Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

Backport meshconfig changes #3631

Merged
merged 2 commits into from
Jun 22, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -106,10 +106,6 @@ export BOOKWAREHOUSE_NAMESPACE=bookwarehouse
# Default: false
# export DEPLOY_PROMETHEUS=true

# optional: ENABLE_PROMETHEUS_SCRAPING (true/false)
# Default: true
# export ENABLE_PROMETHEUS_SCRAPING=true

# optional: Maximum of iterations to test for expected return codes. 0 means unlimited.
# export CI_MAX_ITERATIONS_THRESHOLD=0

Expand Down
1 change: 0 additions & 1 deletion charts/osm/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,6 @@ The following table lists the configurable parameters of the osm chart and their
| OpenServiceMesh.enableFluentbit | bool | `false` | Enable Fluent Bit sidecar deployment on OSM controller's pod |
| OpenServiceMesh.enablePermissiveTrafficPolicy | bool | `false` | Enable permissive traffic policy mode |
| OpenServiceMesh.enablePrivilegedInitContainer | bool | `false` | Run init container in privileged mode |
| OpenServiceMesh.enablePrometheusScraping | bool | `true` | Enable Prometheus metrics scraping on sidecar proxies |
| OpenServiceMesh.enforceSingleMesh | bool | `false` | Enforce only deploying one mesh in the cluster |
| OpenServiceMesh.envoyLogLevel | string | `"error"` | Log level for the Envoy proxy sidecar |
| OpenServiceMesh.featureFlags.enableEgressPolicy | bool | `true` | Enable OSM's Egress policy API. If specified, fine grained control over Egress (external) traffic is enforced |
Expand Down
17 changes: 13 additions & 4 deletions charts/osm/crds/meshconfig.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -159,10 +159,6 @@ spec:
description: Enables a debug endpoint on the osm-controller pod to list information regarding the mesh such as proxy connections, certificates, and SMI policies.
type: boolean
default: false
prometheusScraping:
description: Enables Prometheus metrics scraping on sidecar proxies.
type: boolean
default: true
tracing:
description: Configuration for distributed tracing
type: object
Expand Down Expand Up @@ -191,3 +187,16 @@ spec:
description: Sets the service certificate validity duration, represented as a sequence of decimal numbers each with optional fraction and a unit suffix.
type: string
default: "24h"
featureFlags:
description: OSM feature flags
type: object
properties:
enableWASMStats:
type: boolean
default: true
enableEgressPolicy:
type: boolean
default: true
enableMulticlusterMode:
type: boolean
default: false
9 changes: 0 additions & 9 deletions charts/osm/templates/osm-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -67,15 +67,6 @@ spec:
"--cert-manager-issuer-name", "{{.Values.OpenServiceMesh.certmanager.issuerName}}",
"--cert-manager-issuer-kind", "{{.Values.OpenServiceMesh.certmanager.issuerKind}}",
"--cert-manager-issuer-group", "{{.Values.OpenServiceMesh.certmanager.issuerGroup}}",
{{- if .Values.OpenServiceMesh.featureFlags.enableWASMStats }}
"--stats-wasm-experimental",
{{- end }}
{{- if .Values.OpenServiceMesh.featureFlags.enableEgressPolicy }}
"--enable-egress-policy",
{{- end }}
{{- if .Values.OpenServiceMesh.featureFlags.enableMulticlusterMode }}
"--enable-multicluster",
{{- end }}
]
resources:
limits:
Expand Down
7 changes: 5 additions & 2 deletions charts/osm/templates/preset-mesh-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ spec:
outboundIPRangeExclusionList: {{.Values.OpenServiceMesh.outboundIPRangeExclusionList}}
observability:
enableDebugServer: {{.Values.OpenServiceMesh.enableDebugServer}}
prometheusScraping: {{.Values.OpenServiceMesh.enablePrometheusScraping}}
tracing:
enable: {{.Values.OpenServiceMesh.tracing.enable}}
{{- if .Values.OpenServiceMesh.tracing.enable }}
Expand All @@ -28,4 +27,8 @@ spec:
endpoint: {{.Values.OpenServiceMesh.tracing.endpoint | quote}}
{{- end }}
certificate:
serviceCertValidityDuration: {{.Values.OpenServiceMesh.serviceCertValidityDuration}}
serviceCertValidityDuration: {{.Values.OpenServiceMesh.serviceCertValidityDuration}}
featureFlags:
enableWASMStats: {{.Values.OpenServiceMesh.featureFlags.enableWASMStats}}
enableEgressPolicy: {{.Values.OpenServiceMesh.featureFlags.enableEgressPolicy}}
enableMulticlusterMode: {{.Values.OpenServiceMesh.featureFlags.enableMulticlusterMode}}
10 changes: 0 additions & 10 deletions charts/osm/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,6 @@
"enablePermissiveTrafficPolicy",
"enableEgress",
"deployPrometheus",
"enablePrometheusScraping",
"deployGrafana",
"enableFluentbit",
"fluentBit",
Expand Down Expand Up @@ -256,15 +255,6 @@
false
]
},
"enablePrometheusScraping": {
"$id": "#/properties/OpenServiceMesh/properties/enablePrometheusScraping",
"type": "boolean",
"title": "The enablePrometheusScraping schema",
"description": "Indicates whether Prometheus scraping should be enabled.",
"examples": [
true
]
},
"deployGrafana": {
"$id": "#/properties/OpenServiceMesh/properties/deployGrafana",
"type": "boolean",
Expand Down
3 changes: 0 additions & 3 deletions charts/osm/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -104,9 +104,6 @@ OpenServiceMesh:
# -- Deploy Prometheus with OSM installation
deployPrometheus: false

# -- Enable Prometheus metrics scraping on sidecar proxies
enablePrometheusScraping: true

# -- Deploy Grafana with OSM installation
deployGrafana: false

Expand Down
7 changes: 0 additions & 7 deletions cmd/cli/install.go
Original file line number Diff line number Diff line change
Expand Up @@ -233,13 +233,6 @@ func (i *installCmd) validateOptions() error {
}

if setOptions, ok := s["OpenServiceMesh"].(map[string]interface{}); ok {
// if deployPrometheus is true, make sure enablePrometheusScraping is not disabled
if setOptions["deployPrometheus"] == true {
if setOptions["enablePrometheusScraping"] == false {
_, _ = fmt.Fprintf(i.out, "Prometheus scraping is disabled. To enable it, set prometheus_scraping in %s/%s to true.\n", settings.Namespace(), constants.OSMMeshConfig)
}
}

// if certificateManager is vault, ensure all relevant information (vault-host, vault-token) is available
if setOptions["certificateManager"] == "vault" {
var missingFields []string
Expand Down
2 changes: 0 additions & 2 deletions cmd/cli/install_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -534,15 +534,13 @@ var _ = Describe("deployPrometheus is true", func() {
installCmd := getDefaultInstallCmd(out)
installCmd.setOptions = []string{
"OpenServiceMesh.deployPrometheus=true",
"OpenServiceMesh.enablePrometheusScraping=false",
}

err = installCmd.run(config)
})

It("should not error", func() {
Expect(err).NotTo(HaveOccurred())
Expect(out.String()).To(Equal("Prometheus scraping is disabled. To enable it, set prometheus_scraping in osm-system/osm-mesh-config to true.\nOSM installed successfully in namespace [osm-system] with mesh name [osm]\n"))
})
})

Expand Down
4 changes: 1 addition & 3 deletions cmd/init-osm-controller/init-osm-controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,7 @@ func TestCreateDefaultMeshConfig(t *testing.T) {
EnablePermissiveTrafficPolicyMode: true,
},
Observability: v1alpha1.ObservabilitySpec{
EnableDebugServer: false,
PrometheusScraping: true,
EnableDebugServer: false,
Tracing: v1alpha1.TracingSpec{
Enable: false,
},
Expand All @@ -55,7 +54,6 @@ func TestCreateDefaultMeshConfig(t *testing.T) {
assert.Equal(meshConfig.Spec.Traffic.EnablePermissiveTrafficPolicyMode, true)
assert.Equal(meshConfig.Spec.Traffic.EnableEgress, true)
assert.Equal(meshConfig.Spec.Traffic.UseHTTPSIngress, false)
assert.Equal(meshConfig.Spec.Observability.PrometheusScraping, true)
assert.Equal(meshConfig.Spec.Observability.EnableDebugServer, false)
assert.Equal(meshConfig.Spec.Certificate.ServiceCertValidityDuration, "24h")
}
17 changes: 0 additions & 17 deletions cmd/osm-controller/osm-controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ package main

import (
"context"
"encoding/json"
"flag"
"fmt"
"net/http"
Expand Down Expand Up @@ -34,7 +33,6 @@ import (
"github.com/openservicemesh/osm/pkg/endpoint/providers/kube"
"github.com/openservicemesh/osm/pkg/envoy/ads"
"github.com/openservicemesh/osm/pkg/envoy/registry"
"github.com/openservicemesh/osm/pkg/featureflags"
"github.com/openservicemesh/osm/pkg/gen/client/config/clientset/versioned"
"github.com/openservicemesh/osm/pkg/health"
"github.com/openservicemesh/osm/pkg/httpserver"
Expand Down Expand Up @@ -68,9 +66,6 @@ var (
vaultOptions providers.VaultOptions
certManagerOptions providers.CertManagerOptions

// feature flag options
optionalFeatures featureflags.OptionalFeatures

scheme = runtime.NewScheme()
)

Expand Down Expand Up @@ -103,11 +98,6 @@ func init() {
flags.StringVar(&certManagerOptions.IssuerKind, "cert-manager-issuer-kind", "Issuer", "cert-manager issuer kind")
flags.StringVar(&certManagerOptions.IssuerGroup, "cert-manager-issuer-group", "cert-manager.io", "cert-manager issuer group")

// feature flags
flags.BoolVar(&optionalFeatures.WASMStats, "stats-wasm-experimental", false, "Enable a WebAssembly module that generates additional Envoy statistics")
flags.BoolVar(&optionalFeatures.EgressPolicy, "enable-egress-policy", false, "Enable OSM's Egress policy API")
flags.BoolVar(&optionalFeatures.MulticlusterMode, "enable-multicluster", false, "Enable multicluster mode in OSM")

_ = clientgoscheme.AddToScheme(scheme)
_ = admissionv1.AddToScheme(scheme)
}
Expand All @@ -122,13 +112,6 @@ func main() {
log.Fatal().Err(err).Msg("Error setting log level")
}

if featureFlagsJSON, err := json.Marshal(featureflags.Features); err != nil {
log.Error().Err(err).Msgf("Error marshaling feature flags struct: %+v", featureflags.Features)
} else {
log.Info().Msgf("Feature flags: %s", string(featureFlagsJSON))
}

featureflags.Initialize(optionalFeatures)
events.GetPubSubInstance() // Just to generate the interface, single routine context

// Initialize kube config and client
Expand Down
3 changes: 0 additions & 3 deletions demo/run-osm-demo.sh
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@ DEPLOY_GRAFANA="${DEPLOY_GRAFANA:-false}"
DEPLOY_JAEGER="${DEPLOY_JAEGER:-false}"
ENABLE_FLUENTBIT="${ENABLE_FLUENTBIT:-false}"
DEPLOY_PROMETHEUS="${DEPLOY_PROMETHEUS:-false}"
ENABLE_PROMETHEUS_SCRAPING="${ENABLE_PROMETHEUS_SCRAPING:-true}"
DEPLOY_WITH_SAME_SA="${DEPLOY_WITH_SAME_SA:-false}"
ENVOY_LOG_LEVEL="${ENVOY_LOG_LEVEL:-debug}"
DEPLOY_ON_OPENSHIFT="${DEPLOY_ON_OPENSHIFT:-false}"
Expand Down Expand Up @@ -107,7 +106,6 @@ if [ "$CERT_MANAGER" = "vault" ]; then
--set=OpenServiceMesh.deployJaeger="$DEPLOY_JAEGER" \
--set=OpenServiceMesh.enableFluentbit="$ENABLE_FLUENTBIT" \
--set=OpenServiceMesh.deployPrometheus="$DEPLOY_PROMETHEUS" \
--set=OpenServiceMesh.enablePrometheusScraping="$ENABLE_PROMETHEUS_SCRAPING" \
--set=OpenServiceMesh.envoyLogLevel="$ENVOY_LOG_LEVEL" \
--set=OpenServiceMesh.controllerLogLevel="trace" \
--timeout=90s \
Expand All @@ -128,7 +126,6 @@ else
--set=OpenServiceMesh.deployJaeger="$DEPLOY_JAEGER" \
--set=OpenServiceMesh.enableFluentbit="$ENABLE_FLUENTBIT" \
--set=OpenServiceMesh.deployPrometheus="$DEPLOY_PROMETHEUS" \
--set=OpenServiceMesh.enablePrometheusScraping="$ENABLE_PROMETHEUS_SCRAPING" \
--set=OpenServiceMesh.envoyLogLevel="$ENVOY_LOG_LEVEL" \
--set=OpenServiceMesh.controllerLogLevel="trace" \
--timeout=90s \
Expand Down
1 change: 0 additions & 1 deletion docs/example/manifests/meshconfig/mesh-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ spec:
enablePermissiveTrafficPolicyMode: true
observability:
enableDebugServer: true
prometheusScraping: true
outboundPortExclusionList: []
inboundPortExclusionList: []
outboundIPRangeExclusionList: []
Expand Down
18 changes: 15 additions & 3 deletions pkg/apis/config/v1alpha1/mesh_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ type MeshConfigSpec struct {

// Certificate defines the certificate management configurations for a mesh instance.
Certificate CertificateSpec `json:"certificate,omitempty"`

// FeatureFlags defines the feature flags for a mesh instance.
FeatureFlags FeatureFlags `json:"featureFlags,omitempty"`
}

// SidecarSpec is the type used to represent the specifications for the proxy sidecar.
Expand Down Expand Up @@ -91,9 +94,6 @@ type ObservabilitySpec struct {
// EnableDebugServer defines if the debug endpoint on the OSM controller pod is enabled.
EnableDebugServer bool `json:"enableDebugServer,omitempty"`

// PrometheusScraping defines a boolean indicating if sidecars should be configured for Prometheus metrics scraping.
PrometheusScraping bool `json:"prometheusScraping,omitempty"`

// Tracing defines OSM's tracing configuration.
Tracing TracingSpec `json:"tracing,omitempty"`
}
Expand Down Expand Up @@ -150,3 +150,15 @@ type MeshConfigList struct {

Items []MeshConfig `json:"items"`
}

// FeatureFlags is a type to represent OSM's feature flags.
type FeatureFlags struct {
// EnableWASMStats defines if WASM Stats are enabled.
EnableWASMStats bool `json:"enableWASMStats,omitempty"`

// EnableEgressPolicy defines if OSM's Egress policy is enabled.
EnableEgressPolicy bool `json:"enableEgressPolicy,omitempty"`

// EnableMulticlusterMode defines if Multicluster mode is enabled.
EnableMulticlusterMode bool `json:"enableMulticlusterMode,omitempty"`
}
5 changes: 5 additions & 0 deletions pkg/catalog/catalog.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,8 @@ func NewMeshCatalog(kubeController k8s.Controller, kubeClient kubernetes.Interfa

return &mc
}

// GetKubeController returns the kube controller instance handling the current cluster
func (mc *MeshCatalog) GetKubeController() k8s.Controller {
return mc.kubeController
}
3 changes: 1 addition & 2 deletions pkg/catalog/egress.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,14 @@ import (
policyV1alpha1 "github.com/openservicemesh/osm/pkg/apis/policy/v1alpha1"

"github.com/openservicemesh/osm/pkg/constants"
"github.com/openservicemesh/osm/pkg/featureflags"
"github.com/openservicemesh/osm/pkg/identity"
"github.com/openservicemesh/osm/pkg/service"
"github.com/openservicemesh/osm/pkg/trafficpolicy"
)

// GetEgressTrafficPolicy returns the Egress traffic policy associated with the given service identity
func (mc *MeshCatalog) GetEgressTrafficPolicy(serviceIdentity identity.ServiceIdentity) (*trafficpolicy.EgressTrafficPolicy, error) {
if !featureflags.IsEgressPolicyEnabled() {
if !mc.configurator.GetFeatureFlags().EnableEgressPolicy {
return nil, nil
}

Expand Down
15 changes: 7 additions & 8 deletions pkg/catalog/egress_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,26 +13,22 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/utils/pointer"

"github.com/openservicemesh/osm/pkg/apis/config/v1alpha1"
policyV1alpha1 "github.com/openservicemesh/osm/pkg/apis/policy/v1alpha1"
"github.com/openservicemesh/osm/pkg/configurator"
"github.com/openservicemesh/osm/pkg/identity"
"github.com/openservicemesh/osm/pkg/policy"

"github.com/openservicemesh/osm/pkg/featureflags"
"github.com/openservicemesh/osm/pkg/service"
"github.com/openservicemesh/osm/pkg/smi"
"github.com/openservicemesh/osm/pkg/trafficpolicy"
)

func init() {
optionalFeatures := featureflags.OptionalFeatures{
EgressPolicy: true,
}
featureflags.Initialize(optionalFeatures)
}

func TestGetEgressTrafficPolicy(t *testing.T) {
assert := tassert.New(t)
mockCtrl := gomock.NewController(t)
mockCfg := configurator.NewMockConfigurator(mockCtrl)

defer mockCtrl.Finish()

testCases := []struct {
Expand Down Expand Up @@ -354,9 +350,12 @@ func TestGetEgressTrafficPolicy(t *testing.T) {

mc := &MeshCatalog{
meshSpec: mockMeshSpec,
configurator: mockCfg,
policyController: mockPolicyController,
}

mockCfg.EXPECT().GetFeatureFlags().Return(v1alpha1.FeatureFlags{EnableEgressPolicy: true}).Times(1)

actual, err := mc.GetEgressTrafficPolicy(testSourceIdentity)
assert.Equal(tc.expectError, err != nil)
assert.ElementsMatch(tc.expectedEgressPolicy.TrafficMatches, actual.TrafficMatches)
Expand Down
1 change: 1 addition & 0 deletions pkg/catalog/fake.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ func NewFakeMeshCatalog(kubeClient kubernetes.Interface, meshConfigClient versio
mockKubeController.EXPECT().ListServiceIdentitiesForService(tests.BookstoreV1Service).Return([]identity.K8sServiceAccount{tests.BookstoreServiceAccount}, nil).AnyTimes()
mockKubeController.EXPECT().ListServiceIdentitiesForService(tests.BookstoreV2Service).Return([]identity.K8sServiceAccount{tests.BookstoreV2ServiceAccount}, nil).AnyTimes()
mockKubeController.EXPECT().ListServiceIdentitiesForService(tests.BookbuyerService).Return([]identity.K8sServiceAccount{tests.BookbuyerServiceAccount}, nil).AnyTimes()
mockKubeController.EXPECT().IsMetricsEnabled(gomock.Any()).Return(true).AnyTimes()

mockPolicyController.EXPECT().ListEgressPoliciesForSourceIdentity(gomock.Any()).Return(nil).AnyTimes()

Expand Down
15 changes: 15 additions & 0 deletions pkg/catalog/mock_catalog_generated.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading