an annotation.
Checklist
Before creating a PR, run through this checklist and mark each as complete.