Add "ZtunnelNamespace" flag to specify Ztunnel deployment location#58677
Conversation
9ed08cd to
68b7907
Compare
| }`, time.Now().Format(time.RFC3339)) // e.g., “2006-01-02T15:04:05Z07:00” | ||
| ds := c.Kube().AppsV1().DaemonSets(i.Settings().SystemNamespace) | ||
| _, err := ds.Patch(context.Background(), "ztunnel", types.StrategicMergePatchType, []byte(patchData), patchOpts) | ||
| ztunnelNS, err := locateDaemonsetNS(t, "ztunnel") |
There was a problem hiding this comment.
The other option would be to add a config flag (--istio.test.kube.ztunnelNamespace) with default set to SystemNamespace.
There was a problem hiding this comment.
That's a really good idea.
Thanks @sridhargaddam
There was a problem hiding this comment.
Implemented the check of the "--istio.test.kube.helm.values=pilot.trustedZtunnelNamespace" flag.
If provided, its value would be used, otherwise it would use "istio-system" as default values.
There was a problem hiding this comment.
Actually, my suggestion was to use a dedicated flag for ztunnelNamespace similar to how we have existing flags as shown below.
--istio.test.kube.systemNamespace
--istio.test.kube.telemetryNamespace
--istio.test.kube.ingressGatewayServiceNamespace
For this, you will have to update the following file by adding the new flag. Something like...
flag.StringVar(&settingsFromCommandline.TrustedZtunnelNamespace, "istio.test.kube.ztunnelNamespace",
settingsFromCommandline.TrustedZtunnelNamespace,
"Specifies the namespace where ztunnel is deployed. Defaults to the system namespace (istio-system).")
and defining the variable here.
Using the dedicated flag will be simpler and cleaner implementation over parsing the helm values.
There was a problem hiding this comment.
But why not to use an existing flag that in any case would be accurate regarding the purpose of the use?
If ZTunnel is being deployed in a custom namespace, the trustedZtunnelNamespace flag should be specified in any case.
So, what is the benefit of adding one more flag that we need to remember to use?
Isn't a flag that could be reused in couple of places for the same purpose (specifying the location of ztunnel), would be cleaner?
There was a problem hiding this comment.
Hello Maxim, there are couple of reasons behind suggesting the dedicated flag like --istio.test.kube.ztunnelNamespace.
- It would be self-documenting, and users would be able to discover the flag using --help.
- It is consistent with the existing flags listed above.
OTOH, if we go with the helm values...
- It becomes a hidden setting.
- A typo in the user-supplied value would be silently ignored and could manifest as an error that is hard to debug.
- It requires careful parsing in the code to read the supplied configuration.
- Users would need to read the documentation or inspect the code to discover that the ztunnel namespace can be set via Helm values.
There was a problem hiding this comment.
CC: @istio/wg-test-and-release-maintainers
There was a problem hiding this comment.
I understand your points and agree with them.
So, with the mentioned above, isn't it preferred to get back to the auto detection of the ztunnel daemon namespace instead of creating additional flag?
There was a problem hiding this comment.
While auto-detection is possible, a dedicated flag (--istio.test.kube.ztunnelNamespace) would be cleaner and better aligned with the existing flags. Looping @Stevenjin8 @kfaseela for their feedback.
There was a problem hiding this comment.
I've modified the PR and added the ztunnelNamespace flag to specify custom ztunnel namespace.
|
@MaxBab could you give some context behind this change? Are you running tests with very custom configs? |
68b7907 to
87b7b59
Compare
Hello @Stevenjin8 I'm deploying Istio with an external control plance (Sail Operator) and Ztunnel resource is placed within the That's why I need to be able to identify ZTunnel resource within a namespace other than |
|
/test integ-cni |
87b7b59 to
5fd72a4
Compare
5fd72a4 to
94e1afb
Compare
| t.Fatalf("failed to wait for ztunnel rollout status for: %v", err) | ||
| } | ||
| if _, err := kubetest.CheckPodsAreReady(kubetest.NewPodFetch(t.AllClusters()[0], i.Settings().SystemNamespace, "app=ztunnel")); err != nil { | ||
| if _, err := kubetest.CheckPodsAreReady(kubetest.NewPodFetch(t.AllClusters()[0], ztunnelNS, "app=ztunnel")); err != nil { |
There was a problem hiding this comment.
You'll need to update the following code as well -
There was a problem hiding this comment.
Updated.
Thanks for noticing.
Please update the commit message to reflect the current implementation. |
94e1afb to
e50c36f
Compare
During deployment of Ambient mode, Ztunnel resource could be deployed to a namespace other that "istio-system". When executing TestZtunnelConfig and TestZtunnelRestart integration tests, while Ztunnel resource deployment in a separate NS, the test will fail as will not be able to locate the required resource. Add "ZtunnelNamespace" flag to specify Ztunnel deployment location. Defaults to - "istio-system". Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
e50c36f to
80454f5
Compare
sridhargaddam
left a comment
There was a problem hiding this comment.
LGTM, thanks @MaxBab
| flag.StringVar(&settingsFromCommandline.TelemetryNamespace, "istio.test.kube.telemetryNamespace", settingsFromCommandline.TelemetryNamespace, | ||
| "Specifies the namespace in which kiali, tracing providers, graphana, prometheus are deployed.") | ||
| flag.StringVar(&settingsFromCommandline.ZtunnelNamespace, "istio.test.kube.ztunnelNamespace", settingsFromCommandline.ZtunnelNamespace, | ||
| "Specifies the namespace where the ztunnel daemonset resides. Defaults to istio-system") |
There was a problem hiding this comment.
small nit for clarity.
| "Specifies the namespace where the ztunnel daemonset resides. Defaults to istio-system") | |
| "Specifies the namespace where the ztunnel daemonset resides in an ambient deployment. Defaults to istio-system") |
|
Hello @Stevenjin8 Could you take a look at the PR, please? |
|
/test unit-tests |
|
/retest |
|
In response to a cherrypick label: new issue created for failed cherrypick: #59091 |
|
In response to a cherrypick label: #58677 failed to apply on top of branch "release-1.27": |
|
In response to a cherrypick label: new issue created for failed cherrypick: #59092 |
|
In response to a cherrypick label: new pull request could not be created: failed to create pull request against istio/istio#release-1.29 from head istio-testing:cherry-pick-58677-to-release-1.29: status code 422 not one of [201], body: {"message":"Validation Failed","errors":[{"resource":"PullRequest","code":"custom","message":"A pull request already exists for istio-testing:cherry-pick-58677-to-release-1.29."}],"documentation_url":"https://docs.github.com/rest/pulls/pulls#create-a-pull-request","status":"422"} |
|
In response to a cherrypick label: #58677 failed to apply on top of branch "release-1.28": |
|
In response to a cherrypick label: new issue created for failed cherrypick: #59093 |
|
In response to a cherrypick label: new pull request could not be created: failed to create pull request against istio/istio#release-1.29 from head istio-testing:cherry-pick-58677-to-release-1.29: status code 422 not one of [201], body: {"message":"Validation Failed","errors":[{"resource":"PullRequest","code":"custom","message":"A pull request already exists for istio-testing:cherry-pick-58677-to-release-1.29."}],"documentation_url":"https://docs.github.com/rest/pulls/pulls#create-a-pull-request","status":"422"} |
…stio#58677) During deployment of Ambient mode, Ztunnel resource could be deployed to a namespace other that "istio-system". When executing TestZtunnelConfig and TestZtunnelRestart integration tests, while Ztunnel resource deployment in a separate NS, the test will fail as will not be able to locate the required resource. Add "ZtunnelNamespace" flag to specify Ztunnel deployment location. Defaults to - "istio-system". Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
…stio#58677) During deployment of Ambient mode, Ztunnel resource could be deployed to a namespace other that "istio-system". When executing TestZtunnelConfig and TestZtunnelRestart integration tests, while Ztunnel resource deployment in a separate NS, the test will fail as will not be able to locate the required resource. Add "ZtunnelNamespace" flag to specify Ztunnel deployment location. Defaults to - "istio-system". Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
…58677) (#59140) During deployment of Ambient mode, Ztunnel resource could be deployed to a namespace other that "istio-system". When executing TestZtunnelConfig and TestZtunnelRestart integration tests, while Ztunnel resource deployment in a separate NS, the test will fail as will not be able to locate the required resource. Add "ZtunnelNamespace" flag to specify Ztunnel deployment location. Defaults to - "istio-system". Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
…58677) (#59118) During deployment of Ambient mode, Ztunnel resource could be deployed to a namespace other that "istio-system". When executing TestZtunnelConfig and TestZtunnelRestart integration tests, while Ztunnel resource deployment in a separate NS, the test will fail as will not be able to locate the required resource. Add "ZtunnelNamespace" flag to specify Ztunnel deployment location. Defaults to - "istio-system". Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
As follow of this upstream Istio PR work, add the "ztunnelNamespace" flag to the converter flow. istio/istio#58677 Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
As follow of this upstream Istio PR work, add the "ztunnelNamespace" flag to the converter flow. istio/istio#58677 Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
As follow of this upstream Istio PR work, add the "ztunnelNamespace" flag to the converter flow. istio/istio#58677 Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
As follow of this upstream Istio PR work, add the "ztunnelNamespace" flag to the converter flow. istio/istio#58677 Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
As follow of this upstream Istio PR work, add the "ztunnelNamespace" flag to the converter flow. istio/istio#58677 Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
As follow of this upstream Istio PR work, add the "ztunnelNamespace" flag to the converter flow. istio/istio#58677 Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
As follow of this upstream Istio PR work, add the "ztunnelNamespace" flag to the converter flow. istio/istio#58677 Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
As follow of this upstream Istio PR work, add the "ztunnelNamespace" flag to the converter flow. istio/istio#58677 Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
As follow of this upstream Istio PR work, add the "ztunnelNamespace" flag to the converter flow. istio/istio#58677 Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
As follow of this upstream Istio PR work, add the "ztunnelNamespace" flag to the converter flow. istio/istio#58677 Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
As follow of this upstream Istio PR work, add the "ztunnelNamespace" flag to the converter flow. istio/istio#58677 Signed-off-by: Maxim Babushkin <mbabushk@redhat.com> Co-authored-by: Maxim Babushkin <mbabushk@redhat.com>
…stio#58677) (istio#619) During deployment of Ambient mode, Ztunnel resource could be deployed to a namespace other that "istio-system". When executing TestZtunnelConfig and TestZtunnelRestart integration tests, while Ztunnel resource deployment in a separate NS, the test will fail as will not be able to locate the required resource. Add "ZtunnelNamespace" flag to specify Ztunnel deployment location. Defaults to - "istio-system". Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
…stio#58677) (istio#620) During deployment of Ambient mode, Ztunnel resource could be deployed to a namespace other that "istio-system". When executing TestZtunnelConfig and TestZtunnelRestart integration tests, while Ztunnel resource deployment in a separate NS, the test will fail as will not be able to locate the required resource. Add "ZtunnelNamespace" flag to specify Ztunnel deployment location. Defaults to - "istio-system". Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
Please provide a description of this PR:
Add "ZtunnelNamespace" flag to specify Ztunnel deployment location
During deployment of Ambient mode, Ztunnel resource could be deployed to a namespace other that "istio-system".
When executing TestZtunnelConfig and TestZtunnelRestart integration tests,
while Ztunnel resource deployment in a separate NS, the test will fail as will not be able to locate the required resource.
Add "ZtunnelNamespace" flag to specify Ztunnel deployment location.
Defaults to - "istio-system".