Provider agnostic gateway name/namespace #771

adam-cattermole · 2024-07-22T12:55:48Z

Changes

~~Builds on top of the authpolicy branch which should be merged first~~

Renamed the gateway we deploy to kuadrant-ingressgateway for both istio and envoygateway
Updated the namespace from istio-system/envoy-gateway-system to be gateway-system for both providers
Updated the docs that refer to the gateway to point to this single gateway

Open to suggestions for the naming above, happy to change.

These changes makes it so that a user can follow the user-guides directly without amendment regardless of which gateway api provider they provision with (make local-setup GATEWAYAPI_PROVIDER=istio/make local-setup GATEWAYAPI_PROVIDER=envoygateway)

codecov · 2024-07-22T12:58:38Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (envoygateway@9d29fcc). Learn more about missing BASE report.

Additional details and impacted files

@@               Coverage Diff               @@
##             envoygateway     #771   +/-   ##
===============================================
  Coverage                ?   81.96%           
===============================================
  Files                   ?       86           
  Lines                   ?     6638           
  Branches                ?        0           
===============================================
  Hits                    ?     5441           
  Misses                  ?      812           
  Partials                ?      385

Flag	Coverage Δ
bare-k8s-integration	`4.99% <ø> (?)`
controllers-integration	`73.57% <ø> (?)`
envoygateway-integration	`37.68% <ø> (?)`
gatewayapi-integration	`11.07% <ø> (?)`
istio-integration	`53.52% <ø> (?)`
unit	`29.46% <ø> (?)`

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
api/v1beta1 (u)	`71.42% <0.00%> (?)`
api/v1beta2 (u)	`85.35% <0.00%> (?)`
pkg/common (u)	`88.13% <0.00%> (?)`
pkg/istio (u)	`71.11% <0.00%> (?)`
pkg/log (u)	`94.73% <0.00%> (?)`
pkg/reconcilers (u)	`∅ <0.00%> (?)`
pkg/rlptools (u)	`84.27% <0.00%> (?)`
controllers (i)	`83.32% <0.00%> (?)`

eguzki · 2024-07-23T09:28:02Z

What about sticking to the gateway providers specific namespace names, i.e. istio-system and envoy-gateway-system and create a new namespace for the default ingress gateway in a provider agnostic namespacedname? Something like gateway-system/ingressgateway ?? I have the feeling that changing from istio-system to something else might raise issues

maleck13 · 2024-08-19T13:42:15Z

@adam-cattermole we keeping this PR?

adam-cattermole · 2024-08-19T13:46:32Z

@maleck13 Yep, it's just a little out of date as it's based on the envoy gateway authpolicy branch which is yet to be merged

Signed-off-by: Adam Cattermole <[email protected]>

eguzki

Sweet 🍻

* Provider agnostic gateway name/namespace Signed-off-by: Adam Cattermole <[email protected]> * Update docs gateway name/namespace Signed-off-by: Adam Cattermole <[email protected]> * Use istio/envoy-gateway for provider namespace Signed-off-by: Adam Cattermole <[email protected]> * Use EG_NAMESPACE when patching Signed-off-by: Adam Cattermole <[email protected]> --------- Signed-off-by: Adam Cattermole <[email protected]>

* envoygateway dev environment install (#678) * envoygateway dev environment install * egctl on detected os and arch * Makefile: pulling out os and arch Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * development environment: envoygateway v1.1.0 (#778) Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * Runtime istio updated to 1.20.8 (ossm 2.6) and Istio go dep to 1.22.3 (#785) * deployed istio updated to 1.20.8 (ossm 2.6) Golang istio.io/istio deps upgraded to 1.22.3 It is required because golang envoygateway 1.1 dep conflicts on github.com/envoyproxy/go-control-plane/envoy/extensions/injected_credentials/generic/v3 package istio.io/istio 1.20.0 requires a package from github.com/envoyproxy/go-control-plane in 0.12.0 that does not exist when github.com/envoyproxy/go-control-plane is upgraded to 0.12.1 due to envoygateway 1.1 Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * updated manifests --------- Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * Envoy Gateway AuthPolicy (#737) * Enable envoygateway integration tests Signed-off-by: Adam Cattermole <[email protected]> * Add egapiv1 to scheme Signed-off-by: Adam Cattermole <[email protected]> * Fix lint issues Signed-off-by: Adam Cattermole <[email protected]> * Add envoy SecurityPolicy controller Signed-off-by: Adam Cattermole <[email protected]> * Add envoy ReferenceGrant controller Signed-off-by: Adam Cattermole <[email protected]> * Update manifests and bundle Signed-off-by: Adam Cattermole <[email protected]> * Update envoy gatewayclass to match GATEWAYAPI_PROVIDER name Signed-off-by: Adam Cattermole <[email protected]> * Set gateway class in tests from provider Signed-off-by: Adam Cattermole <[email protected]> * Enable new controllers in integration tests Signed-off-by: Adam Cattermole <[email protected]> * Add policy target object tracking to topology index Signed-off-by: Adam Cattermole <[email protected]> * Add istio AuthorizationPolicy controller Signed-off-by: Adam Cattermole <[email protected]> * Prepare for envoygateway integration tests Signed-off-by: Adam Cattermole <[email protected]> * Generify for integration tests Signed-off-by: Adam Cattermole <[email protected]> * Add envoygateway auth integration tests Signed-off-by: Adam Cattermole <[email protected]> * Do not set GATEWAYAPI_PROVIDER for tests that do not use it Signed-off-by: Adam Cattermole <[email protected]> * Set owner references in new controllers Signed-off-by: Adam Cattermole <[email protected]> * Enable security policy deletion tests Signed-off-by: Adam Cattermole <[email protected]> * Shorten github workflow integration test names Signed-off-by: Adam Cattermole <[email protected]> * Refactor SecurityPolicy controller For Kuadrants Signed-off-by: Adam Cattermole <[email protected]> * Update deletion logic Signed-off-by: Adam Cattermole <[email protected]> * Use new PolicyType Signed-off-by: Adam Cattermole <[email protected]> * test: Explicitly set parentRef gateway namespace Signed-off-by: Adam Cattermole <[email protected]> --------- Signed-off-by: Adam Cattermole <[email protected]> * envoygateway kuadrant status controller check added (#847) Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * Envoygateway wasm controller (#848) * envoygateway controllers to setup wasm module Limitador cluster controller based on EnvoyPatchPolicy Wasm controller based on EnvoyExtensionPolicy Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * envoygateway: enable envoypatchpolicy Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * envoygateway: wasm module tests Signed-off-by: Eguzki Astiz Lezaun <[email protected]> --------- Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * fix lint issues Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * bundle/manifests/kuadrant-operator.clusterserviceversion.yaml: autogeneration update Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * go.[mod|sum] updated Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * envoygateway: doc Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * Provider agnostic gateway name/namespace (#771) * Provider agnostic gateway name/namespace Signed-off-by: Adam Cattermole <[email protected]> * Update docs gateway name/namespace Signed-off-by: Adam Cattermole <[email protected]> * Use istio/envoy-gateway for provider namespace Signed-off-by: Adam Cattermole <[email protected]> * Use EG_NAMESPACE when patching Signed-off-by: Adam Cattermole <[email protected]> --------- Signed-off-by: Adam Cattermole <[email protected]> * Update doc/install/install-kubernetes.md Co-authored-by: Adam Cattermole <[email protected]> Signed-off-by: Eguzki Astiz Lezaun <[email protected]> * Update doc/install/install-kubernetes.md Co-authored-by: Adam Cattermole <[email protected]> Signed-off-by: Eguzki Astiz Lezaun <[email protected]> --------- Signed-off-by: Eguzki Astiz Lezaun <[email protected]> Signed-off-by: Adam Cattermole <[email protected]> Co-authored-by: Adam Cattermole <[email protected]>

adam-cattermole force-pushed the envoygateway-rename-gateway branch from 56f1624 to 76cda8d Compare July 22, 2024 14:49

adam-cattermole force-pushed the envoygateway-authpolicy branch 9 times, most recently from 5e412d6 to 888f81d Compare July 30, 2024 10:35

adam-cattermole force-pushed the envoygateway-authpolicy branch 5 times, most recently from 91d8c0a to 4620878 Compare August 30, 2024 14:57

Base automatically changed from envoygateway-authpolicy to envoygateway September 2, 2024 13:39

adam-cattermole force-pushed the envoygateway-rename-gateway branch 4 times, most recently from 7819f2f to a031a61 Compare September 3, 2024 12:25

eguzki force-pushed the envoygateway branch 2 times, most recently from 442001f to db0ede4 Compare September 16, 2024 14:04

adam-cattermole added 3 commits September 18, 2024 10:55

Provider agnostic gateway name/namespace

a5d0a7d

Signed-off-by: Adam Cattermole <[email protected]>

Update docs gateway name/namespace

c2465fb

Signed-off-by: Adam Cattermole <[email protected]>

Use istio/envoy-gateway for provider namespace

7e834c1

Signed-off-by: Adam Cattermole <[email protected]>

adam-cattermole force-pushed the envoygateway-rename-gateway branch from a031a61 to c5a415c Compare September 18, 2024 10:03

Use EG_NAMESPACE when patching

2b2578f

Signed-off-by: Adam Cattermole <[email protected]>

adam-cattermole force-pushed the envoygateway-rename-gateway branch from c5a415c to 2b2578f Compare September 18, 2024 10:07

adam-cattermole marked this pull request as ready for review September 18, 2024 10:07

eguzki approved these changes Sep 18, 2024

View reviewed changes

adam-cattermole merged commit 23cf6e1 into envoygateway Sep 18, 2024
21 checks passed

adam-cattermole deleted the envoygateway-rename-gateway branch September 18, 2024 13:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Provider agnostic gateway name/namespace #771

Provider agnostic gateway name/namespace #771

adam-cattermole commented Jul 22, 2024 •

edited by eguzki

Loading

codecov bot commented Jul 22, 2024 •

edited

Loading

eguzki commented Jul 23, 2024 •

edited

Loading

maleck13 commented Aug 19, 2024

adam-cattermole commented Aug 19, 2024

eguzki left a comment

Provider agnostic gateway name/namespace #771

Provider agnostic gateway name/namespace #771

Conversation

adam-cattermole commented Jul 22, 2024 • edited by eguzki Loading

Changes

codecov bot commented Jul 22, 2024 • edited Loading

Codecov Report

eguzki commented Jul 23, 2024 • edited Loading

maleck13 commented Aug 19, 2024

adam-cattermole commented Aug 19, 2024

eguzki left a comment

Choose a reason for hiding this comment

adam-cattermole commented Jul 22, 2024 •

edited by eguzki

Loading

codecov bot commented Jul 22, 2024 •

edited

Loading

eguzki commented Jul 23, 2024 •

edited

Loading