kmesh icon indicating copy to clipboard operation
kmesh copied to clipboard
verified publisher icon kmesh-net

Skip offload authz policy when link source is waypoint pod

Open LiZhenCheng9527 opened this issue 7 months ago • 3 comments

What type of PR is this? /kind bug

What this PR does / why we need it:

Which issue(s) this PR fixes: Fixes #1394

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

LiZhenCheng9527 avatar May 15 '25 06:05 LiZhenCheng9527

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from lizhencheng9527. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

kmesh-bot avatar May 15 '25 06:05 kmesh-bot

Codecov Report

Attention: Patch coverage is 28.00000% with 36 lines in your changes missing coverage. Please review.

Project coverage is 46.13%. Comparing base (3f0912e) to head (f4bfb02). Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
pkg/controller/workload/workload_processor.go 34.48% 16 Missing and 3 partials :warning:
pkg/controller/workload/bpfcache/waypoint.go 0.00% 10 Missing :warning:
pkg/controller/workload/cache/waypoint_cache.go 36.36% 7 Missing :warning:

:x: Your patch check has failed because the patch coverage (28.00%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.

Files with missing lines Coverage Δ
pkg/controller/workload/cache/waypoint_cache.go 72.90% <36.36%> (-2.61%) :arrow_down:
pkg/controller/workload/bpfcache/waypoint.go 0.00% <0.00%> (ø)
pkg/controller/workload/workload_processor.go 60.49% <34.48%> (-1.25%) :arrow_down:

... and 1 file with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update c255796...f4bfb02. Read the comment docs.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar May 15 '25 07:05 codecov[bot]

What if a user connect the pod that to be denied to waypoint, to walk around the deny policy? Like https://github.com/istio/istio/issues/54696

tacslon avatar Jun 17 '25 08:06 tacslon