Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(kuma-cp): added property to force traffic through zone egress #4013

Merged
merged 3 commits into from
Mar 21, 2022
Merged

feat(kuma-cp): added property to force traffic through zone egress #4013

merged 3 commits into from
Mar 21, 2022

Conversation

lukidzi
Copy link
Contributor

@lukidzi lukidzi commented Mar 17, 2022
edited by lahabana
Loading

Summary

Added Mesh resource property that allows forcing traffic to go through
zone egress. BREAKING CHANGE: currently when zone egress is enabled and
traffic to external services goes through zone egress after zone egress
is down traffic goes directly to the service. Now after this change traffic
to external service will be dropped. Also, added validation if mTLS is configured
when zoneEgress enabled.

Full changelog

  • [Implement] added ability to enable zone egress to be used all the time

Issues resolved

Fix #3985

Documentation

Testing

  • Unit tests
  • E2E tests
  • Manual testing on Universal
  • Manual testing on Kubernetes

Backwards compatibility

  • Update UPGRADE.md with any steps users will need to take when upgrading.
  • Add backport-to-stable label if the code follows our backporting policy

Changelog: feat(zoneegress): make zoneegress routing opt-in

lukidzi added 2 commits March 17, 2022 16:15
@lukidzi
feat(kuma-cp): added property to force traffic through zone egress
4e8dbbe 
Added Mesh resource property that allows to force traffic to go through
zone egress. BREAKING CHANGE: currently when zone egress is enabled and
traffic to external services goes through zone egress after zone egress
is down traffic goes directly to the service. Now after this change traffic
to external service will be dropped. Also, added validation if mTLS is configured
when zoneEgress enabled.

Signed-off-by: Łukasz Dziedziak <[email protected]>
@lukidzi
feat(kuma-cp): added information about upgrade
54226ef 
Signed-off-by: Łukasz Dziedziak <[email protected]>
@lukidzi lukidzi requested a review from a team as a code owner March 17, 2022 21:42
@codecov-commenter
Copy link

Codecov Report

Merging #4013 (54226ef) into master (ccf957b) will increase coverage by 0.02%.
The diff coverage is 47.91%.

@@            Coverage Diff             @@
##           master    #4013      +/-   ##
==========================================
+ Coverage   56.03%   56.05%   +0.02%     
==========================================
  Files         919      919              
  Lines       55097    55134      +37     
==========================================
+ Hits        30875    30908      +33     
- Misses      21782    21788       +6     
+ Partials     2440     2438       -2
Impacted Files Coverage Δ
pkg/xds/sync/egress_proxy_builder.go 0.00% <0.00%> (ø)
test/framework/k8s_cluster.go 0.00% <0.00%> (ø)
pkg/xds/generator/outbound_proxy_generator.go 80.80% <50.00%> (-0.23%) ⬇️
api/mesh/v1alpha1/mesh.pb.go 33.07% <100.00%> (+0.34%) ⬆️
app/kumactl/cmd/get/table_printer.go 100.00% <100.00%> (ø)
pkg/core/resources/apis/mesh/mesh_helpers.go 90.41% <100.00%> (+0.27%) ⬆️
pkg/core/resources/apis/mesh/mesh_validator.go 86.85% <100.00%> (+0.71%) ⬆️
pkg/plugins/runtime/gateway/cluster_generator.go 89.25% <100.00%> (+1.45%) ⬆️
pkg/xds/topology/outbound.go 86.82% <100.00%> (+11.37%) ⬆️
pkg/core/runtime/component/component.go 81.13% <0.00%> (-7.55%) ⬇️
... and 7 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ec67368...54226ef. Read the comment docs.

@lukidzi lukidzi merged commit a34ac41 into master Mar 21, 2022
@lukidzi lukidzi deleted the feat/egress_property branch March 21, 2022 11:09
@lahabana
Copy link
Contributor

@lukidzi don't forget to add the docs for this!

@lukidzi lukidzi mentioned this pull request Mar 25, 2022
Merged
SallyBlichWalkMe pushed a commit to SallyBlichWalkMe/kuma that referenced this pull request Mar 30, 2022
@lukidzi @SallyBlichWalkMe
feat(kuma-cp): added property to force traffic through zone egress (k…
115c6e8 
…umahq#4013)

* feat(kuma-cp): added property to force traffic through zone egress

Added Mesh resource property that allows forcing traffic to go through
zone egress. BREAKING CHANGE: currently when zone egress is enabled and
traffic to external services goes through zone egress after zone egress
is down traffic goes directly to the service. Now after this change traffic
to external service will be dropped. Also, added validation if mTLS is configured
when zoneEgress is enabled.

Signed-off-by: Łukasz Dziedziak <[email protected]>
Signed-off-by: Sally Blich <[email protected]>
SallyBlichWalkMe pushed a commit to SallyBlichWalkMe/kuma that referenced this pull request Apr 14, 2022
@lukidzi @SallyBlichWalkMe
feat(kuma-cp): added property to force traffic through zone egress (k…
a518532 
…umahq#4013)

* feat(kuma-cp): added property to force traffic through zone egress

Added Mesh resource property that allows forcing traffic to go through
zone egress. BREAKING CHANGE: currently when zone egress is enabled and
traffic to external services goes through zone egress after zone egress
is down traffic goes directly to the service. Now after this change traffic
to external service will be dropped. Also, added validation if mTLS is configured
when zoneEgress is enabled.

Signed-off-by: Łukasz Dziedziak <[email protected]>
Signed-off-by: Sally Blich <[email protected]>
SallyBlichWalkMe pushed a commit to SallyBlichWalkMe/kuma that referenced this pull request Apr 14, 2022
@lukidzi @SallyBlichWalkMe
feat(kuma-cp): added property to force traffic through zone egress (k…
a1107a1 
…umahq#4013)

* feat(kuma-cp): added property to force traffic through zone egress

Added Mesh resource property that allows forcing traffic to go through
zone egress. BREAKING CHANGE: currently when zone egress is enabled and
traffic to external services goes through zone egress after zone egress
is down traffic goes directly to the service. Now after this change traffic
to external service will be dropped. Also, added validation if mTLS is configured
when zoneEgress is enabled.

Signed-off-by: Łukasz Dziedziak <[email protected]>
Signed-off-by: Sally Blich <[email protected]>
@lahabana lahabana mentioned this pull request Jan 13, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakubdyszkiewicz jakubdyszkiewicz jakubdyszkiewicz approved these changes

@lobkovilya lobkovilya lobkovilya approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ability to enable zoneEgress from the mesh resource
5 participants
@lukidzi @codecov-commenter @lahabana @jakubdyszkiewicz @lobkovilya