Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(kuma-cp): properly match policies to gateway when calling _rules endpoint #11504

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

fix(kuma-cp): properly match policies to gateway when calling _rules endpoint #11504

wants to merge 10 commits into from

Conversation

Automaat
Copy link
Contributor

@Automaat Automaat commented Sep 20, 2024
edited by lahabana
Loading

When we call inspect API _rules endpoint for MeshGateway resource, we create fake dpp without meta that is only used to pick proper gateway for matching. With this change, we are adding gateway meta to it, and we are filtering gateways by zone to pick only gateways from the same zone. Moreover, we are now matching policies by zone not only for dpp but also for MeshGateway

Fixes: #11455

Checklist prior to review

  • Link to relevant issue as well as docs and UI issues --
  • This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as a image registry) and it will work on Windows, system specific functions like syscall.Mkfifo have equivalent implementation on the other OS --
  • Tests (Unit test, E2E tests, manual test on universal and k8s) --
    • Don't forget ci/ labels to run additional/fewer tests
  • Do you need to update UPGRADE.md? --
  • Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label) --

@Automaat Automaat requested a review from a team as a code owner September 20, 2024 13:23
@Automaat Automaat requested review from michaelbeaumont and lobkovilya and removed request for a team September 20, 2024 13:23
@Automaat
Copy link
Contributor Author

Automaat commented Sep 20, 2024
edited
Loading

I think there might be a bigger issue here. When we are selecting gateway we are looking only at selector, and when we run this on global we ignore the fact that we could have synced gateways from different zones with the same selector. I think that this only affects inspect api on global, but I am not sure

Edit: I've fixed this by adding gateway meta to fake dpp that we create and filtering gateways by this dpp zone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelbeaumont michaelbeaumont Awaiting requested review from michaelbeaumont michaelbeaumont is a code owner automatically assigned from kumahq/kuma-maintainers

@lobkovilya lobkovilya Awaiting requested review from lobkovilya lobkovilya is a code owner automatically assigned from kumahq/kuma-maintainers

@lahabana lahabana Awaiting requested review from lahabana

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

origins on gateway seems to not work well with multiple zones
2 participants
@Automaat @lahabana