Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AllowList-based and DenyList-based Resource Reflection #1961

Merged
merged 1 commit into from
Sep 5, 2023
Merged

AllowList-based and DenyList-based Resource Reflection #1961

merged 1 commit into from
Sep 5, 2023

Conversation

fra98
Copy link
Member

@fra98 fra98 commented Aug 17, 2023
edited

Description

This PR adds the possibility to configure a per-resource whitelist-based reflection mechanism.

Two different reflection mechanisms can be selected at install time:

  • DenyList: reflects all the resources available in the liqo-enabled namespaces, excluding the ones with the liqo.io/skip-reflection annotation.
  • AllowList: do not reflect any resource in the liqo-enabled namespaces, but the ones with the liqo.io/allow-reflection annotation.

You can configure the preferred reflection mechanism for each resource type through the Helm value reflection.<resource>.type.
DenyList is the default reflection policy for all resources (services, endpointslices, ingresses, configmaps, secrets, events).
Note: the pods, PVCs, and serviceaccounts reflectors follow a custom Liqo logic and can't be customized.

Fixes #1855

In addition:

  • The number of workers for each reflector is customizable through the Helm value reflection.<resource>.workers. Set 0 to disable the reflection completely.
  • Improved documentation about reflection.

How Has This Been Tested?

  • locally (Kind)
  • unit tests
  • e2e tests

@adamjensenbot
Copy link
Collaborator

Hi @fra98. Thanks for your PR!

I am @adamjensenbot.
You can interact with me issuing a slash command in the first line of a comment.
Currently, I understand the following commands:

  • /rebase: Rebase this PR onto the master branch (You can add the option test=true to launch the tests
    when the rebase operation is completed)
  • /merge: Merge this PR into the master branch
  • /build Build Liqo components
  • /test Launch the E2E and Unit tests
  • /hold, /unhold Add/remove the hold label to prevent merging with /merge

Make sure this PR appears in the liqo changelog, adding one of the following labels:

  • kind/breaking: 💥 Breaking Change
  • kind/feature: 🚀 New Feature
  • kind/bug: 🐛 Bug Fix
  • kind/cleanup: 🧹 Code Refactoring
  • kind/docs: 📝 Documentation

@fra98 fra98 self-assigned this Aug 17, 2023
@fra98 fra98 added the kind/feature New feature or request label Aug 17, 2023
@Sharathmk99
Copy link
Contributor

One of the most useful feature for us. Looking forward to test it out. Thanks

@fra98 fra98 force-pushed the frt/allow-deny-refl branch 2 times, most recently from 2810e62 to bdf7d48 Compare August 28, 2023 08:20
@fra98
Copy link
Member Author

fra98 commented Aug 31, 2023

/hold

@adamjensenbot adamjensenbot added the hold Prevent bot merging label Aug 31, 2023
@fra98 fra98 marked this pull request as ready for review August 31, 2023 11:12
@fra98 fra98 requested review from aleoli and cheina97 August 31, 2023 11:24
@fra98
Copy link
Member Author

fra98 commented Aug 31, 2023

/test

aleoli
aleoli reviewed Aug 31, 2023
View reviewed changes
cmd/virtual-kubelet/root/opts.go Outdated Show resolved Hide resolved
pkg/virtualKubelet/reflection/configuration/configmap.go Outdated Show resolved Hide resolved
pkg/virtualKubelet/reflection/generic/namespaced.go Outdated Show resolved Hide resolved
pkg/virtualKubelet/reflection/generic/reflector.go Outdated Show resolved Hide resolved
pkg/virtualKubelet/reflection/generic/reflector.go Outdated Show resolved Hide resolved
@fra98 fra98 requested a review from aleoli September 1, 2023 07:40
@fra98 fra98 force-pushed the frt/allow-deny-refl branch 2 times, most recently from 0ae5e8c to 219f575 Compare September 4, 2023 10:15
@fra98
Copy link
Member Author

fra98 commented Sep 4, 2023

/test

@fra98
Copy link
Member Author

fra98 commented Sep 5, 2023

/test

@fra98
Copy link
Member Author

fra98 commented Sep 5, 2023

/unhold

@adamjensenbot adamjensenbot removed the hold Prevent bot merging label Sep 5, 2023
@fra98
Copy link
Member Author

fra98 commented Sep 5, 2023

/merge

@adamjensenbot adamjensenbot added the merge-requested Request bot merging (automatically managed) label Sep 5, 2023
@adamjensenbot adamjensenbot merged commit 1401074 into liqotech:master Sep 5, 2023
12 checks passed
@adamjensenbot adamjensenbot removed the merge-requested Request bot merging (automatically managed) label Sep 5, 2023
@krehel krehel mentioned this pull request Sep 19, 2023
Merged
@p-linnane p-linnane mentioned this pull request Nov 1, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aleoli aleoli aleoli approved these changes

@cheina97 cheina97 Awaiting requested review from cheina97

Assignees

@fra98 fra98

Labels
kind/feature New feature or request size/XXL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature] AllowList-based and DenyList-based Resource Reflection
4 participants
@fra98 @adamjensenbot @Sharathmk99 @aleoli