Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(MeshLoadBalancingStrategy): only allow loadBalancer with MeshGateway and to.targetRef.kind: Mesh #11563

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
+61 −11
Open

fix(MeshLoadBalancingStrategy): only allow loadBalancer with MeshGateway and to.targetRef.kind: Mesh #11563

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
652739f
fix(MeshLoadBalancingStrategy): only allow MeshGateway and to.targetR…
michaelbeaumont Sep 25, 2024
2a0d70a
test(MeshLoadBalancingStrategy): add newly invalid case, adjust valid…
michaelbeaumont Sep 25, 2024
5027c67
test(e2e): fix MLBS in MGW test
michaelbeaumont Sep 26, 2024
77e1451
Merge remote-tracking branch 'upstream/master' into fix/mlbs-mgw-to-m…
michaelbeaumont Sep 26, 2024
6b58526
docs(UPGRADE.md): add note
michaelbeaumont Sep 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions UPGRADE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@ Policies targeting `spec.targetRef.kind: MeshGateway` can now only target `kind:
`to[].targetRef`. Previously MeshService, MeshExternalService, MeshMultiZoneService were allowed but the resulting configuration
was ambiguous and nondeterministic.

### MeshLoadBalancingStrategy

Policies targeting `spec.targetRef.kind: MeshGateway` and setting the `spec.loadBalancer` field can now only target `kind: Mesh` in
`to[].targetRef`. Previously MeshService, MeshExternalService, MeshMultiZoneService were allowed but the resulting configuration
was ambiguous and nondeterministic.

### MeshExternalService

#### Removal of unix sockets support
Expand Down
7 changes: 6 additions & 1 deletion pkg/core/resources/apis/mesh/validators.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ type ValidateSelectorsOpts struct {

type ValidateTargetRefOpts struct {
SupportedKinds []common_api.TargetRefKind
SupportedKindsError string
GatewayListenerTagsAllowed bool
// AllowedInvalidNames field allows to provide names that deviate from
// standard naming conventions in specific scenarios. I.e. normally,
Expand Down Expand Up @@ -357,7 +358,11 @@ func ValidateTargetRef(
return err
}
if !slices.Contains(opts.SupportedKinds, ref.Kind) {
err.AddViolation("kind", "value is not supported")
errMsg := "value is not supported"
if optsErr := opts.SupportedKindsError; optsErr != "" {
errMsg = optsErr
}
err.AddViolation("kind", errMsg)
return err
}

Expand Down
29 changes: 25 additions & 4 deletions pkg/plugins/policies/meshloadbalancingstrategy/api/v1alpha1/validator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,34 @@ func validateTo(topTargetRef common_api.TargetRef, to []To) validators.Validatio
var verr validators.ValidationError
for idx, toItem := range to {
path := validators.RootedAt("to").Index(idx)
verr.AddErrorAt(path.Field("targetRef"), mesh.ValidateTargetRef(toItem.TargetRef, &mesh.ValidateTargetRefOpts{
SupportedKinds: []common_api.TargetRefKind{
var supportedKinds []common_api.TargetRefKind
var supportedKindsError string
switch topTargetRef.Kind {
case common_api.MeshGateway:
if toItem.Default.LoadBalancer != nil {
supportedKindsError = fmt.Sprintf("value is not supported, only %s is allowed if loadBalancer is set", common_api.Mesh)
supportedKinds = []common_api.TargetRefKind{
common_api.Mesh,
}
} else {
supportedKinds = []common_api.TargetRefKind{
common_api.Mesh,
common_api.MeshService,
common_api.MeshMultiZoneService,
}
}
default:
supportedKinds = []common_api.TargetRefKind{
common_api.Mesh,
common_api.MeshService,
common_api.MeshMultiZoneService,
},
}))
}
}
errs := mesh.ValidateTargetRef(toItem.TargetRef, &mesh.ValidateTargetRefOpts{
SupportedKinds: supportedKinds,
SupportedKindsError: supportedKindsError,
})
verr.AddErrorAt(path.Field("targetRef"), errs)
if toItem.TargetRef.Kind == common_api.MeshExternalService && topTargetRef.Kind != common_api.Mesh {
verr.AddViolationAt(path.Field("targetRef.kind"), "kind MeshExternalService is only allowed with targetRef.kind: Mesh as it is configured on the Zone Egress and shared by all clients in the mesh")
}
Expand Down
27 changes: 23 additions & 4 deletions pkg/plugins/policies/meshloadbalancingstrategy/api/v1alpha1/validator_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,29 @@ to:
- to:
type: AnyExcept

`),
ErrorCases(
"invalid MeshGateway and to MeshService",
[]validators.Violation{{
Field: "spec.to[0].targetRef.kind",
Message: "value is not supported, only Mesh is allowed if loadBalancer is set",
}},
`
type: MeshLoadBalancingStrategy
mesh: mesh-1
name: route-1
targetRef:
kind: MeshGateway
name: edge-gateway
to:
- targetRef:
kind: MeshService
name: svc-1
default:
loadBalancer:
type: LeastRequest
leastRequest:
activeRequestBias: "1.3"
`),
)

Expand Down Expand Up @@ -535,10 +558,6 @@ to:
default:
localityAwareness:
disabled: true
loadBalancer:
type: LeastRequest
leastRequest:
activeRequestBias: "1.3"
`),
XEntry(
"to MeshExternalService",
Expand Down
3 changes: 1 addition & 2 deletions test/e2e_env/kubernetes/gateway/gateway.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -548,8 +548,7 @@ spec:
name: simple-gateway
to:
- targetRef:
kind: MeshService
name: test-server-mlbs_%[2]s_svc_80
kind: Mesh
default:
loadBalancer:
type: RingHash
Expand Down
Loading