Skip to content

Commit

Permalink
feat: install default allow-all traffic permission when kuma >= 2.6.0 (
Browse files Browse the repository at this point in the history
  • Loading branch information
czeslavo authored Feb 5, 2024
1 parent b970924 commit 7816472
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 2 deletions.
5 changes: 4 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
# Changelog

## Unreleased
## v0.45.0

- `Kuma` addon now properly uses the Helm chart version passed in its builder's
`WithVersion` method.
[#949](https://github.com/Kong/kubernetes-testing-framework/pull/949)
- When `Kuma` addon is used with version greater or equal to `2.6.0` and mTLS enabled,
a default allow-all `TrafficPermission` gets installed to preserve previous behavior.
[#950](https://github.com/Kong/kubernetes-testing-framework/pull/950)

## v0.44.0

Expand Down
31 changes: 30 additions & 1 deletion pkg/clusters/addons/kuma/addon.go
Original file line number Diff line number Diff line change
Expand Up @@ -234,20 +234,49 @@ spec:
name: ca-1
type: builtin
enabledBackend: ca-1`

allowAllTrafficPermission = `apiVersion: kuma.io/v1alpha1
kind: MeshTrafficPermission
metadata:
name: allow-all
namespace: kuma-system
labels:
kuma.io/mesh: default
spec:
targetRef:
kind: Mesh
from:
- targetRef:
kind: Mesh
default:
action: Allow`
)

var (
// From Kuma 2.6.0, the default mesh traffic permission is no longer created by default
// and must be created manually if mTLS is enabled.
// https://github.com/kumahq/kuma/blob/2.6.0/UPGRADE.md#default-trafficroute-and-trafficpermission-resources-are-not-created-when-creating-a-new-mesh
installDefaultMeshTrafficPermissionCutoffVersion = semver.MustParse("2.6.0")
)

// enableMTLS attempts to apply a Mesh resource with a basic retry mechanism to deal with delays in the Kuma webhook
// startup
func (a *Addon) enableMTLS(ctx context.Context, cluster clusters.Cluster) (err error) {
ticker := time.NewTicker(5 * time.Second) //nolint:gomnd
defer ticker.Stop()
timeoutTimer := time.NewTimer(time.Minute)

for {
select {
case <-ctx.Done():
return fmt.Errorf("context completed while retrying to apply Mesh")
case <-ticker.C:
err = clusters.ApplyManifestByYAML(ctx, cluster, mtlsEnabledDefaultMesh)
yamlToApply := mtlsEnabledDefaultMesh
if v, ok := a.Version(); ok && v.GTE(installDefaultMeshTrafficPermissionCutoffVersion) {
a.logger.Infof("Kuma version is %s or later, creating default mesh traffic permission", installDefaultMeshTrafficPermissionCutoffVersion)
yamlToApply = strings.Join([]string{mtlsEnabledDefaultMesh, allowAllTrafficPermission}, "\n---\n")
}
err = clusters.ApplyManifestByYAML(ctx, cluster, yamlToApply)
if err == nil {
return nil
}
Expand Down

0 comments on commit 7816472

Please sign in to comment.