diff --git a/go.mod b/go.mod index 2b551d0329..03803c6c91 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,6 @@ require ( github.com/go-logfmt/logfmt v0.6.0 github.com/go-logr/logr v1.4.2 github.com/go-logr/zapr v1.3.0 - github.com/go-openapi/jsonpointer v0.21.1 github.com/go-openapi/spec v0.21.0 github.com/go-openapi/strfmt v0.23.0 github.com/go-openapi/validate v0.24.0 @@ -62,6 +61,7 @@ require ( go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 golang.org/x/net v0.39.0 + gomodules.xyz/jsonpatch/v2 v2.4.0 google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a google.golang.org/grpc v1.72.0 google.golang.org/grpc/security/advancedtls v1.0.0 @@ -221,6 +221,7 @@ require ( github.com/go-ole/go-ole v1.3.0 // indirect github.com/go-openapi/analysis v0.23.0 // indirect github.com/go-openapi/errors v0.22.0 // indirect + github.com/go-openapi/jsonpointer v0.21.1 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/loads v0.22.0 // indirect github.com/go-openapi/swag v0.23.1 // indirect @@ -489,7 +490,6 @@ require ( golang.org/x/time v0.10.0 // indirect golang.org/x/tools v0.31.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect - gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2 // indirect google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 // indirect gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect diff --git a/internal/cmd/certgen.go b/internal/cmd/certgen.go index 99950f5cf0..79b11f7dea 100644 --- a/internal/cmd/certgen.go +++ b/internal/cmd/certgen.go @@ -15,6 +15,8 @@ import ( "github.com/spf13/cobra" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" clicfg "sigs.k8s.io/controller-runtime/pkg/client/config" @@ -80,7 +82,7 @@ func certGen(ctx context.Context, logOut io.Writer, local bool) error { if err = outputCertsForKubernetes(ctx, cli, cfg, overwriteControlPlaneCerts, certs); err != nil { return fmt.Errorf("failed to output certificates: %w", err) } - if err = patchTopologyInjectorWebhook(ctx, cli, cfg, certs.CACertificate); err != nil { + if err = patchTopologyInjectorWebhook(ctx, cli, cfg); err != nil { return fmt.Errorf("failed to patch webhook: %w", err) } } else { @@ -116,7 +118,7 @@ func outputCertsForKubernetes(ctx context.Context, cli client.Client, cfg *confi return nil } -func patchTopologyInjectorWebhook(ctx context.Context, cli client.Client, cfg *config.Server, caBundle []byte) error { +func patchTopologyInjectorWebhook(ctx context.Context, cli client.Client, cfg *config.Server) error { if disableTopologyInjector { return nil } @@ -127,10 +129,17 @@ func patchTopologyInjectorWebhook(ctx context.Context, cli client.Client, cfg *c return fmt.Errorf("failed to get mutating webhook configuration: %w", err) } + secretName := types.NamespacedName{Name: "envoy-gateway", Namespace: cfg.ControllerNamespace} + current := &corev1.Secret{} + if err := cli.Get(ctx, secretName, current); err != nil { + return fmt.Errorf("failed to get secret %s/%s: %w", current.Namespace, current.Name, err) + } + var updated bool + desiredBundle := current.Data["ca.crt"] for i, webhook := range webhookCfg.Webhooks { - if !bytes.Equal(caBundle, webhook.ClientConfig.CABundle) { - webhookCfg.Webhooks[i].ClientConfig.CABundle = caBundle + if !bytes.Equal(desiredBundle, webhook.ClientConfig.CABundle) { + webhookCfg.Webhooks[i].ClientConfig.CABundle = desiredBundle updated = true } } diff --git a/internal/cmd/certgen_test.go b/internal/cmd/certgen_test.go index 27e7791310..b360a19bbe 100644 --- a/internal/cmd/certgen_test.go +++ b/internal/cmd/certgen_test.go @@ -15,6 +15,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" @@ -57,7 +58,7 @@ func TestPatchTopologyWebhook(t *testing.T) { cases := []struct { caseName string webhook *admissionregistrationv1.MutatingWebhookConfiguration - caBundle []byte + secret *corev1.Secret wantErr error wantPatch bool }{ @@ -69,7 +70,10 @@ func TestPatchTopologyWebhook(t *testing.T) { }, Webhooks: []admissionregistrationv1.MutatingWebhook{{ClientConfig: admissionregistrationv1.WebhookClientConfig{}}}, }, - caBundle: []byte("foo"), + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{Name: "envoy-gateway", Namespace: cfg.ControllerNamespace}, + Data: map[string][]byte{"ca.crt": []byte("foo")}, + }, wantErr: nil, wantPatch: true, }, @@ -81,25 +85,28 @@ func TestPatchTopologyWebhook(t *testing.T) { }, Webhooks: []admissionregistrationv1.MutatingWebhook{{ClientConfig: admissionregistrationv1.WebhookClientConfig{CABundle: []byte("foo")}}}, }, - caBundle: []byte("foo"), + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{Name: "envoy-gateway", Namespace: cfg.ControllerNamespace}, + Data: map[string][]byte{"ca.crt": []byte("foo")}, + }, wantPatch: false, }, } for _, tc := range cases { t.Run(tc.caseName, func(t *testing.T) { fakeClient := fake.NewClientBuilder(). - WithRuntimeObjects(tc.webhook). + WithRuntimeObjects(tc.webhook, tc.secret). Build() beforeWebhook := &admissionregistrationv1.MutatingWebhookConfiguration{} require.NoError(t, fakeClient.Get(context.Background(), client.ObjectKey{Name: tc.webhook.Name}, beforeWebhook)) - err = patchTopologyInjectorWebhook(context.Background(), fakeClient, cfg, tc.caBundle) + err = patchTopologyInjectorWebhook(context.Background(), fakeClient, cfg) require.NoError(t, err) afterWebhook := &admissionregistrationv1.MutatingWebhookConfiguration{} require.NoError(t, fakeClient.Get(context.Background(), client.ObjectKey{Name: tc.webhook.Name}, afterWebhook)) - require.Equal(t, afterWebhook.Webhooks[0].ClientConfig.CABundle, tc.caBundle) + require.Equal(t, afterWebhook.Webhooks[0].ClientConfig.CABundle, tc.secret.Data["ca.crt"]) assert.Equal(t, tc.wantPatch, beforeWebhook.GetResourceVersion() != afterWebhook.GetResourceVersion()) }) } diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go index d98e68cf4d..6dba6e525f 100644 --- a/internal/infrastructure/kubernetes/proxy/resource.go +++ b/internal/infrastructure/kubernetes/proxy/resource.go @@ -402,7 +402,7 @@ func expectedContainerEnv(containerSpec *egv1a1.KubernetesContainerSpec, gateway ValueFrom: &corev1.EnvVarSource{ FieldRef: &corev1.ObjectFieldSelector{ APIVersion: "v1", - FieldPath: fmt.Sprintf("metadata.labels['%s']", corev1.LabelTopologyZone), + FieldPath: fmt.Sprintf("metadata.annotations['%s']", corev1.LabelTopologyZone), }, }, }, diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml index 0c22050ba9..a0fad44a2b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml @@ -55,7 +55,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -142,7 +142,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml index 782cda71d5..46a6b4dbed 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml @@ -258,7 +258,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -339,7 +339,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml index e5ac89e0c6..c8b7570501 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml @@ -257,7 +257,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -338,7 +338,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml index cf7e858983..3ec8474847 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml @@ -242,7 +242,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -329,7 +329,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml index cde29e6d1f..db37e5b125 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml @@ -191,7 +191,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -275,7 +275,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml index 76ed4ea1e9..344b3d3229 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml @@ -257,7 +257,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -342,7 +342,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml index 8a1c95589b..930a2479db 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml @@ -251,7 +251,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -338,7 +338,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml index d001a3e8b2..f82852a48e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml @@ -242,7 +242,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -329,7 +329,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml index 04f5e7095d..b827f5f744 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml @@ -242,7 +242,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -334,7 +334,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml index 5573bbfef2..eb22669380 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml @@ -257,7 +257,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -342,7 +342,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml index bdfe300a9e..2f38ba0f4a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml @@ -247,7 +247,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -334,7 +334,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml index 0b845fd2fc..0da38072c0 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml @@ -55,7 +55,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -142,7 +142,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml index e9a06e02e9..f1062ae8ce 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml @@ -244,7 +244,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -331,7 +331,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml index 2e1a4cdb1c..9ae0454eca 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml @@ -242,7 +242,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -329,7 +329,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml index 9b5d9a55e3..a2bcc35f64 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml @@ -242,7 +242,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -329,7 +329,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml index 72b567b531..01e66f1617 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml @@ -242,7 +242,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -329,7 +329,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml index 51e964b1cf..6c9ecead69 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml @@ -242,7 +242,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -329,7 +329,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml index 79f27c337f..c61fd73c7c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml @@ -58,7 +58,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -145,7 +145,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml index 34b5b07f0f..ef916e860a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml @@ -59,7 +59,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -146,7 +146,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index 8b4f231166..60676d3903 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -263,7 +263,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -344,7 +344,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml index 8f95d6668a..ed1b655c87 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml @@ -263,7 +263,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -346,7 +346,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml index ae2a8c316a..fa2b709e16 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml @@ -262,7 +262,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -343,7 +343,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml index 34372d0425..fa4c0813f4 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml @@ -246,7 +246,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -333,7 +333,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml index 14ebc8037b..fdc09427c2 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml @@ -195,7 +195,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -279,7 +279,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/dual-stack.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/dual-stack.yaml index 9b67b49d98..26939bb66e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/dual-stack.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/dual-stack.yaml @@ -247,7 +247,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -334,7 +334,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml index 1aab161d96..cc8e5d1c6c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml @@ -262,7 +262,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -347,7 +347,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/ipv6.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/ipv6.yaml index 1ce08cd0f4..fe1c755c1e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/ipv6.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/ipv6.yaml @@ -247,7 +247,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -334,7 +334,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml index e06d0de726..08b6c4ef97 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml @@ -255,7 +255,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -342,7 +342,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml index d49584f934..915089768e 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml @@ -246,7 +246,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -333,7 +333,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml index 2e23606989..e1e7e66510 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml @@ -246,7 +246,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -338,7 +338,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml index 212663a71b..896a680709 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml @@ -262,7 +262,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -347,7 +347,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml index 8035a52f06..7b560c4bb9 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml @@ -251,7 +251,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -338,7 +338,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml index 5e39371b7c..e3a5264aa1 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml @@ -59,7 +59,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -146,7 +146,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml index 5c359ada53..2ffc32972a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml @@ -246,7 +246,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -332,7 +332,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml index 6c5f093aaa..7b959d1875 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml @@ -248,7 +248,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -335,7 +335,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml index 283becbbca..cc8709e115 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml @@ -246,7 +246,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -333,7 +333,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml index bfed80666e..c211264000 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml @@ -246,7 +246,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -333,7 +333,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml index f720b77c89..02534164b1 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml @@ -246,7 +246,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -333,7 +333,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml index 96d28ca815..0d81bed55b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml @@ -246,7 +246,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: @@ -333,7 +333,7 @@ spec: valueFrom: fieldRef: apiVersion: v1 - fieldPath: metadata.labels['topology.kubernetes.io/zone'] + fieldPath: metadata.annotations['topology.kubernetes.io/zone'] - name: ENVOY_POD_NAME valueFrom: fieldRef: diff --git a/internal/provider/kubernetes/topology_injector.go b/internal/provider/kubernetes/topology_injector.go index d53ba82249..f507c72989 100644 --- a/internal/provider/kubernetes/topology_injector.go +++ b/internal/provider/kubernetes/topology_injector.go @@ -7,9 +7,9 @@ package kubernetes import ( "context" + "encoding/json" "fmt" - "github.com/go-openapi/jsonpointer" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/klog/v2" @@ -63,24 +63,26 @@ func (m *ProxyTopologyInjector) Handle(ctx context.Context, req admission.Reques node := &corev1.Node{} if err := m.Get(ctx, nodeName, node); err != nil { klog.Error(err, "get node failed", "node", node.Name) + topologyInjectorEventsTotal.WithFailure(metrics.ReasonError).Increment() return admission.Allowed("internal error, skipped") } - var patch string if zone, ok := node.Labels[corev1.LabelTopologyZone]; ok { - patch = fmt.Sprintf(`[{"op":"replace", "path":"/metadata/labels/%s", "value":"%s"}]`, jsonpointer.Escape(corev1.LabelTopologyZone), zone) + if binding.Annotations == nil { + binding.Annotations = map[string]string{} + } + binding.Annotations[corev1.LabelTopologyZone] = zone + } else { + return admission.Allowed("Skipping injection due to missing topology label on node") } - rawPatch := client.RawPatch(types.JSONPatchType, []byte(patch)) - if err := m.Patch(ctx, pod, rawPatch); err != nil { - klog.Error(err, "patch pod failed", "pod", podName.String()) - topologyInjectorEventsTotal.WithFailure(metrics.ReasonError).Increment() - return admission.Allowed("internal error, skipped") + marshaledBinding, err := json.Marshal(binding) + if err != nil { + klog.Errorf("failed to marshal Pod Binding: %v", err) + return admission.Allowed(fmt.Sprintf("failed to marshal binding, skipped: %v", err)) } - klog.V(1).Info("patch pod succeeded", "pod", podName.String()) - topologyInjectorEventsTotal.WithSuccess().Increment() - return admission.Allowed("pod patched") + return admission.PatchResponseFromRaw(req.Object.Raw, marshaledBinding) } func hasEnvoyProxyLabels(labels map[string]string) bool { diff --git a/internal/provider/kubernetes/topology_injector_test.go b/internal/provider/kubernetes/topology_injector_test.go index 726680854c..6128214a80 100644 --- a/internal/provider/kubernetes/topology_injector_test.go +++ b/internal/provider/kubernetes/topology_injector_test.go @@ -11,6 +11,7 @@ import ( "testing" "github.com/stretchr/testify/require" + "gomodules.xyz/jsonpatch/v2" admissionv1 "k8s.io/api/admission/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -45,11 +46,11 @@ func TestProxyTopologyInjector_Handle(t *testing.T) { } cases := []struct { - caseName string - obj client.Object - node *corev1.Node - pod *corev1.Pod - wantErr bool + caseName string + obj client.Object + node *corev1.Node + pod *corev1.Pod + expectedPatchResp []jsonpatch.JsonPatchOperation }{ { caseName: "valid binding", @@ -60,9 +61,15 @@ func TestProxyTopologyInjector_Handle(t *testing.T) { }, Target: corev1.ObjectReference{Name: defaultNode.Name}, }, - node: defaultNode, - pod: defaultPod, - wantErr: false, + node: defaultNode, + pod: defaultPod, + expectedPatchResp: []jsonpatch.JsonPatchOperation{{ + Operation: "add", + Path: "/metadata/annotations", + Value: map[string]interface{}{ + "topology.kubernetes.io/zone": "zone1", + }, + }}, }, { caseName: "empty target", @@ -72,9 +79,9 @@ func TestProxyTopologyInjector_Handle(t *testing.T) { Namespace: defaultPod.Namespace, }, }, - node: defaultNode, - pod: defaultPod, - wantErr: true, + node: defaultNode, + pod: defaultPod, + expectedPatchResp: nil, }, { caseName: "skip binding - no label", @@ -84,9 +91,9 @@ func TestProxyTopologyInjector_Handle(t *testing.T) { Namespace: "bar", }, }, - node: defaultNode, - pod: &corev1.Pod{ObjectMeta: metav1.ObjectMeta{Namespace: "bar", Name: "baz"}}, - wantErr: true, + node: defaultNode, + pod: &corev1.Pod{ObjectMeta: metav1.ObjectMeta{Namespace: "bar", Name: "baz"}}, + expectedPatchResp: nil, }, { caseName: "no matching pod", @@ -96,9 +103,9 @@ func TestProxyTopologyInjector_Handle(t *testing.T) { Namespace: "bar", }, }, - node: defaultNode, - pod: defaultPod, - wantErr: true, + node: defaultNode, + pod: defaultPod, + expectedPatchResp: nil, }, } for _, tc := range cases { @@ -120,9 +127,7 @@ func TestProxyTopologyInjector_Handle(t *testing.T) { } objBytes, err := json.Marshal(tc.obj) - if err != nil { - t.Fatalf("failed to marshal object: %v", err) - } + require.NoError(t, err) req := admission.Request{ AdmissionRequest: admissionv1.AdmissionRequest{ @@ -135,23 +140,9 @@ func TestProxyTopologyInjector_Handle(t *testing.T) { } resp := mutator.Handle(context.Background(), req) + require.True(t, resp.Allowed) - if !resp.Allowed && tc.wantErr { - t.Fatalf("expected Allowed response, got: %v", resp.Result) - } - - updatedPod := &corev1.Pod{} - if err = fakeClient.Get(context.Background(), types.NamespacedName{Name: tc.pod.Name, Namespace: tc.pod.Namespace}, updatedPod); err != nil { - t.Fatalf("get pod: %v", err) - } - - zone, ok := updatedPod.Labels[corev1.LabelTopologyZone] - if tc.wantErr { - require.False(t, ok, "pod has unexpected topology label: %v", updatedPod) - } else { - require.True(t, ok, "pod does not have expected topology label: %v", updatedPod) - require.Equal(t, zone, tc.node.Labels[corev1.LabelTopologyZone]) - } + require.Equal(t, tc.expectedPatchResp, resp.Patches) }) } }