gloo icon indicating copy to clipboard operation
gloo copied to clipboard

Published 20 hours ago verified publisher icon solo-io

Add istio and sds values to GatewayParameters

Open npolshakova opened this issue 1 year ago • 3 comments

Description

Currently, the istio integration helm value is still set as an env and passed around. A user sets istioSDS.enabled which then configures the GG_EXPERIMENTAL_ISTIO_MTLS_SDS_ENABLED env on the gloo control plane deployment. The gateway v2 deployer then uses the IstioValues which are filled by the env values on the control plane deployment to inject the istio-proxy and sds sidecars.

Other than istioSDS.enabled none of the other Istio integration or SDS helm values are supported for the Gloo Gateway deployer. This is a current limitation in the k8s Gateway deployer and has caused issues related to running the Istio integration with gloo-ee.

Example GatewayParameters with all config set:

apiVersion: gateway.gloo.solo.io/v1alpha1
kind: GatewayParameters
metadata:
  name: gw-params
spec:
  kube:
    deployment:
      replicas: 1
    podTemplate:
      extraLabels:
        pod-label-key: pod-label-val
      extraAnnotations:
        pod-anno-key: pod-anno-val
    envoyContainer:
      bootstrap:
        logLevel: debug
        componentLogLevels:
          upstream: debug
          connection: trace
    sds:
      sdsContainer:
        sdsBootstrap:
          logLevel: debug
        image:
          image:
            registry: docker.io/sds
            repository: sds
            tag: 1.0.1-dev # this is a placeholder example
      istioIntegration:
        istioDiscoveryAddress: istiod.istio-system.svc.cluster.local:15012
        istioMetaMeshId: mesh
        istioMetaClusterId: cluster
        istioContainer:
          logLevel: debug
          image:
            image:
              registry: docker.io/istio
              repository: proxyv2
              tag: 1.19.2
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 200m
              memory: 256Mi
          securityContext:
            runAsUser: 10101
            runAsNonRoot: true

Example GatewayParameters config that only sets sds with default values:

apiVersion: gateway.gloo.solo.io/v1alpha1
kind: GatewayParameters
metadata:
  name: gw-params
spec:
  kube:
    deployment:
      replicas: 1
    podTemplate:
      extraLabels:
        pod-label-key: pod-label-val
      extraAnnotations:
        pod-anno-key: pod-anno-val
    envoyContainer:
      bootstrap:
        logLevel: debug
        componentLogLevels:
          upstream: debug
          connection: trace
    sds: {}

Example GatewayParameters config that sets Istio integration with default values:

apiVersion: gateway.gloo.solo.io/v1alpha1
kind: GatewayParameters
metadata:
  name: gw-params
spec:
  kube:
    deployment:
      replicas: 1
    podTemplate:
      extraLabels:
        pod-label-key: pod-label-val
      extraAnnotations:
        pod-anno-key: pod-anno-val
    envoyContainer:
      bootstrap:
        logLevel: debug
        componentLogLevels:
          upstream: debug
          connection: trace
    sds:
      istioIntegration: {}

Relies on timeout override for pod matches assertion added in https://github.com/solo-io/gloo/pull/9463

Code changes

  • Adds Istio and SDS values to GatewayParameters
  • Adds deployer changes to use GatewayParameters overrides
  • Adds e2e test to create k8s Gateway with Istio and SDS image overrides

Notes for reviewers

Once https://github.com/solo-io/gloo/pull/9493 goes in, the old IstioSDS field in the deployer and env value that is set when global.istioSDS.enabled=true is set in the helm chart can be removed.

I opened a separate issue to confirming the gloomtls behavior and convert the old gloomtls regression test into the new framework: https://github.com/solo-io/solo-projects/issues/6210

Design discussion: https://docs.google.com/document/d/1oF8KpoIEEcux_R8fBrLkdKF0NaonINVedhdCHMuf2bg/edit?usp=sharing

Checklist:

  • [x] I have performed a self-review of my own code
  • [x] I have commented my code, particularly in hard-to-understand areas
  • [x] I have made corresponding changes to the documentation
  • [x] I have added tests that prove my fix is effective or that my feature works

npolshakova avatar Apr 25 '24 19:04 npolshakova

Visit the preview URL for this PR (updated for commit 92ee07e):

https://gloo-edge--pr9402-npolshak-istio-deplo-j1ubks1h.web.app

(expires Mon, 27 May 2024 16:49:02 GMT)

🔥 via Firebase Hosting GitHub Action 🌎

Sign: 77c2b86e287749579b7ff9cadb81e099042ef677

github-actions[bot] avatar May 15 '24 21:05 github-actions[bot]

Issues linked to changelog: https://github.com/solo-io/solo-projects/issues/6048

solo-changelog-bot[bot] avatar May 15 '24 22:05 solo-changelog-bot[bot]

Converting to a draft so it doesn't merge into [npolshak/add-istio-upstream-tests](https://github.com/solo-io/gloo/tree/npolshak/add-istio-upstream-tests)

npolshakova avatar May 16 '24 16:05 npolshakova