Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add overriding condition to BackendTrafficPolicy and SecurityPolicy #2684

Merged
merged 7 commits into from
Mar 1, 2024
Merged

add overriding condition to BackendTrafficPolicy and SecurityPolicy #2684

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
bdae89f
add overriding condition to backendtrafficpolicy
zhaohuabing Feb 23, 2024
d0299ad
Merge branch 'main' into backendtrafficpolicy-overriding-condition
zhaohuabing Feb 24, 2024
932ca67
Merge branch 'main' into backendtrafficpolicy-overriding-condition
zhaohuabing Feb 24, 2024
142fa25
Update internal/gatewayapi/backendtrafficpolicy.go
zhaohuabing Feb 27, 2024
aa0d272
address comments
zhaohuabing Feb 27, 2024
3d7a999
Merge branch 'main' into backendtrafficpolicy-overriding-condition
zhaohuabing Feb 27, 2024
1bf5654
Merge branch 'main' into backendtrafficpolicy-overriding-condition
zhaohuabing Feb 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions internal/gatewayapi/backendtrafficpolicy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ import (

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/utils/ptr"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gwv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
gwv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1"

Expand Down Expand Up @@ -71,6 +73,9 @@ func (t *Translator) ProcessBackendTrafficPolicies(backendTrafficPolicies []*egv
gatewayMap[key] = &policyGatewayTargetContext{GatewayContext: gw}
}

// Map of Gateway to the routes attached to it
gatewayRouteMap := make(map[string]sets.Set[string])

// Translate
// 1. First translate Policies targeting xRoutes
// 2.. Finally, the policies targeting Gateways
Expand All @@ -87,6 +92,32 @@ func (t *Translator) ProcessBackendTrafficPolicies(backendTrafficPolicies []*egv
continue
}

// Populate the gatewayRouteMap that will be used to check policy overrides
var parents []gwapiv1.ParentReference
switch r := route.(type) {
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
case *HTTPRouteContext:
parents = r.Spec.ParentRefs
case *GRPCRouteContext:
parents = r.Spec.ParentRefs
}
for _, p := range parents {
if p.Kind == nil || *p.Kind == KindGateway {
namespace := route.GetNamespace()
if p.Namespace != nil {
namespace = string(*p.Namespace)
}
k := types.NamespacedName{
Namespace: namespace,
Name: string(p.Name),
}.String()
v := utils.NamespacedName(route).String()
if _, ok := gatewayRouteMap[k]; !ok {
gatewayRouteMap[k] = make(sets.Set[string])
}
gatewayRouteMap[k].Insert(v)
}
}

t.translateBackendTrafficPolicyForRoute(policy, route, xdsIR)

message := "BackendTrafficPolicy has been accepted."
Expand All @@ -108,6 +139,23 @@ func (t *Translator) ProcessBackendTrafficPolicies(backendTrafficPolicies []*egv

t.translateBackendTrafficPolicyForGateway(policy, gateway, xdsIR)

// Check if this policy is overridden by other policies
// targeting at route level
gw := utils.NamespacedName(gateway).String()
if r, ok := gatewayRouteMap[gw]; ok {
// Maintain order here to ensure status/string does not change with the same data
routes := r.UnsortedList()
sort.Strings(routes)
message := fmt.Sprintf("There are existing ClientTrafficPolicies that are overriding this one on these routes: %v", routes)
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved

status.SetBackendTrafficPolicyCondition(policy,
egv1a1.PolicyConditionOverridden,
metav1.ConditionTrue,
egv1a1.PolicyReasonOverridden,
message,
)
}

message := "BackendTrafficPolicy has been accepted."
status.SetBackendTrafficPolicyAcceptedIfUnset(&policy.Status, message)
}
Expand Down
6 changes: 6 additions & 0 deletions internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,12 @@ backendTrafficPolicies:
namespace: envoy-gateway
status:
conditions:
- lastTransitionTime: null
message: 'There are existing ClientTrafficPolicies that are overriding this
one on these routes: [envoy-gateway/httproute-1]'
reason: Overridden
status: "True"
type: Overridden
- lastTransitionTime: null
message: BackendTrafficPolicy has been accepted.
reason: Accepted
Expand Down
6 changes: 6 additions & 0 deletions internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,12 @@ backendTrafficPolicies:
namespace: envoy-gateway
status:
conditions:
- lastTransitionTime: null
message: 'There are existing ClientTrafficPolicies that are overriding this
one on these routes: [default/httproute-1]'
reason: Overridden
status: "True"
type: Overridden
- lastTransitionTime: null
message: BackendTrafficPolicy has been accepted.
reason: Accepted
Expand Down
6 changes: 6 additions & 0 deletions internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,12 @@ backendTrafficPolicies:
namespace: envoy-gateway
status:
conditions:
- lastTransitionTime: null
message: 'There are existing ClientTrafficPolicies that are overriding this
one on these routes: [default/httproute-1 default/httproute-2]'
reason: Overridden
status: "True"
type: Overridden
- lastTransitionTime: null
message: BackendTrafficPolicy has been accepted.
reason: Accepted
Expand Down
Loading