Skip to content

Commit

Permalink
Add istio and sds values to GatewayParameters (#9402)
Browse files Browse the repository at this point in the history 
* wip

* wip

* wip

* fix istio install

* use global.istioIntegration.enableAutoMtls

* fix imports

* check settings

* regen, pr comments

* fix istio uninstall

* split istio setup

* remove settings client

* pr feedback

* fixed assertions, cleanup

* changelog, debug instructions

* switch to sep headless svc test suites

* classic edge automtls tests

* k8s gw headless svc test specific suite

* regen

* add edge api tests

* passing tests

* passing glooctl tests

* fix uninject

* go mod

* changelog

* initial upstream tests

* add istio test

* regen

* fix template

* wip

* mimimize diff

* Adding changelog file to new location

* Deleting changelog file from old location

* glooctl

* use testInst.GeneratedFiles.TempDir

* remove glooctl path

* fix upstream upgrade test

* pr feedback

* changelog

* regen

* pr feedback, regen

* add TestGlooctlIstioInjectEdgeApiGateway to test to run in ci

* add TestAutomtlsIstioEdgeApisGateway and TestIstioEdgeApiGateway to ci tests

* remove TestCluster refs

* fix filepath

* remove --istio-namespace, not required for uninject, use default for inject

* fix manifest file name

* add missing istio installation to automtls test

* use edge api headless svc test

* regen

* add pr execution run time

* add debug report

* fix curl

* fix upstream tests

* regen

* move changelog

* add assertions gw and example apps are ready

* fix assertions

* increase timeout

* add cluster id to debug output

* fix setup

* clean up diff

* fix deployer

* pass test

* changelog

* wip: default sds image

* fixed default image

* pr feedback

* pr feedback

* fix TestDisableAutomtlsOverridesSSLConfig assertion reset reason

* remove logs

* Adding changelog file to new location

* Deleting changelog file from old location

* use defaults in values-templates

* pr feedback

---------

Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com>
Co-authored-by: changelog-bot <changelog-bot>
  • Loading branch information
@npolshakova @soloio-bulldozer
npolshakova and soloio-bulldozer[bot] committed May 20, 2024
1 parent 35db22a commit 76c9bcf
Show file tree
Hide file tree
Showing 20 changed files with 1,906 additions and 167 deletions.
7 changes: 7 additions & 0 deletions changelog/v1.17.0-beta29/add-sds-and-istio-gw-params.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
changelog:
- type: NON_USER_FACING
issueLink: https://github.com/solo-io/solo-projects/issues/6048
resolvesIssue: false
description: >-
Adds SDS and Istio values to GatewayParameters. Adds e2e tests for deploying k8s Gateway with GatewayParameters
that overrides the default SDS and Istio values.
203 changes: 202 additions & 1 deletion install/helm/gloo/crds/gateway.gloo.solo.io_crds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
crd.solo.io/specHash: b770956ad3c60ed2
crd.solo.io/specHash: f7620f31f9f0fad8
labels:
app: gloo-gateway
app.kubernetes.io/name: gloo-gateway
Expand Down Expand Up @@ -583,6 +583,207 @@ spec:
type: object
type: array
type: object
sds:
properties:
istioIntegration:
properties:
istioContainer:
properties:
image:
properties:
digest:
type: string
pullPolicy:
enum:
- Unspecified
- IfNotPresent
- Always
- Never
type: string
registry:
type: string
repository:
type: string
tag:
type: string
type: object
logLevel:
type: string
resources:
properties:
limits:
additionalProperties:
type: string
type: object
requests:
additionalProperties:
type: string
type: object
type: object
securityContext:
properties:
allowPrivilegeEscalation:
type: boolean
capabilities:
properties:
add:
items:
type: string
type: array
drop:
items:
type: string
type: array
type: object
privileged:
type: boolean
procMount:
type: string
readOnlyRootFilesystem:
type: boolean
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
seLinuxOptions:
properties:
level:
type: string
role:
type: string
type:
type: string
user:
type: string
type: object
seccompProfile:
properties:
localhostProfile:
type: string
type:
type: string
type: object
windowsOptions:
properties:
gmsaCredentialSpec:
type: string
gmsaCredentialSpecName:
type: string
hostProcess:
type: boolean
runAsUserName:
type: string
type: object
type: object
type: object
istioDiscoveryAddress:
type: string
istioMetaClusterId:
type: string
istioMetaMeshId:
type: string
type: object
sdsContainer:
properties:
bootstrap:
properties:
logLevel:
type: string
type: object
image:
properties:
digest:
type: string
pullPolicy:
enum:
- Unspecified
- IfNotPresent
- Always
- Never
type: string
registry:
type: string
repository:
type: string
tag:
type: string
type: object
resources:
properties:
limits:
additionalProperties:
type: string
type: object
requests:
additionalProperties:
type: string
type: object
type: object
securityContext:
properties:
allowPrivilegeEscalation:
type: boolean
capabilities:
properties:
add:
items:
type: string
type: array
drop:
items:
type: string
type: array
type: object
privileged:
type: boolean
procMount:
type: string
readOnlyRootFilesystem:
type: boolean
runAsGroup:
format: int64
type: integer
runAsNonRoot:
type: boolean
runAsUser:
format: int64
type: integer
seLinuxOptions:
properties:
level:
type: string
role:
type: string
type:
type: string
user:
type: string
type: object
seccompProfile:
properties:
localhostProfile:
type: string
type:
type: string
type: object
windowsOptions:
properties:
gmsaCredentialSpec:
type: string
gmsaCredentialSpecName:
type: string
hostProcess:
type: boolean
runAsUserName:
type: string
type: object
type: object
type: object
type: object
service:
properties:
clusterIP:
Expand Down
94 changes: 94 additions & 0 deletions projects/gateway2/api/v1alpha1/gateway_parameters.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,10 @@ message KubernetesProxyConfig {

// Autoscaling configuration.
kube.gateway.gloo.solo.io.Autoscaling autoscaling = 5;

// Sds configuration.
// A non-nil value will enable sds integration. If empty config is provided, the default values will be used.
SdsIntegration sds = 6;
}

// Configuration for the Proxy deployment in Kubernetes.
Expand Down Expand Up @@ -109,6 +113,96 @@ message EnvoyBootstrap {
map<string, string> component_log_levels = 2;
}

// Configuration for the sds integration settings used by a Gloo Gateway's data plane (Envoy proxy instance)
// If not set, internal mtls authentication will not be used.
message SdsIntegration {
// Configuration for the container running Gloo sds.
// If not provided, the default values will be used.
SdsContainer sds_container = 1;

// Istio integration configuration
// A non-nil value will enable sds integration. If empty config is provided, the default values will be used.
IstioIntegration istio_integration = 2;

}

// Configuration for the Istio integration settings used by a Gloo Gateway's data plane (Envoy proxy instance)
message IstioIntegration {
// Configuration for the container running istio-proxy.
IstioContainer istio_container = 1;

// The address of the istio discovery service. Defaults to "istiod.istio-system.svc:15012".
string istio_discovery_address = 2;

// The mesh id of the istio mesh. Defaults to "cluster.local".
string istio_meta_mesh_id = 3;

// The cluster id of the istio cluster. Defaults to "Kubernetes".
string istio_meta_cluster_id = 4;
}

// Configuration for the container running Gloo sds.
message SdsContainer {
// The sds container image. See
// https://kubernetes.io/docs/concepts/containers/images
// for details.
//
// Default values for Edge OSS, which may be overridden individually:
// registry: quay.io/solo-io
// repository: sds / sds-ee
// tag: <gloo version> (OSS) / <gloo-ee version> (EE)
// pullPolicy: IfNotPresent
kube.gateway.gloo.solo.io.Image image = 1;

// The security context for this container. See
// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#securitycontext-v1-core
// for details.
k8s.io.api.core.v1.SecurityContext security_context = 2;

// The compute resources required by this container. See
// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
// for details.
kube.gateway.gloo.solo.io.ResourceRequirements resources = 3;

// Initial SDS container configuration.
SdsBootstrap bootstrap = 4;
}

// Configuration for the sds instance that is provisioned from a Kubernetes Gateway.
message SdsBootstrap {
// Log level for sds. Options include "info", "debug", "warn", "error", "panic" and "fatal".
// Default level is "info".
string log_level = 1;
}

// Configuration for the container running the istio-proxy.
message IstioContainer {
// The envoy container image. See
// https://kubernetes.io/docs/concepts/containers/images
// for details.
//
// Default values, which may be overridden individually:
// registry: docker.io/istio
// repository: proxyv2
// tag: <gloo version> (OSS) / <gloo-ee version> (EE)
// pullPolicy: IfNotPresent
kube.gateway.gloo.solo.io.Image image = 1;

// The security context for this container. See
// https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#securitycontext-v1-core
// for details.
k8s.io.api.core.v1.SecurityContext security_context = 2;

// The compute resources required by this container. See
// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
// for details.
kube.gateway.gloo.solo.io.ResourceRequirements resources = 3;

// Log level for istio-proxy. Options include "info", "debug", "warning", and "error".
// Default level is info Default is "warning".
string log_level = 4;
}

message GatewayParametersStatus {
// The current conditions of the GatewayParameters. This is not currently
// implemented.
Expand Down
16 changes: 14 additions & 2 deletions projects/gateway2/deployer/deployer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,12 +192,20 @@ func (d *Deployer) getValues(ctx context.Context, gw *api.Gateway) (*helmConfig,
Port: &d.inputs.ControlPlane.Kube.XdsPort,
},
Image: getDefaultEnvoyImageValues(d.inputs.Extensions.GetEnvoyImage()),
IstioSDS: &helmIstioSds{
// TODO(npolshak): Remove once default GatewayParameters are supported: https://github.com/solo-io/solo-projects/issues/6107
IstioSDS: &istioSDS{
Enabled: &d.inputs.IstioValues.SDSEnabled,
},
},
}

// TODO(npolshak): Remove once default GatewayParameters are supported: https://github.com/solo-io/solo-projects/issues/6107
if d.inputs.IstioValues.SDSEnabled {
// Is Istio integration is enabled, we need to set the SDS image tag
vals.Gateway.Sds = getDefaultSdsValues(d.inputs.Extensions.GetSdsImage())
vals.Gateway.Sds.Istio = getDefaultIstioValues()
}

// check if there is a GatewayParameters associated with this Gateway
gwp, err := d.getGatewayParametersForGateway(ctx, gw)
if err != nil {
Expand All @@ -216,6 +224,7 @@ func (d *Deployer) getValues(ctx context.Context, gw *api.Gateway) (*helmConfig,
podConfig := kubeProxyConfig.GetPodTemplate()
envoyContainerConfig := kubeProxyConfig.GetEnvoyContainer()
svcConfig := kubeProxyConfig.GetService()
sds := kubeProxyConfig.GetSds()

// deployment values
autoscalingVals := getAutoscalingValues(kubeProxyConfig.GetAutoscaling())
Expand All @@ -240,13 +249,16 @@ func (d *Deployer) getValues(ctx context.Context, gw *api.Gateway) (*helmConfig,
// envoy container values
logLevel := envoyContainerConfig.GetBootstrap().GetLogLevel()
compLogLevels := envoyContainerConfig.GetBootstrap().GetComponentLogLevels()

vals.Gateway.LogLevel = &logLevel
compLogLevelStr, err := ComponentLogLevelsToString(compLogLevels)
if err != nil {
return nil, err
}
vals.Gateway.ComponentLogLevel = &compLogLevelStr

// sds values
vals.Gateway.Sds = getSdsValues(sds, d.inputs.Extensions.GetSdsImage())

vals.Gateway.Resources = envoyContainerConfig.GetResources()
vals.Gateway.SecurityContext = envoyContainerConfig.GetSecurityContext()
vals.Gateway.Image = getMergedEnvoyImageValues(d.inputs.Extensions.GetEnvoyImage(), envoyContainerConfig.GetImage())
Expand Down
Loading

0 comments on commit 76c9bcf

Please sign in to comment.