Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove unused code #992

Merged
merged 4 commits into from
Nov 8, 2024
Merged

remove unused code #992

merged 4 commits into from
Nov 8, 2024

Conversation

guicassolato
Copy link
Contributor

@guicassolato guicassolato commented Nov 8, 2024
edited
Loading

This PR should not affect behaviour.

Here are a few steps to help test a few cases, to ensure everything works exactly as before:

Setup the environment:

make local-setup
make envoy-gateway-install

# Restart the Kuadrant Operator so it can acknowledge the presence of Envoy Gateway
kubectl rollout restart deployment/kuadrant-operator-controller-manager -n kuadrant-system
kubectl apply -f -<<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: envoygateway
spec:
  controllerName: gateway.envoyproxy.io/gatewayclass-controller
EOF

kubectl apply -n gateway-system -f -<<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: kuadrant-envoygateway
spec:
  gatewayClassName: envoygateway
  listeners:
  - name: https
    hostname: "*.eg.apps.io"
    protocol: HTTPS
    port: 443
    tls:
      mode: Terminate
      certificateRefs:
      - name: kuadrant-envoygateway-cert
        kind: Secret
    allowedRoutes:
      namespaces:
        from: All
EOF

Configure TLS on the Envoy Gateway-provided gateway:

kubectl apply -n gateway-system -f -<<EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: kuadrant-ca
spec:
  selfSigned: {}
---
apiVersion: kuadrant.io/v1alpha1
kind: TLSPolicy
metadata:
  name: kuadrant-envoygateway-tls
  namespace: gateway-system
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: Gateway
    name: kuadrant-envoygateway
  issuerRef:
    group: cert-manager.io
    kind: ClusterIssuer
    name: kuadrant-ca
EOF

Deploy an application:

kubectl apply -f examples/toystore/toystore.yaml

kubectl apply -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: toystore
spec:
  parentRefs:
  - name: kuadrant-ingressgateway
    namespace: gateway-system
  - name: kuadrant-envoygateway
    namespace: gateway-system
  rules:
  - backendRefs:
    - name: toystore
      port: 80
    matches:
    - method: GET
  - backendRefs:
    - name: toystore
      port: 80
    matches:
    - method: POST
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: other
spec:
  hostnames:
  - other.example.com
  parentRefs:
  - name: kuadrant-ingressgateway
    namespace: gateway-system
  rules:
  - backendRefs:
    - name: toystore
      port: 80
EOF

(From now on and at anytime) Send requests to the application:

export ISTIO_GATEWAY_IP=$(kubectl get gateway/kuadrant-ingressgateway -n gateway-system -o jsonpath='{.status.addresses[0].value}')

curl --resolve toystore.example.com:80:$ISTIO_GATEWAY_IP http://toystore.example.com --write-out '%{http_code}\n' --silent --output /dev/null
curl --resolve other.example.com:80:$ISTIO_GATEWAY_IP http://other.example.com --write-out '%{http_code}\n' --silent --output /dev/null
export ENVOY_GATEWAY_IP=$(kubectl get gateway/kuadrant-envoygateway -n gateway-system -o jsonpath='{.status.addresses[0].value}')

curl --resolve toystore.eg.apps.io:443:$ENVOY_GATEWAY_IP https://toystore.eg.apps.io --write-out '%{http_code}\n' --silent --output /dev/null --insecure

Deploy Kuadrant:

kubectl -n kuadrant-system apply -f - <<EOF
apiVersion: kuadrant.io/v1beta1
kind: Kuadrant
metadata:
  name: kuadrant
spec: {}
EOF

Create a gateway atomic default RateLimitPolicy:

kubectl apply -n gateway-system -f - <<EOF
apiVersion: kuadrant.io/v1
kind: RateLimitPolicy
metadata:
  name: gw-rlp
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: Gateway
    name: kuadrant-ingressgateway
  defaults:
    limits:
      "global":
        rates:
        - limit: 5
          window: 10s
        when:
        - predicate: source.address != '127.0.0.1'
EOF

Create a route RateLimitPolicy:

kubectl apply -f - <<EOF
apiVersion: kuadrant.io/v1
kind: RateLimitPolicy
metadata:
  name: route-rlp
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: toystore
  limits:
    "specific":
      rates:
      - limit: 3
        window: 5s
      - limit: 20
        window: 1m
EOF

Modify the gateway RateLimitPolicy to atomic override strategy:

kubectl apply -n gateway-system -f - <<EOF
apiVersion: kuadrant.io/v1
kind: RateLimitPolicy
metadata:
  name: gw-rlp
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: Gateway
    name: kuadrant-ingressgateway
  overrides:
    limits:
      "global":
        rates:
        - limit: 5
          window: 10s
        when:
        - predicate: source.address != '127.0.0.1'
EOF

Modify the gateway RateLimitPolicy to merge override strategy:

kubectl apply -n gateway-system -f - <<EOF
apiVersion: kuadrant.io/v1
kind: RateLimitPolicy
metadata:
  name: gw-rlp
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: Gateway
    name: kuadrant-ingressgateway
  overrides:
    limits:
      "global":
        rates:
        - limit: 5
          window: 10s
        when:
        - predicate: source.address != '127.0.0.1'
    strategy: merge
EOF

Create a route AuthPolicy:

kubectl apply -f - <<EOF
apiVersion: kuadrant.io/v1
kind: AuthPolicy
metadata:
  name: route-auth
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: HTTPRoute
    name: toystore
  when:
  - predicate: request.size > 100
  rules:
    authentication:
      "api-keys-authn":
        apiKey:
          selector:
            matchLabels:
              app: toystore
EOF

Create a gateway merge override AuthPolicy:

kubectl apply -n gateway-system -f - <<EOF
apiVersion: kuadrant.io/v1
kind: AuthPolicy
metadata:
  name: route-auth
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: Gateway
    name: kuadrant-envoygateway
  overrides:
    rules:
      authorization:
        "forbidden-ip":
          patternMatching:
            patterns:
            - predicate: source.address.split(':')[0] != '177.30.200.1'
    strategy: merge
EOF

@guicassolato guicassolato self-assigned this Nov 8, 2024
@codecov Codecov
Copy link

codecov bot commented Nov 8, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 79.82456% with 23 lines in your changes missing coverage. Please review.

Project coverage is 83.82%. Comparing base (cc1b41f) to head (93a1ecc).
Report is 12 commits behind head on main.

Files with missing lines Patch % Lines
pkg/gatewayapi/utils.go 66.66% 10 Missing and 4 partials ⚠️
pkg/kuadrant/test_utils.go 20.00% 8 Missing ⚠️
controllers/authconfigs_reconciler.go 88.88% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #992      +/-   ##
==========================================
+ Coverage   76.15%   83.82%   +7.67%     
==========================================
  Files         111       81      -30     
  Lines        8986     6610    -2376     
==========================================
- Hits         6843     5541    -1302     
+ Misses       1852      857     -995     
+ Partials      291      212      -79
Flag Coverage Δ
bare-k8s-integration 14.69% <17.30%> (+3.81%) ⬆️
controllers-integration 76.47% <82.69%> (+17.61%) ⬆️
envoygateway-integration 40.67% <51.92%> (+8.17%) ⬆️
gatewayapi-integration 16.40% <18.26%> (+2.97%) ⬆️
istio-integration 43.61% <49.03%> (+9.28%) ⬆️
unit 17.09% <6.14%> (-8.28%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
api/v1beta1 (u) 90.00% <100.00%> (-2.19%) ⬇️
api/v1beta2 (u) ∅ <ø> (∅)
pkg/common (u) ∅ <ø> (∅)
pkg/istio (u) 62.06% <ø> (+15.03%) ⬆️
pkg/log (u) 93.18% <ø> (ø)
pkg/reconcilers (u) 24.67% <ø> (∅)
pkg/rlptools (u) ∅ <ø> (∅)
controllers (i) 86.58% <90.51%> (+2.15%) ⬆️
Files with missing lines Coverage Δ
api/v1/authpolicy_types.go 87.81% <ø> (ø)
api/v1/dnspolicy_types.go 85.56% <ø> (+17.34%) ⬆️
api/v1/ratelimitpolicy_types.go 91.00% <ø> (ø)
api/v1/tlspolicy_types.go 83.05% <ø> (+18.13%) ⬆️
api/v1beta1/kuadrant_types.go 72.22% <100.00%> (+3.47%) ⬆️
api/v1beta1/topology.go 100.00% <ø> (ø)
controllers/auth_policies_validator.go 100.00% <ø> (ø)
controllers/auth_policy_status_updater.go 91.32% <100.00%> (ø)
controllers/auth_workflow_helpers.go 95.32% <100.00%> (-0.05%) ⬇️
controllers/authorino_reconciler.go 78.75% <ø> (-6.25%) ⬇️
... and 48 more

... and 2 files with indirect coverage changes

@guicassolato guicassolato mentioned this pull request Nov 8, 2024
Merged
@guicassolato guicassolato force-pushed the cleanup branch 2 times, most recently from 11ba87f to f6995bc Compare November 8, 2024 09:55
@guicassolato guicassolato marked this pull request as ready for review November 8, 2024 10:34
@didierofrivia
Copy link
Member

This replace might not be needed anymore

kuadrant-operator/go.mod

Line 95 in a50f062

replace maistra.io/istio-operator => github.com/maistra/istio-operator v0.0.0-20240217080932-98753cb28cd7
(?)

KevFan
KevFan approved these changes Nov 8, 2024
View reviewed changes
Copy link
Contributor

@KevFan KevFan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! 🔥

@guicassolato guicassolato force-pushed the cleanup branch 6 times, most recently from ecba7c6 to 2458b03 Compare November 8, 2024 16:34
@guicassolato
remove unused code
2fd9c84 
Signed-off-by: Guilherme Cassolato <[email protected]>
@mikenairn mikenairn mentioned this pull request Nov 8, 2024
Merged
@guicassolato
fix flaky integration test
89e7e9e 
Signed-off-by: Guilherme Cassolato <[email protected]>
didierofrivia
didierofrivia approved these changes Nov 8, 2024
View reviewed changes
Copy link
Member

@didierofrivia didierofrivia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎖️

@guicassolato guicassolato merged commit 7098b9d into main Nov 8, 2024
32 of 34 checks passed
@guicassolato guicassolato deleted the cleanup branch November 8, 2024 18:12
@eguzki eguzki mentioned this pull request Nov 11, 2024
Merged
maleck13 pushed a commit that referenced this pull request Nov 13, 2024
@guicassolato @maleck13
remove unused code (#992)
9f7e6e1 
* decommission kuadrant gateway annotation controller

Signed-off-by: Guilherme Cassolato <[email protected]>

* remove unused code

Signed-off-by: Guilherme Cassolato <[email protected]>

* fix flaky integration test

Signed-off-by: Guilherme Cassolato <[email protected]>

* Follow Golang conventions on deprecation notice (https://go.dev/wiki/Deprecated)

Signed-off-by: Guilherme Cassolato <[email protected]>

---------

Signed-off-by: Guilherme Cassolato <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevFan KevFan KevFan approved these changes

@didierofrivia didierofrivia didierofrivia approved these changes

@mikenairn mikenairn mikenairn approved these changes

Assignees

@guicassolato guicassolato

Labels
None yet
Projects
Kuadrant
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@guicassolato @didierofrivia @mikenairn @KevFan