diff --git a/charts/linkerd-control-plane/README.md b/charts/linkerd-control-plane/README.md index 300c31eab555b..d951f43d05d98 100644 --- a/charts/linkerd-control-plane/README.md +++ b/charts/linkerd-control-plane/README.md @@ -166,6 +166,7 @@ Kubernetes: `>=1.22.0-0` | destinationController.readinessProbe.timeoutSeconds | int | `1` | | | disableHeartBeat | bool | `false` | Set to true to not start the heartbeat cronjob | | disableIPv6 | bool | `true` | disables routing IPv6 traffic in addition to IPv4 traffic through the proxy (IPv6 routing only available as of proxy-init v2.3.0 and linkerd-cni v1.4.0) | +| egress.globalEgressNetworkNamespace | string | `"linkerd-egress"` | The namespace that is used to store egress configuration that affects all client workloads in the cluster | | enableEndpointSlices | bool | `true` | enables the use of EndpointSlice informers for the destination service; enableEndpointSlices should be set to true only if EndpointSlice K8s feature gate is on | | enableH2Upgrade | bool | `true` | Allow proxies to perform transparent HTTP/2 upgrading | | enablePSP | bool | `false` | Add a PSP resource and bind it to the control plane ServiceAccounts. Note PSP has been deprecated since k8s v1.21 | diff --git a/charts/linkerd-control-plane/templates/destination.yaml b/charts/linkerd-control-plane/templates/destination.yaml index f6eb4d4446774..41395c21a895a 100644 --- a/charts/linkerd-control-plane/templates/destination.yaml +++ b/charts/linkerd-control-plane/templates/destination.yaml @@ -348,6 +348,7 @@ spec: - --log-level={{.Values.policyController.logLevel | default "linkerd=info,warn"}} - --log-format={{.Values.controllerLogFormat}} - --default-opaque-ports={{.Values.proxy.opaquePorts}} + - --global-egress-network-namespace={{.Values.egress.globalEgressNetworkNamespace}} {{- if .Values.policyController.probeNetworks }} - --probe-networks={{.Values.policyController.probeNetworks | join ","}} {{- end}} diff --git a/charts/linkerd-control-plane/values.yaml b/charts/linkerd-control-plane/values.yaml index c51a4eb5a1dde..543be4bdfe2a4 100644 --- a/charts/linkerd-control-plane/values.yaml +++ b/charts/linkerd-control-plane/values.yaml @@ -662,3 +662,10 @@ podMonitor: proxy: # -- Enables the creation of PodMonitor for the data-plane enabled: true + + +# Egress related configuration +egress: + # -- The namespace that is used to store egress configuration that affects all client workloads in the cluster + globalEgressNetworkNamespace: linkerd-egress + \ No newline at end of file diff --git a/charts/linkerd-crds/README.md b/charts/linkerd-crds/README.md index e1c8656134483..90eff2c4fef77 100644 --- a/charts/linkerd-crds/README.md +++ b/charts/linkerd-crds/README.md @@ -66,6 +66,8 @@ Kubernetes: `>=1.22.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| | enableHttpRoutes | bool | `true` | | +| enableTcpRoutes | bool | `true` | | +| enableTlsRoutes | bool | `true` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) diff --git a/cli/cmd/install_test.go b/cli/cmd/install_test.go index 2f1e1bd023270..717acd340d764 100644 --- a/cli/cmd/install_test.go +++ b/cli/cmd/install_test.go @@ -161,6 +161,7 @@ func TestRender(t *testing.T) { ProxyInjector: defaultValues.ProxyInjector, ProfileValidator: defaultValues.ProfileValidator, PolicyValidator: defaultValues.PolicyValidator, + Egress: defaultValues.Egress, } haValues, err := testInstallOptionsHA(true) diff --git a/cli/cmd/testdata/install_controlplane_tracing_output.golden b/cli/cmd/testdata/install_controlplane_tracing_output.golden index f298d177271b0..a596706a2d44e 100644 --- a/cli/cmd/testdata/install_controlplane_tracing_output.golden +++ b/cli/cmd/testdata/install_controlplane_tracing_output.golden @@ -543,6 +543,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1620,6 +1622,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_custom_domain.golden b/cli/cmd/testdata/install_custom_domain.golden index 3569ddddb4538..9346fd49a8262 100644 --- a/cli/cmd/testdata/install_custom_domain.golden +++ b/cli/cmd/testdata/install_custom_domain.golden @@ -543,6 +543,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1618,6 +1620,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_custom_registry.golden b/cli/cmd/testdata/install_custom_registry.golden index e3533592a85c8..1b954e22befdb 100644 --- a/cli/cmd/testdata/install_custom_registry.golden +++ b/cli/cmd/testdata/install_custom_registry.golden @@ -543,6 +543,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1618,6 +1620,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: my.custom.registry/linkerd-io/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_default.golden b/cli/cmd/testdata/install_default.golden index 3569ddddb4538..9346fd49a8262 100644 --- a/cli/cmd/testdata/install_default.golden +++ b/cli/cmd/testdata/install_default.golden @@ -543,6 +543,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1618,6 +1620,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_default_override_dst_get_nets.golden b/cli/cmd/testdata/install_default_override_dst_get_nets.golden index 0f9a680d3d210..1e1abffcf0517 100644 --- a/cli/cmd/testdata/install_default_override_dst_get_nets.golden +++ b/cli/cmd/testdata/install_default_override_dst_get_nets.golden @@ -543,6 +543,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1618,6 +1620,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_default_token.golden b/cli/cmd/testdata/install_default_token.golden index 5f6e5eefd7c15..7ba108b062be4 100644 --- a/cli/cmd/testdata/install_default_token.golden +++ b/cli/cmd/testdata/install_default_token.golden @@ -543,6 +543,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1607,6 +1609,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_gid_output.golden b/cli/cmd/testdata/install_gid_output.golden index 4eea9b4246dca..33a7c9d065dd7 100755 --- a/cli/cmd/testdata/install_gid_output.golden +++ b/cli/cmd/testdata/install_gid_output.golden @@ -543,6 +543,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1625,6 +1627,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_ha_output.golden b/cli/cmd/testdata/install_ha_output.golden index 68983ffec4dce..1e7f0c5d807bc 100644 --- a/cli/cmd/testdata/install_ha_output.golden +++ b/cli/cmd/testdata/install_ha_output.golden @@ -552,6 +552,8 @@ data: request: 50Mi disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: true @@ -1751,6 +1753,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_ha_with_overrides_output.golden b/cli/cmd/testdata/install_ha_with_overrides_output.golden index 31744bf6ec0b6..d3b2aabc72ff8 100644 --- a/cli/cmd/testdata/install_ha_with_overrides_output.golden +++ b/cli/cmd/testdata/install_ha_with_overrides_output.golden @@ -552,6 +552,8 @@ data: request: 50Mi disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: true @@ -1751,6 +1753,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_heartbeat_disabled_output.golden b/cli/cmd/testdata/install_heartbeat_disabled_output.golden index af250a3cbe4f0..f62a3f1318109 100644 --- a/cli/cmd/testdata/install_heartbeat_disabled_output.golden +++ b/cli/cmd/testdata/install_heartbeat_disabled_output.golden @@ -474,6 +474,8 @@ data: destinationResources: null disableHeartBeat: true disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1549,6 +1551,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_helm_control_plane_output.golden b/cli/cmd/testdata/install_helm_control_plane_output.golden index 3e9ac80f1a631..88fe31eedfa63 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output.golden @@ -544,6 +544,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1593,6 +1595,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:linkerd-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden index 7292e33f3b9f5..c835b350938d2 100644 --- a/cli/cmd/testdata/install_helm_control_plane_output_ha.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output_ha.golden @@ -553,6 +553,8 @@ data: request: 50Mi disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: true @@ -1726,6 +1728,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:linkerd-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_helm_control_plane_output_ha_with_gid.golden b/cli/cmd/testdata/install_helm_control_plane_output_ha_with_gid.golden index 1ae526fcdf7a2..bdd907607b0e1 100755 --- a/cli/cmd/testdata/install_helm_control_plane_output_ha_with_gid.golden +++ b/cli/cmd/testdata/install_helm_control_plane_output_ha_with_gid.golden @@ -553,6 +553,8 @@ data: request: 50Mi disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: true @@ -1733,6 +1735,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:linkerd-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_helm_output_ha_labels.golden b/cli/cmd/testdata/install_helm_output_ha_labels.golden index 0fb77334134d3..1e052097a5581 100644 --- a/cli/cmd/testdata/install_helm_output_ha_labels.golden +++ b/cli/cmd/testdata/install_helm_output_ha_labels.golden @@ -553,6 +553,8 @@ data: request: 50Mi disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: true @@ -1738,6 +1740,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:linkerd-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden index f8dd7d5357353..523baca20516c 100644 --- a/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden +++ b/cli/cmd/testdata/install_helm_output_ha_namespace_selector.golden @@ -548,6 +548,8 @@ data: request: 50Mi disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: true @@ -1716,6 +1718,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:linkerd-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_no_init_container.golden b/cli/cmd/testdata/install_no_init_container.golden index 8757c76e3c512..94f6d555bc5be 100644 --- a/cli/cmd/testdata/install_no_init_container.golden +++ b/cli/cmd/testdata/install_no_init_container.golden @@ -543,6 +543,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1611,6 +1613,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_output.golden b/cli/cmd/testdata/install_output.golden index 932add8be0c12..7e4a83127414f 100644 --- a/cli/cmd/testdata/install_output.golden +++ b/cli/cmd/testdata/install_output.golden @@ -523,6 +523,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: false + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: false enableH2Upgrade: true enablePodAntiAffinity: false @@ -1549,6 +1551,7 @@ spec: - --log-level=log-level - --log-format=ControllerLogFormat - --default-opaque-ports=25,443,587,3306,5432,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=1.0.0.0/0,2.0.0.0/0 image: PolicyControllerImageName:PolicyControllerVersion imagePullPolicy: ImagePullPolicy diff --git a/cli/cmd/testdata/install_proxy_ignores.golden b/cli/cmd/testdata/install_proxy_ignores.golden index a83653692e7db..f0a655f939d45 100644 --- a/cli/cmd/testdata/install_proxy_ignores.golden +++ b/cli/cmd/testdata/install_proxy_ignores.golden @@ -543,6 +543,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1618,6 +1620,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/cli/cmd/testdata/install_values_file.golden b/cli/cmd/testdata/install_values_file.golden index 6b2b1e34a9806..97add172db781 100644 --- a/cli/cmd/testdata/install_values_file.golden +++ b/cli/cmd/testdata/install_values_file.golden @@ -543,6 +543,8 @@ data: destinationResources: null disableHeartBeat: false disableIPv6: true + egress: + globalEgressNetworkNamespace: linkerd-egress enableEndpointSlices: true enableH2Upgrade: true enablePodAntiAffinity: false @@ -1618,6 +1620,7 @@ spec: - --log-level=info - --log-format=plain - --default-opaque-ports=25,587,3306,4444,5432,6379,9300,11211 + - --global-egress-network-namespace=linkerd-egress - --probe-networks=0.0.0.0/0,::/0 image: cr.l5d.io/linkerd/policy-controller:install-control-plane-version imagePullPolicy: IfNotPresent diff --git a/pkg/charts/linkerd2/values.go b/pkg/charts/linkerd2/values.go index d34bb37304754..8f3533a3c3e42 100644 --- a/pkg/charts/linkerd2/values.go +++ b/pkg/charts/linkerd2/values.go @@ -89,6 +89,12 @@ type ( DestinationProxyResources *Resources `json:"destinationProxyResources"` IdentityProxyResources *Resources `json:"identityProxyResources"` ProxyInjectorProxyResources *Resources `json:"proxyInjectorProxyResources"` + Egress *Egress `json:"egress"` + } + + // Resources represents the computational resources setup for a given container + Egress struct { + GlobalEgressNetworkNamespace string `json:"globalEgressNetworkNamespace"` } // Controller contains the fields to set the controller container diff --git a/pkg/charts/linkerd2/values_test.go b/pkg/charts/linkerd2/values_test.go index 4ac0e8506f02b..c63f04c8026d4 100644 --- a/pkg/charts/linkerd2/values_test.go +++ b/pkg/charts/linkerd2/values_test.go @@ -249,6 +249,7 @@ func TestNewValues(t *testing.T) { ProxyInjector: &ProxyInjector{Webhook: Webhook{TLS: &TLS{}, NamespaceSelector: namespaceSelectorInjector}}, ProfileValidator: &Webhook{TLS: &TLS{}, NamespaceSelector: namespaceSelectorSimple}, PolicyValidator: &Webhook{TLS: &TLS{}, NamespaceSelector: namespaceSelectorSimple}, + Egress: &Egress{GlobalEgressNetworkNamespace: "linkerd-egress"}, } // pin the versions to ensure consistent test result. diff --git a/policy-controller/k8s/index/src/cluster_info.rs b/policy-controller/k8s/index/src/cluster_info.rs index 00213ad2aa672..f360f8a7626fc 100644 --- a/policy-controller/k8s/index/src/cluster_info.rs +++ b/policy-controller/k8s/index/src/cluster_info.rs @@ -35,7 +35,7 @@ pub struct ClusterInfo { /// The namespace that is designated for egress configuration /// affecting all workloads across the cluster - pub global_external_network_namespace: Arc, + pub global_egress_network_namespace: Arc, } impl ClusterInfo { diff --git a/policy-controller/k8s/index/src/inbound/tests.rs b/policy-controller/k8s/index/src/inbound/tests.rs index cb668ed82ca3e..2b0e09910a86e 100644 --- a/policy-controller/k8s/index/src/inbound/tests.rs +++ b/policy-controller/k8s/index/src/inbound/tests.rs @@ -225,7 +225,7 @@ impl TestConfig { default_detect_timeout: detect_timeout, default_opaque_ports: Default::default(), probe_networks, - global_external_network_namespace: Arc::new("linkerd-external".to_string()), + global_egress_network_namespace: Arc::new("linkerd-egress".to_string()), }; let index = Index::shared(cluster.clone()); Self { diff --git a/policy-controller/k8s/index/src/outbound/index.rs b/policy-controller/k8s/index/src/outbound/index.rs index 60546d7605853..9486fbf873381 100644 --- a/policy-controller/k8s/index/src/outbound/index.rs +++ b/policy-controller/k8s/index/src/outbound/index.rs @@ -33,7 +33,7 @@ pub struct Index { resource_info: HashMap, cluster_networks: Vec, - global_external_network_namespace: Arc, + global_egress_network_namespace: Arc, // holds a no-op sender to which all clients that have been returned // a Fallback policy are subsribed. It is used to force these clients @@ -405,8 +405,7 @@ impl kubert::index::IndexNamespacedResource for impl Index { pub fn shared(cluster_info: Arc) -> SharedIndex { let cluster_networks = cluster_info.networks.clone(); - let global_external_network_namespace = - cluster_info.global_external_network_namespace.clone(); + let global_egress_network_namespace = cluster_info.global_egress_network_namespace.clone(); let (fallback_polcy_tx, _) = watch::channel(()); Arc::new(RwLock::new(Self { @@ -419,7 +418,7 @@ impl Index { resource_info: HashMap::default(), cluster_networks: cluster_networks.into_iter().map(Cidr::from).collect(), fallback_polcy_tx, - global_external_network_namespace, + global_egress_network_namespace, })) } @@ -495,7 +494,7 @@ impl Index { egress_network::resolve_egress_network( addr, source_namespace, - &self.global_external_network_namespace, + &self.global_egress_network_namespace, self.egress_networks_by_ref.values(), ) .map(|r| (r.namespace, r.name)) diff --git a/policy-controller/k8s/index/src/outbound/index/egress_network.rs b/policy-controller/k8s/index/src/outbound/index/egress_network.rs index 3d2424b8afd0f..3f361e76f32e4 100644 --- a/policy-controller/k8s/index/src/outbound/index/egress_network.rs +++ b/policy-controller/k8s/index/src/outbound/index/egress_network.rs @@ -67,12 +67,12 @@ impl EgressNetwork { pub(crate) fn resolve_egress_network<'n>( addr: IpAddr, source_namespace: String, - global_external_network_namespace: &str, + global_egress_network_namespace: &str, nets: impl Iterator, ) -> Option { let (same_ns, rest): (Vec<_>, Vec<_>) = nets .filter(|en| { - en.namespace == source_namespace || en.namespace == *global_external_network_namespace + en.namespace == source_namespace || en.namespace == *global_egress_network_namespace }) .partition(|un| un.namespace == source_namespace); let to_pick_from = if !same_ns.is_empty() { same_ns } else { rest }; diff --git a/policy-controller/k8s/index/src/outbound/tests.rs b/policy-controller/k8s/index/src/outbound/tests.rs index 4c91dbe0aeddf..83ef6937ddae5 100644 --- a/policy-controller/k8s/index/src/outbound/tests.rs +++ b/policy-controller/k8s/index/src/outbound/tests.rs @@ -84,7 +84,7 @@ impl TestConfig { default_detect_timeout: detect_timeout, default_opaque_ports: Default::default(), probe_networks, - global_external_network_namespace: Arc::new("linkerd-external".to_string()), + global_egress_network_namespace: Arc::new("linkerd-egress".to_string()), }; let index = Index::shared(Arc::new(cluster)); Self { index } diff --git a/policy-controller/src/main.rs b/policy-controller/src/main.rs index 13e371ea2ba28..a6facb3679f87 100644 --- a/policy-controller/src/main.rs +++ b/policy-controller/src/main.rs @@ -101,8 +101,8 @@ struct Args { #[clap(long)] allow_l5d_request_headers: bool, - #[clap(long, default_value = "linkerd-external")] - global_external_network_namespace: String, + #[clap(long, default_value = "linkerd-egress")] + global_egress_network_namespace: String, } #[tokio::main] @@ -125,7 +125,7 @@ async fn main() -> Result<()> { default_opaque_ports, patch_timeout_ms, allow_l5d_request_headers, - global_external_network_namespace, + global_egress_network_namespace, } = Args::parse(); let server = if admission_controller_disabled { @@ -135,7 +135,7 @@ async fn main() -> Result<()> { }; let probe_networks = probe_networks.map(|IpNets(nets)| nets).unwrap_or_default(); - let global_external_network_namespace = Arc::new(global_external_network_namespace); + let global_egress_network_namespace = Arc::new(global_egress_network_namespace); let default_opaque_ports = parse_portset(&default_opaque_ports)?; let cluster_info = Arc::new(ClusterInfo { networks: cluster_networks.clone(), @@ -146,7 +146,7 @@ async fn main() -> Result<()> { default_detect_timeout: DETECT_TIMEOUT, default_opaque_ports, probe_networks, - global_external_network_namespace, + global_egress_network_namespace, }); // Build the API index data structures which will maintain information