Send namespace header in MT components by pierDipi · Pull Request #7048 · knative/eventing

pierDipi · 2023-06-28T18:23:18Z

When running MT components [1] in mesh mode with Istio,
we lose the ability to define fine grained policies since we
don't know the resource namespace that originated such
request, therefore, by having a Kn-Namespace header,
in mesh mode, users case define fine-grained policies and
isolate namespaces.

[1] IMC, MTChannelBasedBroker, and PingSource

pierDipi · 2023-06-28T18:23:27Z

/cc @matzew

pierDipi · 2023-06-29T07:39:29Z

/test upgrade-tests

When running MT components in mesh mode with Istio, we lose the ability to define fine grained policies since we don't know the resource namespace that originated such request, therefore, by having a `Kn-Namespace` header, in mesh mode, users case define fine-grained policies and isolate namespaces. Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

codecov · 2023-06-29T09:02:08Z

Codecov Report

Patch coverage: 58.76% and project coverage change: -0.17 ⚠️

Comparison is base (cb2a891) 78.75% compared to head (14e4bea) 78.59%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7048      +/-   ##
==========================================
- Coverage   78.75%   78.59%   -0.17%     
==========================================
  Files         248      249       +1     
  Lines       13148    13228      +80     
==========================================
+ Hits        10355    10396      +41     
- Misses       2273     2304      +31     
- Partials      520      528       +8

Impacted Files	Coverage Δ
pkg/adapter/mtping/runner.go	`80.48% <0.00%> (ø)`
pkg/channel/message_dispatcher.go	`73.17% <0.00%> (-1.83%)`	⬇️
pkg/reconciler/source/duck/duck.go	`74.68% <0.00%> (-2.05%)`	⬇️
pkg/resolver/kresource_resolver.go	`0.00% <ø> (ø)`
pkg/broker/ingress/ingress_handler.go	`70.23% <11.11%> (-7.10%)`	⬇️
pkg/broker/ttl.go	`71.42% <66.66%> (ø)`
pkg/broker/eventtypes.go	`72.22% <72.22%> (ø)`
pkg/adapter/v2/cloudevents.go	`78.06% <100.00%> (+0.11%)`	⬆️
pkg/apis/eventing/v1beta2/eventtype_defaults.go	`100.00% <100.00%> (ø)`
pkg/broker/filter/filter_handler.go	`71.19% <100.00%> (+0.07%)`	⬆️
... and 1 more

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

matzew

/lgtm
/approve

knative-prow · 2023-06-29T13:02:27Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: matzew, pierDipi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [matzew,pierDipi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

When running MT components [1] in mesh mode with Istio, we lose the ability to define fine grained policies since we don't know the resource namespace that originated such request, therefore, by having a `Kn-Namespace` header, in mesh mode, users case define fine-grained policies and isolate namespaces. [1] IMC, MTChannelBasedBroker, and PingSource Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

* Refactor PingSource adapter client creation (knative#6880) This is just a refactoring to make it easier to implement Eventing TLS Part of knative#6879 --------- Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Send namespace header in MT components (knative#7048) When running MT components [1] in mesh mode with Istio, we lose the ability to define fine grained policies since we don't know the resource namespace that originated such request, therefore, by having a `Kn-Namespace` header, in mesh mode, users case define fine-grained policies and isolate namespaces. [1] IMC, MTChannelBasedBroker, and PingSource Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Fix compile error Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> --------- Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

When running MT components [1] in mesh mode with Istio, we lose the ability to define fine grained policies since we don't know the resource namespace that originated such request, therefore, by having a `Kn-Namespace` header, in mesh mode, users case define fine-grained policies and isolate namespaces. [1] IMC, MTChannelBasedBroker, and PingSource Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

* Refactor PingSource adapter client creation (knative#6880) This is just a refactoring to make it easier to implement Eventing TLS Part of knative#6879 --------- Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Send namespace header in MT components (knative#7048) When running MT components [1] in mesh mode with Istio, we lose the ability to define fine grained policies since we don't know the resource namespace that originated such request, therefore, by having a `Kn-Namespace` header, in mesh mode, users case define fine-grained policies and isolate namespaces. [1] IMC, MTChannelBasedBroker, and PingSource Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Fix compile error Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> --------- Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

* Refactor PingSource adapter client creation (knative#6880) This is just a refactoring to make it easier to implement Eventing TLS Part of knative#6879 --------- * Send namespace header in MT components (knative#7048) When running MT components [1] in mesh mode with Istio, we lose the ability to define fine grained policies since we don't know the resource namespace that originated such request, therefore, by having a `Kn-Namespace` header, in mesh mode, users case define fine-grained policies and isolate namespaces. [1] IMC, MTChannelBasedBroker, and PingSource * Fix compile error --------- Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

knative-prow bot added the area/test-and-release Test infrastructure, tests or release label Jun 28, 2023

knative-prow bot requested review from lberk and mgencur June 28, 2023 18:23

knative-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 28, 2023

knative-prow bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 28, 2023

knative-prow bot requested a review from matzew June 28, 2023 18:23

pierDipi force-pushed the add-kn-namespace-header branch 4 times, most recently from 85f157b to 9d4b75d Compare June 29, 2023 07:14

mgencur mentioned this pull request Jun 29, 2023

[WIP] Tests for multitenancy with Service Mesh openshift-knative/serverless-operator#2126

Closed

pierDipi mentioned this pull request Jun 29, 2023

Send namespace header in MT components knative-extensions/eventing-kafka-broker#3184

Merged

pierDipi force-pushed the add-kn-namespace-header branch 4 times, most recently from 8d0051a to d944e93 Compare June 29, 2023 08:00

pierDipi force-pushed the add-kn-namespace-header branch from d944e93 to 14e4bea Compare June 29, 2023 08:52

matzew approved these changes Jun 29, 2023

View reviewed changes

knative-prow bot assigned matzew Jun 29, 2023

knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jun 29, 2023

knative-prow bot merged commit f5b1b12 into knative:main Jun 29, 2023

pierDipi deleted the add-kn-namespace-header branch June 29, 2023 13:14

ReToCode mentioned this pull request Jul 20, 2023

Add tests for multitenancy with Service Mesh openshift-knative/serverless-operator#2171

Closed

This was referenced Jul 27, 2023

add tests for multitenancy with Service Mesh openshift-knative/serverless-operator#2198

Closed

Tests for Multi Tenancy with Service Mesh openshift-knative/serverless-operator#2199

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Send namespace header in MT components#7048

Send namespace header in MT components#7048
knative-prow[bot] merged 1 commit intoknative:mainfrom
pierDipi:add-kn-namespace-header

pierDipi commented Jun 28, 2023

Uh oh!

pierDipi commented Jun 28, 2023

Uh oh!

pierDipi commented Jun 29, 2023

Uh oh!

codecov bot commented Jun 29, 2023 •

edited

Loading

Uh oh!

matzew left a comment

Uh oh!

knative-prow bot commented Jun 29, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

pierDipi commented Jun 28, 2023

Uh oh!

pierDipi commented Jun 28, 2023

Uh oh!

pierDipi commented Jun 29, 2023

Uh oh!

codecov bot commented Jun 29, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

matzew left a comment

Choose a reason for hiding this comment

Uh oh!

knative-prow bot commented Jun 29, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

codecov bot commented Jun 29, 2023 •

edited

Loading