Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Envoy resource namespacing #26037

Merged
merged 6 commits into from
Jun 14, 2023
Merged

Envoy resource namespacing #26037

merged 6 commits into from
Jun 14, 2023

Conversation

jrajahalme
Copy link
Member

@jrajahalme jrajahalme commented Jun 8, 2023
edited by sayboras

Qualify cluster names that are not already qualified. This helps avoid
accidental resource name collision when multiple CiliumEnvoyConfigs are
defined.

@jrajahalme jrajahalme requested review from a team as code owners June 8, 2023 13:31
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 8, 2023
@jrajahalme jrajahalme marked this pull request as draft June 8, 2023 13:31
@jrajahalme jrajahalme added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Jun 8, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 8, 2023
@jrajahalme
Copy link
Member Author

/test

@jrajahalme jrajahalme force-pushed the envoy-resource-namespacing branch 6 times, most recently from f18a6dd to 8393312 Compare June 13, 2023 12:17
@jrajahalme
Copy link
Member Author

Dropped the secret original namespace commit from this PR as it was problematic. Will reintroduce it after this has merged.

@jrajahalme jrajahalme marked this pull request as ready for review June 13, 2023 12:18
@jrajahalme jrajahalme requested a review from a team as a code owner June 13, 2023 12:18
@jrajahalme jrajahalme self-assigned this Jun 13, 2023
@jrajahalme
Copy link
Member Author

jrajahalme commented Jun 13, 2023
edited by maintainer-s-little-helper bot

/test

Job 'Cilium-PR-K8s-1.26-kernel-net-next' hit: #25958 (88.26% similarity)

sayboras
sayboras approved these changes Jun 13, 2023
View reviewed changes
Copy link
Member

@sayboras sayboras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you update the commit message for the wip one?

The changes look good to me ✔️

@maintainer-s-little-helper maintainer-s-little-helper bot mentioned this pull request Jun 13, 2023
Closed
@jrajahalme
Copy link
Member Author

/test-1.26-net-next

@jrajahalme
Copy link
Member Author

/ci-ginkgo

@jrajahalme
k8s: Qualify explicit listener references
39ac188 
Parsed Envoy Listeners have qualified names, so explicit listener
references must also be qualified for name comparison to work.

Usually listener reference is implicit (== first listener in the
CiliumEnvoyConfig) so this bug was not hit in practice.

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme
api: Make ResourceQualifiedName compatible with already qualified names
8bb8bfb 
Make ResourceQualifiedName gracefully return the given resource name, if
it is already qualified, or if it is empty. Optionally also qualify
resource names with a different namespace as a prefix to force
namespacing where applicable.

Passing through empty resource names without qualifying them is important
so that a potentially invalid envoy config, where a required name is
missing, remains invalid also after qualifying resource names.

Currently, a CiliumEnvoyConfig may use backendServices in a different
namespace, so resource namespacing can not be encorced on the referred
backend services.

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme
envoy: Qualify cluster, route config names
c7d7a96 
Qualify cluster names that are not already qualified. This helps avoid
accidental resource name collision when multiple CiliumEnvoyConfigs are
defined.

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme
envoy: Validate listener after parsing
7fb2b2b 
Validate also Listener resources after parsing them from
CiliumEnvoyConfig.

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme
envoy: Qualify Secret names
a6b1f77 
Qualify Envoy Secret resource names and references with the namespace and
CEC name when not already namespaced. This helps prevent accidental
Secret resource name collisions between different CEC/CCEC resources when
they use the same (unqualified) name locally.

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme
ingress: Let Cilium agent fill in the XDS reference
7476b65 
'SetNodeOnFirstMessageOnly: true' was missing from the XDS reference used
for secrets, which causes larger than necessary XDS messages.

Let Cilium agent fill in the XDS reference instead.

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
@jrajahalme
Copy link
Member Author

/test

@jrajahalme jrajahalme added kind/feature This introduces new functionality. release-blocker/1.14 This issue will prevent the release of the next version of Cilium. needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch affects/v1.13 This issue affects v1.13 branch kind/bug This is a bug in the Cilium logic. release-note/bug This PR fixes an issue in a previous release of Cilium. affects/v1.14 This issue affects v1.14 branch and removed release-blocker/1.14 This issue will prevent the release of the next version of Cilium. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. kind/feature This introduces new functionality. labels Jun 14, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 14, 2023
@sayboras sayboras merged commit 87ac446 into cilium:main Jun 14, 2023
65 checks passed
@nbusseneau nbusseneau mentioned this pull request Jun 22, 2023
Merged
19 tasks
@nbusseneau nbusseneau added backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels Jun 22, 2023
@tklauser tklauser added backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. and removed backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. labels Jun 29, 2023
@gentoo-root gentoo-root mentioned this pull request Jul 26, 2023
Merged
@jrajahalme jrajahalme mentioned this pull request Nov 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nathanjsweet nathanjsweet nathanjsweet approved these changes

@sayboras sayboras sayboras approved these changes

Assignees

@jrajahalme jrajahalme

Labels
affects/v1.13 This issue affects v1.13 branch affects/v1.14 This issue affects v1.14 branch backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. kind/bug This is a bug in the Cilium logic. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@jrajahalme @nathanjsweet @sayboras @tklauser @nbusseneau