Mergeback v1.1 rc2

docs/content/configuration.md

@@ -125,6 +125,9 @@ Other types of route groups and detailed information are available [in the speci
 
 By default, all traffic is denied so we need to grant access to clients to our application. This is done by defining a `TrafficTarget`.
 
+??? Note "TrafficTarget Source & Destination"
+    Please note that TrafficTarget is a namespaced resource. Therefore, the source and the destination namespace needs to be explicitly defined.
+
 ```yaml
 ---
 apiVersion: access.smi-spec.io/v1alpha1

docs/content/examples.md

@@ -242,3 +242,66 @@ User-Agent: curl/7.64.0
 Accept: */*
 X-Forwarded-For: 3.4.5.6
 ```
+
+## SMI Example
+
+In order to expose the HTTP Services from above with SMI enabled, please create the following resources:
+
+```yaml
+---
+apiVersion: specs.smi-spec.io/v1alpha1
+kind: HTTPRouteGroup
+metadata:
+  name: http-everything
+  namespace: whoami
+matches:
+- name: everything
+  pathRegex: ".*"
+  methods: ["*"]
+---
+kind: TrafficTarget
+apiVersion: access.smi-spec.io/v1alpha1
+metadata:
+  name: whatever
+  namespace: whoami
+destination:
+  kind: ServiceAccount
+  name: whoami-server
+  namespace: whoami
+  port: "80"
+specs:
+- kind: HTTPRouteGroup
+  name: http-everything
+  matches:
+  - everything
+sources:
+- kind: ServiceAccount
+  name: whoami-client
+  namespace: whoami
+```
+
+For TCP mode, you only need a TCPRoute and a TrafficTarget:
+
+```yaml
+kind: TrafficTarget
+apiVersion: access.smi-spec.io/v1alpha1
+metadata:
+  name: api-service-target
+  namespace: default
+destination:
+  kind: ServiceAccount
+  name: api-service
+  namespace: default
+specs:
+- kind: TCPRoute
+  name: my-tcp-route
+sources:
+- kind: ServiceAccount
+  name: my-other-service
+  namespace: default
+---
+apiVersion: specs.smi-spec.io/v1alpha1
+kind: TCPRoute
+metadata:
+  name: my-tcp-route
+```

helm/chart/maesh/Chart.yaml

@@ -1,8 +1,8 @@
 ---
 apiVersion: v2
 name: maesh
-version: 1.1.0-rc1
-appVersion: v1.1.0-rc1
+version: 1.1.0-rc2
+appVersion: v1.1.0-rc2
 description: Maesh - Simpler Service Mesh
 keywords:
 - traefik

integration/resources/smi/access-control.json

@@ -9,7 +9,7 @@
                     "a-b-test-b-test-80-a-b-test-e0425d13b2a322ad-whitelist"
                 ],
                 "service": "b-test-80-a-b-test-e0425d13b2a322ad",
-                "rule": "(PathPrefix(`/foo`) \u0026\u0026 (Host(`b.test.maesh`) || Host(`10.43.233.50`)))"
+                "rule": "(PathPrefix(`/{path:foo}`) \u0026\u0026 (Host(`b.test.maesh`) || Host(`10.43.233.50`)))"
             },
             "b-test-80-c-b-test-643c7128c8514ba9": {
                 "entryPoints": [
@@ -19,7 +19,7 @@
                     "c-b-test-b-test-80-c-b-test-643c7128c8514ba9-whitelist"
                 ],
                 "service": "b-test-80-c-b-test-643c7128c8514ba9",
-                "rule": "(PathPrefix(`/foo`) \u0026\u0026 (Host(`b.test.maesh`) || Host(`10.43.233.50`)))"
+                "rule": "(PathPrefix(`/{path:foo}`) \u0026\u0026 (Host(`b.test.maesh`) || Host(`10.43.233.50`)))"
             },
             "d-test-80-c-d-test-2c7d96b07eb597fd": {
                 "entryPoints": [
@@ -29,7 +29,7 @@
                     "c-d-test-d-test-80-c-d-test-2c7d96b07eb597fd-whitelist"
                 ],
                 "service": "d-test-80-c-d-test-2c7d96b07eb597fd",
-                "rule": "(PathPrefix(`/bar`) \u0026\u0026 (Host(`d.test.maesh`) || Host(`10.43.86.23`)))"
+                "rule": "(PathPrefix(`/{path:bar}`) \u0026\u0026 (Host(`d.test.maesh`) || Host(`10.43.86.23`)))"
             },
             "readiness": {
                 "entryPoints": [

integration/resources/smi/traffic-split.json

@@ -9,7 +9,7 @@
                     "a-b-test-b-test-80-a-b-test-e0425d13b2a322ad-whitelist"
                 ],
                 "service": "b-test-80-a-b-test-e0425d13b2a322ad",
-                "rule": "(PathPrefix(`/foo`) \u0026\u0026 (Host(`b.test.maesh`) || Host(`XXXX`)))"
+                "rule": "(PathPrefix(`/{path:foo}`) \u0026\u0026 (Host(`b.test.maesh`) || Host(`XXXX`)))"
             },
             "b-v1-test-80-a-b-test-03b338bc8ba21fbc": {
                 "entryPoints": [
@@ -19,7 +19,7 @@
                     "a-b-test-b-v1-test-80-a-b-test-03b338bc8ba21fbc-whitelist"
                 ],
                 "service": "b-v1-test-80-a-b-test-03b338bc8ba21fbc",
-                "rule": "(PathPrefix(`/foo`) \u0026\u0026 (Host(`b-v1.test.maesh`) || Host(`XXXX`)))"
+                "rule": "(PathPrefix(`/{path:foo}`) \u0026\u0026 (Host(`b-v1.test.maesh`) || Host(`XXXX`)))"
             },
             "b-v2-test-80-a-b-test-c2918aa87de2f415": {
                 "entryPoints": [
@@ -29,7 +29,7 @@
                     "a-b-test-b-v2-test-80-a-b-test-c2918aa87de2f415-whitelist"
                 ],
                 "service": "b-v2-test-80-a-b-test-c2918aa87de2f415",
-                "rule": "(PathPrefix(`/foo`) \u0026\u0026 (Host(`b-v2.test.maesh`) || Host(`XXXX`)))"
+                "rule": "(PathPrefix(`/{path:foo}`) \u0026\u0026 (Host(`b-v2.test.maesh`) || Host(`XXXX`)))"
             },
             "b1-test-80-a-b-test-ce97b257f9b2710f": {
                 "entryPoints": [
@@ -39,7 +39,7 @@
                     "a-b-test-b1-test-80-a-b-test-ce97b257f9b2710f-whitelist"
                 ],
                 "service": "b1-test-80-a-b-test-ce97b257f9b2710f",
-                "rule": "(PathPrefix(`/foo`) \u0026\u0026 (Host(`b1.test.maesh`) || Host(`XXXX`)))"
+                "rule": "(PathPrefix(`/{path:foo}`) \u0026\u0026 (Host(`b1.test.maesh`) || Host(`XXXX`)))"
             },
             "b2-test-80-a-b-test-6485fb29d873a5c3": {
                 "entryPoints": [
@@ -49,7 +49,7 @@
                     "a-b-test-b2-test-80-a-b-test-6485fb29d873a5c3-whitelist"
                 ],
                 "service": "b2-test-80-a-b-test-6485fb29d873a5c3",
-                "rule": "(PathPrefix(`/foo`) \u0026\u0026 (Host(`b2.test.maesh`) || Host(`XXXX`)))"
+                "rule": "(PathPrefix(`/{path:foo}`) \u0026\u0026 (Host(`b2.test.maesh`) || Host(`XXXX`)))"
             },
             "readiness": {
                 "entryPoints": [

pkg/providers/kubernetes/fixtures/build_configuration_multiple_ports.yaml

@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foo
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: test
+  namespace: foo
+spec:
+  clusterIP: 10.1.0.1
+  selector:
+    app: test
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 80
+  - protocol: TCP
+    port: 443
+    targetPort: 443
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: test
+  namespace: foo
+subsets:
+- addresses:
+  - ip: 10.0.0.1
+  ports:
+  - port: 80
+- addresses:
+  - ip: 10.0.0.2
+  ports:
+  - port: 80
+- addresses:
+  - ip: 10.0.0.3
+  ports:
+  - port: 443
+- addresses:
+  - ip: 10.0.0.4
+  ports:
+  - port: 443
+

pkg/providers/kubernetes/fixtures/build_configuration_multiple_ports_tcp.yaml

@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foo
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: test
+  namespace: foo
+  annotations:
+    maesh.containo.us/traffic-type: tcp
+spec:
+  clusterIP: 10.1.0.1
+  selector:
+    app: test
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 80
+  - protocol: TCP
+    port: 443
+    targetPort: 443
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: test
+  namespace: foo
+subsets:
+- addresses:
+  - ip: 10.0.0.1
+  ports:
+  - port: 80
+- addresses:
+  - ip: 10.0.0.2
+  ports:
+  - port: 80
+- addresses:
+  - ip: 10.0.0.3
+  ports:
+  - port: 443
+- addresses:
+  - ip: 10.0.0.4
+  ports:
+  - port: 443
+