Skip to content
This repository has been archived by the owner on Mar 19, 2024. It is now read-only.

k8s/controller: always map "default" Consul namespace to empty string #483

Merged
merged 10 commits into from
Jan 10, 2023
Merged

k8s/controller: always map "default" Consul namespace to empty string #483

merged 10 commits into from
Jan 10, 2023

Conversation

mikemorris
Copy link
Contributor

@mikemorris mikemorris commented Jan 4, 2023
edited
Loading

Changes proposed in this PR:

Always map the "default" Consul namespace to the empty string in the memory backend store, for compatibility with Consul OSS and the logic to parse the namespace of a Gateway from the SPIFFE URI, used when reading a Gateway from a store backend.

This Consul namespace mapper function is already called when reconciling a Gateway to a backend store, but the corresponding lookup fails with Consul Enterprise when --consul-destination-namespace is set to "default" because of the special case handling in the parseURI helper.

No migration handling should be needed because this is all within the ephemeral memory store for now, but this does need an e2e test for a service in the "default" namespace on Consul Enterprise.

As a temporary workaround, this edge case can be avoided by configuring consulNamespaces.mirroringK8S: true or specfiying "" or any value other than "default" for consulNamespaces.consulDestinationNamespace in the Helm chart.

How I've tested this PR:

How I expect reviewers to test this PR:

Checklist:

  • Tests added
  • CHANGELOG entry added

    Run make changelog-entry for guidance in authoring a changelog entry, and
    commit the resulting file, which should have a name matching your PR number.
    Entries should use imperative present tense (e.g. Add support for...)

@mikemorris mikemorris force-pushed the fix/default-consul-destination-namespace branch from bbf7494 to 0a7bc44 Compare January 5, 2023 22:06
mikemorris
mikemorris commented Jan 6, 2023
View reviewed changes
internal/commands/server/k8s_e2e_test.go
Comment on lines +172 to +174
// Re-enable namespace mirroring
ctx, err = e2e.SetNamespaceMirroring(true)(ctx, nil)
require.NoError(t, err)
Copy link
Contributor Author

@mikemorris mikemorris Jan 6, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was surprised this would be necessary, as I expected SetUpStack to create a new context for each test, but it appears to be reused - I'm not sure if that's intentional/common, or if that should be changed and this cleanup could be removed?

Without this cleanup, the subsequent TestGatewayBasic e2e fails when running against Consul Enterprise, as it checks for the presence of a Consul service registered in an expected namespace.

If keeping this cleanup logic makes more sense, I'm wondering if e2e.SetConsulNamespace(nil) should also be called here to randomize the Consul namespace again.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've run into this issue before when touching the e2e tests as well. I'm not sure what the right solution is because I definitely think spinning up a new kind cluster for each test would make these tests take way longer, but the current set up make it difficult to do any kind of namespace manipulation.

@mikemorris mikemorris requested a review from a team January 6, 2023 17:57
sarahalsmiller
sarahalsmiller approved these changes Jan 6, 2023
View reviewed changes
Copy link
Member

@sarahalsmiller sarahalsmiller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for hopping on this

andrewstucki
andrewstucki approved these changes Jan 10, 2023
View reviewed changes
Copy link
Contributor

@andrewstucki andrewstucki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The patch itself looks fine to me

internal/k8s/controller.go Outdated Show resolved Hide resolved
@mikemorris
Update internal/k8s/controller.go
ee4ac2c 
Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
@mikemorris mikemorris merged commit 874f324 into main Jan 10, 2023
@mikemorris mikemorris deleted the fix/default-consul-destination-namespace branch January 10, 2023 22:36
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@andrewstucki andrewstucki andrewstucki approved these changes

@sarahalsmiller sarahalsmiller sarahalsmiller approved these changes

Assignees
No one assigned
Labels
backport/0.5.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mikemorris @andrewstucki @sarahalsmiller