kuma
kuma copied to clipboard
kumahq
Specify Mesh via label on K8S
Summary
Right now all Kuma entities has explicit field called mesh. Here is an example of TrafficPermission
apiVersion: kuma.io/v1alpha1
kind: TrafficPermission
mesh: default # <- here
metadata:
namespace: default
name: permission-1
spec:
sources:
- match:
service: backend
destinations:
- match:
service: redis
version: '5.0'
I'd like to start a discussion to change it so we specify mesh with label
apiVersion: kuma.io/v1alpha1
kind: TrafficPermission
metadata:
namespace: default
name: permission-1
labels:
kuma.io/mesh: default
spec:
sources:
- match:
service: backend
destinations:
- match:
service: redis
version: '5.0'
Motivation
- Kubernetes for now does not support filtering for CRD fields. Right now we do a filtering in memory which causes problems with pagination and is a performance hit
- If you want to list resources by mesh, you cannot do it on K8S right now. With label, you would be able to do it
- It will be consistent across all the resources, even the ones that are not owned by Kuma. For example, we do it right now for K8S Secrets and if you want to change the mesh on your Pod.
- Slightly shorter syntax if we go with implicit
defaultmesh when the label is not specified. On the other hand, slightly longer syntax if you want to explicitly specify the mesh. - Possibility to run
kubectl delete trafficpermissions -l kuma.io/mesh=demo
Open questions
- Can mesh label be really implicit? If we want to list all resources that belong to a default mesh can we specify label selector like:
label does not exist OR it has value default
This is a pretty big breaking change to our model therefore please keep the discussion and do not implement it until we reach an agreement.
Adding reference links here:
Listing resources, filtered by labels https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/client/options.go#L326
The issue with field selectors for CRDs in K8s https://github.com/kubernetes/kubernetes/issues/53459
Here's a proposal:
- validate in webhook that one of label or field is set.
- if both are set they must be equal
- the only one is set set the other. (Do we have a Mutating Webhook to do so?)
- in v2 get rid of mesh fields altogether (open a different issue for this).
This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.
This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.
This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.
I'd argue for closing this it's going to be happening as part of the new policy rewrites
