pilot: set istio.alpn_override: false in subset clusters
#46496
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>
Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>
Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>
Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>
jewertow
commented
Aug 11, 2023
| @@ -395,9 +395,13 @@ func AddSubsetToMetadata(md *core.Metadata, subset string) { | |||
| } | |||
| } | |||
|
|
|||
| // AddALPNOverrideToMetadata adds whether the the ALPN prefix should be added to the header | |||
| // to the given core.Metadata struct, if metadata is not initialized, build a new metadata. | |||
| func AddALPNOverrideToMetadata(metadata *core.Metadata, alpnOverride bool) *core.Metadata { | |||
There was a problem hiding this comment.
JFYI: alpn_override is always set to "false", and this is very unlikely that we will need to set "true", so I decided to refactor this function to simplify cluster builder.
jewertow
commented
Aug 11, 2023
| @@ -218,6 +218,7 @@ func (cb *ClusterBuilder) buildSubsetCluster(opts buildClusterOpts, | |||
| // basis in buildCluster, so we can just insert without a copy. | |||
| subsetCluster.cluster.Metadata = util.AddConfigInfoMetadata(subsetCluster.cluster.Metadata, destRule.Meta) | |||
| util.AddSubsetToMetadata(subsetCluster.cluster.Metadata, subset.Name) | |||
| subsetCluster.cluster.Metadata = util.AddALPNOverrideToMetadata(subsetCluster.cluster.Metadata, opts.policy.GetTls().GetMode()) | |||
There was a problem hiding this comment.
As you can see, util.AddSubsetToMetadata does not return metadata, it does not initialize metadata if it's nil. Do you think that we should follow that semantics?
howardjohn
approved these changes
Aug 11, 2023
Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>
Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>
Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
In response to a cherrypick label: #46496 failed to apply on top of branch "release-1.19": |
|
In response to a cherrypick label: new issue created for failed cherrypick: #46504 |
jewertow
added a commit
to jewertow/upstream-istio
that referenced
this pull request
Aug 14, 2023
* Add tests for destination rules with port level settings Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Add test cases for subsets Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Refactor AddALPNOverrideToMetadata Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Update comment for AddALPNOverrideToMetadata Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Fix lint error Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Add release note Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Fix release note Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> --------- Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>
istio-testing
pushed a commit
that referenced
this pull request
Aug 15, 2023
…46529) * Add tests for destination rules with port level settings * Add test cases for subsets * Refactor AddALPNOverrideToMetadata * Update comment for AddALPNOverrideToMetadata * Fix lint error * Add release note * Fix release note --------- Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>
luksa
pushed a commit
to luksa/istio
that referenced
this pull request
Apr 11, 2024
…e"` for SIMPLE and MUTUAL TLS (istio#833) * Set alpnOverride depending on TLS Mode (istio#44918) * Set alpnOverride Signed-off-by: Kalya Subramanian <kasubra@microsoft.com> * remove test logs Signed-off-by: Kalya Subramanian <kasubra@microsoft.com> --------- Signed-off-by: Kalya Subramanian <kasubra@microsoft.com> * pilot: set `istio.alpn_override: false` in subset clusters (istio#46496) (istio#46529) * Add tests for destination rules with port level settings * Add test cases for subsets * Refactor AddALPNOverrideToMetadata * Update comment for AddALPNOverrideToMetadata * Fix lint error * Add release note * Fix release note --------- Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> --------- Signed-off-by: Kalya Subramanian <kasubra@microsoft.com> Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> Co-authored-by: Kalya Subramanian <42158129+ksubrmnn@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please provide a description of this PR:
This is a follow-up to #44918.
That PR didn't cover a case where TLS policy is configured for a subset, like this: