Store svc labels in lb, match toservices by them by nebril · Pull Request #2332 · cilium/cilium

nebril · 2017-12-14T16:03:51Z

k8s watcher stores added/updated services labels in LoadBalancer.

Those labels are used by RuleTranslator to check whether the ToService
rule should end up generating ToCIDR rules for service.

fixes #1875

joestringer

common/ changes LGTM. I didn't look closely at k8s pieces.

aanm

Discussed offline, needs to match services by namespace

houndci-bot · 2018-01-02T10:53:21Z

package comment should be of the form "Package api ..."

houndci-bot · 2018-01-02T10:53:21Z

package comment should be of the form "Package labels ..."

aanm · 2018-01-03T13:59:39Z

Put the "matching" logic of the service in a single version to avoid code repetition here and on line 90-99.

aanm · 2018-01-03T14:01:10Z

By removing k8sService json tag aren't you breaking backwards compatibility?

I guess I am. Do you think it should be left there?

Do you think it should be left there?

Yes

manalibhutiyani · 2018-01-05T19:10:59Z

Not sure if relevant, but do you want to add checks and tests with svcLabels == nil?

Thanks for the catch, but I think that empty svcLabels case is tested in TestTranslatorDirect.

eloycoto · 2018-01-08T08:11:29Z

Hi @nebril could you create the Ginkgo test please or create a task to make it in the near future?

Regards

nebril · 2018-01-15T17:51:06Z

test-me-please

nebril · 2018-01-16T15:00:38Z

test-me-please

nebril · 2018-01-16T17:07:33Z

@eloycoto created issue

tgraf · 2018-01-17T05:19:27Z

@eloycoto created issue

No longer good enough ;-) All new code needs Ginkgo tests.

nebril · 2018-01-17T10:04:08Z

test-me-please

eloycoto

This is going to fail in kubbernetes 1.6. You need to add CNP V1 on manifest/1.6/ folder.

eloycoto · 2018-01-17T10:42:59Z

You should add a defer function for the endpointPath and policyLabeledPath, if it fails, it'll be no deleted at all.

Makes sense, thanks.

aanm · 2018-01-18T01:37:54Z

Depends on #2544

nebril · 2018-01-24T14:18:07Z

test-me-please

eloycoto · 2018-01-24T14:31:58Z

test-all-ginkgo

manalibhutiyani · 2018-01-24T23:08:46Z

Are all review comments addressed? @nebril : Is this ready to be merged?

k8s watcher stores added/updated services labels in LoadBalancer. Those labels are used by RuleTranslator to check whether the ToService rule should end up generating ToCIDR rules for service. Signed-off-by: Maciej Kwiek <maciej@covalent.io>

Signed-off-by: Maciej Kwiek <maciej@covalent.io>

nebril · 2018-01-25T14:10:28Z

test-me-please

nebril added the area/k8s Impacts the kubernetes API, or kubernetes -> cilium internals translation layers. label Dec 14, 2017

nebril requested a review from a team as a code owner December 14, 2017 16:03

nebril requested a review from a team December 14, 2017 16:03

nebril added the wip label Dec 14, 2017

nebril requested a review from a team as a code owner December 14, 2017 16:51

nebril force-pushed the toservices-labels-match branch 2 times, most recently from 2ee2426 to 27248d7 Compare December 15, 2017 12:56

nebril added pending-review and removed wip labels Dec 15, 2017

joestringer approved these changes Dec 15, 2017

View reviewed changes

aanm requested changes Dec 18, 2017

View reviewed changes

nebril requested a review from a team as a code owner December 18, 2017 16:20

nebril force-pushed the toservices-labels-match branch from 243c061 to c884e2c Compare January 2, 2018 10:53

houndci-bot reviewed Jan 2, 2018

View reviewed changes

nebril force-pushed the toservices-labels-match branch 3 times, most recently from 4e95a55 to 082b1d5 Compare January 3, 2018 10:58

aanm requested changes Jan 3, 2018

View reviewed changes

manalibhutiyani reviewed Jan 5, 2018

View reviewed changes

nebril force-pushed the toservices-labels-match branch 5 times, most recently from 317eefc to c880df5 Compare January 15, 2018 17:39

nebril force-pushed the toservices-labels-match branch 2 times, most recently from 60d0590 to c82fe53 Compare January 16, 2018 14:59

nebril mentioned this pull request Jan 16, 2018

Migrate tests/k8s/tests/04-toservices.sh to gingko #2545

Closed

nebril force-pushed the toservices-labels-match branch from c82fe53 to 68a0b05 Compare January 17, 2018 10:03

eloycoto suggested changes Jan 17, 2018

View reviewed changes

nebril force-pushed the toservices-labels-match branch 3 times, most recently from 7fc9e77 to 729fb07 Compare January 24, 2018 14:16

eloycoto approved these changes Jan 25, 2018

View reviewed changes

aanm added the wip label Jan 25, 2018

nebril force-pushed the toservices-labels-match branch from 729fb07 to 1a80d9e Compare January 25, 2018 14:08

nebril added 5 commits January 25, 2018 15:08

Add labels to toservices runtime test

a0153bd

Signed-off-by: Maciej Kwiek <maciej@covalent.io>

Add namespace and selector to api.Service

03a6984

Signed-off-by: Maciej Kwiek <maciej@covalent.io>

Regenerate k8s code to accommodate API changes

f94cf9f

Signed-off-by: Maciej Kwiek <maciej@covalent.io>

Ginkgo test for labeled toservices policies

05e2613

Signed-off-by: Maciej Kwiek <maciej@covalent.io>

nebril force-pushed the toservices-labels-match branch from 1a80d9e to 05e2613 Compare January 25, 2018 14:10

nebril removed the wip label Jan 25, 2018

aanm approved these changes Jan 25, 2018

View reviewed changes

aanm added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 25, 2018

tgraf merged commit fe6839b into cilium:master Jan 25, 2018

nebril mentioned this pull request Jan 29, 2018

Update policy docs to reflect ToServices changes #2669

Merged

aanm mentioned this pull request Feb 15, 2018

k8s: Avoid references in CNP CRD validation #2820

Merged

Conversation

nebril commented Dec 14, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

joestringer left a comment

Choose a reason for hiding this comment

Uh oh!

aanm left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

eloycoto commented Jan 8, 2018

Uh oh!

nebril commented Jan 15, 2018

Uh oh!

nebril commented Jan 16, 2018

Uh oh!

nebril commented Jan 16, 2018

Uh oh!

tgraf commented Jan 17, 2018

Uh oh!

nebril commented Jan 17, 2018

Uh oh!

eloycoto left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

aanm commented Jan 18, 2018

Uh oh!

nebril commented Jan 24, 2018

Uh oh!

eloycoto commented Jan 24, 2018

Uh oh!

manalibhutiyani commented Jan 24, 2018

Uh oh!

nebril commented Jan 25, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

nebril commented Dec 14, 2017 •

edited

Loading