kuma icon indicating copy to clipboard operation
kuma copied to clipboard

Published 20 hours ago verified publisher icon kumahq

config to disable auto-creating default policies

Open lahabana opened this issue 2 years ago • 8 comments

Description

Maybe a user wants to have empty meshes and empty setups.

lahabana avatar Nov 24 '21 10:11 lahabana

/assign

johnharris85 avatar Dec 18 '21 13:12 johnharris85

So looks like we create the default resources for every mesh created. When I was chatting with @lahabana about this we figured to make it a global flag (like skipDefaultMesh), but now wondering if it makes more sense on a 'per-mesh' basis? Thought potentially an annotation would be good except I guess that's not gonna work in Universal mode. Open to opinions on this :) Make a new field in the mesh config? Make it a global flag like skipDefaultMesh? Also thinking over which resources should be skipped if this is enabled. All the regular default policies make sense, but it looks like the EnsureDefaultX functions also create a signing key for the mesh. Should we skip that too? Seems like more fundamental functionality (than the default policies), but maybe if a user chooses this option we just assume they know what they're doing and they'll create their own?

johnharris85 avatar Dec 20 '21 15:12 johnharris85

Thoughts @lahabana ?

johnharris85 avatar Jan 05 '22 21:01 johnharris85

Multiple questions here:

  1. Should we make it per mesh? IMHO let's keep it simple and make it global (we talked about deprecating the skipDefaultMesh option too to avoid configuration flag blowup.
  2. Is SigningKey a default resource? I think SigningKey should still be created as there's little value for a user to generate their own. I'd move this as a standalone method in mesh_helpers.go and move it up like EnsureCAs()

My time to ask questions:

  1. why do we have a MeshReconciler and a DefaultMeshReconciler in k8s? Sounds like unnecessary complexity and could be folded into 1 like we do for mesh manager?

@jakubdyszkiewicz WDYT?

lahabana avatar Jan 06 '22 13:01 lahabana

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

github-actions[bot] avatar Feb 06 '22 08:02 github-actions[bot]

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

github-actions[bot] avatar Jun 23 '22 08:06 github-actions[bot]

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

github-actions[bot] avatar Jul 28 '22 08:07 github-actions[bot]

If we want to introduce this, let's do this on the Mesh level. Something like

type: Mesh
defaults:
  createTrafficPermission: false
  createTrafficRoute: false
...

This would be also very convenient in E2E tests

jakubdyszkiewicz avatar Aug 09 '22 13:08 jakubdyszkiewicz

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] avatar Nov 08 '22 08:11 github-actions[bot]

Once done, let's not create retry by default in E2E tests.

jakubdyszkiewicz avatar Nov 16 '22 15:11 jakubdyszkiewicz

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] avatar Feb 15 '23 08:02 github-actions[bot]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] avatar May 17 '23 07:05 github-actions[bot]