Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(inspect): support policies for gateways #3916

Merged
merged 6 commits into from
Mar 3, 2022
Merged

feat(inspect): support policies for gateways #3916

merged 6 commits into from
Mar 3, 2022

Conversation

michaelbeaumont
Copy link
Contributor

@michaelbeaumont michaelbeaumont commented Feb 23, 2022
edited by lahabana

Summary

This PR adds inspect API support for dataplanes that are builtin gateways.

The dataplanes/<dp>/policies endpoint now returns either:

{
  "kind": "SidecarDataplane",
  # what the endpoint returns on `master`
}

{
  "kind": "GatewayDataplane",
  # new result shape for gateway dataplanes
}

which is

kuma/pkg/api-server/types/gateway.go

Lines 32 to 36 in 3d17de3

type GatewayDataplaneInspectResult struct {
Kind string `json:"kind"`
Listeners []GatewayListenerInspectEntry `json:"listeners"`
Policies PolicyMap `json:"policies,omitempty"`
}

The idea is to show for each GatewayRoute that applies to the Gateway served by this Dataplane, which policies apply to any destinations in that route. Applied TrafficLog and TrafficTrace policies are shown on the top level of the result.

An example might look like:

{
 "kind": "GatewayDataplane",
 "listeners": [
  {
   "port": 80,
   "protocol": "HTTP",
   "hosts": [
    {
     "hostName": "foo.com",
     "routes": [
      {
       "route": "default-foo-gateway-hw6n5",
       "destinations": [
        {
         "tags": {
          "kuma.io/service": "demo-app_kuma-demo_svc_5000"
         },
         "policies": {
          "CircuitBreaker": {
            ...
          },
          ...

Alternative

We don't necessarily have to return the gateway -> route tree.
Another option would to add return a list of attachments at the top level, like for sidecar dataplanes, with a new value for AttachmentEntry.type, which would encode the route information somehow.

Part of #3720

Changelog: feat(inspect): add gateways to policy inspect

@michaelbeaumont michaelbeaumont force-pushed the feat/inspect_gateway branch 3 times, most recently from 89e6d83 to 3d5649d Compare February 28, 2022 18:08
@codecov-commenter
Copy link

codecov-commenter commented Feb 28, 2022
edited

Codecov Report

Merging #3916 (c9b2349) into master (beba90c) will increase coverage by 0.06%.
The diff coverage is 80.48%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3916      +/-   ##
==========================================
+ Coverage   55.82%   55.88%   +0.06%     
==========================================
  Files         917      918       +1     
  Lines       54748    54815      +67     
==========================================
+ Hits        30562    30634      +72     
+ Misses      21746    21734      -12     
- Partials     2440     2447       +7
Impacted Files Coverage Δ
pkg/plugins/runtime/gateway/route/table.go 100.00% <ø> (ø)
pkg/api-server/inspect_endpoints.go 72.04% <78.08%> (+3.13%) ⬆️
pkg/api-server/types/gateway.go 100.00% <100.00%> (ø)
pkg/api-server/types/inspect.go 76.92% <100.00%> (+0.45%) ⬆️
...plugins/runtime/gateway/gateway_route_generator.go 100.00% <100.00%> (ø)
pkg/core/tokens/default_signing_key.go 66.66% <0.00%> (-5.56%) ⬇️
pkg/core/resources/manager/cache.go 83.11% <0.00%> (-2.60%) ⬇️
pkg/insights/resyncer.go 73.61% <0.00%> (+2.45%) ⬆️
...s/authn/api-server/tokens/admin_token_bootstrap.go 82.00% <0.00%> (+4.00%) ⬆️
pkg/plugins/runtime/gateway/route/sorter.go 71.79% <0.00%> (+5.12%) ⬆️
... and 3 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update beba90c...c9b2349. Read the comment docs.

@michaelbeaumont michaelbeaumont linked an issue Mar 1, 2022 that may be closed by this pull request
Tools for visibility: See which policy applies to gateway #3720
Closed
2 tasks
@michaelbeaumont michaelbeaumont removed a link to an issue Mar 1, 2022
Tools for visibility: See which policy applies to gateway #3720
Closed
2 tasks
@michaelbeaumont michaelbeaumont changed the title feat(inspect): add gateway policies feat(inspect): show policies for gateways Mar 1, 2022
@michaelbeaumont michaelbeaumont marked this pull request as ready for review March 1, 2022 09:08
@michaelbeaumont michaelbeaumont requested a review from a team as a code owner March 1, 2022 09:08
@michaelbeaumont michaelbeaumont changed the title feat(inspect): show policies for gateways feat(inspect): support policies for gateways Mar 1, 2022
@michaelbeaumont michaelbeaumont force-pushed the feat/inspect_gateway branch 2 times, most recently from d769885 to 9b6f4db Compare March 3, 2022 09:31
@michaelbeaumont
feat(inspect): add gateway policies
9a30cdc 
- [ ] TrafficPermission
  - handled by destination
- [ ] FaultInjection
  - not yet supported
- [x] RateLimit
- [x] HealthCheck
- [x] CircuitBreaker
- [x] Retry
- [x] Timeout
- [x] TrafficTrace
- [x] TrafficLogs

Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
@michaelbeaumont
feat(gateway): add Gateway to gateway dataplane inspect result
07d3546 
Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
@michaelbeaumont
test(api-server): update dataplane inspect response
c8c01ae 
Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
@michaelbeaumont
test(api-server): add gateway dataplane inspect test
0980ac5 
Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
@michaelbeaumont
feat(inspect): make gateway dataplane response stable
5702664 
Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
@michaelbeaumont michaelbeaumont mentioned this pull request Mar 3, 2022
Merged
@michaelbeaumont
chore(inspect): add explanatory comment on MeshGateway-level policies
d2a674e 
Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
@michaelbeaumont michaelbeaumont enabled auto-merge (squash) March 3, 2022 13:39
@michaelbeaumont michaelbeaumont merged commit 6d3fa03 into kumahq:master Mar 3, 2022
@michaelbeaumont michaelbeaumont deleted the feat/inspect_gateway branch March 3, 2022 14:17
SallyBlichWalkMe pushed a commit to SallyBlichWalkMe/kuma that referenced this pull request Apr 14, 2022
@michaelbeaumont @SallyBlichWalkMe
feat(inspect): support policies for gateways (kumahq#3916)
b91a0ec 
* feat(inspect): add gateway policies

- [ ] TrafficPermission
  - handled by destination
- [ ] FaultInjection
  - not yet supported
- [x] RateLimit
- [x] HealthCheck
- [x] CircuitBreaker
- [x] Retry
- [x] Timeout
- [x] TrafficTrace
- [x] TrafficLogs

* feat(gateway): add Gateway to gateway dataplane inspect result
* test(api-server): update dataplane inspect response
* test(api-server): add gateway dataplane inspect test
* feat(inspect): make gateway dataplane response stable
* chore(inspect): add explanatory comment on MeshGateway-level policies

Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
Signed-off-by: Sally Blich <sally.blich@walkme.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakubdyszkiewicz jakubdyszkiewicz jakubdyszkiewicz approved these changes

@lobkovilya lobkovilya lobkovilya approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@michaelbeaumont @codecov-commenter @jakubdyszkiewicz @lobkovilya