search

kumahq / kuma

🐻 The multi-zone service mesh for containers, Kubernetes and VMs. Built with Envoy. CNCF Sandbox Project.
https://kuma.io/install
Apache License 2.0
3.64k stars 331 forks source link

Disallow zone proxy creation in global #10988

Closed Icarus9913 closed 2 months ago

Icarus9913 commented 2 months ago

What happened?

The zoneIngress resources should only be synced from the zone, and it makes no sense to create one in global manually.

By the way, how can we distinguish the resources created by manual or synced from zone? Because I can also define spec.zone property or add kuma.io/origin: zone label. 

apiVersion: kuma.io/v1alpha1
kind: ZoneIngress
metadata:
  name: global-ingress
  namespace: kuma-system
spec:
  networking:
    address: 10.42.0.8
    advertisedAddress: 172.19.0.6
    advertisedPort: 10001
    port: 10001
  zone: zone1/zone2                                    # Here!
Icarus9913 commented 2 months ago

Watch out: Refer to https://github.com/kumahq/kuma/issues/10590 , I think we should be careful with the ZoneIngress resource on global.

It means:

  1. Do not allow customized ZoneIngress created on global (The upper yaml)

  2. Do not allow kuma.io/origin: zone labeld ZonIngress created on global by manual.

bartsmykla commented 2 months ago

triage: duplicate of https://github.com/kumahq/kuma/issues/10952