-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Istio Config doesn't show correct yaml for Sidecar OutboundTrafficPolicy.Mode #5882
Comments
I think I'm in favor of adding some sort of "Help" information in the side-panel. FAQs are good but I don't think people usually think, or spend the time, to look. Known problems is fine but also not going to help the active user. |
I'm OK with that. We could have a small blurb in the Help text, but in there we also should point them to istio/istio#43657 so they can read about the details. I don't think we'll be able to fully explain this in a Help text. We'll want to think about what we want to say in the Help text (which is only going to be a few sentences at most). |
How about: The YAML outboundTrafficPolicy of {} is ambiguous. It can not be properly displayed due to an Istio limitation. {} indicates ALLOW_ANY when the setting is left unset. {} indicates REGISTRY_ONLY when the setting is set to REGISTRY_ONLY. To inspect the value you must use other means. |
For background, see these:
From one of the comments in that first issue:
The problem is that proto doesn't give us any way that I can see to determine if the value was explicitly specified but stripped from the object because it was the default value (that's the
{}
) OR if the value was simply not defined (that's the null). So... there is really no way to know how to display this to the user once proto has serialized/deserialized the object.Here's a quick way to see the problem.
go mod tidy
go build
./main
Now notice the output:
Notice in both cases (where the
mode
was explicitly set to the default ofREGISTRY_ONLY
and wheremode
was not set at all), there is no way to discern whethermode
was explicitly set or not. The JSON gives no indication (bothmode
JSON representations are{}
) and directly accessing theMode
field are bothREGISTRY_ONLY
.The confusion lies in the fact that Istio behavior is different if Mode is explicitly set to REGISTRY_ONLY or if it is left undefined (in that case, Istio will default to ALLOW_ALL). But Kiali has no way of knowing which one to show the user because it can't tell if Mode is explicitly set to REGISTRY_ONLY or if it was left unset. Read this issue for further explanation on the confusion.
It is unfortunate that the Istio client has coded up the Mode enum's default value to be REGISTRY_ONLY when the Istio default behavior is ALLOW_ANY. But, alas, that is the state of the code and it doesn't seem like it will change in the near future.
So... this issue is to determine what the Kiali UI should do. This may involve simply documentation (perhaps a Release Notes or FAQ "known issues" blurb).
The text was updated successfully, but these errors were encountered: