Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config to disable auto-creating default policies #3346

Closed
lahabana opened this issue Nov 24, 2021 · 12 comments · Fixed by #6931
Closed

config to disable auto-creating default policies #3346

lahabana opened this issue Nov 24, 2021 · 12 comments · Fixed by #6931
Assignees
@johnharris85
Labels
area/installation kind/feature New feature triage/accepted The issue was reviewed and is complete enough to start working on it

Comments

@lahabana
Copy link
Contributor

Description

Maybe a user wants to have empty meshes and empty setups.
@lahabana lahabana added triage/pending This issue will be looked at on the next triage meeting kind/feature New feature area/installation labels Nov 24, 2021
@hhoover hhoover mentioned this issue Dec 16, 2021
Closed
@lahabana lahabana added triage/accepted The issue was reviewed and is complete enough to start working on it and removed triage/pending This issue will be looked at on the next triage meeting labels Dec 16, 2021
@johnharris85
Copy link
Contributor

/assign

@johnharris85
Copy link
Contributor

So looks like we create the default resources for every mesh created. When I was chatting with @lahabana about this we figured to make it a global flag (like skipDefaultMesh), but now wondering if it makes more sense on a 'per-mesh' basis? Thought potentially an annotation would be good except I guess that's not gonna work in Universal mode. Open to opinions on this :) Make a new field in the mesh config? Make it a global flag like skipDefaultMesh? Also thinking over which resources should be skipped if this is enabled. All the regular default policies make sense, but it looks like the EnsureDefaultX functions also create a signing key for the mesh. Should we skip that too? Seems like more fundamental functionality (than the default policies), but maybe if a user chooses this option we just assume they know what they're doing and they'll create their own?

@johnharris85
Copy link
Contributor

Thoughts @lahabana ?

@lahabana
Copy link
Contributor Author

lahabana commented Jan 6, 2022

Multiple questions here:

  1. Should we make it per mesh?
    IMHO let's keep it simple and make it global (we talked about deprecating the skipDefaultMesh option too to avoid configuration flag blowup.
  2. Is SigningKey a default resource?
    I think SigningKey should still be created as there's little value for a user to generate their own.
    I'd move this as a standalone method in mesh_helpers.go and move it up like EnsureCAs()

My time to ask questions:

  1. why do we have a MeshReconciler and a DefaultMeshReconciler in k8s? Sounds like unnecessary complexity and could be folded into 1 like we do for mesh manager?

@jakubdyszkiewicz WDYT?

@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2022

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Feb 6, 2022
@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label May 23, 2022
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Jun 23, 2022
@github-actions
Copy link
Contributor

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Jun 27, 2022
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Jul 28, 2022
@github-actions
Copy link
Contributor

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Jul 28, 2022
@jakubdyszkiewicz
Copy link
Contributor

jakubdyszkiewicz commented Aug 9, 2022
edited

If we want to introduce this, let's do this on the Mesh level. Something like

type: Mesh
defaults:
  createTrafficPermission: false
  createTrafficRoute: false
...

This would be also very convenient in E2E tests

@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Nov 8, 2022
@github-actions
Copy link
Contributor

github-actions bot commented Nov 8, 2022

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Nov 8, 2022
@lahabana lahabana mentioned this issue Nov 16, 2022
Merged
12 tasks
@jakubdyszkiewicz
Copy link
Contributor

Once done, let's not create retry by default in E2E tests.

@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Feb 15, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@lahabana lahabana removed the triage/stale Inactive for some time. It will be triaged again label Feb 15, 2023
@github-actions github-actions bot added the triage/stale Inactive for some time. It will be triaged again label May 17, 2023
@github-actions
Copy link
Contributor

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

@bartsmykla bartsmykla removed the triage/stale Inactive for some time. It will be triaged again label May 18, 2023
@johnharris85 johnharris85 mentioned this issue Jun 5, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnharris85 johnharris85

Labels
area/installation kind/feature New feature triage/accepted The issue was reviewed and is complete enough to start working on it
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(policy): ability to skip default policies johnharris85/kuma
4 participants
@lahabana @johnharris85 @jakubdyszkiewicz @bartsmykla