-
Notifications
You must be signed in to change notification settings - Fork 592
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: reuse KongPlugin resources across ingress resources #121
Conversation
Codecov Report
@@ Coverage Diff @@
## master #121 +/- ##
=========================================
+ Coverage 31.39% 31.59% +0.2%
=========================================
Files 33 33
Lines 2956 2937 -19
=========================================
Hits 928 928
+ Misses 1915 1896 -19
Partials 113 113
Continue to review full report at Codecov.
|
Problem: KongPlugin custom resource defines a Plugin in Kong. Currently, a KongPlugin resource exists for every Plugin entity in Kong. The sync process ensures that KongPlugin and the corresponding Plugin entitiy in Kong are in sync and diff them as they share the same ID (UID/UUID). This is not a scalable or maintainable configuration. If there are a large (100s) number of ingress rules or services, there will be similar number of KongPlugin objects for each plugin that is enabled on those routes/services. See #6 See #83 Solution: Decouple k8s KongPlugin and Plugin entities in Kong, there-by removing the unnecessary duplication. This solution implies that there is not a KongPlugin resource in k8s for every Plugin entity in Kong. This is fine as long as there can exists only a single plugin of any type (type is key-auth, rate-limiting etc), which is the case in Kong. The diff and sync logic has been updated to compare the correct plugin entity in Kong. This makes a KongPlugin resource much more usable. If one wants to change a configuration of plugin across multiple ingress, changing a single KongPlugin resource will change it in all the ingress rules (or routes/services in Kong's terminology).
b1f4cb5
to
8490c94
Compare
p := kongadminv1.Plugin{ | ||
Name: pluginInKong.Name, | ||
Config: kongadminv1.Configuration(pluginInk8s.Config), | ||
Enabled: pluginInk8s.Disabled, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to check if this should be !
.
} else { | ||
// Plugins present in Kong and k8s need should have same configuration | ||
if !pluginDeepEqual(pluginInk8s.Config, &pluginInKong) || | ||
(!pluginInk8s.Disabled != pluginInKong.Enabled) || |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should this be disabled == enabled that indicates they are not same? oh i missed the !
at front, does it make sense to just be pluginInk8s.Disabled == pluginInKong.Enabled
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This Enabled and Disabled is pretty confusing and extremely easy to trip over.
I plan to refactor it at some point but for now, I'll make this change.
Should we abstract the logic of comparing plugins in routes and services into a seperate function? Seems like most of the code are same. |
Problem: KongPlugin custom resource defines a Plugin in Kong. Currently, a KongPlugin resource exists for every Plugin entity in Kong. The sync process ensures that KongPlugin and the corresponding Plugin entitiy in Kong are in sync and diff them as they share the same ID (UID/UUID). This is not a scalable or maintainable configuration. If there are a large (100s) number of ingress rules or services, there will be similar number of KongPlugin objects for each plugin that is enabled on those routes/services. See #6 See #83 Solution: Decouple k8s KongPlugin and Plugin entities in Kong, there-by removing the unnecessary duplication. This solution implies that there is not a KongPlugin resource in k8s for every Plugin entity in Kong. This is fine as long as there can exists only a single plugin of any type (type is key-auth, rate-limiting etc), which is the case in Kong. The diff and sync logic has been updated to compare the correct plugin entity in Kong. This makes a KongPlugin resource much more usable. If one wants to change a configuration of plugin across multiple ingress, changing a single KongPlugin resource will change it in all the ingress rules (or routes/services in Kong's terminology). From #121
Problem:
KongPlugin custom resource defines a Plugin in Kong.
Currently, a KongPlugin resource exists for every Plugin entity in Kong.
The sync process ensures that KongPlugin and the corresponding Plugin
entitiy in Kong are in sync and diff them as they share the same ID
(UID/UUID). This is not a scalable or maintainable configuration. If
there are a large (100s) number of ingress rules or services, there will
be similar number of KongPlugin objects for each plugin that is enabled
on those routes/services.
See #6
See #83
Solution:
Decouple k8s KongPlugin and Plugin entities in Kong, there-by removing
the unnecessary duplication.
This solution implies that there is not a KongPlugin resource in k8s for every
Plugin entity in Kong. This is fine as long as there can exists only a
single plugin of any type (type is key-auth, rate-limiting etc), which
is the case in Kong.
The diff and sync logic has been updated to compare
the correct plugin entity in Kong.
This makes a KongPlugin resource much more usable. If one wants to
change a configuration of plugin across multiple ingress, changing a
single KongPlugin resource will change it in all the ingress rules (or
routes/services in Kong's terminology).