Send namespace header in MT components by pierDipi · Pull Request #3184 · knative-extensions/eventing-kafka-broker

pierDipi · 2023-06-29T07:24:45Z

When running MT components [1] in mesh mode with Istio,
we lose the ability to define fine grained policies since we
don't know the resource namespace that originated such
request, therefore, by having a Kn-Namespace header,
in mesh mode, users case define fine-grained policies and
isolate namespaces.

[1] KafkaSource, Kafka Broker, and KafkaChannel

Related to knative/eventing#7048

When running MT components [1] in mesh mode with Istio, we lose the ability to define fine grained policies since we don't know the resource namespace that originated such request, therefore, by having a `Kn-Namespace` header, in mesh mode, users case define fine-grained policies and isolate namespaces. [1] KafkaSource, Kafka Broker, and KafkaChannel Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

codecov · 2023-06-29T07:32:44Z

Codecov Report

Merging #3184 (24a87a4) into main (3c98b7c) will decrease coverage by 16.64%.
The diff coverage is 100.00%.

@@              Coverage Diff              @@
##               main    #3184       +/-   ##
=============================================
- Coverage     80.14%   63.51%   -16.64%     
  Complexity      757      757               
=============================================
  Files            77      167       +90     
  Lines          2670    11661     +8991     
  Branches        239      239               
=============================================
+ Hits           2140     7407     +5267     
- Misses          388     3701     +3313     
- Partials        142      553      +411

Flag	Coverage Δ
java-unittests	`80.15% <100.00%> (+<0.01%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...ispatcher/impl/http/WebClientCloudEventSender.java	`82.50% <100.00%> (+0.14%)`	⬆️

... and 90 files with indirect coverage changes

pierDipi · 2023-06-29T07:34:43Z

/assign @matzew @mgencur

pierDipi · 2023-06-29T08:05:53Z

/test channel-integration-tests-ssl

matzew · 2023-06-29T09:59:17Z

        .timeout(this.consumerVerticleContext.getEgressConfig().getTimeout() <= 0 ? DEFAULT_TIMEOUT_MS : this.consumerVerticleContext.getEgressConfig().getTimeout())
-        .putHeader("Prefer", "reply"))
+        .putHeader("Prefer", "reply")
+        .putHeader("Kn-Namespace", this.consumerVerticleContext.getEgress().getReference().getNamespace())


so we set it all the time.

but benefit from it on the "mesh case", since we can use that for filtering/tweaking ?

matzew

/lgtm
/approve

knative-prow · 2023-06-29T13:02:19Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: matzew, pierDipi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [matzew,pierDipi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

When running MT components [1] in mesh mode with Istio, we lose the ability to define fine grained policies since we don't know the resource namespace that originated such request, therefore, by having a `Kn-Namespace` header, in mesh mode, users case define fine-grained policies and isolate namespaces. [1] KafkaSource, Kafka Broker, and KafkaChannel Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>

When running MT components [1] in mesh mode with Istio, we lose the ability to define fine grained policies since we don't know the resource namespace that originated such request, therefore, by having a `Kn-Namespace` header, in mesh mode, users case define fine-grained policies and isolate namespaces. [1] KafkaSource, Kafka Broker, and KafkaChannel Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> Co-authored-by: Pierangelo Di Pilato <pierdipi@redhat.com>

knative-prow Bot requested review from aliok and odacremolbap June 29, 2023 07:24

knative-prow Bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. area/data-plane labels Jun 29, 2023

knative-prow Bot assigned matzew and mgencur Jun 29, 2023

matzew reviewed Jun 29, 2023

View reviewed changes

pierDipi requested a review from matzew June 29, 2023 11:02

matzew approved these changes Jun 29, 2023

View reviewed changes

knative-prow Bot added the lgtm Indicates that a PR is ready to be merged. label Jun 29, 2023

knative-prow Bot merged commit fe4652b into knative-extensions:main Jun 29, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Send namespace header in MT components#3184

Send namespace header in MT components#3184
knative-prow[bot] merged 1 commit intoknative-extensions:mainfrom
pierDipi:add-kn-namespace-header

pierDipi commented Jun 29, 2023

Uh oh!

codecov Bot commented Jun 29, 2023 •

edited

Loading

Uh oh!

pierDipi commented Jun 29, 2023

Uh oh!

pierDipi commented Jun 29, 2023

Uh oh!

matzew Jun 29, 2023

Uh oh!

pierDipi Jun 29, 2023

Uh oh!

matzew left a comment

Uh oh!

knative-prow Bot commented Jun 29, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

pierDipi commented Jun 29, 2023

Uh oh!

codecov Bot commented Jun 29, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

pierDipi commented Jun 29, 2023

Uh oh!

pierDipi commented Jun 29, 2023

Uh oh!

matzew Jun 29, 2023

Choose a reason for hiding this comment

Uh oh!

pierDipi Jun 29, 2023

Choose a reason for hiding this comment

Uh oh!

matzew left a comment

Choose a reason for hiding this comment

Uh oh!

knative-prow Bot commented Jun 29, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

codecov Bot commented Jun 29, 2023 •

edited

Loading