Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Send namespace header in MT components #7048

Merged
merged 1 commit into from
Jun 29, 2023
Merged

Send namespace header in MT components #7048

merged 1 commit into from
Jun 29, 2023

Conversation

pierDipi
Copy link
Member

When running MT components [1] in mesh mode with Istio,
we lose the ability to define fine grained policies since we
don't know the resource namespace that originated such
request, therefore, by having a Kn-Namespace header,
in mesh mode, users case define fine-grained policies and
isolate namespaces.

[1] IMC, MTChannelBasedBroker, and PingSource

@knative-prow knative-prow bot added the area/test-and-release Test infrastructure, tests or release label Jun 28, 2023
@knative-prow knative-prow bot requested review from lberk and mgencur June 28, 2023 18:23
@knative-prow knative-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 28, 2023
@pierDipi
Copy link
Member Author

/cc @matzew

@knative-prow knative-prow bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 28, 2023
@knative-prow knative-prow bot requested a review from matzew June 28, 2023 18:23
@pierDipi pierDipi force-pushed the add-kn-namespace-header branch 4 times, most recently from 85f157b to 9d4b75d Compare June 29, 2023 07:14
@mgencur mgencur mentioned this pull request Jun 29, 2023
Closed
@pierDipi pierDipi mentioned this pull request Jun 29, 2023
Merged
@pierDipi
Copy link
Member Author

/test upgrade-tests

@pierDipi pierDipi force-pushed the add-kn-namespace-header branch 4 times, most recently from 8d0051a to d944e93 Compare June 29, 2023 08:00
@pierDipi
Send namespace header in MT components
14e4bea 
When running MT components in mesh mode with Istio, we lose
the ability to define fine grained policies since we don't
know the resource namespace that originated such request,
therefore, by having a `Kn-Namespace` header, in mesh mode,
users case define fine-grained policies and isolate namespaces.

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
@codecov
Copy link

codecov bot commented Jun 29, 2023
edited
Loading

Codecov Report

Patch coverage: 58.76% and project coverage change: -0.17 ⚠️

Comparison is base (cb2a891) 78.75% compared to head (14e4bea) 78.59%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7048      +/-   ##
==========================================
- Coverage   78.75%   78.59%   -0.17%     
==========================================
  Files         248      249       +1     
  Lines       13148    13228      +80     
==========================================
+ Hits        10355    10396      +41     
- Misses       2273     2304      +31     
- Partials      520      528       +8
Impacted Files Coverage Δ
pkg/adapter/mtping/runner.go 80.48% <0.00%> (ø)
pkg/channel/message_dispatcher.go 73.17% <0.00%> (-1.83%) ⬇️
pkg/reconciler/source/duck/duck.go 74.68% <0.00%> (-2.05%) ⬇️
pkg/resolver/kresource_resolver.go 0.00% <ø> (ø)
pkg/broker/ingress/ingress_handler.go 70.23% <11.11%> (-7.10%) ⬇️
pkg/broker/ttl.go 71.42% <66.66%> (ø)
pkg/broker/eventtypes.go 72.22% <72.22%> (ø)
pkg/adapter/v2/cloudevents.go 78.06% <100.00%> (+0.11%) ⬆️
pkg/apis/eventing/v1beta2/eventtype_defaults.go 100.00% <100.00%> (ø)
pkg/broker/filter/filter_handler.go 71.19% <100.00%> (+0.07%) ⬆️
... and 1 more

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

matzew
matzew approved these changes Jun 29, 2023
View reviewed changes
Copy link
Member

@matzew matzew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@knative-prow
Copy link

knative-prow bot commented Jun 29, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: matzew, pierDipi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jun 29, 2023
@knative-prow knative-prow bot merged commit f5b1b12 into knative:main Jun 29, 2023
@pierDipi pierDipi deleted the add-kn-namespace-header branch June 29, 2023 13:14
pierDipi added a commit to pierDipi/eventing that referenced this pull request Jul 6, 2023
@pierDipi
Send namespace header in MT components (knative#7048)
a4d2682 
When running MT components [1] in mesh mode with Istio,
we lose the ability to define fine grained policies since we
don't know the resource namespace that originated such
request, therefore, by having a `Kn-Namespace` header,
in mesh mode, users case define fine-grained policies and
isolate namespaces.

[1] IMC, MTChannelBasedBroker, and PingSource

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
openshift-merge-robot pushed a commit to openshift-knative/eventing that referenced this pull request Jul 6, 2023
@pierDipi
[release-v1.9] Send namespace header in MT components (#265)
bc30bfe 
* Refactor PingSource adapter client creation (knative#6880)

This is just a refactoring to make it easier to implement Eventing TLS

Part of knative#6879

---------

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

* Send namespace header in MT components (knative#7048)

When running MT components [1] in mesh mode with Istio,
we lose the ability to define fine grained policies since we
don't know the resource namespace that originated such
request, therefore, by having a `Kn-Namespace` header,
in mesh mode, users case define fine-grained policies and
isolate namespaces.

[1] IMC, MTChannelBasedBroker, and PingSource

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

* Fix compile error

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

---------

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
vishal-chdhry pushed a commit to vishal-chdhry/eventing that referenced this pull request Jul 6, 2023
@pierDipi @vishal-chdhry
Send namespace header in MT components (knative#7048)
127b38d 
When running MT components [1] in mesh mode with Istio, 
we lose the ability to define fine grained policies since we
don't know the resource namespace that originated such
request, therefore, by having a `Kn-Namespace` header, 
in mesh mode, users case define fine-grained policies and
isolate namespaces.

[1] IMC, MTChannelBasedBroker, and PingSource

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
pierDipi added a commit to pierDipi/eventing that referenced this pull request Jul 20, 2023
@pierDipi
[release-v1.9] Send namespace header in MT components (knative#265)
4603d60 
* Refactor PingSource adapter client creation (knative#6880)

This is just a refactoring to make it easier to implement Eventing TLS

Part of knative#6879

---------

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

* Send namespace header in MT components (knative#7048)

When running MT components [1] in mesh mode with Istio,
we lose the ability to define fine grained policies since we
don't know the resource namespace that originated such
request, therefore, by having a `Kn-Namespace` header,
in mesh mode, users case define fine-grained policies and
isolate namespaces.

[1] IMC, MTChannelBasedBroker, and PingSource

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

* Fix compile error

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

---------

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
pierDipi added a commit to pierDipi/eventing that referenced this pull request Jul 20, 2023
@pierDipi
[release-v1.9] Send namespace header in MT components (knative#265)
f631195 
* Refactor PingSource adapter client creation (knative#6880)

This is just a refactoring to make it easier to implement Eventing TLS

Part of knative#6879

---------

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

* Send namespace header in MT components (knative#7048)

When running MT components [1] in mesh mode with Istio,
we lose the ability to define fine grained policies since we
don't know the resource namespace that originated such
request, therefore, by having a `Kn-Namespace` header,
in mesh mode, users case define fine-grained policies and
isolate namespaces.

[1] IMC, MTChannelBasedBroker, and PingSource

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

* Fix compile error

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

---------

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
@ReToCode ReToCode mentioned this pull request Jul 20, 2023
Closed
openshift-merge-robot pushed a commit to openshift-knative/eventing that referenced this pull request Jul 20, 2023
@pierDipi
[release-v1.9] Send namespace header in MT components (#265) (#278)
1eb2f7a 
* Refactor PingSource adapter client creation (knative#6880)

This is just a refactoring to make it easier to implement Eventing TLS

Part of knative#6879

---------



* Send namespace header in MT components (knative#7048)

When running MT components [1] in mesh mode with Istio,
we lose the ability to define fine grained policies since we
don't know the resource namespace that originated such
request, therefore, by having a `Kn-Namespace` header,
in mesh mode, users case define fine-grained policies and
isolate namespaces.

[1] IMC, MTChannelBasedBroker, and PingSource



* Fix compile error



---------

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
This was referenced Jul 27, 2023
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matzew matzew matzew approved these changes

@lberk lberk Awaiting requested review from lberk

@mgencur mgencur Awaiting requested review from mgencur

Assignees

@matzew matzew

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/test-and-release Test infrastructure, tests or release lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pierDipi @matzew