-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for HTTP filters in outbound policy #11083
Conversation
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me! Modulo the Clippy lint in policy-test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
overall this looks great! i commented on a bunch of very insignificant things, but no hard blockers!
policy-test/tests/outbound_api.rs
Outdated
k8s::policy::httproute::HttpRouteFilter::RequestHeaderModifier { | ||
request_header_modifier: k8s_gateway_api::HttpRequestHeaderFilter { | ||
set: Some(vec![k8s_gateway_api::HttpHeader { | ||
name: "set".to_string(), | ||
value: "set-value".to_string(), | ||
}]), | ||
add: Some(vec![k8s_gateway_api::HttpHeader { | ||
name: "add".to_string(), | ||
value: "add-value".to_string(), | ||
}]), | ||
remove: Some(vec!["remove".to_string()]), | ||
}, | ||
}, | ||
k8s::policy::httproute::HttpRouteFilter::RequestRedirect { | ||
request_redirect: k8s_gateway_api::HttpRequestRedirectFilter { | ||
scheme: Some("http".to_string()), | ||
hostname: Some("host".to_string()), | ||
path: Some(k8s_gateway_api::HttpPathModifier::ReplacePrefixMatch { | ||
replace_prefix_match: "/path".to_string(), | ||
}), | ||
port: Some(5555), | ||
status_code: Some(302), | ||
}, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit, take it or leave it: we could maybe have a function that returns these filters, since they're used in both tests?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it occurs to me that there's probably some amount of code that can be shared between these tests and the outbound_api.rs
tests, although that's probably worth exploring in a follow-up, rather than in this branch...i'd like to be able to update the tests in one place and ensure both the Gateway and Linkerd versions are being tested, but i also don't want to unnecessarily torture the code in the name of DRY...
Signed-off-by: Alex Leong <[email protected]>
We add support for the RequestHeaderModifier and RequestRedirect HTTP filters. The policy controller reads these filters in any HttpRoute resource that it indexes (both policy.linkerd.io and gateway.networking.k8s.io) and returns them in the outbound policy API. These filters may be added at the route rule level and at the backend level.
We add outbound api tests for this behavior for both types of HttpRoute.
Incidentally we also fix a flaky test in the outbound api tests where a watch was being recreated partway through a test, leading to a race condition.