Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* [federation] Initial federation implementation * MAISTRA-2194 Add server/client code for Federation Service Discovery v1 * MAISTRA-2195 Implement /watch endpoint * MAISTRA-2293 add CRD and controller for federating meshes * MAISTRA-2294 create CRD for federation ServiceExport (maistra#324) * MAISTRA-2294 update example VirtualService resources for ratings and mongodb (maistra#333) * [federation] MAISTRA-2295 create CRD for federation ServiceImport (maistra#336) Signed-off-by: rcernich <rcernich@redhat.com> * [misc] Use objects and clients from maistra/api repo - Remove local objects and clients - Update Makefile * [federation] MAISTRA-2309 create CRD for FederationStatus (maistra#348) Signed-off-by: rcernich <rcernich@redhat.com> * [federation] Federation fixes and improvements MAISTRA-2423 update federation api to v1 Signed-off-by: rcernich <rcernich@redhat.com> MAISTRA-2424 minor updates to federation api Signed-off-by: rcernich <rcernich@redhat.com> MAISTRA-2427 configure locality info on imported services Signed-off-by: rcernich <rcernich@redhat.com> Cherry-pick multi-root support (maistra#387) * Update go-control-plane to v0.9.9 * Support multiple roots Squashed commit, contains: - MAISTRA-2325 Distribute trust bundles over SDS - MAISTRA-2390 Push trust bundle updates through xDS (maistra#357) MAISTRA-2425 move spec.security.certificateChain to ConfigMap reference; add ability to specify ports for service and discovery (maistra#392) Signed-off-by: rcernich <rcernich@redhat.com> MAISTRA-2426 move FederationStatus into MeshFederation (maistra#393) Signed-off-by: rcernich <rcernich@redhat.com> MAISTRA-2513 federation API refinements Signed-off-by: rcernich <rcernich@redhat.com> [federation] MAISTRA-2237 Encrypt service discovery traffic (maistra#411) MAISTRA-2610 Prefix federation discovery endpoints with /v1/ (maistra#422) MAISTRA-2297 Support updates of federation resources (maistra#417) MAISTRA-2375: Do not create automatic routes for Federation Gateways Remove a redundant call `setHostname()` is already being called within `NameForService()` see https://github.com/maistra/istio/blob/21ee900cf8825711f70d88dc97afcf6862ed2626/pkg/servicemesh/federation/common/namemapping.go lines 83, 120, 129 Remove techPreview.meshConfig from PoC example It's set by default now. MAISTRA-2611 Fix deletion of service exports to federated mesh (maistra#421) Fix test MAISTRA-2658 Ensure ImportedServiceSet.status.importedServices is never nil (maistra#437) * MAISTRA-2658 Ensure ImportedServiceSet.status.importedServices is never nil * Fix test MAISTRA-2682 Fix watch mechanism in federation (maistra#439) Previously, no events were read from the watch response, because the read started with an endless loop that waited for data to be available in the decoder's buffer. This never happened, because the buffer is only written to when you call decoder.Decode(); this function was never called because the code waited for the buffer to have data. MAISTRA-2683 Properly close incoming watch connections when shutting down (maistra#440) Log actual error returned by pollServices() (maistra#441) Previously, instead of the actual error, only the following error message was logged: "expected condition not met". MAISTRA-2439: Prevent federation from exporting services that are not visible to the federation gateway (maistra#432) By taking into consideration the service annotation `networking.istio.io/exportTo`. This annotation restricts where this service is visible: https://istio.io/latest/docs/reference/config/annotations/ If a service is not reachable from the federation gateway namespace due to this annotation, it should not be exported. MAISTRA-2617: Do not watch all namespaces in Extensions controller (maistra#425) When using MemberRoll, we should rely on it to provide the list of namespaces to watch. If not using it, defaults to command line arguments. This fixes an istiod startup error as seen in the logs: ``` github.com/maistra/xns-informer/pkg/informers/informer.go:204: Failed to watch *v1.ServiceMeshExtension: failed to list *v1.ServiceMeshExtension: servicemeshextensions.maistra.io is forbidden: User "system:serviceaccount:i1:istiod-service-account-basic" cannot list resource "servicemeshextensions" in API group "maistra.io" at the cluster scope ``` * Remove package export and extensions Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Fix creating discovery.Controller Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Fix calling nil ResourceManager Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Remove panicing from AppendNetworkGatewayHandler Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * [misc] OSSM-774 Fix flaky TestStatusManager (maistra#456) This adds a little sleep to our unit tests for the StatusManager, because without it, we're running into the issue that we're updating a ServiceMeshPeer's status very quickly, and in some cases it might be that the last change has not been propagated when we're generating the patch for the next status change, which can lead to failures. This can happen in the real world, but you would need to change a ServiceMeshPeer's status within a few milliseconds, I doubt that it affects users. It would also be fixed with the next status update. For those reasons, I'm only fixing it in the test, with a Sleep() call. * Refactor manager_test Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * OSSM-1150 Fix flaky TestStatusManager unit test (maistra#478) Co-authored-by: Marko Lukša <marko.luksa@gmail.com> * OSSM-1252 Fix federation status updates (maistra#512) * Copy federation privileges from base to istio-discovery * Remove unnecessary ServiceMeshExtensions CRD Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Add model.NetworkGatewaysHandler to federation controller to implement AppendNetworkGatewayHandler Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * [federation] MAISTRA-2640 Add federation integration test (maistra#447) * Fix building federation test Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Add package gogo from maistra-2.2 to temporarily fix TbdsGenerator Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Disable configuring remote cluster in federation deployment Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * [federation] OSSM-1128 Fix federation (maistra#480) * Fix SecretCacheClient Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Send initial XDS request for trust bundle from proxy Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Disable using EndpointSlices to fix error on getting federation-egress endpoints Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Remove unused serviceMeshExtensionController Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Fix lint errors Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Update maistra CRDs Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * fedration_cp_version_update (maistra#521) * OSSM-1529 Improve federation example script (maistra#522) * OSSM-1529 Improve federation example install.sh Previously, the script would fall back to using nodeports when the load balancer IP wasn't set. This meant that if the provision of the load balancer took too long, the SMCPs would be misconfigured and you had to run the install script again. With this change, the script now waits for the load balancer IP to appear. It never falls back to using node ports, because they never really worked (the nodes' hostnames typically aren't FQDN and the node ports are typically protected by firewalls). If the user wants to expose the federation ingresses in a different way, they can now set the environment variables MESH1_ADDRESS, MESH1_DISCOVERY_PORT, and MESH2_SERVICE_PORT (likewise for MESH2) and run the script. * Update Federation example README * Better "Waiting for load balancer" message * OSSM-1211 Fix federation locality failover issues (maistra#561) Signed-off-by: Yuanlin <yuanlin.xu@redhat.com> Signed-off-by: rcernich <rcernich@redhat.com> Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> Signed-off-by: Yuanlin <yuanlin.xu@redhat.com> Co-authored-by: Daniel Grimm <dgrimm@redhat.com> Co-authored-by: Rob Cernich <rcernich@redhat.com> Co-authored-by: Jonh Wendell <jonh.wendell@redhat.com> Co-authored-by: maistra-bot <57098434+maistra-bot@users.noreply.github.com> Co-authored-by: Marko Lukša <marko.luksa@gmail.com> Co-authored-by: Praneeth Bajjuri <pbajjuri@redhat.com> Co-authored-by: Yuanlin Xu <xuyuanlin_00@hotmail.com>
- Loading branch information